Steve Ballmer gets it. While he discusses a strategic interest in search, his head is really in the clouds and beyond (hello new operating system models); in the coming transformation many are calling cloud computing. I think he fully understands the cannibalization risk that Google is posing in the long term as it delivers increasingly sophisticated applications as a service.

Yet there is another storm now appearing on the horizon for cloud computing, in addition to some technology challenges facing the proliferation of virtualization in the data center. Collectively they represent substantial, multifaceted risks to the major technology players.

While the media buzz surrounding Google, Yahoo, VMware and Microsoft has been particularly deafening this summer -between exec changes and various staged media events- the real story beneath the headlines is about a long term positioning battle being played out today between Microsoft and a new generation of upstarts over the delivery of software and how it’s monetized.

The VMware versus Microsoft battle is really a precursor to the coming cloud computing dogfight between Microsoft and Google, because virtualization is a critical enabler of cloud computing. And cloud computing will make certain technologies and capabilities strategic in ways that weren’t possible when data centers were cumbersome and inflexible.

Hypervisor Economics 101

The hypervisor revolution ignited by VMware enables new levels of flexibility and efficiency for managing even the most complex data center infrastructure, with point and click server management and movement. Multiple virtual machines (servers) can share the same hardware, regardless of operating system and be easily moved from one hypervisor to the next.

That new level of flexibility can transform the economics of IT, by delivering servers and processing power on an as-needed basis, versus keeping all hardware powered on even if only for potential use. Yet electricity savings are only part of the value proposition.

By converting broad collections of servers running different dedicated operating systems into sets of VMs running on larger blade servers, IT departments can make changes with minimal effort and their racks and stacks can take up a fraction of the space as was previously required. That could mean major transformations for service providers and large enterprises delivering applications to growing sets of users and partners.

Reducing power consumption and increasing agility could set the stage for a substantial shift to cloud computing. Yet hurdles remain. It is likely that virtualization security concerns have played a factor in VMware’s recent lackluster execution in the data center in 2008. Virtualization security is one of the major hurdles to virtualization and cloud computing.

Virtualization Security

I’ve called the nature of many virtualized production deployments virtualization-lite, because data centers accept a lower payoff from virtualization (less flexibility, less consolidation, reduced savings on electricity, for example) in exchange for maintaining their security posture. Players like Blue Lane Technologies (my alma mater) and others will be among the first to see the transformation of the data center as they are capable of protecting fluid meshes of hypervisors, a limitation for many types of network security appliances. That limitation has boxed in many virtualization projects into hypervisor VLANs, which substantially erode the business case.

Two Promising I/O Front Ends

Moving VMs around across hardware can also tie up additional processing overhead, which makes VMotion less than ideal at this time. Companies like 3 Leaf Systems and Xsigo Systems are addressing these challenges. As they grow they’ll be yet another proof point of the expansion of virtualization beyond hypervisor-VLANS, as their products enable greater flexibility.

There are also compliance and change management issues that might slow virtualization down and inadvertently buy Microsoft enough time to establish an even larger foothold in the data center market. VMware has been very effective in leveraging its partner ecosystem in addressing these issues.

Yet cloud computing faces a fair share or risks, including the biggest security story of perhaps the last ten years: the Kaminsky DNS exploit.

The New Storm Cloud for Cloud Computing

The last few weeks have seen a massive explosion in commentary on the DNS exploit discovered by security researcher Dan Kaminsky, Director of Penetration Testing at IOActive. Since his discovery and an inadvertent series of blog posts DNS cache poisoning exploit attack code has been published; and yesterday a ZDnet blog by security expert Dancho Danchev sited DNS cache poisoning attempts reported from multiple sources. Recent research also notes that a majority of service providers have not patched their systems for the vulnerability.

Infoblox Vice President Cricket Liu, the author of DNS and Bind, called it one of the most significant vulnerabilities of all time. Ironically, he was on a DNS Security: Old Vulnerabilities, New Exploits webinar with Dan Kaminsky just days before the exploit code was published.

The DNS exploit threatens the core integrity of the Internet, as it allows hackers to redirect traffic from exploited servers to spoof sites where they can gather personal information and engage in identity theft on a scale we have yet to experience. That’s a bigger problem than when the “I Love You” virus inconvenienced computer users years ago; it is a major storm front for the future of cloud computing.

An untrusted Internet would be nothing short of an ecommerce disaster; its impact would go far beyond cloud computing. It would be a major disruption for the software as a service model, as well as many other business models that have grown with the Internet. That’s why I predict that core network services will become increasingly strategic to IT. The integrity of the network is about to matter even more than ever.

As reported previously at Archimedius, Google and others have made considerable strides in delivering software as a service. Their success could mean the eventual shrinking of the computer hard drive, the shrinking of the pre-installed software market, not to mention the shrinking of the shrink-wrapped software industry.

Microsoft seems to understand the risks and upside, and has focused on “search” as a strategic roadmap issue, along with their recent Hyper-V attack on VMware. Yet the real Microsoft adversary is Google-driven cloud computing, and the spoiler issue for all of them is an untrusted Internet. Until a few months ago, few saw this issue coming. But now the vulnerability is known, exploits have been published and apparently attacks are now being launched.

You will be hearing much more about these issues, players and risks in coming weeks and probably months as Google and Microsoft prepare for battle in the skies.

You can read my disclaimer at: About ARCHIMEDIUS.

Just breaking right now is that the DNS exploit (the energizer bunny of exploits that keeps going) just ran into another major issue. It looks like the DNS patch is being underminded by leading Firewalls. I’m looking into which vendors right now it’s being talked about that Cisco firewalls are affected.

Some are speculating that there’s an issue running even patched DNS servers behind NAT/PAT firewalls. I’m getting emails and IM that they defeat the port/source randominzation fix.

DNS vendors, services, firewall vendors are scrambling. I’m expecting responses from Cisco folks shortly.

But the major development might be that most leading (not just Cisco) firewalls have problems with the patch installed. Specifically I’m hearing a case that Cisco ASAs don’t randomize UDP ports when running in PAT mode.

More as this develops…

Update: In talking to friends this is not just Cisco product problem specifically, but more like Firewall implementation issue in general. The DNS exploit patches fix the nameservers but most DNS nameserviers sit behind firewalls. So now it appears that the Firewalls needs to be patched. Why? Because once you fix the nameservers it looks like the firewalls are now underminding the DNS nameserver patch.

NoJitter’s Eric Krapf’s been liveblogging the Gores/Siemens press conference this morning and nailed all the right quotes, including the spin. As expected, they are using Gore’s turnaround of Enterasys as an example. The turnaround was from dead to irrelevant. I’d hardly boast about that as a success story. Surely they have something better? This is the most press Enterasys has had since the late 90s.

Back on topic, I bring up Enterasys since Siemens current CCO Zimmerman states that Enterasys and SER will be rolled up under Siemens. I like this move as it give the JV some legs in the data world. Not much, but it’s worlds more than they had and at least a story to tell competitively against the 800lb gorilla that is Cisco. I hate to paint it as putting lipstick on a pig but unfortunately I think that’s how it’ll turn out given SEN’s state and pitiful marketshare/name of Enterasys. I’d be happy to be proved wrong as I’ve noted a few times in the past that Siemens tends to really get UC from a strategic perspective.

So, what does all this mean? Nothing for the immediate future. If you’re a Siemen’s customer, you’re probably in Europe and asleep by now, but you’re also happy that the Gores group will keep SEN mostly intact and keep support for current products on the same roadmap. They’ll be moving to a mostly software platform in voice and UC, a better late than never move. All in all, not much changes. Siemens will remain a small player in UC with a great story and it’s likely any foothold in voice will be eroded by Cisco, Microsoft and others in the UC wave.

The exploit is still out there.  Apple Still has not patched the DNS vunerability.  This vunerability here has been running for weeks in the security circles.  It feels like the energizer bunny of vunerabilities.  People just get the damn patch done will you!  Enough already.  Ok- my rant is done.

On Slashdot Steve Shockley notes an article up at TidBITS on Apple’s unexplained failure to patch the DNS vulnerability that we have been discussing for a few weeks now. “Apple uses the popular Internet Systems Consortium BIND DNS server, which was one of the first tools patched, but Apple has yet to include the fixed version in Mac OS X Server, despite being notified of vulnerability details early in the process and being informed of the coordinated patch release date.”

More good stuff on Slashdot below:

Related posts from Slashdot

Kaminsky’s DNS Attack Disclosed, Then Pulled

Intel, HP and Yahoo are joining forces for a joint research initiative according to PCWorld and TechCrunch. I thought only Google felt entitled to making announcements on forthcoming announcements. What could it be? HP and Intel makes a bit of sense given they ae hardware partners but how does Yahoo, exclusively a hardware company, fit? They promised an answer by 8am this morning. Here it is 9am and I haven’t seen anything so it’s speculation time. Here are some ideas tossed around to me and some friends:

1. A mobile device focusing on Yahoo’s mobile services - We all agree mobile is a huge evolving market but unless Yahoo comes up with a game changing killer app this is a bad idea. Even the agile giant google can’t seem to get their phone out on time. That brings up the other issue, how would it differentiate itself from smart phones and what would it use for transport?
2. Yahoo bloatware installed on all HP PCs - Okay, just like AOL back in the day but where does Intel fit in? …and this isn’t exactly a research initiative.
3. Cloud computer - Really a cloud computer is just a small step up from a dumb terminal. I’m not sure Yahoo has the resources and applications to compete with MSFT, google and all of web 2.0 in the cloud but it does make the most sense given the who’s who involved.

Update: Looks like #3 was at least partially right. Intel, HP and Yahoo have partnered to launch a cloud computing “test bed”. I’m not sure on the test bed part… Aren’t there plenty of companies doing cloud computing pretty darned well? The most interesting part is who’s not involved, meaning Google and Microsoft. They are clearly leaders in this space. Intel has very close business ties to Microsoft and HP some business and non-business ties to Google.

Alcatel-Lucent just posted a second-quarter net loss of 1.1 billion euros and said its chief executive, Patricia F. Russo, and its chairman, Serge Tchuruk is stepping down by the end of the year.

The NYTimes has the story. The net loss, equivalent to $1.7 billion, was vastly larger than analysts had expected, and far exceeded the 586 million euro loss in the April-June period last year. The loss resulted in large part from an 810 million euro ($1.27 billion) write-down related to the company’s CDMA technology business in North America.

Investors had grown increasingly impatient with Alcatel-Lucent’s management. The company has not posted a profit since it was formed in November 2006 through the merger of Lucent Technologies, based in Murray Hill, New Jersey, and Alcatel, which is based in Paris.

Alcatel-Lucent is struggling to find a management structure that will work post merger. Lucent once the darling of Wall Street has faded in recent years. Here is what they are saying at Alcatel… “It is now time that the company acquires a personality of its own, independent from its two predecessors.”

Alcatel-Lucent has seen the decline of its CDMA network business in the United States, which declined at a faster-than-expected pace in the quarter as “a key customer in North America” cut its capital spending. It did not identify the customer. Networks based on Code Division Multiple Access, a mobile-network technology that was a major part of the portfolio that Lucent Technologies brought to the merger, is losing ground globally to GSM, or Global System for Mobile Communications, and another standard called CDMA-A.

What is going on here? I see it as a multifold problem. The infrastructure is changing at many levels both on the carriers side and the enterprise side. CDMA is dying and the enterprise is very tight. Competition is cutthroat in enterprise infrastructure. Clearly a victory for Cisco. Alcatel-Lucent can’t lag and must focus on their core markets. Is this a case of ‘too many theaters”?

In both the carriers and enterprise markets Alcatel-Lucent can’t be laggards.

Robert McDowell wrote a piece for the Washington Post about the Internet Crisis. It worth reposting the story here. I’ve added some color of my own.

The year was 1987 and the Internet had a problem. It was growing (aka broken). What to do?

The loosely knit Internet engineering community rallied to improve an automated data “traffic cop” that prioritized applications and content needing “real time” delivery over those that would not suffer from delay. Their efforts unclogged the Internet and laid the foundation for what has become the greatest deregulatory success story of all time. (Of course the building blocks for the Web and other great networks).

The Internet has since weathered several such crises. Each time, engineers, academics, software developers, Web infrastructure builders and others have worked together to fix the problems. They have remained largely self-governing, self-funded and nonprofit, with volunteers acting on their own and not on behalf of their employers. No government owns or regulates them.

The Internet has flourished because it has operated under the principle that engineers, not politicians or bureaucrats, should solve engineering problems.

Today, a new challenge is upon us. Pipes are filling rapidly with “peer-to-peer” (”P2P”) file-sharing applications that crowd out other content and slow speeds for millions. Just as Napster produced an explosion of shared (largely pirated) music files in 1999, today’s P2P applications allow consumers to share movies. P2P providers store movies on users’ home and office computers to avoid building huge “server farms” of giant computers for this bandwidth-intensive data. When consumers download these videos, they call on thousands of computers across the Web to upload each of their small pieces. As a result, some consumers’ “last-mile” connections, especially connections over cable and wireless networks, get clogged. These electronic traffic jams slow the Internet for most consumers, a majority of whom do not use P2P software to watch videos or surf the Web.

At peak times, 5 percent of Internet consumers are using 90 percent of the available bandwidth because of the P2P explosion. This flood of data has created a tyranny by a minority. Slower speeds degrade the quality of the service that consumers have paid for and ultimately diminish America’s competitiveness globally.

While the Federal Communications Commission are trying to spur more competitive build-out of vital “last mile” facilities, especially fiber and wireless platforms, this congestion will not be resolved merely by building fatter and faster pipes.

Last summer, a new nongovernmental organization, the P4P Working Group, was formed to find a solution. The group has already field-tested dramatically increased delivery speeds of P2P content over cable networks (up 235 percent) and other networks (up 898 percent in some cases). It is working with industry and consumers to create a “P2P Bill of Rights and Responsibilities.”

Such dynamic work is progressing without a government mandate or regulatory framework. Soon, however, that could change.

Since the fall, the FCC has been considering allegations filed by public interest groups that cable operator Comcast violated FCC rules by “managing” or “interfering with” the upstream flow of certain P2P video applications, namely those of a company called BitTorrent. The allegations boil down to a suspicion that Comcast was motivated not by a need to manage its network but by a desire to discriminate against BitTorrent for anticompetitive reasons. Comcast maintains that any interference was imperceptible to consumers, occurred in minuscule amounts of time, and was limited to peak congestion periods and areas. Comcast and BitTorrent settled their dispute in March; in fact, they issued a statement saying in part that “these technical issues can be worked out through private business discussions without the need for government intervention.”

Despite this settlement, some are calling for the FCC to rule that Comcast’s actions were illegal and should be punished. Others contend that the FCC has no enforceable rules that apply to such situations and that the issue should be addressed through a rule-making proceeding, with an opportunity for public comment, or through congressional legislation. We have examined the arguments on both sides and are poised to decide the matter this week. But regardless of what that ruling stipulates, the issue of what constitutes appropriate Internet network management will be debated for some time.

Our Internet economy is the strongest in the world (debatable but not the fastest). It got that way not by government fiat but because interested parties worked together toward a common goal. As a worldwide network of networks, the Internet is the ultimate “wiki” environment — one that we all share, build, pay for and shape. Millions endeavor each day to keep it open and free. Since its early days as a government creation, it has migrated away from government regulation.

If we choose regulation over collaboration, we will be setting a precedent by thrusting politicians and bureaucrats into engineering decisions. Another concern is that as an institution, the FCC is incapable of deciding any issue in the nanoseconds that make up Internet time. And asking government to make these decisions could mean that every few years the ground rules would change based on election results. The Internet might grind to a halt in such a climate. It would certainly die of clogged arteries if network owners had to seek government permission before serving their customers by managing surges of information flow.

A better model would allow collaborative groups to continue to do what they have done for years. If they can’t reach an agreement, — which has never happened — then government could examine the situation and act accordingly. Sometimes shining sunlight on issues produces amazingly beneficial effects, and the public interest groups that raised the BitTorrent matter should be praised for doing so. Yet before venturing into the unknown, we should remember something President Bill Clinton said in 1997: “Governments should encourage industry self-regulation wherever appropriate and support the efforts of private-sector organizations to . . . facilitate the successful operation of the Internet.” What we do, or don’t do, will affect tomorrow’s networks. Let’s stick with what works and encourage collaboration over regulation.

Editors Note: we need more broadband and we need faster access. With advances at the computing power and HD like video it’s a matter of time that the US advantage diminishes (at all levels).

In this funny video a guy gambling at a casino trys to play a new game “5 Bud Stud”. Instead of throwing chips on the table he throws a bag of ’sticky bud’.

Enjoy the video - below

VMWare is planning a new datacenter.   Not in Palo Alto and not in Massachusetts.

According to Data Center Knowledge, VMware is planning to locate a new data center in East Wenatchee (North Central Washington), leasing no less than 100,000 square feet of space in a new facility being built by Sabey Corporation on its Intergate.Columbia campus. VMware will be the biggest leaser by far; their data center will take up about two-thirds of the 189,000 square foot second building.

Company spokeswoman Melinda Marks said that VMware will use its new data center to expand research and development.

Scott Berkun wrote a great post about experimentation and asks if you’re doing it in your company.

Recently, there has been a ton of talk about venture problems and what makes the best venture architecture (bootstrap, venture backed, or corporate). Putting all that nonsense aside for a minute I want to talk about experimentation. In emerging markets where there are more unknowns then knowns (and no great use case scenarios) you need to run experiments to get information. We see this in Unified Communications and Web 2.0

Some senior management executive and venture capitalists confuse this tactic with their staff’s or founder’s overall business vision, strategy, plan, and metrics.

Get information and requirements to reduce your risk for the investment in a new opportunity or venture. I love talking to managers and entrepreneurs who have long range plans then run experiments to get more clear information.

Scott writes: “One of the most tragic things I hear in management circles is this:

“I want to make a breakthrough happen. I really really do. But I don’t want to take any risks. How do I do that?”

If I’m honest, and say “Well that’s nice. It’s just, you see, well, it’s fundamentally impossible.” They walk away in search of another author dude who’s willing to pretend it isn’t.

The principle at work here is knowledge capture: if an innovation is something new, or something you haven’t done yet, you have to capture the knowledge and skills needed to do it. An experiment is one of the few ways to capture knowledge you don’t have. If there are no experiments, you are repeating yourself, and can’t possibly be putting new ideas into practice.”

For all entrepreneurs and strategic managers Scott Berkun’s article is an important read. I would add that if you raise venture capital or pitch senior management ona new idea, make sure you’re executives or venture partner (the guy/gal AND the firm) are crystal clear on difference between your vision/plan and experiments.