SF Archive
Internet Archive 
E-mail me

Copyright © 2002 John Zipperer unless indicated otherwise.

From and copyright by Internet World:

Internet Whirl
Insight into Your Assets
Relicore Has Big Plans to Leverage the Information about Your Systems

By John Zipperer

(07/01/02) Timing is not everything, but it's important. sometimes the same company gets timing right and wrong at the same time. Relicore Inc., for example, refers to itself in some of its media materials as "a leading provider of automated discover, tracking, and dependency mapping solutions," yet it just launched its first product this spring. Talk about rocketing to the top!

But in a different and more important way, it gets its timing right. It is launching its flagship product, Relicore Infrastructure Information Management (IIM), at a time when it can help enterprises deal with the increasing complexity of their hardware and software assets. The movement away from monolithic legacy systems toward distributed apps has created the opportunity for companies to come along and simplify the management of it all.

IIM automatically looks at an enterprise's system and finds infrastructure elements, such as applications, Web servers, databases, load balancers, and application servers. It maps those elements, as well as the interdependencies between them. IIM then tracks in real-time the changes made to those elements, giving the enterprise a view of its hardware and software systems, how they change, who changes them, and what other hardware and software is affected by those changes. In short, it's about making value out of knowing what you have.

Firdhaus Bhathena, Relicore's president and CEO, says the challenges of distributed, componentized systems are complexity, change, and scattered information. "Building a dependency map tells you exactly what dependencies exist at a granular level, giving you customer-centric and business-process-centric views of all of your systems," he says.

But, if you buy into my mantra that everything leads to business intelligence of one sort or another, then you also have to be a little eager to find out how a product like Relicore's will leverage its role as gatherer of such detailed information. Though Relicore obviously wants to concentrate on the launch of its product now as the company comes out of stealth mode, Bhathena isn't blind to the possibilities.

"We collect a tremendous amount of information that's useful [in] many ways," says Bhathena. "Over time, as people see the power of the information we provide, we believe they'll use it for a number of different things. Over time, we will think of new utilities to build on top of the fundamental Relicore infrastructure to leverage the information we're collecting."

For now, Relicore targets Global 2000 companies (a half-dozen of which-mostly high-tech or financial-services-have been early adopters of IIM). He says financial services companies are interested in its security and disaster-recovery role: "The question to them is, how do you recover from a disaster or a security violation if you don't know the exact system configuration before the disaster strikes?" Service providers and system integrators are also potential customers.

"We do not claim to be the enterprise systems management framework for large companies," says Bhathena. But "when we build this vertical map, it's information they could definitely use to monitor their systems."

Internet World readers are also looking at emerging technologies like Web services and grid computing, and those types of distributed computing resources are natural extensions of the distributed applications environment Bhathena is already dealing with. Reliability and trust will be two critical issues in those environments that involve inter-enterprise systems. "How do I as a business use a service your organization provides without a way of knowing if it is trustworthy?" he asks. "When those organizational boundaries start to be overcome, we will be there to assure people that these Relicore systems can securely communicate with each other to give each side the view to provide the reliability and trust that both sides need. We want to overcome those challenges for organizations, so they can truly capitalize on those changes that are here today and will really take off in the future."

Business Lab
Bayer Stabilizes Its Firewalls

By John Zipperer

(07/01/02) If Bayer Corp. wanted to make its business-to-business initiatives work, it knew it had to ensure that its customers, partners, and suppliers could transact with the chemical and pharmaceutical company online without having to worry about downtime or security. Failure for Bayer would be high profile and expensive.

"High profile" is a fitting description for pretty much everything Bayer does. Pittsburgh-based Bayer Corp., is the U.S. subsidiary of Bayer AG, a global healthcare conglomerate based in Leverkusen, Germany. The parent is known as a global leader not only in pharmaceuticals and chemicals but in sports sponsorship, (and that's not off-topic; it invests more than $10 million a year in its hometown soccer team, Bayer 04 Leverkusen, not just out of a love of sports, but also for the estimated nearly $100 million in advertising revenue value it gets from the team), corporate responsibility, and community involvement.

Bayer Corp. had $10.1 billion in sales in 2000 (about one-third of Bayer AG's global sales), nearly 23,200 employees, and more than 10,000 products-everything from that well-known Bayer Aspirin to plastics and insecticides. And though the need was to get the U.S.-based company's firewalls in shape to handle B2B transactions, it is also well connected to the parent company, so depending on how that data traffic is routed, some of Bayer AG's traffic may come through Bayer Corp.'s firewall.

The Challenge
It was to keep that traffic moving smoothly that the U.S. subsidiary undertook a major project to develop its B2B e-business. "It was a whole new infrastructure for us," says John Johnston, the IS security manager at Bayer Corp. "Our goals and requirements going in were that the infrastructure be totally redundant, failure tolerant."

Johnston was the manager of the process to find a solution that would make sure Bayer could rely on its network to handle e-commerce. He is responsible for the security of the data in Bayer Corp.'s network, and that mandate extends to its firewalls and transactions. Application security at Bayer is sometimes handled by a different set of staffers, but for the network and infrastructure, access controls and related issues, the responsibility lies with Johnston and his team.

Bayer Corp. has many locations and companies in the United States, and all of them that are involved in e-commerce needed to have their data routed through its main gateway, so the solution chosen for this project would have an impact on each of those efforts. Bayer's executive committee laid down a clear guideline: downtime is intolerable. "[Its] reason was that because of the B2B business that we were looking to dive into, we were going to rely heavily on business being done over the Internet," says Johnston. "If someone was in the middle of a million-dollar transaction and they got bumped off, that would be intolerable." A pleasant experience, on the other hand, would help prevent that user from going to a competitor, so 100-percent uptime became the mandate.

Johnston's technology team searched for solutions that would match the requirements. A hardware product came close to being chosen, but it fell by the wayside after further examination. The disadvantages to Johnston's team of a hardware solution was that it was a one-piece product that couldn't failover to another such product, unlike the firewalls, servers, and other elements in the environment.

So Bayer Corp. went with a software solution from Rainfinity called RainWall. "RainWall clusters the firewalls, and through clustering we make it fault tolerant," says Rieko Sato, director of product management at Rainfinity. "If one firewall goes down, we will then move over your existing connections to the other firewall, so the [online] customer never even knows there was a problem."

That's what it does at Bayer, where it runs with both of the company's Check Point firewalls and constantly checks their health. It keeps track of users at every moment, so it can pick up any failure that might occur and reroute the user to the working firewall. "Hardware is hardware," says Johnston. "It does fail." Making sure that the inevitable failures don't compromise the "downtime is intolerable" mandate required not quick recovery but no visible failure in the first place.

Johnston declines to discuss the cost of the system, but he says RainWall met his budget plans. Rainfinity says its product's pricing starts at $13,500 for each node.

Internet Business Solution
The etymology of Rainfinity goes back to the California Institute of Technology, which developed a software clustering technology called RAIN (for reliable array of independent nodes), working with NASA's Jet Propulsion Laboratory and the Defense Advanced Research Projects Agency (DARPA). The NASA connection is pertinent to the need for a no-downtime system. "You don't have IT in space," says Sato, "so you want to make a highly reliable computing environment so you don't have to send people out to fix it, and you don't want to use proprietary technology."

The company does focus on firewalls due to their critical positioning in the Internet business infrastructure: everything goes through them, and they "become the single point of failure and bottleneck, and that needs to be protected," says Sato. "And that's where you get viruses, need intrusion detection, and you want to make sure that you don't miss anything."

RainWall can handle up to 32 firewalls in a cluster, but rarely does it need to do more than one tenth of that. "Most customers have two, but [some] have three, maybe four," Sato says. "In enterprises, it's rare to see people who have large numbers in a cluster." She says other benefits of it include the ability to take a firewall offline for maintenance without affecting uptime (assuming the other firewall is healthy, of course). "You can take one firewall offline, all the traffic goes through the other firewall, and once the maintenance has been applied, you can add it back into the cluster," says Sato. "That's very important in a 24-by-7 environment, where you can't afford to have any downtime."

This summer, Rainfinity rolled out version 3.0 (a numeric jump from version 1.6, meant to symbolize a brand new architecture for the product and what the company refers to as a major upgrade and improved features). The new features include: Web-based console, for anytime, anywhere access for managers; automated configuration, so you can configure multiple nodes automatically instead of manually; and improved reporting. A sister product, RainConnect, can integrate with RainWall to deal with high-availability load balancing for Internet access (for example, to do load balancing between two different Internet service providers).

So what was the final verdict for Bayer Corp., which has so much riding on the dependability of its firewalls? Johnston says it was a solid success. "I didn't want to get calls from executives saying 'You're costing a million dollars a day because you didn't get the right thing,'" he says. And, as he knew would happen, the firewall has indeed failed since Rainfinity's product was installed, "and the RainWall did very well."

In the world of movie special effects, the best special effects are said to be those you don't even notice; if you did notice them, then they weren't created properly. So it is with the firewall protection that Bayer Corp. put into place, ensuring Johnston and his staff don't get flack from users. "It's in place," he says. "We don't hear about it."

Mission accomplished.

Reality Check
Help Wanted: Security Management

By John Zipperer

(07/01/02) Starting an information security firm these days might seem a little like pulling up to a department store with a truck full of Tickle Me Elmos two days before Christmas. The need is so obvious that even with another dozen competitors selling Elmos from trucks right next to you, you've got a good chance of fattening your wallet. But-and the analogy admittedly breaks down here-the situation is so critical to users' businesses and the need to understand it is so great that each new security vendor has a real chance of adding something important, especially if it focuses on a weak spot, such as managing the whole mess.

"It's a mess," agrees Stephen Crutchley, chief security officer of 4FrontSecurity, a new information security infrastructure provider and services firm.

"It's a very fragmented market; there are so many security [vendors] out there," says Christopher Parker, 4Front's CEO. "The problem with security is that it's always a retrofit. People say, 'You're the nearest guy to the door, so you're going to look after it now.'"

The human factor is important, but the humans will need the technology that not only helps them monitor and provision and set policies, but that will also give them robust reporting in multiple forms that will help them sell the security message throughout the organization. Luckily, more and more vendors are addressing those issues. "We're absolutely seeing management being crucial in any type of protection," says Steve Quane, product group manager for antivirus maker Trend Micro. He says customers are demanding greater management, and "the most demanding aspect of management has been reporting."

Still another aspect of the management and communications picture is being addressed by the folks from Baltimore Technologies, who recently announced SelectAccess 5.0., a single-sign-on solution that uses SAML (security assertions markup language, based in part on XML) to let two organizations exchange security data on users. Each company involved in the exchange could deploy very different access and authorization products. "One could be using Netegrity's SiteMinder and the other could be using SelectAccess 5.0, and the two companies could readily put up a partnership relationship," says Joyce Fai, vice president of access and authorization products at Baltimore. "As far as the users are concerned, they don't see anything different," says Fai.

Dealing with different languages, different security appliances, different corporate security policies, and more is a challenge that we're glad to see companies are starting to address. But-like the masses of parents fighting over the Tickle Me Elmo dolls-the market is there.

Case Study
Power Play
American Power Conversion's Solution Helps Microsoft Keep Its Tech Center Humming

By John Zipperer

(07/01/02) As any monarch could tell you, enjoying power is about having enough of it and having it at the right times. The world of data centers is similar. They need power-lots of it-and they need it all the time; it doesn't matter if the power was running yesterday; if it's not running today or if it's not available to all of the necessary machines that need it, the center can't do business.

The Microsoft Technology Center-Silicon Valley, which was launched in March 2001, is one of four centers in the United States, all of which are part of Microsoft Consulting Services. The company uses them to work with enterprise customers to develop and deploy solutions on the Microsoft .Net platform. The Silicon Valley center, the largest of the company's centers so far, is located in Mountain View, Calif., and is a showcase for the digerati companies densely populating the surrounding suburbs.

Though the center is part of a large campus for Microsoft, it has its own power issues. "We need to make sure that we're showcasing the best-in-class technology," says Navdip Bhachech, the center's managing consultant and lab manager. "We've always had APC [American Power Conversion] for power management for backup and power generation systems." Then it heard about APC's PowerStruXure, an architecture for power-distribution systems. "What it allows us to do is take a modular approach. Microsoft is really big on the concept of scale-out. In a Web farm, for example, if I have six Web servers today and my system cannot handle that load, it should be easy to add another one. And that's the way we think of power, too," he says.

Instead of having one big system in the back of the data center (actually, the Microsoft center previously had two such big systems), it now offloads it and fits the UPS (uninterrupted power supply) and power-management equipment into the racks themselves. Bhachech says the lab is provisioned better than it was before, and the 'pay as you go' approach resonates well with Microsoft's strategy.

Reliability is very important, and because it was happy with APC's reliability with its previous products, Microsoft felt good about deploying the PowerStruXure architecture for its clients to use. "This is northern California," Bhachech says. "With the power outages last summer, we wanted to make sure we had a power source in place."

What Microsoft installed at its Technology Center is a 40-kilowatt UPS system with a PDU (power distribution unit); it has a total of 12 racks.

A self-described "software guy," Bhachech says one of the benefits of PowerStruXure is that it allows people like him to make changes to some of the high-end server racks that previously were off-limits. "We had to pay thousands of dollars every time we wanted to make a change to those machines before," says Bhachech. "The good thing about having the APC boxes here is that they're pretty much snap-on power supplies."

Russell Senesac, APC's communications director for PowerStruXure, says that adaptability is even more important for a site like the tech centers, because as a test environment, it may be using one type of servers one week, and then another the next. With a number of different plugs and cords-some of which require extensive reworking of the racks-the complexity would mean many of those expensive calls to the outside electricians.