ZapLogics ~ Business Information Technology Solutions

Featured Articles

Niche Marketing: How to Define a Unique E-Business Niche

The key to your online marketing strategy will be recognizing and defining an unfilled or partially filled niche. Here's how to train your eyes.

Dr. Wilson is an international authority on Internet marketing
with a special focus on niche marketing.

by Dr. Ralph F. Wilson

Standing at the base of the Wailing Wall in Jerusalem and looking up, the immense stone blocks laid one upon another seem to reach to sky. This most holy site to Jews is all that is left of Herod's Second Temple. It is a place of prayer for the nation. Herod built the Western Wall as part of a retaining wall around the temple mount formed of massive limestone blocks, some weighing over 100 tons each.

But when you look more closely at the Wall, you see the crevices between the massive blocks. In the first two tiers of stone these crevices are filled with papers inscribed with the prayers of the faithful. Above them the crevices are alive: Plants, rooted deeply in the cracks between the stones, abound far above the heads of the worshippers and add character and life to the Wall.

The Wall has a lesson for us. If your company doesn't have the mammoth clout of a Fortune 500 corporation, then you must find a niche between the immense players and adapt yourself to thrive there. The English word "niche" comes from a French word that means "to nest." And that's what small companies can learn to do very successfully, filling small voids left by the big players.

Thriving in a Tiny Niche

How can small businesses thrive if the niches seem pretty narrow indeed? You can purchase kitchen knives at Safeway and Kmart, at Macy's and a restaurant supply outlet, as well as in a gourmet cooking store. But a shop that specializes in kitchen cutlery? It would take a major metropolitan area of one or two million people to support such a store, and still it might struggle. But so long as you can deliver your goods or services across distances, on the Internet your marketplace is the nation -- and, if you have the vision for it, the world.

A kitchen cutlery shop might die in a town of 10,000 or city of 100,000. But on the Internet, the market is so huge that even a small slice of the market provides a large number of shoppers. According to the Computer Industry Almanac for 2004, Internet users in in Ireland number 2 million (53% of the population), in the United States number 186 million (64% of the population), in South Korea 30 million (71%).

Where travel time once prevented shoppers from getting to downtown Seoul's specialty shops, on the Internet the nation is like one very accessible city. With South Korea's 30 million Internet users, even a very narrowly defined specialty business can thrive because of the huge number of potential shoppers. Think of the market there as 30 cities of a million people each. That many potential shoppers can support nearly any specialty business.

After nearly 10 years of intimate involvement with the Internet, I am still awed by its vast potential. To succeed you must be able to see the Internet's hugeness as a market, and at the same time comprehend that even the narrowest kind of business can find enough customers to thrive. The wall is so big that the niches between the huge corporate blocks are quite adequate to support a lively small business marketplace.

Differentiating Niches from Blocks

The phone rang and the caller wanted to set up an online store. "I want to sell something on the Internet," he told me.

"What do you plan to sell?" I asked.

"Books," he said, "and consumer electronics."

I can see him competing head-to-head with Amazon, Barnes & Noble, Good Guys, and Best Buy. With his puny resources, he doesn't stand a chance against the big players. None. Nada. Zip.

I've been asked dozens of times, "What would it cost to build a book store just like Amazon.com?" I grind my teeth. With all the opportunities begging to be explored, why would you want to challenge the top dog? I answer that question by saying, "It would cost you the millions and millions of dollars Amazon spent to build its store." Look instead to the niches.

The Elusive Holy Grail of the "Ideal" Product

I'm sometimes asked, "What is the best product to sell on the Web?" The answer is pretty straightforward; here are the characteristics:

Enables a high profit margin
Offers exclusive sales rights
Delivers by digital download
Offers customers more value via Internet sale than through traditional channels
Fills a universal need
Must be purchased regularly

If you can score with a majority of those parameters, you probably have a winning product or service. But, frankly, few fit. I strongly recommend that you don't let your mind wander aimlessly looking for the perfect product.

A better way is to look to yourself or to your company. What are you good at? What do you enjoy? On what subject are you considered the "local world's authority"? What are you strong in? What do you have to offer that is fairly unique? How can you leverage your present strengths? Instead of fantasizing about the "perfect," take what you know and let it empower your vision to see clearly the niches out there.

Unfilled Niches

These days it's hard to find a niche that nobody is filling, but occasionally I run across one. The classic path to success is "Find a need and fill it." So look to the customers you know best. What are they asking for? What would they like? What keeps them from fully realizing their own success? Since you're probably an "expert" in some field, you may have some key insights. You may be able to develop a new or improved product, service, or business process that, coupled with the Internet, can make a big difference. It's your interest and training that give you the vision to see these opportunities. Look closely at the niches.

Poorly Filled Niches

While unfilled niches are rare, poorly filled niches are exceedingly common. I've come to expect so much from the Internet, that I'm often frustrated by what is not available online.

Recently I was in the market for a camcorder. I knew practically nothing about them, and I found that the average salesperson at my local stores didn't know much either. I had lots of unanswered questions. I needed information and opinions from people who really knew something about the trade-offs between one recording format and another, but I couldn't find what I was looking for.

There have to be other people like me. What kind of site would make this selection an easier task? One site was very good, but called on me to make decisions about which I didn't have enough knowledge. Nor did it provide expert opinion or consumer feedback on questions of format, pros and cons, answers to my stupid questions, and so on. Another had a camcorder buying guide, but no individual comments except at the product level. And nothing offered a chart that showed the differences between the models available from a single manufacturer. I was also ready to buy an extra battery pack and a carrying bag, as well as a supply of recording tape, but none of these sites made it easy. Other camcorder sites turned out to be only a department in a larger consumer electronics enterprise.

Camcordia.com

I concluded there is no single "greatest place" online to buy camcorders. Maybe I ought to build it myself, I thought. In addition to an excellent shopping cart system and checkout procedure, these are the elements I would include:

Buying guides
FAQs (frequently asked questions)
Honest reviews of each manufacturer's product line contrasted with other manufacturers' offerings
Easy comparisons within a manufacturer's product line
Live chat that allows shoppers to ask questions from a knowledgeable person 8 to 10 hours per day
Competitive prices, if not the very lowest
Carrying all major manufacturers' products
Inventory of best sellers, drop-ship arrangements for less common requests
Shipping at a variety of speeds and costs
A no-quibble guarantee
Links to product support sections of manufacturers' web sites
Addresses, phone numbers, and URLs of repair stations
A full line of accessories
A full line of recording media
Information and cables to connect camcorders to TVs, VCRs, and computers
Online forums where camcorder aficionados discuss detailed questions
An affiliate relationship with camcorder dealers in regions of the world where I don't want to risk shipping a $250 to $1,500 item.
A monthly newsletter, The Camcorder Comrade.

And I'm sure once I got immersed in the process of building, I'd find more to do. We could call it camcordia.com or camcording.net or cambug.com. Isn't this a lot of work? You bet. (Note: When I first wrote about niches, all my proposed domain names were available. Since then two of the three have been purchased, and one has developed a tiny camcorder store, but nothing like the broad vision outlined above.)

Of course, you could build a "good" camcorder store fairly easily, but not an excellent one. Excellence takes high standards, sacrifice, passion, great effort, and a drive to achieve the best you can possibly do. If the project isn't worth doing with excellence, my friends, it probably isn't worth even beginning. Life is too short.

It would probably take six months of work and several thousand dollars to get it fully ready, and a year or two to get it functioning at full potential. Is it possible? Of course! Would it succeed? I have no doubt! Am I going to build it? No. This one needs someone who lives and breathes camcorders. But when I looked last, camcorders were a poorly filled niche just begging to be filled with excellence.

Partly Filled Niches

I've often toyed with the idea of setting up a firm that helps small businesses market their web sites. One that considers each company's needs carefully and recommends a marketing plan tailored to each company's needs and budget. One that offers exceptional value and a personal touch. One that doesn't rest until the customer's need has been fully addressed. Aren't there plenty of firms that specialize in online marketing already? Yes, indeed. But I believe I could make one succeed, since there are hundreds of thousands of small business web site entrepreneurs out there, and only ten or twenty thousand true marketing companies, many of which aren't very effective at all with small businesses. Many excellent businesses exist, but there is a tremendous need still. Do I plan to do this? No, but it could be done quite profitably. This is a partly filled niche longing to be filled more completely.

Creating New Niches

We haven't nearly exhausted the subject of niches yet. How about creating a new niche where one didn't exist before? I love what JustBalls.com (www.justballs.com) did when they began in 1998. They didn't pump themselves up to think they could tackle the whole sporting goods sector. They weren't a Big 5 or a FogDog. So they sliced sporting goods in a way that it had never been sliced before -- balls only. They didn't sell bats and first-baseman's mitts. They sold balls. Baseballs, basketballs, footballs, golf balls. If it's a sports ball of any kind, they would have it. Now they offer laser-engraved sports balls for gifts and presentations. Several years later they are still in business because they created a brand-new niche, found a catchy, memorable name, developed a customer-centered approach, and opened their doors.

Brick-and-Mortar versus Internet Niches

I need to say a word to you who already have an existing brick-and-mortar business. Should you put your business on the Web? By all means, do so! (These days people even search for local businesses on the Web.) The stability of your traditional business will give you the time to find your way online. But don't put your entire business offerings online, only those that are unique and especially adaptable to the Internet.

Several years ago, Jeff Greene called me for help setting up an online store. Jeff is the longtime owner of The Office Market, a traditional office and art supplies store in Conway, New Hampshire, an area of about 20,000 people in the White Mountains. This was before OfficeDepot.com, OfficeMax.com, and Staples.com had developed a strong presence online. He asked me if he should sell both office supplies and art supplies. I pointed him toward the niche market and away from the mass market, and he has since done well with Discount Art Supplies (www.discountart.com) offering a full line of top brand, high-quality brushes, paints, and other supplies. If Jeff had tried to put his whole office supply inventory online, the e-business would have lost focus and he wouldn't have been able to carry a full enough line to compete with the big companies (though in his local region, The Office Market is the leader). By putting all his energy into the art supplies part of his business, he has succeeded admirably on the Web and he can compete nationally with others in this field.

Determine what aspect of your current business is best for the Internet and put that online; don't load your web site with generic products and services that diffuse your focus.

Finding and Filling Your Niche

The promise of the huge Internet market is there for you, too. While it is intensely competitive, the size and lack of geographical barriers are especially suited to small businesspeople who are blessed with niche vision and a dose of creativity and determination. Look closely, now -- not at the massive blocks but at the niches between them -- and find a niche with your name on it.

Exercise: List the niches you might be interested in filling. Next, assess the quality of the existing sites in those niches. Now list the unfilled, underfilled, and partially filled niches you can identify.

Copyright © 2001, 2005 by Ralph F. Wilson. All rights reserved. This copy is excerpted from Dr. Wilson's book Planning Your Internet Marketing Strategy (John Wiley & Sons, 2002) and originally taken from Web Marketing Today, a free e-mail newsletter that often publishes articles in the area of niche marketing.

Can Utah's New Anti-Spyware Law Work?

Why the Law is More Promising than Some Critics Claim Click here to read more...

Office Management Productivity Software

The Association of Professional Office Managers (APOM) and Analytical Design Solutions, Inc. (ADSI) have teamed up to bring office managers powerful new software to help them with their day-to-day tasks. Office-Aide™ v1.0 helps keep track of office equipment and administer training for office staff.

As an Office Manager, you know there are plenty of company assets that never make it onto your balance sheet. Office-Aide™ is completely flexible with what you define as an asset. For example, your accountant probably does not require you to track access cardkeys, but you certainly realize they are an important asset to be managed. Office-Aide™ can track an unlimited number of assets in your company, and it can track an unlimited amount of information about each asset. It can track who the asset is assigned to and at what location it resides. You can also create parent/child hierarchies such as associating individual software programs to a particular PC. You define the fields, adding and removing what you like.

Office-Aide™ also helps you administer the proper training of your staff. Since you may want different members of your staff to have different training, you can create many different curriculums, as necessary. For example, you may want your clerical staff to concentrate on Microsoft Office courses taught at the local computer training center, but you want your customer service staff to concentrate on customer relationship courses taught at the local junior college, and product knowledge courses developed in-house. You also have the option of defining a course as optional or required.

Once you have assigned staff to their appropriate curriculum, it is very easy to track their progress. As they complete courses, it is a simple task to update Office-Aide™. You can print out reports showing course completions for your staff members, and perhaps more usefully, you can print out a report that shows which staff members have not completed their curriculum and which courses still need to be scheduled and completed.

Unlike typical accounting or human resource software, OfficeAide™ fills a previously unaddressed niche helping office managers with two of their important core duties.

For more information, visit www.office-aide.com.

Success is the ability to go from failure to failure without losing your enthusiasm.
~ Sir Winston Churchill

Spam and viruses continue to plague all enterprises. Most organizations are now aggressively blocking spam at the perimeter and effectively blocking 85%-95% of spam. The threat of viruses continues unabated. As part of the overall spam- and virus-blocking effort, IT organizations (ITOs) need to educate users about threats and best practices.

META Trend: As ad hoc electronic communication grows in importance (e.g., e-mail, instant messaging, Web conferencing), organizations will be challenged to create a hygienic and low-cost infrastructure. Through 2006, special attention will be focused on spam blocking and policy enforcement (e.g., regulatory compliance). By 2007, rising electronic communication volumes will frustrate users coping with information overload and drive organizations to employ common filters, queuing services, and categorization engines to ease communication burdens.

The spam blight continues unabated, and we do not expect legislation or well-publicized litigation against spammers to have much impact on volume through 2005/06. Even when organizations do an effective job of blocking spam, users still routinely receive multiple spam messages because of the sheer volume entering the firm. Therefore, enterprises must use all means available to help users stem the flow of spam. They must warn users of its implicit hazards such as fraudulent messages seeking personal information and messages that contain viruses that can cause users’ PCs to send out spam. Organizations must develop mail hygiene policies and communicate best practices to keep users informed and aware of the dangers spam presents to business operations. At a high level within ITOs, enterprises must make basic decisions about which features to expose to users from the core spam-blocking engine such as end-user-controlled trusted-sender lists and quarantines. Organizations must determine if users should be instructed on how to apply additional spam-blocking features in the e-mail client, as well as the use of alternative mail systems such as POP3 and HTTP public mail accounts.

Despite broad efforts to protect against mail-borne viruses and worms, enterprises are still struggling to stop outbreaks effectively. We estimate that up to 45% of large organizations have been economically impacted by a virus attack during the past 12 months. E-mail remains the primary channel of attack. Viruses are starting to appear faster than organizational ability to patch vulnerabilities or disseminate signature files for thousands of PCs. For example, the notorious winter 2003/04 Bagle virus released nine variants in less than a week. Like many other current viruses, Bagle self-propagates by exploiting e-mail addresses mined from desktop files using its own SMTP mailing engine. Antivirus vendors have noted that the level of virus activity in early 2004 indicates that the year will prove to be the most prolific ever for virus writers. During recent outbreaks, as many as one in five messages might be a virus. Viruses also have increasingly disruptive payloads. Mydoom not only launched denial-of-service attacks on commercial Web sites, but also deleted files from user desktops. In addition, Mydoom created a remote access back door, enabling hackers to steal personal information (e.g., credit card numbers, passwords) to remotely control PCs or upload malicious code. Therefore, organizations must maintain extreme vigilance against viruses to ensure stability of the messaging infrastructure. A sample policy document that addresses spam and virus threats follows. All instructions will not be appropriate for each organization. Firms need to carefully determine which of these points will apply to their enterprises (see Figure 1).

Limit the Use of Corporate E-Mail Addresses. Users should be careful about disclosing e-mail addresses. Optimally, an e-mail address should be shared only with people known to the user. When using an e-mail address in a public forum, users should add additional characters to the address that can be easily stripped by a human. This prevents e-mail harvesting programs from capturing and exploiting the address. A sample might look like john.doe@nospam.corporate.com. (An alternative method is to ask users to use a free public mail account such as Hotmail for newsgroups and Web sites, but we are wary of this approach because e-mail hygiene controls typically do not work on port 80 or port 110.)

Keep E-Mail Addresses Off Web Pages. Users must avoid putting e-mail addresses on Web pages to protect them from spam robots used by spammers to harvest addresses.

Use Separate Chat IDs. If public chat rooms are entered, users must employ a screen name not associated with their e-mail addresses. Chat rooms are routinely harvested for e-mail addresses by spammers.

Never Contribute to a Charity From E-Mail. Messages with appeals from charity should be treated as spam. If a charity is appealing for donations, the recipient should call the organization and determine how to make a contribution. No information should be sent via e-mail.

Be Wary of Attachments. If the message sender is unknown, or if it is a strange attachment, users should delete the message immediately and run up-to-date antivirus software to check the computer for viruses.

Check the User Quarantine. Our corporate spam-blocking service filters a large amount of spam. Occasionally, it filters legitimate e-mail. To ensure that all legitimate messages are received by users, we established a user-quarantine service, which users should periodically check for legitimate e-mail. This is a private, personal account for each user. We send out a weekly reminder to check the quarantine. Users should bookmark the URL and check the quarantine anytime there is suspicion that legitimate mail has not arrived. Consistent with our overall e-mail policy, users are prohibited from releasing any pornographic or salacious messages from the quarantine.

Employ the Trusted-Sender List. Some mail from large organizations such as newsletters or marketing updates has many characteristics of spam and may be erroneously blocked as spam. Our corporate spam-blocking service enables users to add senders to a list that will allow messages from the sender to pass unfiltered through our blocking service. From within the quarantine, users should move legitimate mail senders who have been erroneously blocked to the trusted-sender list.

Send Spam to the Blocking Service. Occasionally, spam will make it through the corporate filter. When spam is received, users should forward the message to spam@corporate.com. The message will then be added to the corporate blocking service, and any repeats of that spam will then be blocked.

Alternative Mail Accounts. Users may have established alternative mail accounts for personal or business purposes such as Hotmail or Yahoo. Because messages sent from such mail systems do not come through our spam- and virus-filtering services, they present a risk to the organization. Users should not access such alternative mail accounts from within the corporation.

Do Not Respond to Spam. Users should not reply to spammers - not even to "unsubscribe" - unless the sender is legitimate. They should not open or forward chain e-mail or reveal personal information. Users should never buy anything from spam mail.

Review Privacy Policies. Users should review the privacy policies of Web sites and business partners. When signing up for Web-based services such as online banking, shopping, or newsletters, they must review the privacy policy closely before revealing e-mail addresses. If the policy has a liberal practice of sharing or selling addresses to other organizations, users should opt out of the sharing program or avoid the service altogether.

Do Not Reply to Messages Requesting Personal Information. Spammers now send fraudulent e-mail to users in an attempt to get them to disclose confidential information such as social security numbers or passwords. Most legitimate organizations will not ask for personal information via e-mail. If a trusted organization (e.g., bank, broker, insurance) asks for personal information, call - do not write - and report it. Users should not use the phone number provided in the e-mail. In addition, our IT group will never request users to update or disclose user names and passwords via e-mail. Users should immediately report any such requests to the IT department.

Bottom Line: Enterprise spam- and virus-blocking strategies should include end-user education to minimize basic exposure.

Business Impact: Spam and viruses have a detrimental impact on organizations by clogging user mail accounts, taxing system resources, and threatening message system stability. Aggressive actions, including end-user education, are mandatory.

Every year, network managers are inundated with new technologies and new promises. The smart ones will expend exorbitant energy reading the trades, scouring custom research, and analyzing the needs of their company to figure out which technologies are worth gambling on. This year, Network Magazine eliminates some of that pain by presenting the networking industry's 10 Best Bet technologies.

For the past six months, Network Magazine's editorial team has been hard at work searching the industry for the technologies that will transform corporate networking. We talked with the leading thinkers within the industry and academia, mined our knowledge bases of hundreds of different companies and innovations, and scoured future technology developments coming out of research labs across the globe. In the end, we identified 10 networking technologies every corporate network manager should have on their shortlist.

Best Bet technologies share a common theme. All look at a foreseeable horizon within the next two to five years-far enough to be visionary, yet still practical. All speak to IT's charter to grow the bottom line by either cutting costs or, dare we say, increasing productivity. All are horizontal networking technologies that cut across industries and are backed by more than one vendor. And most importantly, all are still in their nascent stages, showing huge room for growth.

What Best Bet technologies are not are marketing concepts, trends, or academic flights of fantasies that won't impact the corporate network today or for the next 20 years. Microsoft's Trustworthy Computing may be a smart plan, but it's not a technology. Grid computing is a grand idea, but won't significantly impact most companies over the next five years. Molecular computing and teleportation are both interesting topics, but not on anybody's shortlist to buy.

What the 10 Best Bet technologies represent is a realistic picture of where the most pragmatic and significant innovations are occurring within corporate networks. It's a picture that depicts the maturing of networking technology toward forming instant organizational networks that enable the real-time delivery of goods, services, and communications across a company. The ultimate goal is a network capable of handling the delivery of any type of traffic, with optimal performance at the lowest layers and automated inter- and intrabusiness processes at the highest layers. More specifically, the Best Bet technologies hit this vision at three points: end-user centricity, ubiquitous access, and service orientation.

As networking technology evolves, it will become decidedly less communal and more end-user centric. Over the next five years, the drive to reduce costs will force enterprises to move toward a fuller notion of digital identity, streamlining the bureaucratic structure within the enterprise and between organizations (see "The E-commerce Key"). By deploying a digital identity infrastructure, enterprises are poised to leverage e-commerce. In this arena, timing and trust are everything. For example, having the presence technology to know when users are available for contact is critical (see "The Digital Crayon"), as is communicating over those links securely and conveniently through a simplified encryption infrastructure (see "In Hardware We Trust").

With companies increasingly banking on the network, pervasive access will be a must. IP will continue to expand beyond the office boundaries, into thin air through wireless technologies (see "A World Without Wires?"), into the data center via Ethernet (see "Goliath's Revenge"), and into the WAN, again via Ethernet (see "WAN Meets LAN Wonderkid"). As pervasive, high-speed WANs become possible, TCP will need to undergo its own changes (see "The High-Speed Bottleneck").

Ultimately, delivering on the automated organization will require an intelligent infrastructure. Application-layer switching, and more specifically XML switching, will be necessary to off-load processor-intensive tasks from application servers, as well as direct interapplication requests to the appropriate destination (see "Business Process Automation").

At the same time, the network will need to be optimized for the various services running over it. Service management platforms can help by maximizing the use of different network devices for the services a network will carry (see "Network Services Maestro"). And lastly, virtualized networking requirements will be key to locating processes needed to deliver a service at the optimum location in the enterprise (see "Ghost in the Machine").

All in all, the Best Bet technologies are about an industry that's exploding with innovation. Those who choose wisely will walk away with a huge competitive edge. Those who don't will suffer. Who ever said IT doesn't matter?

Flaming enthusiasm, backed by horse sense and persistence, is the quality that most frequently makes for success.
~ Dale Carnegie

The E-commerce Key
The Liberty Alliance delivers the authentication platform companies need to conduct widespread e-commerce and streamline their internal business processes.

Think digital identity is just about streamlining operations in the very largest companies? Think again. After years of serving the heavy industry, a small tool and die manufacturer in Butler, WI, set out to bid on contracts for GM, Ford, and Chrysler. What it found out was that it would cost tens if not hundreds of thousands of dollars to deploy the automated systems required by the Big Three auto manufacturers to disperse specifications and retrieve bids.

Federated identity management as described by the Liberty Alliance could radically reduce the barriers of entry to e-commerce for suppliers, customers, and even employees. No wonder the Alliance has garnered interest from some of the biggest companies in the world, including nonvendor participants such as American Express, MasterCard, United Airlines, Time Warner, GM, and Sony. If they can electronically interact with their employees, supply chains, and customers in just one secure, consistent, and structured way, the potential business impact is enormous not just for the big companies, but even for shops such as our tool and die maker.

As with federations of nation states, the challenges facing the Liberty Alliance are more political than technical. One goal of the Liberty federated model is to create "circles of trust" that span multiple organizations, such as automakers and their suppliers. From the suppliers' perspective, having one circle encompassing all of the automakers would be ideal; for the Big Three, however, trusting each other enough to build one system is problematic.

Part of the solution to the political problem is to make sure that the technology can protect participants from one another while allowing them to reap the benefits of being in the group. After all, even in our shortlist of players, competition exists. Sony and Time Warner should theoretically participate in some of the same circles of trust, as should American Express and MasterCard- but will they? Take one look at the Liberty Web site, www.projectliberty.org, and you'll immediately gain an appreciation for the task. Where Liberty phase one was mostly about one standard, the Security Assertion Markup Language (SAML), Liberty phase two shows dozens of XML schemas within its design.

Along with phase two's plethora of XML schemas, there's also a raft of definitions and architecture overviews that describe how federations work. The Alliance even supplies business tools and best practice processes to ease implementation. Then it becomes the job of members to actually define their circles of trust and implement the specification.

If, however, Liberty is truly a federation of member states, it faces one enormous nontechnical hurdle. Neither IBM nor Microsoft is currently a member. In fact, the alliance was formed largely in opposition to Microsoft's attempt to dictate a federated identity management standard with its Passport initiative. Microsoft has since backed away from Passport somewhat, and has recently published the WS-Federation specification along with IBM. VeriSign, BEA Systems, and RSA Security are also participating.

Function: Federated identity management provides a universal means for securely identifying the participants in any Internet-based transaction.

Impact: The technology promises to grease the machinery of e-commerce by simplifying and strengthening identification and authentication.

Winners: Liberty Alliance members Sun Microsystems, HP, VeriSign, and Novell. Nonmembers to watch are IBM and Microsoft.

A person is a success if they get up in the morning and gets to bed at night and in between does what he wants to do.
~ Bob Dylan

The Digital Crayon
Presence technology will change the way distributed workgroups collaborate and socialize in the virtual world.

It might be barely seen or heard, but a glance at the office of tomorrow shows how presence technology will change the way individuals collaborate and work with one another in and out of the office.

Presence is the ability for users to reflect their availability status online. Best known for its integration with Instant Messaging (IM) clients, presence technology indicates whether an individual is "in the office" or "out to lunch."

To the online world, those little tags bring meaning and context. They provide the metalanguage taken for granted in the physical word, but sorely needed to bridge the gulf implicit in distributed workgroups and online processes.

Unlike the presence of today, the presence of tomorrow will change dynamically. For instance, new phone clients such as Avaya's IP Softphone R5 can already automatically change a user's presence to "on the phone" when the phone is lifted off the hook.

Over the longer term, we might very well end up with something like BlueSpace, the concept-office collaboration between IBM and office manufacturer Steelcase. Using a stream of edgy technologies, BlueSpace allows a user's changing location to be tracked by a combination of wireless infrastructure and a sensor embedded within an identity tag. This presence status is then used to deliver location-specific services within the office, such as flashing an important e-mail on one of BlueSpace's wall-mounted monitors near the user.

Automatic status updates lead to the next phase of presence evolution, where online objects, not individuals, broadcast their status. Shipping applications that update the presence status of a delivery truck, for example, are already available. Price changes on stock objects are another example, and the availability of any given device is a third option.

While many of these technologies have long been available, all require proprietary development. Standardized protocols such as the Extensible Messaging and Presence Protocol (XMPP) and SIP (Session Initiation Protocol) for Instant Messaging and Presence Leveraging Extensions (SIMPLE) simplify that process by defining how to create a presence system and enabling application vendors to leverage existing presence infrastructure.

It's no accident that these technology standards are so closely tied to IM in the case of XMPP and Voice over IP (VoIP), and SIP in the case of SIMPLE. Ultimately, presence serves as a powerful conjunct to IM, voice, and any communications medium, enabling users on a converged network to easily determine the best way to communicate at any given time. Presence also serves as a critical adjunct to digital identity technology and e-commerce, allowing the network to locate the right person for a given transaction at the right time.

The challenges for presence remain more social than technical. Firm privacy lines will need to be drawn as ubiquitous presence deployments grow. Location tracking in the BlueSpace office is well and good, but nobody wants to be tracked to the bathroom. Cultural acclimation is a big issue, but will decrease as users raised on IM pervade the workforce.

By striking a fine balance between privacy and corporate efficiency, presence could do for the digital world what color did for television. Black and white images might have been fine for one generation, but nobody would think of buying such a set today. Within five years, nobody will think of running a distributed workgroup without presence.

Impact: The technology improves team coordination and simplifies the tracking of resources and people.

Winners: Presence technology is being pursued by vendors throughout the software realm. IBM and Microsoft dominate in the application space. Telephony manufacturers such as Avaya and Nortel are embedding presence engines within their phone systems.

You only have to do a very few things right in your life so long as you don't do too many things wrong.
~ Warren Buffett

The Trusted Platform Module puts PKI, digital certificates, and a security coprocessor in every PC-whether you want it or not.

Microsoft has claimed that trusted computing will end viruses, spam, and network intrusions by enabling each end of a network link to be certain of the other's configuration. Digital rights activists warn that it will give too much control to vendors that want to trust your machine because they don't trust you.

Both are wrong. The vendors are indeed overhyping the technology, but they'll only be able to abuse it if you let them. Trusted computing is still important, however. For starters, it will put a digital certificate inside every computer, making universal PKI a reality. Next, it will make fundamental changes to PC hardware that, depending on your point of view, could either save the open PC or destroy it.

The core of a trusted computer is the Trusted Platform Module (TPM), a cryptographic coprocessor that Intel, AMD, and their competitors plan to build into every PC. It's based on a specification set by the Trusted Computing Group (TCG), an alliance that includes every major hardware and software company. The TPM is currently a separate chip, but will eventually be moved within the CPU.

The TPM doesn't just deal with encryption. It can also generate public and private key pairs, with the private key designed never to leave the TPM. This key can't be read by the user or any software processes, even the OS running on the machine that contains the TPM. Instead, the private key is used only to create digital signatures that verify the TPM's (and thus the machine's) identity.

For added assurance, some TPMs will also contain digital certificates signed at the time of manufacture. We don't know exactly who will sign these yet, but the usual suspects have already made announcements. For example, future versions of Intel's Centrino platform will include VeriSign certificates, helping with Wi-Fi authentication.

Since the main obstacle to enterprise PKI is the complexity of managing client-side certificates, a certificate already built into every PC could turn PKI from an insurmountable challenge to a no-brainer. And that's not the only driver for PKI: New mathematical techniques known as identity-based encryption will further simplify its adoption (see "Making Public Keys From Keystrokes," Inside the Research Labs).

Certificates everywhere can pose severe privacy concerns, but these seem minor compared to other features of the TPM. Among the most controversial is attestation, which uses a signed hash of a PC's OS and applications to verify its exact state. The hash will change depending on which programs are running, letting remote devices know what's happening to the data that it sends over a network link. For example, a router might only connect to a workstation running a personal firewall, while a video server might refuse to stream movies to a client running screen capture software.

Trusted computing can go beyond the TPM, though whether it will-or should-is debatable. Both Intel and Microsoft have already embraced and extended the TCG's specification. Intel's LaGrande architecture adds hardware attestation and encrypted links to keyboards, monitors, and I/O devices. Microsoft's Nexus is a secure OS designed to run alongside Windows and protect programs from each other's bugs. Both are proprietary, and most of their functionality can be achieved in other ways that don't involve vendor lock-in. The TPM has already been adopted by every PC manufacturer. Like it or not, it's coming.

Function: Trusted computing aims to build a security and identity coprocessor into every PC.

Impact: The technology will allow for widespread PKI deployment and potentially better protection against bugs and malicious code.

Winners: The TCG (www.trustedcomputinggroup.org) and the Trusted Computing Platform Alliance (TCPA, www.trustedcomputing.org).

A World Without Wires?
MultiBand OFDM and ZigBee could let wireless cover more than just the last few feet, changing what we mean by network infrastructure.

Wireless plays a big part in every vision of the future, and it's easy to see why. Cell phones have already set voice users free, and Wi-Fi is in the midst of doing the same for data. The next wave of wireless connectivity could go even further. Rather than merely replace wires, next-generation wireless aims to add communications capability where none existed before, fundamentally transforming the network. Client devices in the office of the future won't be limited to PCs or even IP phones; they could include network nodes as diverse as lightbulbs, ID badges, and the coffeemaker.

Realizing this vision won't be easy. The pervasive wireless networks needed to link these devices together depend on the convergence of two separate emerging technologies: Ultra Wideband (UWB) radios and adaptive mobile meshes. Originally developed for the military, both are set for commercialization this year.

UWB isn't actually a networking technology. It's a Physical-layer radio system, comparable to AM and FM, but with very high data rates and low power consumption. The downside to UWB is a very short range: It achieves its speed by broadcasting on frequencies already used for other purposes, so it must transmit at a low volume. To travel more than a few meters, a UWB signal has to use multiple hops.

Multihop radios that broadcast on all frequencies at once without interference might sound ambitious, but the greatest problems are political, not technical. The IEEE 802.15.3a committee, charged with developing a UWB standard, has been deadlocked since fall 2003, with vendors unable to reach a compromise between two rival Physical Layers.

The winner will likely be the one proposed by the MultiBand OFDM Alliance (MBOA), an Intel-led group that includes most of the PC industry. It plans to have the first products ready by the end of 2004.

A longer-shot bet is Motorola's direct-sequence UWB, which offers slightly better performance but requires more components to manufacture, increasing costs. It's possible that both types will reach the shipping product stage, but vendors from both camps claim that the industry will quickly settle around just one-whether as the result of a truce in the IEEE or a battle in the marketplace.

The MBOA predicts that the first standard based around its Physical layer will be wireless USB. This will offer data rates of up to 480Mbits/sec and have a maximum range of only 2.8m (9 feet), sufficient for replacing the tangle of short cables that link a PC to its local monitor, printer, and speakers. Another version of the technology will have a data rate of 120Mbits/sec and a range of 30m (100 feet), enough to create a Personal Area Network (PAN) around individual people or objects. A true pervasive wireless network will be created when overlapping PANs relay each other's traffic, just like routers on the Internet.

IP routers can't be embedded inside everything just yet, but vendors are already developing ZigBee, a lightweight routing protocol designed for radio meshes. The first products using it will be available in early 2005. The bad news is that so far ZigBee is designed only to work with 802.15.4, a more primitive, non-UWB radio system that has very low data rates. True pervasive wireless networks will likely be possible around 2007, when ZigBee and UWB come together.

Impact: The technology could make everything within radio range a part of your network.

The giant that's Ethernet could dominate tomorrow's data center, improving performance and flexibility without requiring extra expertise.

The classic picture of the modern data center calls for three tiers of computing: Web servers, application servers, and storage or database servers. Ethernet connects the Web servers and the application servers, InfiniBand clusters the application servers, and Fibre Channel underlies the Storage Area Network (SAN). Three tiers, three purpose-specific networking technologies-makes perfect sense, right?

Wrong. The cost and complexity of fielding three distinct switched data fabrics means three sets of experts running three sets of hardware, likely from three or more sets of vendors. On the other hand, an Ethernet data center could mean one staff managing one technology whose components can easily be repurposed.

For server clustering, the current techno-rave is over Remote Direct Memory Access (RDMA). This technology allows NICs to directly access an application's memory space without involving the OS. This greatly decreases the latency of distributed memory-to-memory transfers. RDMA is currently being used in InfiniBand clusters to enable high-performance distributed applications. The RDMA Consortium is working on standardizing the technology and adding support for Ethernet/IP.

At the storage infrastructure tier, Internet SCSI (iSCSI) is the Ethernet/IP alternative to Fibre Channel SANs. iSCSI products are already shipping despite the fact that the technology is still in its infancy. RDMA is also useful for storage technology. In fact, the performance improvement is probably greater for storage applications than for server clustering, since storage transfers tend to be larger and therefore better justify the protocol setup required by RDMA. Protocols to look for include SCSI RDMA Protocol (SRP) and the Direct Access File System (DAFS).

While an all-Ethernet/IP data center seems like a no-brainer, there are benefits to InfiniBand and Fibre Channel. First off, both technologies were developed to improve server system performance. For that reason, they're implemented such that the host system's CPU isn't significantly involved in data transfers. RDMA by definition means the host OS isn't involved, and Fibre Channel adaptors typically off-load much of the work that iSCSI requires a CPU to do. To address this issue, chipmakers are producing TCP/IP Offload Engines (TOEs).

As the name suggests, TOEs do the heavy lifting for the CPU. Some go well beyond TCP/IP offloading and handle iSCSI and RDMA directly on the chip. But TOEs aren't a perfect solution. Both InfiniBand and Fibre Channel currently run at maximum speeds of 10Gbits/sec and have 40Gbits/sec on their roadmap. Chipmakers are currently building TOEs that run at 1Gbit/sec, with plans to move to 10Gbits/sec over time.

The other challenge is to get OS vendors to provide hooks for TOEs and RDMA. Allowing device drivers to write directly into an application's memory space breaks most every rule taught to every first-year computer science student. There are obvious security issues that OSs typically mitigate. RDMA addresses this concern by issuing keys for specific memory locations. This adds security, but also implies more complexity for developing RDMA-aware applications. Microsoft is already on board, while the Linux community has been more skeptical thus far.

Function: The Ethernet/IP data center replaces InfiniBand and Fibre Channel links with high-speed Ethernet.

Impact: Ethernet/IP's flexible, manageable, and high-performance infrastructure can cut the costs of deploying a tiered service-oriented infrastructure.

Winners: All major server vendors are on board, with HP being particularly aggressive. Other winners include interface vendors such as Adaptek Systems and chipmakers such as Broadcom. Intel and EMC are also participating.

I don't know the key to success, but the key to failure is trying to please everybody.
~ Bill Cosby

WAN Meets LAN Wonderkid
Ethernet access will bridge the LAN and MAN gap, obsoleting frame relay and delivering high-speed access to copper-bound offices.

Having conquered the LAN, challenged the power industry, and attacked the data center, what's next for Ethernet? Why, the WAN, of course. Over the next five years, Ethernet will take the local loop and everything in between by storm.

Ethernet concatenation techniques in the last mile will deliver high-speed services to fiber-starved offices, giving them the same sort of bandwidth selection and price economies offered by fiber drops. With more bandwidth available, companies will finally be able to deploy bandwidth-intensive corporate applications to remote offices, whether as hyped as videoconferencing or as practical as medical imaging and vertical applications.

The technologies driving much of this work come from the IEEE's 802.3ah Ethernet in the First Mile (EFM) Task Force. The group has developed a draft standard called PMI Aggregation Function (PAF), which defines how to aggregate up to 32 Synchronous High Bit Rate DSL (SHDSL) or Very High Bit Rate DSL (VDSL) lines to deliver speeds of up to 10Mbits/sec bidirectionally over copper. More realistically, that rate could go as low as 2Mbits/sec, depending on the distance from the central office. The ITU and ANSI are working on similar aggregation techniques.

While bonding techniques for Ethernet and other MAC-layer technologies have been around for a while, EFM's approach sidesteps the problem inherent in earlier bonding attempts. Bonding at the MAC layer typically means that lines have to run at the same speed. By contrast, EFM lets customers run Ethernet lines in a single bundle at any speed, be it 10Mbits/sec, 100Mbits/sec, or in the gigabit range.

Over in the WAN, Ethernet services will become the de-facto method for connecting corporate offices. Ethernet Virtual Connections (EVCs), a standard for creating ATM-like PVCs across Ethernet, will replace point-to-point circuits. Ethernet WANs will replace frame relay clouds with Virtual Private LAN Service (VPLS), a layer-2 VPN that will add security to EVCs to create LAN interconnect services. With VPLS emphasizing switching in the WAN, costs will be lower and IT will have new options available, such as eliminating routers at the remote office or reducing the number of WAN routers used.

The providers have enough to begin EVC and EFM deployments, but further standards development is a must. The Metro Ethernet Forum (MEF) has specified ATM-type bandwidth controls for EVCs, as well as VLANs to segment shared traffic, but VPLS needs more QoS and security features to handle mission-critical traffic. EFM is even less developed, using only traditional Ethernet mechanisms. Currently, the plan is to incorporate a number of existing 802.3 specifications instead of going with an EFM-specific scheme. Enhanced voice and video delivery is due next year.

All this work depends on internal RBOC politics. EFM is an obvious threat to lucrative T1 sales and even IP VPNs, and the Baby Bells are famously fond of ATM. After the expense of developing and deploying carrier-ready EFM on top of their current sunk costs, would a relatively low-cost Ethernet/DSL service yield a sufficient profit margin? Until the RBOCs can answer that question, deployment dates are moot.

Function: EFM bonds DSL lines together to create a multimegabit access pipe over copper lines. EVC offers PVC-like functions across Ethernet WANs.

Impact: These technologies could lower costs, provide higher access speeds, and simplify WAN maintenance and administration.

Winners: The RBOCs, facilities-based Ethernet providers, and vendors such as Cisco Systems, Hatteras Networks, and Extreme Networks.

Before IT can maximize its investment in emerging high-speed Ethernet services, TCP had better be fixed.

Common wisdom has it that if we just pumped up network bandwidth, throughput problems would be solved. Yet as academics and researchers have pointed out, high-speed networking pushes the limits of that old warhorse, TCP. If companies want to run Storage Area Networks (SANs), disaster recovery, and content delivery networks across the continent using new high-speed WAN services, a revision of TCP is in order.

To see why, let's suppose you want to dedicate a coast-to-coast 10 Gigabit Ethernet connection to a single file transfer between two supercomputers. How much bandwidth would the connection use? Would you believe 10Mbits/sec, or less than one tenth of a percent?

To date, several projects and proposals are aimed at reworking TCP. The NSF-funded Web100 project is applying some spit and polish to the old brute. Three other projects are looking at rewriting TCP from scratch. One of TCP's original architects, Sally Floyd, wrote an experimental RFC on the subject titled "HighSpeed TCP for Large Congestion Windows" (RFC 3649), and Tom Kelley of Cambridge has written a proposal called Scalable TCP. A third proposal, called Fast AQM (Active Queue Management) Scalable TCP (FAST), comes from a team at Caltech led by Steven Low, associate professor of computer science and electrical engineering.

All of these deal with the same basic problem-namely, that the amount of data that can traverse a network connection, called the Bandwidth Delay Product (BDP), has increased well beyond TCP's design points. With a high-speed network and sufficient delay, a sending host can empty its sending packet window before receiving an acknowledgement (ACK). The result? The sending station waits around for the ACK, squandering any available bandwidth in the meantime.

To put this in context, Floyd points out that a standard TCP connection with 1,500-byte packets and a 100ms round-trip time (the sort of performance on a coast-to-coast link), achieving a steady-state throughput of 10Gbits/sec, would require an average congestion window of at most one packet drop per 1 2/3 hours.

Note that the limitations of TCP only occur when sending large volumes of data across high-speed links that experience large amounts of delay. Low-speed networks, connections with low delay across high-speed networks, and low traffic volumes won't likely experience these problems. In short, this isn't a problem likely to hit every IT department tomorrow, but if Ethernet services take off, it has the potential to impact far more than just the supercomputer environment struggling with today's TCP baggage.

Of the new TCP approaches being proposed, it's hard to say which one will prevail. If it's a matter of major routing and end-node vendors adopting the technology, FAST may have the leg up. Cisco Systems is said to be looking closely at the protocol, and press reports have the Caltech team talking with Microsoft as well as Disney. But critics note that, unlike Floyd and Kelley's work, the Caltech project isn't currently in the public domain, a fact that could stymie adoption.

Function: Projects and proposals are under way to change TCP's windowing to support faster data transfers.

Impact: These changes will enable storage and other transfer-intensive applications to leverage high-speed transport over existing networks.

Business Process Automation
XML switching gives networks the smarts and power to implement the grandest of business strategies.

Business process automation is a grand term that begins with a simple device: the XML switch. As companies look to automate interbusiness processes, they need a way to ensure that incoming and outgoing XML documents are validated and directed to the right destination. Application switching, and more specifically XML switching, enables them to do just that. These devices inspect XML content for security threats and then switch those documents to their proper destination.

With XML switches deployed, businesses are in a better position to capitalize on the XML revolution-that is, if they can overcome the configuration options implicit in deploying those devices. With lots of ways to execute a business policy, the trick isn't just knowing how to process a business document, but knowing the best way to do it.

To gain the kind of cost reductions and productivity dividends that are possible through supply chain automation, IT needs to install a network that mirrors the functionality of the business processes driving it. This sort of business-driven network is only possible through application intelligence, which network managers can realize by deploying XML switching at the edge of their network.

These devices become the portals through which business partners communicate. An incoming XML document-for example, a purchase order for over $10,000 in widgets-can be prioritized with an XML-aware device that speeds the transaction cycle. This device can inspect, manage, and transform each data element, then switch on any combination of attributes relating to the network, such as the user, the server, or the content of the application itself.

The switch parses the incoming purchase order, inspecting the content for any anomalies. These anomalies may be as simple as parameters that don't conform with expected rules, or as sophisticated as detecting a virus or Denial of Service (DoS) attack. Once validated, the document's content is searched for key attributes. These attributes are then modified to secure and prepare the data for forwarding to the appropriate destination.

In truth, network managers could do much of the same by running these transformations on the application server. As the number of XML transactions and transformations grows, however, it becomes more economical for companies to off-load processor-intensive tasks onto dedicated units that offer a combination of ASIC-based content processing and parallel processing to improve performance.

An advanced hardware architecture is particularly important since Application-layer switches won't absorb XML functionality for another three to five years, or until they can maintain wirespeed throughput even with all XML-processing functions on line.

The major challenge with these products is configuring the precise policies needed to extract the most out of Application-layer switching. When you get into more complicated automation tasks that try to encompass business-wide processes, it's easy to create conflicting or only mildly effective policies. Since XML devices pull rules from existing policy servers, such as network and Web services management systems that cross business and administrative functions, the resulting metarules may need to be optimized for the network.

Function: Content switching forwards data at any granularity at the application level, while ensuring proper security and performance.

Impact: XML switching will be the foundation for business-to-business transaction processing, enabling all kinds of automated services.

With service-level management, IT will be able to orchestrate network equipment platforms that deliver services faster, easier, and cheaper than ever before.

It's a little known fact that IT departments, whether in midsize or large companies, are really service providers. Whether it's SAP, grid computing, or something as mundane as print and file services, if it touches the network, it's a service. And like any service provider, IT departments will increasingly have to guarantee and prove internal Service Level Agreements (SLAs) to the other departments paying for those services. It's a daunting task that will require the ability to translate high-level application requirements into low-level networking parameters, then track, enforce, and report on those service levels.

Service-level management does just that. The technology focuses on easing the delivery of services across the enterprise infrastructure. Just consider the complexity of deploying Voice over IP (VoIP), for example: TCP windows need to be configured, VLANs added, Access Control Lists (ACLs) created or altered, and QoS levels defined for every router and switch. All of these must be balanced against one another and against high-level rules and policies that might apply different grades of service for different types of applications. Today, installation and design can run 20 percent or more of a VoIP solution's equipment costs. If IT isn't careful, those costs will only escalate as more services traverse a corporate backbone.

There are numerous efforts in the industry that deal with the challenge of service-level management. The Internet Research Task Force (IRTF), the research twin to the IETF, is the most ambitious with its Services Management research group. This group is chartered to investigate new architectures, information models, and whole new protocols that converge systems and network management. Ultimately, the IRTF aims to lay the foundation for standards that enable management consoles to translate application-level requirements into low-level networking parameters and alter devices accordingly. The IRTF work has inspired two informational RFCs (3052 and 3387), with additional foundational documents expected over the next five years.

Other groups are pursuing subsets of IRTF activities. Within the IETF, the IP Flow Information Export (IPFIX) Working Group is working on standard technologies that will provide important measurement information upon which intelligent action can be taken. The Application Quality Resource Management (AQuaRiuM) committee, formed by The Open Group industry consortium, is looking into the management of Web services-based applications across a wide range of infrastructure devices. The Distributed Management Task Force (DMTF) supplies a number of standards that touch on a variety of items related to service management. This includes its Common Information Model (CIM).

A number of companies such as NetQoS and Prominence Networks deliver partial service management solutions today. NetQoS provides SuperAgent, which aims to help network managers deliver enforceable internal SLAs. Prominence claims that its MediaIP Service Control Solution enables network managers to guarantee end-to-end service quality for VoIP and video traffic by monitoring and adjusting the parameters of the underlying networking equipment from leading networking providers.

Function: Service-level management oversees networking elements as a single system, not as a collection of discrete objects.

Impact: The technology reduces deployment times and improves reliability and overall efficiencies of new application services within the network.

Winners: Aspects of systems management are being pursued by every major networking vendor. Small management vendors include NetQoS and Prominence Networks.

Ghost in the Machine
Networking products will disappear as their virtual replacements help IT slash costs and reduce risks.

If you knew of a technology that promised to improve security, reduce staffing costs, enhance organizational responsiveness, and make better use of your existing data center infrastructure, you'd be interested, right? That's the kind of cold-fusion hype surrounding virtualization. Yet today's hype could well be tomorrow's Best Bet technology.

While there's plenty of buzz around virtualization, it's certainly not a new concept. Mainframes have for decades been able to present a virtual machine environment to an OS and the applications running on it. What's new about virtualization is that it may soon be applicable to a wide range of heterogeneous server, storage, and networking systems.

With server virtualization, Windows, Linux, and NetWare can run on the same server without being aware of each other's presence. These OSs only see the virtual hardware presented to them, not the real hardware of the actual server.

Virtualization today is used to consolidate applications onto more powerful servers, much as was done with mainframes. It's also used to ease the task of creating OS and application images to run on servers, which lowers costs and provides for a much more secure environment. Virtual machines keep applications safely away from one another, and in the future will be able to provide such services as memory encryption without the hosted OS's participation.

The storage market has been tittering for years about virtualization. Storage Area Networks (SANs) and Network-Attached Systems (NASs) have always offered virtualization at the physical level. Now the industry has introduced the notion of virtualized storage at a higher level, where a number of arrays can be seen as a single pool of storage and meted out in whatever way makes sense. The results have been mixed at best, with systems lacking in both performance and management capabilities. The problem for the storage industry is that virtualization is a largely proprietary technology. The dirty little secret is that vendors would rather protect their margins than enable heterogeneous virtualization.

Finally, the network infrastructure itself is being virtualized. VLANs and layer-3 switching on very fast fabrics mean that new applications can now be fielded on existing systems without the need to recable network connections that would otherwise define pools of Web and application servers. While copious standards exist for creating a heterogeneous virtualized network, as a practical matter, management is still proprietary; those interested in the most advanced virtualization features must choose a single vendor solution.

Effective standards-based management is the key to realizing the full benefits of virtualization, and the best bet for this seems to lie with the Distributed Management Task Force's (DMTF) Common Information Model (CIM). CIM and the DMTF have been around for a long time, but new work holds promise. For example, a working group on server management is tackling ways to identify and manipulate bootable images, as well as retrieve information about running processes. Standards like these are the building blocks upon which heterogeneous virtualized systems will be built and managed.

Function: Virtualization abstracts physical devices such as server and storage systems to make them easier to manage.

Impact: A manageable virtual environment should improve security and ease the fielding and management of applications. The biggest impact will come when standardized management systems replace proprietary ones.