Linux, Windows or both? Doesn't matter to virtual desktop vendor, Ulteo

Ulteo is poised to offer commercial support for its free virtual desktop infrastructure (VDI) software, which the open-source startup says will cost companies a fraction of established offerings from Citrix Systems Inc., Microsoft Corp. and VMware Inc., while offering, in some cases, more choice in platforms. Neither the Microsoft nor the Citrix app can deliver Linux apps, according to Koehrlen. The Paris-based company has already released a second version of its Open Virtual Desktop software, which lets companies host Windows and Linux apps on the same server and then stream them to remote desktop or laptop PCs. The software has been downloaded by tens of thousands of users, mostly IT managers who have been testing OVD as a less expensive, more flexible substitute for Microsoft's Terminal Services or Citrix's XenApp (formerly MetaFrame Server), according to CEO Thierry Koehrlen. VMware's technology, like Ulteo's, can support either OS, he said.

Ulteo hasn't finalized prices for its enterprise support plan, though Koehrlen said it "will be very cheap compared to Citrix or VMware. Dual OS support is something cost-conscious IT managers are seeking, Koehrlen said, since it enables them to reserve pricier Windows for power users, and then offer free Linux to the rest. "We have several dozen users who are using OVD today to manage several hundred users each in production, and are itching to go into the thousands," Koehrlen said in a phone interview. We want it to be a no-brainer in terms of cost compared to the big guys." Ulteo was co-founded by Gael Duval, founder of Mandrake Linux (now Mandriva) , and Koehrlen, who co-founded Intalio, which makes an open-source business process management software. Though called Open Virtual Desktop, Koehrlen said the current version of the software is neither true desktop nor application virtualization. It is small - 10 employees - though Koehrlen said that development and testing is aided by hundreds of contributors.

Rather, Open Virtual Desktop's "session virtualization" technology rides on top of simple streaming technology such as Terminal Services to paint the screens of users with Java-enabled Web browsers running on their clients, said Koehrlen. Companies won't start adopting application virtualization en masse until they start planning their upgrades from Windows XP to Windows 7 , he said. Applications can be hosted at Amazon's EC2. Ulteo is working on offering true application virtualization , but Koehrlen said it's not urgent. Eric Lai covers Windows and Linux, desktop applications, databases and business intelligence for Computerworld . Follow Eric on Twitter at @ericylai , send e-mail to elai@computerworld.com or subscribe to Eric's RSS feed . Read more about virtualization in Computerworld's Virtualization Knowledge Center.

Scientists, IT Community Await Exascale Computers

The race is on to develop a new generation of far more powerful supercomputers that could help solve some of the world's most vexing problems. Scientists also expect exascale systems to help them come up with processes for creating biofuels from weeds rather than corn. Exascale supercomputers, expected to appear by 2018, could, for example, play a significant role in efforts to combat climate change or develop ultra-long-life batteries for powering automobiles. Much of the work at various national labs to design and develop the new systems is funded by corporations that hope their IT operations can take advantage of the new technologies.

The need for exascale systems, and the difficulties developers face in trying to boost hardware performance without soaking up excessive megawatts of power, was widely discussed among many of the estimated 11,000 people who gathered last month in Portland, Ore., for the SC09 supercomputing conference. "There are serious exascale-class problems that just cannot be solved in any reasonable amount of time with the computers that we have today," said Buddy Bland, project director at the Oak Ridge Leadership Computing Facility in Oak Ridge, Tenn. For example, the next generation of supercomputers could be used to solve big programming problems and allow for the development of a new generation of scientific and business applications. The world's fastest supercomputer today, a Cray XT5 system at Oak Ridge National Laboratory that's known as Jaguar, has a peak performance of 2.3 petaflops. The total capacity of the latest Top500 list of the most powerful supercomputers , released at SC09, was 27.6 petaflops, up from 22.6 petaflops in the previous list, released in June. A petaflop is a quadrillion, or 1,000 trillion, sustained floating-point operations per second.

One exaflop is 1,000 times faster than a petaflop - performing 1 quintillion, or 1 million trillion calculations per second. "We think exascale is a 100 million-core kind of enterprise," said Dave Turek, vice president of deep computing at IBM. In mid-2008, IBM's Roadrunner supercomputer - a hybrid system that runs both AMD's Opteron processors and Cell chips designed by IBM, Toshiba Corp. and Sony Corp. - was the first to achieve petaflop speeds. These future systems must use less memory per core and more memory bandwidth. Now the U.S. Department of Energy has started making plans to build an exascale system that's 1,000 times more powerful than Jaguar. Systems running 100 million cores will face continuous core failures, and the tools for dealing with them will have to be rethought "in a dramatic kind of way," said Turek. Addison Snell, CEO of InterSect360 Research, expects general-purpose exascale systems to come out of the supercomputer research efforts, though he predicts that "special-purpose [systems] will probably come first." Stephen Lawson of the IDG News Service contributed to this story.

Sharing Data Securely to Foster Product Development

Boston Scientific wants to tear down barriers that prevent product developers from accessing the research that went into its successful medical devices so that they can create new products faster. It's a classic corporate data privacy problem. "The more info you give knowledge workers, the more effective they can be in creating a lot of value for the company," says Boris Evelson, a principal analyst at Forrester. "This creates disclosure risks-that someone's going to walk away with the data and give it to a competitor." To read more on this topic, see: Security Breaches: Three Tools for Preventing Data Loss and Sustainable Innovation at Boston Scientific. But making data too easily accessible could open the way to theft of information potentially worth millions or billions of dollars.

This tension compels the $8 billion company to seek out software that allows the broader engineering community to share knowledge while managing access to product development data, says Jude Currier, cardiovascular knowledge management and innovation practices lead at Boston Scientific. That is, regularly monitor who's accessing what and adjust permissions as business conditions change. Active security is the way to address this problem, Currier says. Open but Protected Keeping the pipeline of new stents, pacemakers and catheters fresh is especially important because heart-related items account for 80 percent of Boston Scientific's sales. Boston Scientific had inherited regulatory problems from acquisitions it made during that time.

Over the past few years engineers have been focused on quality system improvements, Currier says. Now that those situations are addressed, the company is ready to reinvigorate internal innovation, he says. Before, Boston Scientific's product developers worked in silos with limited access to research by colleagues on different product lines. Boston Scientific is piloting Invention Machine's Goldfire software, which, Currier says, provides the right mix of openness and security for data. Information was so locked down that even if scientists found something useful from a past project, they often didn't have access to it. "We're changing that," Currier says. It combines internal company data with information from public sources, such as federal government databases.

Goldfire makes an automated workflow out of such tasks as analyzing markets and milking a company's intellectual property. Researchers can use the software to find connections among different sources, for instance by highlighting similar ideas. The goal is to have any engineer access any other's research. "The people in trenches can't wait for [that] day to arrive," he says. Engineers can use such analysis to get ideas for new products and begin to study their feasibility. Although the goal is more openness, not all data stays open forever. He adds that since installing Goldfire, patent applications are up compared to similar engineering groups that do not use the Goldfire tool. "We have had to educate [people] that we aren't throwing security out the window [but] making valuable knowledge available to the organization," he says.

For example, as a project gets closer to the patent application stage, access to the data about it is clipped to fewer people, Currier says. Senior Editor Kim S. Nash can be reached at knash@cio.com. Follow me on Twitter @knash99. Follow everything from CIO Magazine @CIOMagazine. Do you Tweet?

Apple customer collates 27-in. iMac display problems

A large number of problems with new iMacs, especially the top-of-the-line 27-in. model, has prompted one user to create a site that tallies issues ranging from cracked screens to flickering displays. Core i7-based iMac arrived with a broken screen. Canadian Web designer Scott Pronych created the Apple iMac (Fall 2009) Issues site to track the problems, in part because his new 27-in. By digging through Apple's support forum, Pronych identified 343 different users who had reported problems with their new machines.

On Apple's support forum, customers have reported receiving iMac displays with shattered glass, most of the time in the lower left corner of the screen. Cracked screens have garnered the most attention from bloggers and the media. The bulk of the cracked-screen problems have been reported by people who purchased a new iMac equipped with Intel's Core i7 quad-core processor . Apple unveiled the quad-core iMacs, along with revamped dual-core models in both 21.5- and 27-in sizes, on Oct. 20 as part of a broad product refresh that also debuted a redesigned MacBook and a new Mac mini-based server. Screen will go completely black for a second and then come back on. The cracked screen issue was actually low on the list, with just 54 incidents out of the 343, or 16%. The most widespread problem was a screen that flickered, "tore" or just went black: 179 cases, or 52% of the total. "That shocked me, too," said Pronych today. "But the thread is huge." The support thread Pronych referred to had more than 1,000 individual messages as of early Monday, with a view count of over 144,000, easily the most read of those on the iMac forum discussing problems. "I have been experiencing some problems with the all new iMac 27-inch display," said Jan Sampermans , who kicked off the thread on Oct. 27. "Screen distortion/flicker somewhere random in the screen (feels like it is more in the lower part) that looks like a horizontal bar of about 2-3inches just popping in and out of the screen.

Sometimes 2-3 times in a row." Although many users who reported the flickering said Apple had exchanged their iMacs, some noted that they had gone through as many as three machines before getting a defect-free system. In the first place, the best reason why I wanted iMac 27-in is the screen, so without this, why the **** would I spend money on this?" Kim was eventually given a third iMac, but that one sported shattered glass. Others complained about the solutions Apple support had suggested, or said they had run into roadblocks. "[The second] iMac had dust underneath the glass and a dead pixel," said Minsoo Kim Sunday on the "New iMac 27inch screen flickering/tearing/shutoff" thread. "Since it was a cluster of dust, I had a valid reason for it to be swapped and again, drove 40 minutes to the Apple Store. "There, the genius told me that without saying sorry for any inconvenience I may [have] had, 'Apple will not exchange any further iMac for minor screen problem like this.' I was shocked. Pronych, however, remained a loyal Mac user. "I got a replacement, and it's worked fine," he said. "I haven't encountered any of the other problems people have been reporting." The flickering display problem is not limited to the quad-core iMacs; of the 179 total cases Pronych documented, 94 involve dual-core iMacs, while 85 involve an i5- or i7-powered iMac. iMac have been posted on Apple's support forum. More than 81% of all the problems he cited, however, were for the 27-in. model; relatively few reports of issues with the smaller 21.5-in.

According to Pronych's analysis, more-recent iMac production runs have not exhibited as many problems as the Week 46 and Week 47 batches. Customers can log their problem with Pronych's Web site by filling out an online form . Apple did not respond to a request for comment on the iMac issues that Pronych collated.

eEye scans for vulnerabilities, compliance problems

EEye Digital Security today unveiled a compliance and security management tool that can be used to ensure endpoint computers meet vulnerability-assessment standards required by various industry regulations.  Security management compliance and the cloud |View this product in a slideshow The Retina CS Compliance and Security vulnerability-management tool can generate reports to indicate whether corporate assets are in conformance with compliance initiatives including the Payment Card Industry (PCI) data security rules; healthcare's Health Insurance Portability and Accountability Act (HIPAA); Gramm-Leach-Bliley for the financial industry; and the federal government's Federal Information Security Management Act (FISMA) guidelines. Retina CA Compliance and Security leverages eEye's Retina Network Security Scanner and Blink Endpoint Protection to perform vulnerability scanning and centralize reporting via the compliance and security management console that Haber says was written in the Adobe Flex technology rather than simple HTML. Retina CS Compliance and Security is being offered in three forms: on-premises software, as a managed service, and an appliance option. Morey Haber, vice president of business development at eEye, says Retina CS Compliance and Security will also add support for the federal Security Content Automated Protocol specifications by early next year. "This is workflow-oriented with vulnerability scans, and we're creating vulnerability reports that are business-oriented based on compliance practices," Haber says.

Software pricing starts at $10,000 for 256 IP addresses, and the managed service starts at $7,548. These options are available today. The cost for the hardware appliance, which will be available by early next year, hasn't been released.

You've got questions, Aardvark Mobile has answers

Aardvark has taken a different tack with search. And now the people behind Aardvark are bringing that same approach to the iPhone and iPod touch. The online service figures it's sometimes more productive to ask a question of an actual person-usually someone from within your social network-rather than brave the vagaries of a search engine and its sometimes irrelevant answers. Aardvark Mobile actually arrived in the App Store nearly a week ago.

Aardvark Mobile tackles the same problem as the Aardvark Web site-dealing with subjective searches where two people might type in the same keywords but be searching for two completely different things. "Search engines by design struggle with these types of queries," Aardvark CEO Max Ventilla said. But developer Vark.com waited until Tuesday to take the wraps off the mobile version of its social question-and-answer service. What Aardvark does is tap into your social networks and contacts on Facebook, Twitter, Gmail, and elsewhere to track down answers to questions that might otherwise flummox a search engine-things like "Where's a good place to eat in this neighborhood?" or "Where should I stay when I visit London?" With Aadvark's Web service, you'd send a message through your IM client to Aardvark; the service then figures out who in your network (and in their extended network) might be able to answer the question and asks them on your behalf. The majority of questions are answered in less than five minutes. Ventilla says that 90 percent of the questions asked via Aardvark get answered.

The iPhone version of Aardvark works much the same way. The service pings people for an answer, and sends you a push notification when there's a reply. Instead of an IM, you type a message directly into the app, tag it with the appropriate categories, and send it off to Aardvark. In previewing the app, I asked a question about affordable hotels in Central London-two responses came back within about three minutes from other Aardvark users. If you shake your mobile device when you're on the Answer tab, Aardvark Mobile looks up any unanswered questions that you may be able to provide a response for (while also producing a very alarming aardvark-like noise). "We think Aardvark is particularly well-suited to mobile, and especially the iPhone given how rich that platform is to develop for," Ventilla said.

In addition to push notifications, Aardvark Mobile also taps into the iPhone's built-in location features to automatically detect your location-a feature that can help when you're asking about local hotspots. You don't have to already be using Aardvark's online service to take advantage of the mobile app. Aardvark Mobile requires the iPhone OS 3.0. The free Aardvark Mobile app lets you set up a profile on your iPhone or iPod touch; Facebook Connect integration helps you instantly build up a network of friends who are also using the service.

Windows Marketplace reveals fragmentation

Microsoft is making its Windows Marketplace for Mobile available to phones running older versions of its mobile software, although not all of the apps may be available to all Windows Mobile users. The Marketplace was initially only accessible by users of Microsoft's most recent software, Windows Mobile 6.5. It also said that the store now has 800 apps, triple the number available at the launch of the store in October. On Monday, Microsoft said users of phones running Windows Mobile 6.0 and 6.1 can now shop for and download apps from its Marketplace. But not all of those are available to everyone.

The discrepancy between the total number of apps and the number of apps in the online store demonstrates the downside to a business model like Microsoft's, with an OS that can be used on different kinds of phones. Microsoft's Web site that lets anyone browse through the Marketplace has just 376 applications. "People may not see all of them on the Marketplace website or smartphone catalogue, either because of regional access or because certain apps have specific device requirements such as GPS, screen sizes, etc.," Todd Brix, senior director of mobile services and platform product management for Microsoft, said in an e-mailed statement. The model allows end-users the luxury of choosing the phone design they prefer, but it comes with limitations in interoperability. The Android Market has 12,000 apps and so far doesn't seem to have significant issues with application interoperability. However, Google's Android operating system is also running on phones with different form factors.

Apple is on the other end of the spectrum, because it makes both the software and the hardware and also runs the app store. Microsoft says there are more than 18,000 commercial applications available for Windows Mobile. That vertical integration is at least part of the reason that there are now 100,000 applications in the iPhone App Store. Developers of those apps must submit them in order for them to appear in the new Marketplace. Otherwise, they are only available through third-party sites. "Windows Marketplace for Mobile will not aggregate all available applications, but rather provide customers with a single source for purchasing quality tested applications backed by a money back guarantee," Microsoft said in a statement.

Detailing contingency planning

On Oct. 27, 2009, the National Institute of Standards and Technology (NIST) Information Technology Laboratory (ITL) Computer Security Division (CSD) published Special Publication (SP) 800-34 Revision (Rev) 1, "DRAFT Contingency Planning Guide for Federal Information Systems" and requested comments from readers by Jan. 6, 2010. The official announcement described the SP as follows: SP 800-34 Revision 1 is intended to help organizations by providing instructions, recommendations, and considerations for federal information system contingency planning. The guide defines a seven-step contingency planning process that an organization may apply to develop and maintain a viable contingency planning program for their information systems. Contingency planning refers to interim measures to recover information system services after a disruption. The guide also presents three sample formats for developing an information system contingency plan based on low, moderate, or high impact level, as defined by Federal Information Processing Standard (FIPS) 199, Standards for Security Categorization of Federal Information and Information Systems.

Authors Marianne Swanson, Pauline Bowen, Amy Wohl Phillips, Dean Gallup, and David Lynes include two of the six authors of the June 2002 original version of SP 800-34 (Swanson, Wohl, Lucinda Pope, Tim Grance, Joan Hash and Ray Thomas) and have, as usual for NIST ITL CSD, done a superb job of preparing a framework that lays out a sound basis for business continuity planning (BCP). The 150-page SP begins with an introduction presenting the purpose, scope and audience for 800-34 Rev 1. Page 13 of the PDF file describes the purpose as providing "guidelines to individuals responsible for preparing and maintaining information system contingency plans (ISCP). The document discusses essential contingency plan elements and processes, highlights specific considerations and concerns associated with contingency planning for various types of information system platforms, and provides examples to assist readers in developing their own ISCPs." This document explicitly excludes discussion of disaster recovery. Despite the inclusion of "for Federal Information Systems" in the title, SP 800-34 Rev 1 has a great deal of value for all information assurance and business continuity specialists. The scope is defined as "recommended guidelines for federal organizations"(p 14) and the audience is "managers within federal organizations and those individuals responsible for information systems or security at system and operational levels. Indeed, the authors write, "The concepts presented in this document are specific to government systems, but may be used by private and commercial organizations, including contractor systems." They then list a wide range of specific job titles of people likely to find the document useful, including IT managers, CIOs, systems engineers, and system architects. It is also written to assist emergency management personnel who coordinate facility-level contingencies with supporting information system contingency planning activities."(p 15) However, references to Federal Information Processing Standards (FIPS) in no way prevents the guidelines from serving organizations outside the U.S. federal government.

The authors describe the structure of the document clearly as follows (p16): • Section 2, Background, provides background information about contingency planning, including the purpose of various security and emergency management-related plans, their relationships to ISCPs, and how the plans are integrated into an organization's overall resilience strategy by implementing the six steps of the Risk Management Framework (RMF)…. • Section 3, Information System Contingency Planning Process, details the fundamental planning principles necessary for developing an effective contingency capability. This section presents contingency planning guidelines for all elements of the planning cycle, including business impact analysis, alternate site selection, and recovery strategies. The principles outlined in this section are applicable to all information systems. The section also discusses the development of contingency plan teams and the roles and responsibilities commonly assigned to personnel during plan activation. • Section 4, Information System Contingency Plan Development, breaks down the activities necessary to document the contingency strategy and develop the ISCP. Maintaining, testing, training, and exercising the contingency plan are also discussed in this section. • Section 5, Technical Contingency Planning Considerations, describes contingency planning concerns specific to the information systems listed in Section 1.3, Scope. The nine appendices provide practical templates and checklists of great utility in BCP. There is so much valuable information here that is offered in a structured, clear presentation that every IA professional concerned with BCP should read – and, I hope, comment on – this draft publication.

This section helps contingency planners identify, select, and implement the appropriate technical contingency measures for their given systems.

Apple leaves Chamber of Commerce, citing green policies

Don't look for any Apple executives at the next U.S. Chamber of Commerce mixer wearing any of those "Hello, My Name is..." stickers. The trade group has been a very vocal opponent of current legislative efforts to reduce greenhouse gasses Apple's resignation comes in the wake of comments last week from Chamber of Commerce president Thomas J. Donohue who said that his group supported federal legislation to reduce carbon emissions but criticized a bill passed by the House of Representatives this summer "because it is neither comprehensive nor international, and it falls short on moving renewable and alternative technologies into the marketplace and enabling our transition to a lower carbon future." That was apparently the final straw for Apple, which has made a strong push to reduce the environmental impact of its products in recent years. The computer maker has resigned its membership in the business trade organization, citing opposition to the U.S. Chamber of Commerce's stance on greenhouse gasses. In a letter to Donohue, Catherine A. Novelli, the company's vice president of worldwide government affairs wrote: As a company we are working hard to reduce our own greenhouse gas emissions by relying on renewable energy at our facilities and designing more energy-efficient products for our customers. ... For those companies who cannot or will not do the same, Apple supports regulating greenhouse gas emissions, and it is frustrating to find the Chamber at odds with us in this effort.

The Washington Post reports that three other companies have pulled out of the group because of its climate policy-Pacific Gas and Electric, PNM Resources, and Exelon. Apple's not the only company to part ways with the U.S. Chamber of Commerce over this issue. A fourth company, Nike, resigned from the Chamber of Commerce board, but remains a member. [Hat Tip: SFGate.com's Bottom Line blog]

Acresso who? Macrovision spinoff changes name, again

Under a legal threat from another software firm with a similar name, Acresso Software Inc. is changing its name to Flexera Software after just 19 months. Acresso sells software such as software its installation utility, InstallShield, and software license manager, FLEXnet, to software vendors and enterprises. The company will officially announce the change next Tuesday, but had already notified partners and customers on Thursday.

It was spun out of Macrovision Corp. after the unit was acquired by venture capital firm Thoma Brava Cressley in April 2008. Macrovision retained the digital rights management (DRM) apps for which it is best-known. Acresso, which the company said was derived from the Latin word "Cresco" for "to grow, increase" faced a "challenge" on its name from ERP software maker Agresso Software , said Randy Littleson, senior vice-president of marketing for Acresso. "Our executive team decided that there were better ways to invest our time and money, and that we didn't need this distraction," Littleson said. "The action we're taking will let us avoid a potential lawsuit." Acresso did not immediately return an e-mailed request for comment. It changed its company name in July to Rovi Corporation. Acresso was founded in 1980 and has annual revenue of about $475 million. That dwarfs Acresso, which has 375 employees and annual revenues of $115 million.

It also has 3,500 employees at 16 offices globally. Flexera will be the fourth name in five years facing long-time users of InstallShield, which was bought by Macrovision in 2004. Perhaps predictably, early public reaction to the new name tended towards the sarcastic. "As if the makers of InstallShield hadn't already done enough damage to their brand, let's just go change names yet again!" wrote Christopher Painter, an InstallShield consultant, on his blog yesterday. "Acresso Software is becoming Flexera Software for no apparent reason. Littleson said the company considered changing its name to Installshield, being that it is its best-known product, but ultimately came to the conclusion that it didn't represent the breadth of its application stable. Go ahead. #ScrambleMyBrands," another tweet said. He dismissed the notion, brought up by some bloggers , that the new name will cause legal trouble or just confusion with a solar and wind power company Flexera. "We're quite aware of it.

We think this is very different, compared to when it was two software companies." That's one of the reasons why it's Flexera Software," he said. "How similar are we to an energy company?