Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Wallstreet is freeking out over this! Gotta love it! Jeff
Anybody listening to CNBC right now? Apple is going to finally offer premium Disney movies for download via "a platform". ITV on it's way! We know largest shareholder of Disney is Jobs himself. "Apple offering the hardware that makes this all possible". Barge, you must going crazy right now?! Jeff
LMAO! If this community got on board this stock would fly! Jeff
Picked up a 1000 shares for a whopping .072 LOL.
nick: It's true and it's big. It's also very simple. Virtualization technology cannot function securely without the TPM. Wave provides the only TPM enabling software that interfaces with ALL TPM's. Another point is that it won't matter if the network is NAC, NAP or TNC.... Wave ETS will be upgraded. The scale of this investment is truly amazing for us! Jeff
cs: Eventually "Wintel" will need to change to "WinteleWave". That "in a nutshell" is what's really going on here from 2007 to 2000?...... Jeff
guv: vpro does require a TPM. Jeff
Intel VT vs. AMD Pacifica
The two chipmakers are building virtualization support right into the CPU. Will it virtualize Microsoft's monopoly?
By Andy Dornan Utilities
Print this article
E-mail this article
Reprint this article
License this article
Discuss this article
Related Links
AMD's Outside Chance / Who's Counting? / You Don't Say
Tripping On Power
Ultra Wideband's Ultrawide Ambition
Intel's Centrino
Removing Impediments to Progress
Shoot-out At the Multicore Corral
The Nth Wi-Fi Standard
11/01/2005, 12:00 AM ET
Claim: CPU extensions simplify the creation of VMs and other management operations, making server virtualization simpler and allowing an entire client OS to be run in a secure sandbox, separate from management tools.
Context: The AMD and Intel architectures were originally driven by Microsoft's Palladium initiative. Although Palladium was held up, the chipmakers pressed ahead, and Intel has been working closely with security vendors and the open-source community.
Credibility: Intel and AMD have a history of delivering on their promises. But hardware isn't much use unless there's software to run on it. Watch Xen and VMware closely.
--------------------------------------------------------------------------------
Comparing CPUs used to be relatively simple. Sophisticated buyers always knew to look beyond a chip's megahertz rating, but ultimately it was still about speed. The math coprocessors, multimedia extensions, and second-level caches were all in the service of crunching through code as fast as possible.
Not anymore--at least, not if Intel has any say in the matter. Instead of just trying to make its processors faster, it's adding functionality that can't be quantified in gigaflops. Intel hopes customers will do the same, looking beyond number-crunching performance to focus on features such as security, manageability, and power consumption.
How Intel's "Star Techonologies" compare to AMD
Click to Enlarge in another window
Intel's stance could be seen as an attempt at distraction. Most independent tests put AMD at the front of the x86 speed race, so Intel's only hope of retaining market share is to make people look at something else. However, AMD is also going beyond pure performance. It has an equivalent to most of the new capabilities that Intel is promoting, and in some cases AMD's versions are more advanced.
Intel calls its new features "star technologies" (*Ts, see table at left). Of the five announced so far, one is really just a rebranding of the 64-bit extensions it licensed from AMD. Three more are dependent on a fifth, Virtualization Technology (VT). Previously known under the code names Vanderpool and Silverdale, VT is set to ship by the end of 2005. AMD's equivalent is the Pacifica Secure Virtual Machine (SVM), slated for early 2006. Both build virtualization support into hardware.
From the vendors' marketing slides, VT and Pacifica look quite different. Intel is promoting VT as a security and management architecture for laptops, while AMD is selling Pacifica as a way to consolidate servers in the data center. However, this is just spin, representing the companies' strengths in other areas: The Pentium M has helped Intel consolidate its hold on the mobile market, while servers are increasingly turning to AMD's Opteron. The underlying technologies are almost identical and will be included across the full range of PCs within a year.
FIVE-RING CIRCUS
Building virtualization into hardware sounds contradictory. The whole point of virtualization has traditionally been to avoid hardware, simulating it in software. Why crawl around in the data center every time a Unix server needs a memory upgrade when an IBM mainframe can provision virtual Linux instances automatically? Why keep that old Windows 95 box around when a modern XP workstation can virtualize legacy DOS applications in the idle time between key presses?
The difficult part is that true virtualization requires each Virtual Machine (VM) to simulate a real one exactly. This is a problem with the x86 architecture because OS kernels expect direct control of the CPU. In programming parlance, they run at "Ring 0," the deepest level of access, with the most functionality. A traditional x86 chip can't run a virtualized OS at Ring 0 because that's needed for the hypervisor, the master OS that hosts all the VMs.
The x86 architecture provides three more rings, each with progressively less functionality. For stability, modern OSs restrict applications to the least functional, Ring 3. (This is why Windows XP is so much more reliable than its DOS-based predecessors, which let applications access Ring 0.) So the obvious approach to virtualization is to run the guest OS in one of the two vacant rings.
Unfortunately, some x86 machine code instructions only work at Ring 0. To run properly in higher rings, the OS must be rewritten (or at least recompiled) to avoid those instructions, an approach known as paravirtualization. This is popular in the Linux world--IBM uses a similar technique to run Linux clusters on a mainframe--but it takes work on the part of programmers, and it requires that the OS's source code be available.
DRILLING DOWN
To run an unmodified OS outside Ring 0, the hypervisor must intercept the forbidden instructions and emulate them. This is the approach taken by VMware, as well as by Windows XP's own emulation of DOS. The disadvantage is that emulation can use a lot of computing power--not a problem for the occasional application written to run on DOS-era hardware, but a significant one for an entire OS that takes full advantage of a modern PC.
To assist virtualization, VT and Pacifica insert a new privilege level beneath Ring 0. Both add nine new machine code instructions that only work at "Ring -1," intended to be used by the hypervisor. This way the OS doesn't have to be modified, and the performance penalty from emulation is reduced. However, it isn't eliminated completely: Each OS must be convinced that it alone has access to the machine's memory and I/O buses, while the hypervisor juggles access to the real devices to ensure that programs and data can't leak between OSs.
Memory has been partly virtualized since the 386 in the sense that the OS and a hardware memory controller allocate RAM (or disk space if the RAM runs out) between applications. AMD has a definite advantage here. Its CPUs include the memory controller, so Pacifica can simply re-use that. In contrast, Intel's CPUs off-load memory control to a separate chip that doesn't support VT, meaning the hypervisor must take on more of the memory management work. Intel's memory controller will eventually be able to use VT, but not until it's brought into the CPU, expected to happen in 2007.
At present, I/O virtualization requires that drivers run on the hypervisor, which then presents virtual drivers to the guest OSs. Future versions of Pacifica and VT will eliminate the drivers from the hypervisor, allowing guest OS drivers to communicate with the hardware directly. However, this will require support from all PCI devices and so needs to be built into the PCI specification. The PCI-SIG began work on this in June, but has no timetable for a final standard.
IT INSIDE
Microsoft originally planned to support VT and Pacifica through Palladium, a new security architecture aimed mainly at consumer Digital Rights Management (DRM). The principle was that a new, more secure OS would run parallel to Windows and be invoked whenever extra security was wanted. For example, a media player on the secure OS would be able to play content that couldn't be captured by an application on regular Windows.
Microsoft demonstrated the technology in early alpha versions of Windows Vista, then called Longhorn. From the user's perspective, applications running on the second, secure OS appeared to run in Windows with highlighted borders. However, the extra OS wasn't included in later beta versions, and the plan has since been put on hold. Microsoft has announced a hypervisor for Windows Server 2007, but that will ship later in 2007 (or perhaps 2008), not with the OS itself, and may require an additional licensing fee.
Hypervisor Software Authenticated By PKI Hardware
Click to Enlarge in another window
Absent Microsoft, Intel is still promoting VT as a desktop (and laptop) security technology, but focused on enterprise management. The slogan is "Embedded IT Architecture"--a VM dedicated to anti-virus, anti-spyware, or backup software (see figure at left). In most cases, this software would be controlled remotely by the IT department, invisible to the user. Another VM can run Windows and all its applications normally--except that a malicious program or user wouldn't be able to disable the security software.
The same thing will be possible with Pacifica, though Intel's Active Management Technology (AMT) gives Intel an edge in embedded IT. AMT places a hardware management agent inside the NIC that can perform basic management tasks even when the CPU is switched off. For example, it could reboot a crashed PC or install a new hypervisor.
HYPE VISION
The big issue for both VT and Pacifica is software support. The management VM will probably run a stripped-down version of Linux, simply because it costs nothing and is easy for vendors to customize. However, there's no reason in principle that it couldn't run a hardened version of Windows or any other x86 OS. And the possibilities aren't mutually exclusive.
Similarly, users can have access to more than one OS. The concept is similar to current dual-boot systems, except that several partitions can run at once. For example, Intel says it's giving its software developers a Linux VM for their programming work, an empty x86 VM to test the compiled code, and a Windows VM to run Office applications. Even users who don't want to leave Windows could see benefits: They can use one VM to surf the Web and another to hold sensitive documents that shouldn't be exposed to the Internet.
Competition for the hypervisor has higher stakes. While VMs allow several OSs to share a system, there can only be one hypervisor. Windows servers will probably end up using Microsoft's. Clients and other servers will have a harder choice.
So far, there are two main contenders: VMware and Xen, an open-source hypervisor. The current versions still run at Ring 0--Xen uses paravirtualization, VMware emulation--but Intel and AMD are helping them move down to Ring -1. Both plan to support VT and Pacifica by the time the hardware is available.
Xen is the early favorite for embedded client management. It's used in all of Intel's embedded IT demos and has attracted code contributions from IBM as well as the chip vendors. For customers who don't feel comfortable downloading free software, some of its developers have formed a start-up, XenSource, to provide support and custom development work.
The server virtualization market still belongs to VMware. And to protect its position, it has formed a consortium including hardware vendors IBM and Dell, Linux leaders Red Hat and Novell, and Intel and AMD (see "Linux Virtually Ready For the Data Center" April 2005. The consortium aims to develop an open hypervisor standard, though it isn't clear yet whether Xen, Microsoft, and other competitors will be able to implement that standard.
VMware is also targeting home users with an intuitive user interface, offering features such as tabbed desktops (similar to tabbed browsing, but with VMs instead of Web pages). And it promotes virtualization as a security technology for the family PC. If you believe its demos, you'll be able to let your kids play with your computer, safe in the knowledge that even if they corrupt the OS, the damage will be limited to their own partition.
-1 RING TO RULE THEM ALL
Virtualization can help protect a system against OS bugs or vulnerabilities, but it really just pushes security and stability problems down a level. The whole system is only as good as the hypervisor.
Fortunately, hypervisors tend to be robust. Most VMware products have never suffered a security advisory, a refreshing change to anyone accustomed to the frequent patches required by other software. And that's not just because of the programming skills of VMware employees. A hypervisor can be much smaller than a full-scale OS--Microsoft calls its own a "microkernel"--so auditing one for security is easier.
But VT and Pacifica can still introduce new vulnerabilities, especially for users who don't want the new VM capability. An attack on a system running a single, non-virtualized OS wouldn't even require hacking the hypervisor, as the attacker could just slip a virus or Trojan into the unused Ring -1.
A Ring -1 virus is the ultimate rootkit. Because it operates beneath the OS and simulates the legacy x86 chip exactly, it can attack even perfectly secure software. What's more, it's OS-independent: The same virus can compromise every x86 OS, from CP/M to Solaris. Worst of all, it's mathematically impossible for software alone to detect.
To protect against such a virus, the system needs a hardware component that can't be virtualized. This is provided by the Trusted Platform Module (TPM), the controversial PKI chip already included in many PCs. The TPM watches the hypervisor and other programs as they load into memory, checking that they match precomputed hash values. Once it's sure that the hypervisor hasn't been tampered with, it signs a digital certificate that can be verified by the virtualized OS or security software.
This process, known as attestation, isn't limited to software. It can also prove whether or not particular components are present. In the original Palladium DRM architecture, it would be used to reassure a media player or video-streaming site that movies aren't being saved to a TiVo.
Intel and AMD both plan to do something similar in 2007, with technologies known respectively as La Grande and Presidio. Supposedly intended for enterprise security, these will encrypt the link to local USB and video devices, protecting against hardware keyboard sniffers.
In the meantime, VT and Pacifica both provide a compelling application for the TPM--even for enterprises that don't yet need VMs and hypervisors on desktops or laptops. While the chip has other uses such as disk encryption, virtualization-aware hardware could be what persuades users to activate it.
Intel and AMD are moving ever more PC features onto the CPU.
VMware with AMD, Dell, HP, IBM, Intel, Novell, Red Hat and Others to Forge Open Virtualization Standards
VMware Opens Up VMware ESX Server Source Code to Partners to Accelerate Virtualization Solutions for Customers
PALO ALTO, Calif., August 8, 2005 – VMware, the global leader in virtual infrastructure software for industry-standard systems, today announced that it is working with industry leaders AMD, BEA Systems, BMC Software, Broadcom, Cisco, Computer Associates International, Dell, Emulex, HP, IBM, Intel, Mellanox, Novell, QLogic and Red Hat to advance open virtualization standards. This effort is open to vendors that share a common goal of accelerating the adoption of open standards for virtualization. VMware will contribute technologies based on its seven years of extensive innovation and market leadership to this standards development effort.
In addition, VMware announced that it will provide its partners access to VMware ESX Server source code and interfaces under a new program called VMware Community Source. This program is designed to empower partners to influence the direction of VMware ESX Server through a collaborative development model and shared governance process.
"Virtualization is gaining widespread adoption due to its indisputable customer benefits. It is an area rich in opportunities and the ecosystem will develop most fully with open standards. VMware is thus taking our industry-leading products, opening up the APIs and providing shared governance and source access to them," said Diane Greene, President of VMware. "We look forward to this next phase of increased partner collaboration and believe it is the best possible way to give customers the ability to realize the full potential of the x86 virtualization layer."
These initiatives are intended to benefit customers by creating:
Expanded ecosystem of virtualization solutions: the availability of open standard virtualization interfaces and the collaborative nature of VMware Community Source is intended to accelerate the availability of new virtualization solutions.
Expanded interoperability and supportability: standard interfaces for hypervisors are expected to enable interoperability for customers with heterogeneous virtualized environments.
Accelerated availability of new virtualization-aware technologies: vendors across the technology stack can optimize existing technologies and introduce new technologies for running in virtual environments.
"Guardian Life Insurance has standardized on VMware ESX Server for our Wintel environment across the organization," said Bob Mathers, Second Vice President of Infrastructure and Disaster Recovery at Guardian Life Insurance Company. "Using VMware we have consolidated and deployed hundreds of virtual machines throughout our environment realizing lower TCO, more efficient disaster recovery, rapid server provisioning, flexible zero-downtime workload migration and server containment. We are excited to see VMware's leadership in bringing together all the leading infrastructure vendors to drive their proprietary innovation in concert with VMware virtual infrastructure technology."
"This is a very exciting development," said Martin Wickham, CIO for BT Ireland. "Standardizing on VMware virtual infrastructure in our test and production environments is yielding many benefits, including reduced costs, more efficient disaster recovery and instant server provisioning as well as providing a key component in the creation of a 'utility' based infrastructure. We are pleased that VMware continues to innovate by working with other vendors for industry standardization because it will further enrich the platform and its integration with a broad array of application software. I look forward to the future developments."
Open Hypervisor Standards: Hypervisors are the foundational component of virtual infrastructure and enable computer system partitioning. An open standard hypervisor framework can benefit customers by enabling innovation across an ecosystem of interoperable virtualization vendors and solutions.
As an initial step, VMware will contribute an existing framework of interfaces, called Virtual Machine Hypervisor Interfaces (VMHI), based on its commercially successful virtualization products to facilitate the development of these standards in an industry neutral manner. Consistent adoption of open interfaces is expected to facilitate interoperability and supportability across heterogeneous virtualized environments.
Community Source: The Community Source program provides industry partners with an opportunity to access VMware ESX Server source code under a royalty-free license. Partners are empowered to contribute shared code or create binary modules intended to spur and extend interoperable and integrated virtualization solutions - thereby combining the best of both the traditional commercial and open source development models. Community members can participate and influence the governance of VMware ESX Server through an architecture board. This approach will help drive open collaboration while still preserving the ability of partners to build differentiated, intellectual property-protected solutions.
For customers, the VMware Community Source program is expected to yield a richer and broader set of partner solutions that are well integrated with VMware virtual infrastructure products. For partners, the source access and development model allows them to efficiently deliver complementary solutions or differentiated product capabilities around the VMware ESX Server code base.
"Virtualization is a game-changing technology for the data center, and we expect VMware's open collaboration to help foster a broad set of well-integrated commercial solutions for AMD Opteron processor-based systems," said Joe Menard, Corporate Vice President of Software Strategy at AMD. "VMware has significant market experience, focusing on robust and accelerated support for AMD's 'Pacifica' specification. We support VMware's lead in offering API's to further drive market adoption of virtualization. As a founder of the HyperTransport Consortium, founding member of the Trusted Computing Group and leader in defining x86-based 64-bit computing, AMD is a huge proponent of customer freedom and we support open standards for virtualization."
"Cisco is committed to bringing the benefits of best-in-class data center virtualization solutions to our customers," said Jayshree Ullal, Senior Vice President, Datacenter, Switching and Security Technology Group, Cisco. "By fostering the creation of open virtualization standards we can better deliver our customers complete end-to-end data center solutions that take advantage of the natural synergy between VMware's virtual machine capabilities and the end-to-end physical server, storage, security, I/O virtualization, and VFrame virtualization management capabilities Cisco offers across our portfolio of data center switching infrastructure."
"Standardization brings benefits to the entire industry," said Jeff Clarke, Senior Vice President of Dell's Product Group. "Dell continually innovates around standards to deliver on our Scalable Enterprise vision with products and services that help customers better utilize computing resources and keep costs low. We applaud VMware for opening its APIs to standardization to promote interoperability and flexibility in customer computing environments."
"Virtualization is about making IT resources changeable matching IT supply to business demand, which is key to becoming an Adaptive Enterprise, where business and IT are synchronized to capitalize on change," said Rick Becker, Vice President and General Manager of HP BladeSystem. "HP and VMware are committed to simplifying a user's IT infrastructure through consolidation and migration to the latest evolution in industry standard solutions. Through our collaboration with VMware in the Community Source Program and our joint efforts across our servers, management tools, storage solutions, consulting and support, we are helping enterprise customers drive down IT costs, increase business agility and free up resources for innovation."
"In keeping with IBM's strong track record of combining innovation with open technologies, IBM welcomes the opportunity to collaborate with VMware and other industry participants to bring open standards to the virtualization marketplace and foster a closer integration between the two companies technologies," said Susan Whitney, General Manager of xSeries Division in IBM Systems and Technology Group. "The combination of VMware virtual infrastructure and IBM xSeries virtualization and management will bring flexibility, scale and simplicity to enterprise data centers. IBM intends to work with VMware to explore xSeries virtualized solutions based on an open API environment."
"The combination of today's virtualization software solutions with Intel Virtualization Technology will help drive improvements to the reliability and resilience of enterprise servers and enable impactful new uses for industry-standard PCs and notebooks," said Renee J. James, Intel Vice President and General Manager of the Software and Solutions Group. "Intel looks forward to working with VMware to bring out open virtualization APIs and supporting implementations that maximize Intel's hardware innovations. Businesses and consumers stand to benefit greatly from the interoperability and broad adoption resulting from standardization of this critical software technology."
"Supporting and working with key enterprise platforms like VMware virtual infrastructure is what sets Novell apart as a global data center infrastructure vendor," said David Patrick, Vice President and General Manager, Linux, Open Source Platforms and Services Group, Novell. "We are seeing strong adoption of VMware's proven, highly performant data center virtual infrastructure across Novell and SUSE LINUX customers, and we believe that VMware's commitment to open technology and common standards for virtualization will benefit the industry and customers alike."
"More than ever standards are critical to innovation in enterpriseinfrastructures. Red Hat applauds the efforts of technology partners like VMware who are working to establish open, standards-based solutions," said Paul Cormier, Executive Vice President of Engineering at Red Hat. "We are pleased to work with VMware, partners and the community to offer customers virtualization as a key component of their open source architectures."
Open Hypervisor Standards: Collaboration around open hypervisor standards is expected to focus on the following areas of interoperability and performance optimization for virtualized environments:
Cross-platform frameworks that govern the standardized operation and management of standalone virtual machine environments as well as highly dynamic, data center-scale deployment of virtualized systems.
Co-operative virtualization APIs between hypervisors and guest operating systems.
Virtual machine formats that enable virtual machine migration and recovery across platforms.
More information about VMware proposals for VMHI is available at www.vmware.com/standards/.
More about Community Source: Vendors interested in becoming VMware Community Source members can find more information at www.vmware.com/communitysource/.
About VMware, Inc.
VMware, an EMC company (NYSE: EMC), is the global leader in virtual infrastructure software for industry-standard systems. The world's largest companies use VMware solutions to simplify their IT, fully leverage their existing computing investments and respond faster to changing business demands. VMware is based in Palo Alto, California. For more information, visit www.vmware.com or call 650-475-5000.
# # #
VMware is a registered trademark of VMware, Inc. in the United States and/or various jurisdictions. All other trademarks and names mentioned herein may be trademarks of their respective companies.
This release contains "forward-looking statements" as defined under the Federal Securities Laws. Actual results could differ materially from those projected in the forward-looking statements as a result of certain risk factors, including but not limited to: (i) adverse changes in general economic or market conditions; (ii) delays or reductions in information technology spending; (iii) risks associated with acquisitions and investments, including the challenges and costs of integration, restructuring and achieving anticipated synergies; (iv) competitive factors, including but not limited to pricing pressures and new product introductions; (v) the relative and varying rates of product price and component cost declines and the volume and mixture of product and services revenues; (vi) component and product quality and availability; (vii) the transition to new products, the uncertainty of customer acceptance of new product offerings and rapid technological and market change; (viii) insufficient, excess or obsolete inventory; (ix) war or acts of terrorism; (x) the ability to attract and retain highly qualified employees; (xi) fluctuating currency exchange rates; and (xii) other one-time events and other important factors disclosed previously and from time to time in EMC's filings with the U.S. Securities and Exchange Commission. EMC and VMware disclaim any obligation to update any such forward-looking statements after the date of this release.
Contacts:
Amber Rowland
VMware, Inc.
650-475-5338
Andrew Schmitt
OutCast Communications for VMware
415-392-8282 x706
ADDITIONAL PARTNER QUOTES:
"Customers tell us that driving IT efficiency through virtualization is a strategic imperative and close interoperability is key," said Guy Churchward, General Manager of JRockit Product Group at BEA Systems. "It is great to see companies like VMware offer flexibility to innovate around open technology initiatives. As part of BEA's utility computing and virtualization strategy, it's important for the company to work closely with enterprise class components, such as VMware's virtual infrastructure, to meet customers' needs. Companies like VMware help further our goal to provide highly differentiated value to global customers."
"As a leader in virtualization, BMC Software has already introduced comprehensive management solutions for VMware virtual infrastructure software, including monitoring, capacity management and optimization with BMC PATROL Performance Assurance for Virtual Servers and BMC Performance Manager for Virtual Servers," said Tom Bishop, Chief Technology Officer at BMC Software. "These solutions help customers make dynamic provisioning decisions from a business perspective to achieve Business Service Management. BMC is looking forward to supporting VMware's open virtualization initiative to drive key integrations and common interfaces that advance innovation and manageability for the broad range of enterprise customers who are adopting VMware virtual infrastructure."
"Broadcom is committed to convergence over Ethernet by driving C-NIC technology as the baseline function for the coming generation of servers," said Greg Young, Vice President and General Manager of Broadcom's High-Speed Controller Line of Business. "As the industry adoption of server virtualization increases, we are excited to be working with industry pioneer VMware to drive optimized integration and support for Broadcom converged NICs with VMware ESX Server."
"Our customers are expanding the use of virtual technologies in their data centers," according to Sam Greenblatt, Senior Vice President and Chief Technology Advisor at Computer Associates International. "CA has a long history of helping customers leverage these systems, which run the gamut from classic mainframes to more recent innovations on commodity platforms. Working with VMware under the Community Source program will be an important step toward identifying standards that will make virtualized environments even more significant in deploying IT assets in the enterprise."
"Emulex is working closely with VMware to bring to market and support enterprise-class virtualization solutions via the VMware Community Source program. The Emulex HBA architecture is uniquely flexible and features industry-standard APIs to ensure seamless compatibility with industry-leading virtualization solutions, such as VMware ESX Server," said Mike Smith, Executive Vice President of Worldwide Marketing at Emulex. "As a leading contributor to community development initiatives, we expect VMware's Community Source program to provide the open framework and flexibility required for maximizing server and storage management, while ensuring deployment of fully interoperable solutions to our mutual customers."
"Mellanox looks forward to leveraging the source code that VMware is opening up through the Community Source initiative," said Eyal Waldman, CEO of Mellanox. "Mellanox is leading the industry in advancing Infiniband technology and driving the incorporation of Infiniband technology and optimizations into VMware virtual infrastructure for the 10,000+ enterprise customers running VMware in their data centers."
"Virtualization technology will be important in terms of improving total cost of ownership, manageability, dynamic workload optimization, zero-downtime maintenance and rapid provisioning," said Prem Kumar, Vice President of Server Technologies at Oracle. "Oracle is supportive of VMware opening up their technology and believes this will drive greater innovation for virtualization technology overall."
"QLogic sees increasing customer adoption of VMware virtual infrastructure with QLogic Fibre Channel Storage Area Networks," said Roger Klein, Vice President of Product Marketing, QLogic. "We are excited to work with VMware under the Community Source umbrella to add value to VMware ESX Server and deliver jointly optimized solutions to our customers."
An AWK re-post on the technicals of where Wave fits into virtualization. Getting excited that it's finally here! Let's see what Dell has to say next week about vpro?
On the 29th, it will reveal....
By Charlie Demerjian: Thursday 24 August 2006, 12:00
THIS IS TOP SECRET Dell info, it wants you to sign an NDA to even know it exists, so don't tell anyone about it at all. Be vewy vewy qwiet, we awe hunting Hewwets and Packawds, and Dell will do all this on the 29th.
The short story is Dell is having a tip-top secret webcast on the 29th with an all star lineup to discuss the next big thing. Stars galore, shining happy people, dogs and ponies too. The funny thing is that it is not about AMD at all, this big affair is all about Intel Vpro.
They are touting the new Optiplexes which have 'new levels of performance, energy efficiency, security and manageability'. That would be Conroe based then, not P4. Why it is making you sign an NDA for this is quite beyond me, maybe it doesn't want you to talk about the sheer mind-numbing boredom of it all if you are in the first of three sessions on that day.
So, if you have nothing better to do next week, sign up, even though it does not exist if you ask. If you have anything better to do, like sitting in a corner and stare at a wall, I would recommend you do, and just simply catch the next Intel Vpro launch. µ
Posted by: awk
In reply to: Vacationhouse who wrote msg# 120908 Date:5/12/2006 1:00:22 AM
Post #of 128333
Vacationhouse: From your find re: Security
http://www.investorshub.com/boards/read_msg.asp?message_id=11078331
"...Currently, virtualization is done in software, using tools like VMWare, Xen, or Microsoft Virtual Server, but you'll soon see that functionality built into the chip set. A new protection level will be provided below Ring 0, and instruction intercepts will be provided, along with machine-specific registers and ten protection vectors. The new chip-sets will have another level of virtual memory, says Weber, with security features that include shadow page tables and recursive page table walks..."
In yesterday's CC Steven Sprague said this:
http://www.unclever.com/wavx/WAVX1Q06.htm
Intel just announced their logo program for business platforms, the vPro brand, which also includes and requires Trusted Platform Modules. I think vPro is a very interesting space to watch because what you’re seeing is really the beginnings of the next stage of Trusted Computing that will develop probably not this year as much as it will develop next year. Which is how does the root of Trust in my PC help to manage ultimately Virtualization. So this is a fairly complex topic. I won’t spend a huge amount of time on it today. It is all in the direction of how do you manage Trusted Execution on your machine. Which applications are allowed to run? Where are they allowed to run? What are they allowed to do? And you’re seeing the starting point of it.
This it the result of work that’s gone on for the last four or five years. And even in some cases result of work from relationships that Wave had prior to 2000 in trusted hardware and trusted execution. So we think it’s a very interesting space. I don’t think it’s going to drive short-term revenue. It’s an area we continue to invest in in assuring we’re in the right position and the right place to support. I think our presence in the Trusted Computing support tools will help us very well in helping to manage aspects of Virtualization or the trust models of Virtualization as that comes to market..."
And now a post from 7/25/2004
http://www.investorshub.com/boards/read_msg.asp?message_id=3646232
The Parallel Universe...
doma, thanks for this enlightening PPT link with the TrustZone theme starting at slide number 7:
http://www.jp.arm.com/kk/arm_forum2003/ppt/trust_zone.ppt
Indeed I believe Lark's speech will be all about the prallelism of secure and general operating systems executing on the same processor, like ARM is saying in the referenced PPT presentation.
What I feel is truly interesting is reading what Microsoft said in a document recently unearthed by dabears4. It appears that this document, dated July 15, 2004, represents an exciting revelation about Microsofts "evolved" Longhorn (NGSCB) OS.
I believe this paper to be the first public revelation of the "evolved" NGSCB concept. The proposed technology follows the same principal as ARM's "TrustZone" security extension.
I copy:
"...In connection with NGSCB, upcoming versions of the x86 processor will introduce a new CPU mode that is strictly more privileged than the existing ring 0. Effectively, this amounts to a new ring -1. Our isolation kernel executes in this ring. Executing the isolation kernel in ring -1 allows us to execute guest operating systems in ring 0, thus avoiding the problems entailed by the fact that the x86 instruction set is not virtualizable..."
Those that want to read the entire paper here is the link. The paper discusses in great detail all the aspects to be considered for secure computing.
http://research.microsoft.com/~yuqunc/papers/ngscb.pdf
In chapter 5 of this paper titled "System Overview" Microsoft also says:
"...We are now ready to outline how the components and concepts described so far can be combined into a complete system. The missing piece are operating systems and applications that execute on the isolation kernel..."
"...THE MISSING PIECE ARE OPERATING SYSTEM AND APPLICATIONS THAT EXECUTE ON THE ISOLATION KERNEL.."
So how can Microsoft propose an architecture if they are missing a key element?
Do I need to spell it out or will somebody else do it for me? I'll give you a hint below:
Just re-read a couple of saved articles that I find appropriate to post(again?)considering the deployment of virtualization. Boy I love where Wave is sitting right now! Jeff
Intel VT vs. AMD Pacifica
The two chipmakers are building virtualization support right into the CPU. Will it virtualize Microsoft's monopoly?
By Andy Dornan Utilities
Print this article
E-mail this article
Reprint this article
License this article
Discuss this article
Related Links
AMD's Outside Chance / Who's Counting? / You Don't Say
Tripping On Power
Ultra Wideband's Ultrawide Ambition
Intel's Centrino
Removing Impediments to Progress
Shoot-out At the Multicore Corral
The Nth Wi-Fi Standard
11/01/2005, 12:00 AM ET
Claim: CPU extensions simplify the creation of VMs and other management operations, making server virtualization simpler and allowing an entire client OS to be run in a secure sandbox, separate from management tools.
Context: The AMD and Intel architectures were originally driven by Microsoft's Palladium initiative. Although Palladium was held up, the chipmakers pressed ahead, and Intel has been working closely with security vendors and the open-source community.
Credibility: Intel and AMD have a history of delivering on their promises. But hardware isn't much use unless there's software to run on it. Watch Xen and VMware closely.
--------------------------------------------------------------------------------
Comparing CPUs used to be relatively simple. Sophisticated buyers always knew to look beyond a chip's megahertz rating, but ultimately it was still about speed. The math coprocessors, multimedia extensions, and second-level caches were all in the service of crunching through code as fast as possible.
Not anymore--at least, not if Intel has any say in the matter. Instead of just trying to make its processors faster, it's adding functionality that can't be quantified in gigaflops. Intel hopes customers will do the same, looking beyond number-crunching performance to focus on features such as security, manageability, and power consumption.
How Intel's "Star Techonologies" compare to AMD
Click to Enlarge in another window
Intel's stance could be seen as an attempt at distraction. Most independent tests put AMD at the front of the x86 speed race, so Intel's only hope of retaining market share is to make people look at something else. However, AMD is also going beyond pure performance. It has an equivalent to most of the new capabilities that Intel is promoting, and in some cases AMD's versions are more advanced.
Intel calls its new features "star technologies" (*Ts, see table at left). Of the five announced so far, one is really just a rebranding of the 64-bit extensions it licensed from AMD. Three more are dependent on a fifth, Virtualization Technology (VT). Previously known under the code names Vanderpool and Silverdale, VT is set to ship by the end of 2005. AMD's equivalent is the Pacifica Secure Virtual Machine (SVM), slated for early 2006. Both build virtualization support into hardware.
From the vendors' marketing slides, VT and Pacifica look quite different. Intel is promoting VT as a security and management architecture for laptops, while AMD is selling Pacifica as a way to consolidate servers in the data center. However, this is just spin, representing the companies' strengths in other areas: The Pentium M has helped Intel consolidate its hold on the mobile market, while servers are increasingly turning to AMD's Opteron. The underlying technologies are almost identical and will be included across the full range of PCs within a year.
FIVE-RING CIRCUS
Building virtualization into hardware sounds contradictory. The whole point of virtualization has traditionally been to avoid hardware, simulating it in software. Why crawl around in the data center every time a Unix server needs a memory upgrade when an IBM mainframe can provision virtual Linux instances automatically? Why keep that old Windows 95 box around when a modern XP workstation can virtualize legacy DOS applications in the idle time between key presses?
The difficult part is that true virtualization requires each Virtual Machine (VM) to simulate a real one exactly. This is a problem with the x86 architecture because OS kernels expect direct control of the CPU. In programming parlance, they run at "Ring 0," the deepest level of access, with the most functionality. A traditional x86 chip can't run a virtualized OS at Ring 0 because that's needed for the hypervisor, the master OS that hosts all the VMs.
The x86 architecture provides three more rings, each with progressively less functionality. For stability, modern OSs restrict applications to the least functional, Ring 3. (This is why Windows XP is so much more reliable than its DOS-based predecessors, which let applications access Ring 0.) So the obvious approach to virtualization is to run the guest OS in one of the two vacant rings.
Unfortunately, some x86 machine code instructions only work at Ring 0. To run properly in higher rings, the OS must be rewritten (or at least recompiled) to avoid those instructions, an approach known as paravirtualization. This is popular in the Linux world--IBM uses a similar technique to run Linux clusters on a mainframe--but it takes work on the part of programmers, and it requires that the OS's source code be available.
DRILLING DOWN
To run an unmodified OS outside Ring 0, the hypervisor must intercept the forbidden instructions and emulate them. This is the approach taken by VMware, as well as by Windows XP's own emulation of DOS. The disadvantage is that emulation can use a lot of computing power--not a problem for the occasional application written to run on DOS-era hardware, but a significant one for an entire OS that takes full advantage of a modern PC.
To assist virtualization, VT and Pacifica insert a new privilege level beneath Ring 0. Both add nine new machine code instructions that only work at "Ring -1," intended to be used by the hypervisor. This way the OS doesn't have to be modified, and the performance penalty from emulation is reduced. However, it isn't eliminated completely: Each OS must be convinced that it alone has access to the machine's memory and I/O buses, while the hypervisor juggles access to the real devices to ensure that programs and data can't leak between OSs.
Memory has been partly virtualized since the 386 in the sense that the OS and a hardware memory controller allocate RAM (or disk space if the RAM runs out) between applications. AMD has a definite advantage here. Its CPUs include the memory controller, so Pacifica can simply re-use that. In contrast, Intel's CPUs off-load memory control to a separate chip that doesn't support VT, meaning the hypervisor must take on more of the memory management work. Intel's memory controller will eventually be able to use VT, but not until it's brought into the CPU, expected to happen in 2007.
At present, I/O virtualization requires that drivers run on the hypervisor, which then presents virtual drivers to the guest OSs. Future versions of Pacifica and VT will eliminate the drivers from the hypervisor, allowing guest OS drivers to communicate with the hardware directly. However, this will require support from all PCI devices and so needs to be built into the PCI specification. The PCI-SIG began work on this in June, but has no timetable for a final standard.
IT INSIDE
Microsoft originally planned to support VT and Pacifica through Palladium, a new security architecture aimed mainly at consumer Digital Rights Management (DRM). The principle was that a new, more secure OS would run parallel to Windows and be invoked whenever extra security was wanted. For example, a media player on the secure OS would be able to play content that couldn't be captured by an application on regular Windows.
Microsoft demonstrated the technology in early alpha versions of Windows Vista, then called Longhorn. From the user's perspective, applications running on the second, secure OS appeared to run in Windows with highlighted borders. However, the extra OS wasn't included in later beta versions, and the plan has since been put on hold. Microsoft has announced a hypervisor for Windows Server 2007, but that will ship later in 2007 (or perhaps 2008), not with the OS itself, and may require an additional licensing fee.
Hypervisor Software Authenticated By PKI Hardware
Click to Enlarge in another window
Absent Microsoft, Intel is still promoting VT as a desktop (and laptop) security technology, but focused on enterprise management. The slogan is "Embedded IT Architecture"--a VM dedicated to anti-virus, anti-spyware, or backup software (see figure at left). In most cases, this software would be controlled remotely by the IT department, invisible to the user. Another VM can run Windows and all its applications normally--except that a malicious program or user wouldn't be able to disable the security software.
The same thing will be possible with Pacifica, though Intel's Active Management Technology (AMT) gives Intel an edge in embedded IT. AMT places a hardware management agent inside the NIC that can perform basic management tasks even when the CPU is switched off. For example, it could reboot a crashed PC or install a new hypervisor.
HYPE VISION
The big issue for both VT and Pacifica is software support. The management VM will probably run a stripped-down version of Linux, simply because it costs nothing and is easy for vendors to customize. However, there's no reason in principle that it couldn't run a hardened version of Windows or any other x86 OS. And the possibilities aren't mutually exclusive.
Similarly, users can have access to more than one OS. The concept is similar to current dual-boot systems, except that several partitions can run at once. For example, Intel says it's giving its software developers a Linux VM for their programming work, an empty x86 VM to test the compiled code, and a Windows VM to run Office applications. Even users who don't want to leave Windows could see benefits: They can use one VM to surf the Web and another to hold sensitive documents that shouldn't be exposed to the Internet.
Competition for the hypervisor has higher stakes. While VMs allow several OSs to share a system, there can only be one hypervisor. Windows servers will probably end up using Microsoft's. Clients and other servers will have a harder choice.
So far, there are two main contenders: VMware and Xen, an open-source hypervisor. The current versions still run at Ring 0--Xen uses paravirtualization, VMware emulation--but Intel and AMD are helping them move down to Ring -1. Both plan to support VT and Pacifica by the time the hardware is available.
Xen is the early favorite for embedded client management. It's used in all of Intel's embedded IT demos and has attracted code contributions from IBM as well as the chip vendors. For customers who don't feel comfortable downloading free software, some of its developers have formed a start-up, XenSource, to provide support and custom development work.
The server virtualization market still belongs to VMware. And to protect its position, it has formed a consortium including hardware vendors IBM and Dell, Linux leaders Red Hat and Novell, and Intel and AMD (see "Linux Virtually Ready For the Data Center" April 2005. The consortium aims to develop an open hypervisor standard, though it isn't clear yet whether Xen, Microsoft, and other competitors will be able to implement that standard.
VMware is also targeting home users with an intuitive user interface, offering features such as tabbed desktops (similar to tabbed browsing, but with VMs instead of Web pages). And it promotes virtualization as a security technology for the family PC. If you believe its demos, you'll be able to let your kids play with your computer, safe in the knowledge that even if they corrupt the OS, the damage will be limited to their own partition.
-1 RING TO RULE THEM ALL
Virtualization can help protect a system against OS bugs or vulnerabilities, but it really just pushes security and stability problems down a level. The whole system is only as good as the hypervisor.
Fortunately, hypervisors tend to be robust. Most VMware products have never suffered a security advisory, a refreshing change to anyone accustomed to the frequent patches required by other software. And that's not just because of the programming skills of VMware employees. A hypervisor can be much smaller than a full-scale OS--Microsoft calls its own a "microkernel"--so auditing one for security is easier.
But VT and Pacifica can still introduce new vulnerabilities, especially for users who don't want the new VM capability. An attack on a system running a single, non-virtualized OS wouldn't even require hacking the hypervisor, as the attacker could just slip a virus or Trojan into the unused Ring -1.
A Ring -1 virus is the ultimate rootkit. Because it operates beneath the OS and simulates the legacy x86 chip exactly, it can attack even perfectly secure software. What's more, it's OS-independent: The same virus can compromise every x86 OS, from CP/M to Solaris. Worst of all, it's mathematically impossible for software alone to detect.
To protect against such a virus, the system needs a hardware component that can't be virtualized. This is provided by the Trusted Platform Module (TPM), the controversial PKI chip already included in many PCs. The TPM watches the hypervisor and other programs as they load into memory, checking that they match precomputed hash values. Once it's sure that the hypervisor hasn't been tampered with, it signs a digital certificate that can be verified by the virtualized OS or security software.
This process, known as attestation, isn't limited to software. It can also prove whether or not particular components are present. In the original Palladium DRM architecture, it would be used to reassure a media player or video-streaming site that movies aren't being saved to a TiVo.
Intel and AMD both plan to do something similar in 2007, with technologies known respectively as La Grande and Presidio. Supposedly intended for enterprise security, these will encrypt the link to local USB and video devices, protecting against hardware keyboard sniffers.
In the meantime, VT and Pacifica both provide a compelling application for the TPM--even for enterprises that don't yet need VMs and hypervisors on desktops or laptops. While the chip has other uses such as disk encryption, virtualization-aware hardware could be what persuades users to activate it.
Intel and AMD are moving ever more PC features onto the CPU.
VMware with AMD, Dell, HP, IBM, Intel, Novell, Red Hat and Others to Forge Open Virtualization Standards
VMware Opens Up VMware ESX Server Source Code to Partners to Accelerate Virtualization Solutions for Customers
PALO ALTO, Calif., August 8, 2005 – VMware, the global leader in virtual infrastructure software for industry-standard systems, today announced that it is working with industry leaders AMD, BEA Systems, BMC Software, Broadcom, Cisco, Computer Associates International, Dell, Emulex, HP, IBM, Intel, Mellanox, Novell, QLogic and Red Hat to advance open virtualization standards. This effort is open to vendors that share a common goal of accelerating the adoption of open standards for virtualization. VMware will contribute technologies based on its seven years of extensive innovation and market leadership to this standards development effort.
In addition, VMware announced that it will provide its partners access to VMware ESX Server source code and interfaces under a new program called VMware Community Source. This program is designed to empower partners to influence the direction of VMware ESX Server through a collaborative development model and shared governance process.
"Virtualization is gaining widespread adoption due to its indisputable customer benefits. It is an area rich in opportunities and the ecosystem will develop most fully with open standards. VMware is thus taking our industry-leading products, opening up the APIs and providing shared governance and source access to them," said Diane Greene, President of VMware. "We look forward to this next phase of increased partner collaboration and believe it is the best possible way to give customers the ability to realize the full potential of the x86 virtualization layer."
These initiatives are intended to benefit customers by creating:
Expanded ecosystem of virtualization solutions: the availability of open standard virtualization interfaces and the collaborative nature of VMware Community Source is intended to accelerate the availability of new virtualization solutions.
Expanded interoperability and supportability: standard interfaces for hypervisors are expected to enable interoperability for customers with heterogeneous virtualized environments.
Accelerated availability of new virtualization-aware technologies: vendors across the technology stack can optimize existing technologies and introduce new technologies for running in virtual environments.
"Guardian Life Insurance has standardized on VMware ESX Server for our Wintel environment across the organization," said Bob Mathers, Second Vice President of Infrastructure and Disaster Recovery at Guardian Life Insurance Company. "Using VMware we have consolidated and deployed hundreds of virtual machines throughout our environment realizing lower TCO, more efficient disaster recovery, rapid server provisioning, flexible zero-downtime workload migration and server containment. We are excited to see VMware's leadership in bringing together all the leading infrastructure vendors to drive their proprietary innovation in concert with VMware virtual infrastructure technology."
"This is a very exciting development," said Martin Wickham, CIO for BT Ireland. "Standardizing on VMware virtual infrastructure in our test and production environments is yielding many benefits, including reduced costs, more efficient disaster recovery and instant server provisioning as well as providing a key component in the creation of a 'utility' based infrastructure. We are pleased that VMware continues to innovate by working with other vendors for industry standardization because it will further enrich the platform and its integration with a broad array of application software. I look forward to the future developments."
Open Hypervisor Standards: Hypervisors are the foundational component of virtual infrastructure and enable computer system partitioning. An open standard hypervisor framework can benefit customers by enabling innovation across an ecosystem of interoperable virtualization vendors and solutions.
As an initial step, VMware will contribute an existing framework of interfaces, called Virtual Machine Hypervisor Interfaces (VMHI), based on its commercially successful virtualization products to facilitate the development of these standards in an industry neutral manner. Consistent adoption of open interfaces is expected to facilitate interoperability and supportability across heterogeneous virtualized environments.
Community Source: The Community Source program provides industry partners with an opportunity to access VMware ESX Server source code under a royalty-free license. Partners are empowered to contribute shared code or create binary modules intended to spur and extend interoperable and integrated virtualization solutions - thereby combining the best of both the traditional commercial and open source development models. Community members can participate and influence the governance of VMware ESX Server through an architecture board. This approach will help drive open collaboration while still preserving the ability of partners to build differentiated, intellectual property-protected solutions.
For customers, the VMware Community Source program is expected to yield a richer and broader set of partner solutions that are well integrated with VMware virtual infrastructure products. For partners, the source access and development model allows them to efficiently deliver complementary solutions or differentiated product capabilities around the VMware ESX Server code base.
"Virtualization is a game-changing technology for the data center, and we expect VMware's open collaboration to help foster a broad set of well-integrated commercial solutions for AMD Opteron processor-based systems," said Joe Menard, Corporate Vice President of Software Strategy at AMD. "VMware has significant market experience, focusing on robust and accelerated support for AMD's 'Pacifica' specification. We support VMware's lead in offering API's to further drive market adoption of virtualization. As a founder of the HyperTransport Consortium, founding member of the Trusted Computing Group and leader in defining x86-based 64-bit computing, AMD is a huge proponent of customer freedom and we support open standards for virtualization."
"Cisco is committed to bringing the benefits of best-in-class data center virtualization solutions to our customers," said Jayshree Ullal, Senior Vice President, Datacenter, Switching and Security Technology Group, Cisco. "By fostering the creation of open virtualization standards we can better deliver our customers complete end-to-end data center solutions that take advantage of the natural synergy between VMware's virtual machine capabilities and the end-to-end physical server, storage, security, I/O virtualization, and VFrame virtualization management capabilities Cisco offers across our portfolio of data center switching infrastructure."
"Standardization brings benefits to the entire industry," said Jeff Clarke, Senior Vice President of Dell's Product Group. "Dell continually innovates around standards to deliver on our Scalable Enterprise vision with products and services that help customers better utilize computing resources and keep costs low. We applaud VMware for opening its APIs to standardization to promote interoperability and flexibility in customer computing environments."
"Virtualization is about making IT resources changeable matching IT supply to business demand, which is key to becoming an Adaptive Enterprise, where business and IT are synchronized to capitalize on change," said Rick Becker, Vice President and General Manager of HP BladeSystem. "HP and VMware are committed to simplifying a user's IT infrastructure through consolidation and migration to the latest evolution in industry standard solutions. Through our collaboration with VMware in the Community Source Program and our joint efforts across our servers, management tools, storage solutions, consulting and support, we are helping enterprise customers drive down IT costs, increase business agility and free up resources for innovation."
"In keeping with IBM's strong track record of combining innovation with open technologies, IBM welcomes the opportunity to collaborate with VMware and other industry participants to bring open standards to the virtualization marketplace and foster a closer integration between the two companies technologies," said Susan Whitney, General Manager of xSeries Division in IBM Systems and Technology Group. "The combination of VMware virtual infrastructure and IBM xSeries virtualization and management will bring flexibility, scale and simplicity to enterprise data centers. IBM intends to work with VMware to explore xSeries virtualized solutions based on an open API environment."
"The combination of today's virtualization software solutions with Intel Virtualization Technology will help drive improvements to the reliability and resilience of enterprise servers and enable impactful new uses for industry-standard PCs and notebooks," said Renee J. James, Intel Vice President and General Manager of the Software and Solutions Group. "Intel looks forward to working with VMware to bring out open virtualization APIs and supporting implementations that maximize Intel's hardware innovations. Businesses and consumers stand to benefit greatly from the interoperability and broad adoption resulting from standardization of this critical software technology."
"Supporting and working with key enterprise platforms like VMware virtual infrastructure is what sets Novell apart as a global data center infrastructure vendor," said David Patrick, Vice President and General Manager, Linux, Open Source Platforms and Services Group, Novell. "We are seeing strong adoption of VMware's proven, highly performant data center virtual infrastructure across Novell and SUSE LINUX customers, and we believe that VMware's commitment to open technology and common standards for virtualization will benefit the industry and customers alike."
"More than ever standards are critical to innovation in enterpriseinfrastructures. Red Hat applauds the efforts of technology partners like VMware who are working to establish open, standards-based solutions," said Paul Cormier, Executive Vice President of Engineering at Red Hat. "We are pleased to work with VMware, partners and the community to offer customers virtualization as a key component of their open source architectures."
Open Hypervisor Standards: Collaboration around open hypervisor standards is expected to focus on the following areas of interoperability and performance optimization for virtualized environments:
Cross-platform frameworks that govern the standardized operation and management of standalone virtual machine environments as well as highly dynamic, data center-scale deployment of virtualized systems.
Co-operative virtualization APIs between hypervisors and guest operating systems.
Virtual machine formats that enable virtual machine migration and recovery across platforms.
More information about VMware proposals for VMHI is available at www.vmware.com/standards/.
More about Community Source: Vendors interested in becoming VMware Community Source members can find more information at www.vmware.com/communitysource/.
About VMware, Inc.
VMware, an EMC company (NYSE: EMC), is the global leader in virtual infrastructure software for industry-standard systems. The world's largest companies use VMware solutions to simplify their IT, fully leverage their existing computing investments and respond faster to changing business demands. VMware is based in Palo Alto, California. For more information, visit www.vmware.com or call 650-475-5000.
# # #
VMware is a registered trademark of VMware, Inc. in the United States and/or various jurisdictions. All other trademarks and names mentioned herein may be trademarks of their respective companies.
This release contains "forward-looking statements" as defined under the Federal Securities Laws. Actual results could differ materially from those projected in the forward-looking statements as a result of certain risk factors, including but not limited to: (i) adverse changes in general economic or market conditions; (ii) delays or reductions in information technology spending; (iii) risks associated with acquisitions and investments, including the challenges and costs of integration, restructuring and achieving anticipated synergies; (iv) competitive factors, including but not limited to pricing pressures and new product introductions; (v) the relative and varying rates of product price and component cost declines and the volume and mixture of product and services revenues; (vi) component and product quality and availability; (vii) the transition to new products, the uncertainty of customer acceptance of new product offerings and rapid technological and market change; (viii) insufficient, excess or obsolete inventory; (ix) war or acts of terrorism; (x) the ability to attract and retain highly qualified employees; (xi) fluctuating currency exchange rates; and (xii) other one-time events and other important factors disclosed previously and from time to time in EMC's filings with the U.S. Securities and Exchange Commission. EMC and VMware disclaim any obligation to update any such forward-looking statements after the date of this release.
Contacts:
Amber Rowland
VMware, Inc.
650-475-5338
Andrew Schmitt
OutCast Communications for VMware
415-392-8282 x706
ADDITIONAL PARTNER QUOTES:
"Customers tell us that driving IT efficiency through virtualization is a strategic imperative and close interoperability is key," said Guy Churchward, General Manager of JRockit Product Group at BEA Systems. "It is great to see companies like VMware offer flexibility to innovate around open technology initiatives. As part of BEA's utility computing and virtualization strategy, it's important for the company to work closely with enterprise class components, such as VMware's virtual infrastructure, to meet customers' needs. Companies like VMware help further our goal to provide highly differentiated value to global customers."
"As a leader in virtualization, BMC Software has already introduced comprehensive management solutions for VMware virtual infrastructure software, including monitoring, capacity management and optimization with BMC PATROL Performance Assurance for Virtual Servers and BMC Performance Manager for Virtual Servers," said Tom Bishop, Chief Technology Officer at BMC Software. "These solutions help customers make dynamic provisioning decisions from a business perspective to achieve Business Service Management. BMC is looking forward to supporting VMware's open virtualization initiative to drive key integrations and common interfaces that advance innovation and manageability for the broad range of enterprise customers who are adopting VMware virtual infrastructure."
"Broadcom is committed to convergence over Ethernet by driving C-NIC technology as the baseline function for the coming generation of servers," said Greg Young, Vice President and General Manager of Broadcom's High-Speed Controller Line of Business. "As the industry adoption of server virtualization increases, we are excited to be working with industry pioneer VMware to drive optimized integration and support for Broadcom converged NICs with VMware ESX Server."
"Our customers are expanding the use of virtual technologies in their data centers," according to Sam Greenblatt, Senior Vice President and Chief Technology Advisor at Computer Associates International. "CA has a long history of helping customers leverage these systems, which run the gamut from classic mainframes to more recent innovations on commodity platforms. Working with VMware under the Community Source program will be an important step toward identifying standards that will make virtualized environments even more significant in deploying IT assets in the enterprise."
"Emulex is working closely with VMware to bring to market and support enterprise-class virtualization solutions via the VMware Community Source program. The Emulex HBA architecture is uniquely flexible and features industry-standard APIs to ensure seamless compatibility with industry-leading virtualization solutions, such as VMware ESX Server," said Mike Smith, Executive Vice President of Worldwide Marketing at Emulex. "As a leading contributor to community development initiatives, we expect VMware's Community Source program to provide the open framework and flexibility required for maximizing server and storage management, while ensuring deployment of fully interoperable solutions to our mutual customers."
"Mellanox looks forward to leveraging the source code that VMware is opening up through the Community Source initiative," said Eyal Waldman, CEO of Mellanox. "Mellanox is leading the industry in advancing Infiniband technology and driving the incorporation of Infiniband technology and optimizations into VMware virtual infrastructure for the 10,000+ enterprise customers running VMware in their data centers."
"Virtualization technology will be important in terms of improving total cost of ownership, manageability, dynamic workload optimization, zero-downtime maintenance and rapid provisioning," said Prem Kumar, Vice President of Server Technologies at Oracle. "Oracle is supportive of VMware opening up their technology and believes this will drive greater innovation for virtualization technology overall."
"QLogic sees increasing customer adoption of VMware virtual infrastructure with QLogic Fibre Channel Storage Area Networks," said Roger Klein, Vice President of Product Marketing, QLogic. "We are excited to work with VMware under the Community Source umbrella to add value to VMware ESX Server and deliver jointly optimized solutions to our customers."
Sorry if already posted (cm):
CSCO: Cisco Accelerates Advanced Wireless Network Security for U.S. Federal Agencies
Cisco Unified Wireless Network Receives FIPS 140-2 Validation and Pursues Common Criteria Conformance for National Information Assurance Partnership (NIAP) WLAN Access Protection Profile
Cisco Systems® today extended its leadership position in wireless local area network (WLAN) security by announcing that the Cisco® Unified Wireless LAN Controllers and Access Points have received National Institute of Standards and Technology (NIST) Federal Information Processing Standard (FIPS) 140-2 level 2 validation of its IEEE 802.11i WLAN security architecture.
Cisco has been working closely with the Department of Defense (DoD) in defining requirements to enable higher levels of security and interoperability in wireless solutions. By meeting these cryptographic security standards with FIPS validation, the Cisco Unified Wireless Network meets another critical security requirement mandated by the DoD policy for commercial WLAN deployments.
"With the new DoD secure wireless policy, we are on the threshold of increased interoperability through open standards," said Colonel Rob Baker from the Department of the Navy's Navy-Marine Corps Intranet program. "FIPS certification enables the deployment of wireless in a rigorous, secure configuration at many of our bases, posts and stations."
Currently, Cisco is the only centralized WLAN solution listed in process with the National Information Assurance Partnership (NIAP) Common Criteria program for conformance to the U.S. government WLAN Access System Protection Profile for Basic Robustness - the final step in achieving total DoD Directive 8100.2 compliance. All new DoD acquisitions for commercial off-the-shelf (COTS) WLAN systems must be evaluated against this protection profile. Cisco expects to achieve final Common Criteria validation in the first quarter of 2007.
"FIPS compliance eases agencies' security concerns and will spur the adoption of wireless networks in the federal government," said Zeus Kerravala, vice president of infrastructure and security research at Yankee Group. "Companies such as Cisco that are committed to developing and embracing open standards have the clear competitive advantage for delivering government-grade WLAN security solutions."
Cisco notes that FIPS certification and compliance with DoD Directive 8100.2 wireless policy provides government customers the ability to use wireless more expansively, including deployment of advanced wireless services such as asset tracking, voice and security for guest networking. Prior to the DoD wireless policy, interoperability of highly secure WLAN deployments was not assured. This policy defines the interoperability required for true enterprise-wide highly secure WLAN deployments by mandating the use of IEEE 802.11i, the IEEE standard for implementing wireless security.
"Security is a primary concern with wireless networks, especially in the government market, which is why we include FIPS-validated code integrated into our baseline software release," said Alan Cohen, senior director of mobility solutions at Cisco. "With the stringent FIPS-secure Cisco Unified Wireless Network, federal agencies can now deliver on their wireless mandates with confidence that they are achieving state-of-the-art security."
In addition, the Cisco Unified Wireless Network is the only solution that meets the new DoD mandate for continuous Wireless Intrusion Detection (WIDS) with "location sensing" for tracking the physical location of thousands of wireless devices in real time. The Cisco WIDS solution with location tracking helps to protect both wired and wireless networks from potential security threats from rogue APs and unauthorized clients within the wireless environment.
"Prior to the new DoD secure wireless policy, customers were required to deploy nonstandard solutions for mission-critical wireless applications, severely limiting system interoperability and functionality," said Rocky Cintron, president of Force 3. Force 3 is a Cisco Gold Certified Partner that specializes in voice and wireless network integration and operational support for the federal government. "Now, Cisco has achieved a significant milestone in delivering advanced wireless security that has been proven to meet very rigorous security requirements of the federal government."
Securing wireless clients with Common Criteria validation is also a mandate of the new DoD policy. To address this, Cisco is announcing its SolutionsPlus partnership with 3eTI, a subsidiary of EFJ, Inc., the only WLAN client vendor currently listed in process for NIAP Common Criteria evaluation. The 3eTI client is also the only WLAN client solution that supports FIPS 802.11i security for Intel Centrino devices as well as other major client platforms. Together with Cisco SolutionsPlus partner 3eTI, Cisco is the only vendor that can deliver a comprehensive end-to-end wireless solution that meets all of the federal policy requirements for WLAN security.
"FIPS certification of the Cisco WLAN Controllers and Access Points demonstrates the high level of security and stability of Cisco wireless solutions in even the most demanding DoD environments," said Bruce Klein, federal operations vice president for Cisco. "It also assures DoD customers that our solution meets standards designed to allow it to interoperate with their existing equipment. This helps enable customers to take advantage of the total cost of ownership and operational advantages of an integrated and highly secure wired and wireless infrastructure."
http://technology-news-earnings.blogspot.com/2006_08_01_technology-news-earnings_archive.html
STX: Asus Selects Seagate's Momentus 5400.3 Hard Drive For Leading-Edge Notebook PCs
Seagate Technology (NYSE:STX), the world's number one hard drive maker, today announced that ASUSTeK Computer Inc., a leading supplier of notebook computers, has selected and qualified the Seagate Momentus 5400.3 disc drive for its new line of notebook computers. Momentus 5400.3 is the industry's first 2.5-inchhard drive to use perpendicular recording technology and provides up to 160GBof storage capacity. Ideal for mainstream notebook PCs, the 5400-RPM drive delivers the industry's leading combination of performance, acoustics, reliability and capacity.
"ASUS is committed to bringing customers the most advanced technologies and pleased to be integrating Seagate's innovative Momentus hard drive into its newest notebook PCs," said Tony Chen, general manager of ASUS Notebook Business. "The Momentus 5400.3 drive is an ideal solution for notebook PC users who need the highest levels of notebook performance and capacity."
"Seagate continues to work closely with major PC OEMs to ensure that Momentus drives deliver the performance, capacity, reliability and acoustics required to power a new generation of notebook computers that meet the growing storage needs of end users," said BanSeng Teh, Seagate vice president and managing director of Asia Sales and Marketing. "Our best-in-class notebook drives are meeting the needs of a broad and rapidly expanding base of customers."
Momentus - Delivering a Range of Solutions for System Builders
Perpendicular recording is a key addition to Seagate's 2.5-inch Momentus family of drives, allowing the drives to deliver higher capacity, performance and reliability without increasing spin speed, power consumption or heat dissipation. Seagate has implemented perpendicular recording across all its platforms to lead the industry in the rollout of perpendicular recording technology.
With Momentus drives, Seagate is redefining mobile computing by delivering rugged, power-thrifty hard drives that combine whisper-quiet operation with new levels of performance and capacity. The Momentus family of drives give system builders a range of spin speeds (4,200-, 5,400- and 7,200-rpm), capacities (40GB to 160GB), and interfaces (Serial ATA and Ultra ATA), allowing them to offer a variety of differentiated systems ranging from low-cost and mainstream notebook PCs to high-performance mobile workstations, small form factor PCs and blade servers. The drives are covered by Seagate's industry-leading five-year warranty for customers that buy through authorized distribution.
About ASUSTeK
Ranked in Business Week InfoTech 100 for the 9th straight year, ASUSTeK Computer Inc. (TSE:2357) is a leading provider of 3C total solutions. Its product portfolio includes notebooks, motherboards, graphics cards, optical drives, information appliances, desktop PCs, servers, wireless solutions, mobile phones and networking devices. With strong engineering capability, ASUSTeK won 1706 awards in 2005, translating to more than 4 awards per day. The company is the perennial leader of the motherboard and graphics card industries and a top 4 maker globally for notebooks.
About Seagate
Seagate is the worldwide leader in the design, manufacture and marketing of hard disc drives, providing products for a wide-range of applications, including Enterprise, Desktop, Mobile Computing, Consumer Electronics and Branded Solutions. Seagate's business model leverages technology leadership and world-class manufacturing to deliver industry-leading innovation and quality to its global customers, and to be the low cost producer in all markets in which it participates. The company is committed to providing award-winning products, customer support and reliability to meet the world's growing demand for information storage. Seagate can be found around the globe and at www.seagate.com
Seagate, Seagate Technology and the Wave logo are registered trademarks of Seagate Technology LLC. Momentus is either a trademark or registered trademark of Seagate Technology LLC. When referring to drive capacity one gigabyte, or GB, equals one billion bytes and one megabyte, or MB, equals one million bytes. Accessible capacity may vary depending on operating environment and formatting. Quantitative usage examples for various applications are for illustrative purposes. Actual quantities will vary based on various factors, including file size, file format, features and application software.
upside: The whole system is appearing "coincidently" the same time as Vista (the last piece of the puzzle). Cisco doesn't want to join the TCG but they acquired Meetinghouse because why? Hmmmmm... Regardless, it all spells a massive ROI for us all finally! Jeff
Slatecolt: NAC, NAP and TNC are all wonderful for Wave. Wave is the only interoperable enabler of TPM's. Relax.
sox: The bundeling agreements do have monetary figures attached and you need to do your homework. Having been a long time Redsox fan myself it's interesting how you can't hear the fat lady singing "TPM's will be ubiquitous by next year and Wave is the ONLY enabler of ALL TPM's". She's also singing the Redsox should "Turn out the lights the party's over". Wave has a better chance of being a billion dollar company next year then the Redsox do winning their division. Take that to the bank.
Just a bit?! Gotta love it brother!
cs: You forgot Seagate will be off the charts next year! Jeff
Diebold Opteva Window's based ATM's = Sygate = TNC = Wave EEE
EMBASSY® Trust Suite 4.3 Software Now Available with New Intel
Desktop Motherboards
Lee, MA – May 26, 2005 - Wave Systems Corp. (NASDAQ: WAVX, www.wave.com) announced
today that the next version of Wave’s trusted applications and services software security suite,
EMBASSY® Trust Suite 4.3, is shipping with the new Intel® 945 Express Chipset-based Intel
Desktop Boards D945GNTLKR, D945GTPLKR and D945GCZLKR for trusted personal
computers.
EMBASSY® Trust Suite (ETS) 4.3 software is designed to support the next generation security
chip hardware, called Trusted Platform Module (TPM) 1.2, integrated into the Intel desktop
boards, and can be used in a wide variety of customer applications.
"As a global leader securing self-service terminals and ATM networks, Diebold’s partnership with trusted computing technology is a natural progression," said Ken Justice, Diebold's vice president of product marketing and management. "We are working closely with Intel and Wave to deploy the first automated teller platform utilizing the TPM and Trusted Computing Group (TCG) specification. This approach merges hardware and software technology and truly delivers on the realization of trusted, secure computing."
Wave’s ETS software is designed to be compliant with TCG specifications and work with all
commercially available TPMs. The computer industry has shipped millions of PCs embedded with
the TCG-standard TPM 1.1 chip and now shipping is the newly introduced 1.2 TPM chip from
STMicroelectronics that is integrated into the Intel desktop boards.
"ST is very pleased to be part of these initial TPM 1.2 platform offerings,” said Mike Yousef, vice
president of ST's Computer and Peripherals business unit. “Our system level understanding of
computer and peripheral platforms, particularly in the area of security, is a natural fit for the
development of trusted computing products. The Wave ETS software suite pulls it all together in
a simple to use application that will delight business users."
“Wave has made available TCG-compliant software targeting business users of next generation
PCs,” said Brian Berger, executive vice president, marketing and sales, Wave Systems, “and we
are pleased to have our 3rd generation products being bundled with desktop boards based on the
Intel® 945 Express chipset family and shipping into the market.”
This agreement does not provide for any minimum or maximum guaranteed shipped quantities.
For more information about Wave’s trusted applications and services, please go to:
http://www.wave.com/products/ets.html. For more information about the new Intel desktop boards
visit: http://intel.com/design/motherbd/.
Wave is a member of TCG, an industry organization dedicated to embedding trust and security
more broadly into computing platforms and devices. More information about the TCG is available
at www.tcg.org. More information on Wave’s ETS software is available at www.wave.com.
About Wave Systems
Consumers and businesses are demanding a computing environment that is more trusted,
private, safe and secure. Wave is a leader in delivering trusted computing applications and
services with advanced products, infrastructure and solutions across multiple trusted platforms
from a variety of vendors. Wave holds a portfolio of significant fundamental patents in security
and e-commerce applications and employs some of the world's leading security systems
architects and engineers. For more information about Wave, visit http://www.wave.com.
Safe Harbor for Forward-Looking Statements
Except for the statements of historical fact, the information presented herein constitutes forwardlooking
statements within the meaning of the Private Securities Litigation Reform Act of 1995.
Such forward-looking statements involve known and unknown risks, uncertainties and other
factors which may cause the actual results, performance or achievements of the company to be
materially different from any future results, performance or achievements expressed or implied by
such forward-looking statements. Such factors include general economic and business
conditions, the ability to fund operations, the ability to forge partnerships required for deployment,
changes in consumer and corporate buying habits, chip development and production, the rapid
pace of change in the technology industry and other factors over which Wave Systems Corp. has
little or no control. Wave Systems assumes no obligation to publicly update or revise any forwardlooking
statements.
# # #
Wave Systems Corp. Jaffoni & Collins
John Callahan David Collins, Richard Land
413-243-7029 212-835-8500
jcallahan@wavesys.com wavx@jcir.com
All brands are the property of their respective owners.
Sygate
http://www.diebold.com/atmsecurity/digitalsecurity.htm
“At the heart of our system is Sygate — recognized as the industry’s strongest firewall software. With Sygate, you can have one of the world’s leading enterprise security solutions, protecting your ATM.”
http://www.gridtoday.com/04/0531/103313.html
• Sygate Secure Enterprise 4.0
Sygate's award-winning flagship product, Sygate Secure Enterprise, combines a sophisticated security agent that runs on each client, one or more policy management servers distributed across the enterprise, and enforcement on servers in the network and on endpoints. Specifically designed to meet the needs of global organizations, SSE allows for large-scale, rapid deployments and ensures that only computing devices with up-to-date anti-virus, firewall, intrusion detection, software patches and correct configurations can gain access to corporate data. In addition, only approved software applications can run in a Sygate-secured environment.
SSE 4.0 delivers important enhancements to enforcement and host integrity, the Sygate Security Agent, and the Sygate Management Server, to enable companies to keep pace with advanced technology and protect the endpoints of even the most sophisticated networks. Key enhancements to Sygate SSE 4.0 include:
o LAN Enforcement - Using the 802.1x EAP standard, Sygate Secure Enterprise 4.0 can assess the status of any endpoint on a LAN to ensure full compliance with corporate security policy. If the endpoint is not compliant, then the switch will quarantine the endpoint using VLAN, ACL, or role-based access control and the Sygate Security Agent can then perform automatic remediation. Once the endpoint is back in compliance, the endpoint will be granted normal access to the network.
“Support for the Trusted Computing Group (TCG) secure chip standard -- SSE 4.0 can now detect the presence of the TCG Trusted Platform Module (TPM), a microchip that stores encryption keys, passwords and digital certificates, widely available on IBM and HP systems. The Sygate Security Agent will be able to identify the TPM security chip when determining which security policy to apply, delivering increased security to those devices.”
https://www.trustedcomputinggroup.org/news/press/member_releases/2005/TNC_support_press_release.pdf+sygate+trusted+network+connect&hl=en&gl=us&ct=clnk&cd=1" target="_blank">http://72.14.209.104/search?q=cache:aT3jK4whXdIJ:https://www.trustedcomputinggroup.org/news/press/me...
SYGATE ANNOUNCES SUPPORT FOR TRUSTED NETWORK CONNECT (TNC)
ARCHITECTURE
Network Access Control Leader Contributes to the Development of Open Standards for
Endpoint Enforcement
LAS VEGAS, May 3, 2005 – Sygate Technologies, the leading provider of Network Access
Control (NAC) solutions today announced support of the Trusted Network Connect (TNC)
architecture as part of its commitment to deliver Compliance on Contact and protect computers,
data and networks from misuse, malicious access and misconfiguration. Since 2001, Sygate has
pioneered NAC interoperability through standards-based technology and go-to-market
partnerships with leading IPSec VPN, SSL VPN, and LAN solution providers including Alcatel,
Aventail, Cisco Systems, Enterasys, Extreme Networks, Foundry Networks, ProCurve
Networking From HP, Juniper Networks, Microsoft, and Nortel Networks. Sygate is a founding
member of the TNC, and supports the development of open standards that will ensure
interoperability between NAC components and offer customers a multi-vendor architecture for
determining the health and security of clients connecting to networks and control network access
based on pre-determined policies.
TNC members will present the architecture and illustrate how the specifications enable products
from multiple vendors to work together in verifying endpoint integrity before network access is
given in Booth 1075 at Networld+Interop, Mandalay Bay Hotel, Las Vegas.
The TNC specification has been developed by Sygate and some 60 other members of the Trusted
Computing Group (TCG), whose open specifications help vendors build products that protect
critical data and information. More information about the open, non-proprietary TNC
architecture and the first two specifications are available free of charge on the TCG website.
“As a founding member of the TNC and the leader in Network Access Control solutions, we’re
dedicated to offering our customers a roadmap for Network Access Control that best suits their
network environment. We value our work with the TNC because it provides administrators with
Copyright© 2005 Trusted Computing Group – other names and brands are properties of their respective owners
choices in products and services for endpoint integrity in heterogeneous operating environments,”
said Babak Salimi, vice president, Strategy & Partnerships, Sygate. “The TNC architecture and
TCG’s open and non-proprietary approach to determining client health and access to the network
is aligned with Sygate’s ongoing commitment to deliver Compliance on Contact. We will
continue to offer strong support of TNC initiatives and are pleased with the progress it has made
to date.”
The TNC architecture provides a common framework for endpoint configuration enforcement
based on system integrity and identity, with the option of incorporating the added security
provided by Trusted Platform modules based on TCG specifications. The first phase of the
architecture will offer two standardized APIs to address the exchange of compliance data and
results between systems requesting network access and policy decision points.
About Sygate
Sygate is the market leader in Network Access Control (NAC) solutions for the large enterprise.
Through intelligent policy enforcement, its solution ensures “Compliance on Contact,” protecting
computers, data and networks from misuse, malicious access and misconfiguration. Using Sygate
solutions, the world’s largest organizations protect their networks, enforce business policies, and
automate security practices to regain control of network security, reduce costs, and ensure
compliance across the organization. Partnerships with industry leaders, including Alcatel,
Aventail, Cisco, Enterasys, Extreme Networks, Hewlett Packard, iPass, Juniper Networks,
Microsoft and Nortel enable Sygate’s technology to operate seamlessly across multiple platforms
and applications. Sygate Technologies is a privately held company headquartered in Fremont,
California. For more information, please visit www.sygate.com or call (866) 308-8899.
About TCG
TCG is an industry standards body formed to develop, define, and promote open standards for
trusted computing and security technologies, including hardware building blocks and software
interfaces, across multiple platforms, peripherals, and devices. TCG specifications are designed
to enable more secure computing environments without compromising functional integrity with
the primary goal of helping users to protect their information assets from compromise due to
external software attack and physical theft. More information and the organization’s
specifications are available at the Trusted Computing Group’s website,
www.trustedcomputinggroup.org.
http://www.bizforum.org/whitepapers/sygate-4.htm
Sygate Compliance on Contact
Sygate is an early leader in Network Access Control solutions. Sygate’s Compliance on Contact technology delivers the industry’s widest range of NAC solution options available today.
The intense focus on NAC technologies has also led to other NAC efforts. Operating system and network vendors Cisco and Microsoft have weighed in with their own NAC architectures, and the industry as a whole has created the first set of standards for truly open NAC architectures in the form of the Trusted Computing Group’s Trusted Network Connect (TNC) initiative. Sygate is active in all of these efforts, and is incorporating product support for each of these enforcement architectures.
Using the Sygate Management Server, IT administrators can centrally manage their network access policies. These policies include built-in checks for well-known antivirus software, personal firewalls, anti-spyware, operating systems, and security patches. There is also an advanced toolbox for creating custom checks based on files found on the system, applications that are running, registry settings, file dates and checksums, and the like.
http://64.233.187.104/search?q=cache:-NLQat5OCFEJ:eval.veritas.com/mktginfo/enterprise/fact_sheets/e...
Symantec IP-ATM Security
Real-time endpoint compliance solution for ATMs to preserve brand equity and consumer
confidence in financial service institutions
“Foundation solutions:
• Symantec Sygate Enterprise Protection and, if antivirus
is required, Symantec AntiVirus”
http://www6.diebold.com/atmsecurity/files/ATM_security_Brochure.pdf
O P T E V A P R O T E C T S Y O U W I T H :
Sygate Firewall
Opteva is the only ATM to come standard
with the industry’s strongest firewall
software — Sygate. Firewall software is a
vital protection for your ATM — locking all
electronic points of entry. It monitors,
analyzes, and authenticates any external
source attempting to connect to the ATM,
blocks anything the software doesn’t
recognize, and sends alert messages upon
detecting unauthorized activity. Diebold
includes a firewall with every ATM because
you would be unacceptably vulnerable
without it. Opteva’s firewall, Sygate, is
recognized throughout the industry as the
best firewall software available —winning
awards such as PC World’s 2003 World
Class Award for Best Firewall Software and
Network Computing’s 2003 Editor’s Choice
Award. Unlike other ATM suppliers,
Diebold frees you from the anxiety of
having to wait for security patches to be
developed before you’re protected from
the latest viruses and exploits. That’s
because having Sygate installed on your
ATM ensures that you’re protected before
the patches are available.
Intel Trusted Platform
Module Chip
Every Opteva ATM includes an Intel®
Trusted Platform Module Chip. The chip
verifies the authenticity of sources and
commands, and ensures a protected
exchange of instructions and information.
Encrypted On-line Communication
Opteva encrypts the signals that are
transmitted from the ATM to the network
using the latest, most advanced
Triple DES standard.
Operating System and Software:
Maximum Security Settings
Diebold has configured the operating
system of Opteva, Microsoft® Windows®
XP, in the most secure way possible. All
unnecessary ports are closed, all unnecessary
services are shut down, the desktop is
locked down, startup and error control
services are enhanced, and the latest
Microsoft security patches and service
packs are applied. In addition, Opteva
software runs with “limited user” privilege,
instead of the vulnerable “admin” privilege
that allows viruses and hackers to take
control of other computers. In fact,
Opteva received a perfect score —10 out
of 10 — from the Center of Internet
Security, an independent organization that
measures the security of a computer’s
operating system. By configuring Opteva’s
software with the maximum security
settings, your ATM is protected from the
rampant security problems that plague
other computers.
http://www.trustedcomputinggroup.org/news/events/pastevents/presentations/govsec_presentation_052505...
Slide 105
Trusted Network Connect
Overview: Why, What, When
Jon Brody
VP Marketing, Sygate
Technologies
TCG/TNC Member
Slide 125
ATM Manufacturer
enforces remote access policy
Protect 5,000 mobile & remote users
Enforce security policy & patching
Control consultant & employee external
access to internal resources
Ensure compliance before permitting
network access
Nortel VPN integration
Saving $25,000+ per month in
remote connection costs
Immune to Blaster and other worms
with strict patch enforcement
Eliminated copyright violations with
active policy enforcement
http://news.com.com/Symantec+scraps+Sygate+consumer+firewall/2100-7350_3-5974230.html
"Symantec will continue to support and develop the Sygate enterprise product portfolio, including Symantec Sygate Enterprise Protection, Symantec Sygate On-Demand, Symantec Sygate Embedded and Symantec Sygate Network Access Control, Weiler said.
Symantec announced the takeover of Fremont, Calif.-based Sygate in August. The deal was closed in October."
http://phx.corporate-ir.net/phoenix.zhtml?c=89422&;;p=irol-newsArticle&ID=846504&highlig...
Symantec and Intel Collaborate to Change Security Computing Model
Isolating Endpoint Security From Main Operating System Increases Enterprise IT Confidence
CUPERTINO, CA, Apr 24, 2006 (MARKET WIRE via COMTEX News Network) -- Symantec Corp. (NASDAQ: SYMC) today announced it is working with Intel Corp. to build security solutions for the new Intel(R) vPro(TM) technology that will allow IT managers to effectively manage security threats outside the main PC operating system (OS). In this isolated virtual environment embedded within Intel vPro technology, Symantec's security solutions will be more tamper resistant and always on, monitoring and protecting the desktop.
In the emerging threat landscape, enterprises face security attacks that are increasing in complexity, frequency, and malicious intent. Additionally, the window of time between vulnerability disclosure and exploit is shrinking while the severity of vulnerabilities is increasing. To make the situation even more challenging, a new type of modular malicious code is increasingly used to take advantage of vulnerabilities in the operating system and desktop applications to disable security software on user systems. The end result is that enterprises are left more vulnerable when only traditional security protections in the primary OS are installed on the machine.
"By isolating the computer's protection in a virtual environment outside the main operating system, enterprises will have confidence that the security itself has not been compromised, that it is always on, and that they can trust the result that it gives," said Jeremy Burton, senior vice president of enterprise security and data management, Symantec. "We believe this new approach will improve security and reduce the overall cost of administration."
Symantec's solutions for the Intel vPro technology will offer enterprises several key benefits by taking advantage of the new virtualization capabilities built into PCs with Intel vPro technology. These capabilities will allow Symantec to build a tamper-resistant virtual security solution. The security functionality will operate in a secure environment separate from the user OS, where it will be unaffected by issues with the user OS. In the event malware is successful in infecting a desktop environment, the Symantec virtual security solution will contain the threat on that particular desktop, isolating it from other network resources. Since this new solution is built specifically for security and is separate from the primary OS, it offers IT departments a separate, stable environment from which to protect the desktop from attacks.
"Intel and Symantec are committed to providing customers with the strongest and most manageable client security available to small, medium and large businesses," said Robert Crooke, vice president and general manager of Intel's Business Client Group. "The combination of Intel vPro technology and Symantec's virtual security solution will provide a new level of control over malicious attacks, simplify management, and increase confidence in endpoint security."
Symantec and Intel's collaboration will focus on providing unprecedented next generation security solutions during the coming years. Together, the two companies will aim to provide robust security solutions in a way that is cost effective for IT administrators, yet gives them an appropriate level of control and helps ensure system and regulatory compliance on desktop PCs.
About Symantec
Symantec is the world leader in providing solutions to help individuals and enterprises assure the security, availability, and integrity of their information. Headquartered in Cupertino, Calif., Symantec has operations in more than 40 countries. More information is available at www.symantec.com.
NOTE TO EDITORS: If you would like additional information on Symantec Corporation and its products, please visit the Symantec News Room at http://www.symantec.com/news. All prices noted are in U.S. dollars and are valid only in the United States.
Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
CONTACT:
Linda Smith Munyan
Symantec Corporation
+1 (415) 738 2686
linda_s_munyan@symantec.com
David Forstrom
Connect Public Relations
+1 (703) 234 5390
davidf@connectpr.com
SOURCE: Symantec
mailto:linda_s_munyan@symantec.com
davidf@connectpr.com
- - - - -
View Replies (1) »
» You can also:
Ignore/Hide this poster on all boards
Membermark this member
Email this message to a friend
- - - - -
The above is a reply to the following message:
Diebold and Biometrics....
By: awk in WAVX DD
Sat, 29 Jul 06 5:37 PM Msg. 02432 of 03015
Biometrics at forefront of Diebold's LatAm offerings
From the October 14, 2005 edition of Business News Americas
By Scott Sadowsky
http://www.diebold.com/whatsnews/inthenews/labiometrics.htm
US banking equipment supplier Diebold (NYSE: DBD) is introducing increasingly more biometric and other high-tech systems into the Latin American financial sector, said Diebold Colombia marketing and communications director Paula Bonilla.
Diebold has been offering biometric technology for over five years, beginning with a system implemented throughout Colombia to verify the identity of retirees picking up their pensions.
But the highlight of Diebold's offerings is its biometric solution for ATMs. The main obstacle to the use of this technology has been the lack of standardization among different biometric devices, a problem Diebold has tackled with proprietary middleware.
"Biometric algorithms vary from brand to brand, so what Diebold did was create middleware that runs on its Agilis platform to allow clients to implement whatever technology they choose - they are not obligated to use biometric devices from a specific provider," Bonilla told BNamericas.
Whereas most biometric identification systems merely generate readings, such as those used by police agencies, the Diebold software also performs identity verification, which greatly reduces processing time. Users first identify themselves using a number or code, and then the biometric data gathered by the ATM is compared to data that the bank has already collected on the customer.
Diebold recently finished a small test run of its biometric ATMs in Chile, and "the pilot units passed the test successfully," said Bonilla.
However, the mass implementation of these systems is not without obstacles.
"Latin American banks are in general somewhat conservative. They don't want to implement anything they fear might be poorly received by customers, and biometric technology can make people feel invaded to a certain extent. It's going to require a cultural and educational process," said Bonilla.
Diebold has also attacked the security issue from the hardware standpoint. "In conjunction with Intel we have designed a security device specifically for ATMs based on its Trusted Platform Module. No one else has it," said Bonilla.
In order to implement these new technologies banks must use Windows-based ATMs, which Diebold launched only two years ago. Given that Diebold promises customers an 18-year life for their ATMs, according to Bonilla, it can be expected to take some time before the TPM-based solution is widely adopted.
OTHER TECHNOLOGIES
Among Diebold's other new offers is the IM-500 module for ATMs. "It includes a thermal printer, an MICR reader, a barcode reader that lets users pay bills, a magnetic strip verification system, a smart card reader and writer and a scanner that can record both sides of documents. It has been installed in hundreds of thousands of ATMs in Brazil," added Bonilla.
Also, for small towns and rural areas without banks Diebold has developed a special banking terminal. "It's connected to a bank, but it's also a terminal for the corner store or small supermarket in which it's installed, allowing people to perform almost every type of banking transaction," she said.
http://www.bnamericas.com
A perfect example of what your talking about Micro! How ironic it is that Diebold is our only ATM customer? Jeff
http://www.diebold.com/atmsecurity/digitalsecurity.htm
Diebold has taken a leading role in developing the next generation of ATM security.
Our digital security system is designed to be the best in the business. It prevents intrusion, defies hackers, and stops crime before it begins.
At the heart of our system is Sygate — recognized as the industry’s strongest firewall software. With Sygate, you can have one of the world’s leading enterprise security solutions, protecting your ATM.
Sygate defends your ATM with multiple layers of security:
First, the system locks down all electronic points of entry — making them invisible to hackers, viruses, and worms.
Next, it monitors, analyzes, and authenticates any external source attempting to connect to the ATM — and blocks anything the software doesn’t recognize.
Finally, the system compares behaviors against those of known attacks, and sends alerts upon detecting suspicious activity.
The Diebold security system ensures that no malicious application can send data to or from protected ATMs.
Unlike other ATM software providers, Diebold frees you from the anxiety of having to wait for security patches to be developed before you’re protected from the latest viruses and exploits. That’s because Sygate locks down your ATM — ensuring that you’re protected before the patches are even available.
In fact, Diebold’s solution is so secure, that even if you manually install a virus directly onto the ATM, the terminal can still operate without spreading the virus throughout your network.
The results are impressive.
We’ve not had one — not a single incident — where an ATM was compromised by a hacker, a virus, a worm, or anyone with malicious intent, after our solution has been installed.
That’s critical to our customers, whose very livelihood may depend upon greater uptime and secure operation of the systems they deploy.
Diebold also makes it easy for you to manage your ATM security. Our centralized server allows you to remotely manage security software on every ATM.
With our server, you can create, test, deploy, and update security policies any time a new threat is identified. You can monitor your network, view reports, or even upgrade the software — from anywhere, all at once.
No other ATM provider can match Diebold’s security solution. By combining the most advanced technologies with the industry’s leading firewall software, it’s the only solution that can effectively protect ATMs from the latest in digital security threats.
You can trust Diebold’s understanding of digital security to reduce your risk, protect your assets, and preserve your customers’ confidence and peace of mind.
Don't believe I've seen this posted? Sorry if I missed! Only available for the Opteva platforms from Diebold. Of coarse we know Opteva platforms (Intel) all have TPM 1.2. Jeff
http://www.atmmarketplace.com/news_story.htm?i=25790
Diebold announces remote service for ATM channel
• 08 May 2006
NORTH CANTON, Ohio — Diebold Inc.’s new OpteView Remote Services allows remote troubleshooting and problem diagnosis for ATM-network service. Using Internet technology to communicate directly with ATMs, Diebold supports its Opteva family of ATMs and initiates service delivery before a technician is dispatched.
Enabled by a partnership with Axeda Corp., OpteView allows Diebold to begin problem resolution within minutes of a service request by remotely accessing data for a complete and detailed state of health for every ATM module.
OpteView receives data from ATMs in real-time and delivers it directly to Diebold's Customer and Technology Support Center. In some cases, specific fixes can be deployed remotely. In others, information is delivered to a technician to facilitate more accurate repair decisions. Diagnostic processes include: conducting diagnostic sessions, including system checks for normal operation, individual device testing and root-cause analysis of device diagnostic log files; generating a problem diagnosis before an on-site visit; providing information about parts that might be needed for repair; providing a recommended recovery solution; performing reboot or hardware reset to recover from communications failures or other malfunctions; and postponing or canceling on-site-service response when an applicable fix can be completed remotely.
Diagnosis provided by OpteView is only available using Diebold's Opteva hardware and Agilis software platforms.
Chad Lynch, ATM service manager for Riverdale, Utah-based America First Credit, the sixth-largest credit union in the United States and the first financial institution to deploy Diebold's Opteva family of ATMs, said OpteView improves uptime and enables the financial institution to resolve issues without dispatching technicians.
"We want our ATM network to be the best it can be," he said. "OpteView allows me to let Diebold do what they do best, while I focus more of my attention on technology for my credit union."
http://phx.corporate-ir.net/phoenix.zhtml?c=106584&p=irol-newsArticle&ID=852373&highligh...
realmahjah: I think your onto something here!
"WAVX is goign to have an interesting growth curve with its HR responsibilities to meet the need for consulting, even though I suspect that EDS and/or other services firms could shoulder much of this burden."
I think you can also expand that to their support responsibilities to meet the needs of their customers. EDS would make a fine choice Jeff
Well said Snackman! Most of the naysayers are just about played out with reasons to cry, ridicule and complain. Like the SRA caller said "good job on bringing home the bacon!". Wait till next quarter when Wave reports a doubling of revenues quarter over quarter having a larger customer base and an enormous prospect list. Let's see what the share price will be then! By Q4 the naysayers will be crying in their beer AND they will have a whole bunch of extra time on their hands because there will be nothing to post?! Good times Snack!
gowave: Did the ARMY make it mandatory that all pc's purchased have a TPM 1.2 for no reason? Is the ARMY going to use the TPM's or not? If so, why dont you explain to all of us how the ARMY is going to network these TPM's without Wave? Which other company will provide the REQUIRED interoperable solution to network TPM'd PC's? Is this rouge unknown company listed on the ORC GSA contract anywhere? While your at it will you explain why Ed Velez (who is the ARMY's CTO)is presenting with our pizza customer at DigitalIDWorld? Why dont you provide some answers once in awhile rather than always asking the ignorant questions? Since you have such self proclaimed intelligence?
From DigitalIDWorld:
http://conference.digitalidworld.com/2006/30.php
Trusted Computing's Role In The World Of Identity
Wednesday, September 13 - 8:30AM
Chris Cahalin, Papa Ginos Holding Corp.
Ed Valez, CTO, PEO, EIS, US Army
The Trusted Computing Group has long played a role in the world of identity – one that hasn't been well understood. From the TPM to NAC, trusted computing builds the critical foundation for a secure identity deployment. This session puts users on stage, as they talk about leveraging the work of the TCG.
go: You don't consider the US ARMY as a Wave customer? Pretty big customer in my book?!
Giesecke & Devrient and Wave Systems Announce Strategic Partnership
Security Solutions Combining Smart Card and Trusted Computing Software Technologies to be demonstrated at the CardTech/SecurTech Annual Conference April 12-14, 2005 in Las Vegas
Munich, Germany and Lee, MA, USA April 12, 2005 – Giesecke & Devrient (G&D) and Wave Systems Corp. (NASDAQ:WAVX) have formed a strategic alliance to offer an enhanced security solution to address the trusted computing market. In the IT sector, high complexity and a wide spectrum of applications are boosting the demand for security solutions among private users and businesses alike. The challenge is to devise comprehensive solutions that can satisfy customers' security needs. Increasingly, what are known as Trusted Platform Modules (TPM) are being incorporated into personal computers for a more trustworthy computing environment. The TPM is a processor which is integrated into the PC motherboard as a separate chip. Use of smart card technology adds a further component to the security solution: The card serves as a key to the computer, preventing unauthorized access to system and data. Giesecke & Devrient (G&D) and Wave Systems have formed a strategic alliance to market a comprehensive security solution that integrates both components.
The G&D-Wave Systems collaboration will address the organizations' joint development activities in the fields of smart card technology and trusted computing software. The aim is to leverage the combination of smart card technology and TPM associated software to offer clients in industry and government a comprehensive, flexible and easy-to-use security solution.
Both partners are members of the Trusted Computing Group (TCG), an organization founded in 2003 by leading enterprises in the IT sector to develop open standards for a new generation of secure hardware and software products in virtually all application areas. "Multifactor authentication enabled by systems with TPMs and with smart cards helps IT managers further secure systems and data in the enterprise," said Brian Berger, TCG marketing work group chair. "The increasing availability and usage of systems with TPMs has enabled a number of security innovations that will help both IT and users."
In a secure platform environment, the TPM's task is to protect and generate secret keys, and store system configurations safely. The TPM also functions as a hardware-based security mechanism that prevents system changes caused by virus attacks. "The combination of trusted computing with smart card technology shows a lot of complementary advantages. As an integrated part of the motherboard, trusted platform modules provide an early integrity control from software and hardware as well as identity control of the entire PC system. The addition of chip card technology, e.g. as smart card or smart USB token, enables portable user identification to achieve a reliable and flexible security solution," said Andreas Raeschmeier, Head of Business Development at Giesecke & Devrient.
Using smart card technology ensures that only users who can authenticate themselves with a card or token, plus the associated PIN, can gain access to the computer or network. "Smart card technology is flexible and easy to use. Users only have to enter a four-digit PIN instead of a 20-digit passphrase. Possession of the card and knowledge of the PIN provide maximum security, and are user-friendly as well," said Andreas Raeschmeier, pointing out the advantages of smart card technology.
IT security departments have different security requirements, extending from protection of sensitive data and access control through hard disk encryption to management of hardware and software configuration. In all of these, the trusted platform module can provide valuable support.
"Wave is pleased to be partnering with G&D, a leader in the smart card market, which has strong established relationships in enterprise and government markets in Europe and beyond," said Steven Sprague, Wave System's president and CEO.
"We believe G&D's technology leadership can help further the adoption of trusted computing solutions in these geographical and business markets."
Wave’s EMBASSY Trust Suite (ETS) secure software capabilities being demonstrated with G&D at CardTech/SecurTech include security policy management, key archive and management, digital signature, file and folder encryption, secure email, secure wireless authentication and storage and automation of user names, passwords and personal information.
For more information on demonstrations at CardTech/SecurTech, please contact the sales organizations of either company.
Successful cooperation between Diebold and Giesecke & Devrient
Diebold's new Opteva® family of ATMs is equipped with Giesecke & Devrient’s OEM module Lobby® 90, a worldwide sales hit
Munich, 5 September 2005. The cooperation between Diebold – a global leader in self-service delivery systems and services – and Giesecke & Devrient (G&D) is prospering. Up to now, G&D has been able to sell numerous Lobby 90 bundle depositing modules to Diebold as well as to other integrators. The ATMs in Diebold's Opteva® family contain a full line of cash dispensers and advanced function ATMs for lobby, walk-up, and drive-up installations. The Lobby 90 is available on all Opteva® advanced function ATMs as a factory option or field upgrade.
With Lobby 90, loose bundles of banknotes are deposited securely and quickly. The deposit transaction takes about half the time as on comparable modules. The system requires only 60 seconds for a transaction of up to 100 banknotes in mixed denominations and currencies.
The Lobby 90 is exteremely reliable and offers a variety of additional functions. Due to its modular concept, it can be installed in a variety of machines and systems, such as self-service deposit terminals in banks or back office areas in casinos and the retail trade. Customers can use the deposit terminal worldwide, since its banknote adaptation database contains approximately 400 denominations from 50 currencies.
The CashRay® 90 sensor ensures secure banknote denomination and authenticity detection in the Lobby 90. Banknotes that cannot be clearly identified when deposited are immediately rejected. For the long term detection of counterfeits, the adaptation database and the data module can be updated continually, as required. The optional PIDSY® (Post Identification System) software provides additional security. It permits the tracking of a depositor after the fact if a counterfeit is found in the deposit.
http://www6.diebold.com/atmsecurity/hackers.htm
Intel Trusted Platform Module Chip
Every Opteva ATM includes an Intel® Trusted Platform Module Chip. The chip verifies the authenticity of sources and commands, and ensures a protected exchange of instructions and information.
Encrypted On-line Communication Opteva encrypts the signals that are transmitted from the ATM to the network using the latest, most advanced Triple DES standard.
http://www6.diebold.com/atmsecurity/files/ATM_Security_Brochure.pdf
http://www6.diebold.com/solutions/atms/opteva/html/videos/05pentium_large.htm
http://www6.diebold.com/solutions/atms/opteva/default.htm
http://www.wavesys.com/news/press_archive/05/050526_ETS.html
"As a global leader securing self-service terminals and ATM networks, Diebold's partnership with trusted computing technology is a natural progression," said Ken Justice, Diebold's vice president of product marketing and management. "We are working closely with Intel and Wave to deploy the first automated teller platform utilizing the TPM and Trusted Computing Group (TCG) specification. This approach merges hardware and software technology and truly delivers on the realization of trusted, secure computing."
http://phx.corporate-ir.net/phoenix.zhtml?c=106584&;p=irol-newsArticle&ID=797337&highlig....
Diebold, Bank of China Close Multi-Million-Dollar Deal for Nearly 650 Opteva(R) ATMs, Agilis(R) Software
NORTH CANTON, Ohio, Dec. 19 /PRNewswire-FirstCall/ -- Retail banking consumers in a number of developed cities along the eastern coast of China will soon have the luxury of using some of the world's most advanced automated teller machines (ATMs) now that a multi-million-dollar agreement between Diebold (NYSE: DBD) and Bank of China (BOC) has been finalized. The bank has purchased 642 Opteva(R) ATMs, which are powered by Diebold's Agilis(R) software.
"Bank of China has a long and celebrated history, and is considered one of the best commercial institutions in the country," said Daniel Hu, managing director of Diebold Greater China Area. "BOC's deployment of Opteva ATMs will enhance the bank's brand image and expand its customer base by setting higher standards in the province for advanced technology, superior products and enhanced services. We are particularly honored to be selected as its major ATM supplier, and I'm certain Diebold's Opteva ATMs, Agilis software and Diebold Premier Services(R) will help the bank establish maximum return on its investment."
A proliferation of economic development in the region, coupled with the fiercely competitive economic environment of China's coastal cities, makes the area an ideal market for new business opportunities. As a global leader of self-service solutions, Diebold provides Bank of China with tailored solutions that will enable it to optimize branch resources while simultaneously enhancing revenue, operations and brand image.
Under the present guidance of the State Council and China's Banking Regulatory Commission, BOC is undergoing an aggressive and resolute reform to raise the efficiency and profitability of its bank branches. The bank aims to transfer about 40 percent of its traditional teller transactions to its self- service delivery channel by 2008, while increasing surcharge revenue through self-service transactions.
Because BOC is widely recognized as one of China's most successful banks, the financial institution was chosen to be the official partner of the 2008 Beijing Olympic Games. Established in 1912, BOC is China's oldest bank. For more than 90 years, it played an important role in promoting China's economic and social progress through its active involvement in the country's local and international trade and financial activities. BOC is the first and only Chinese bank with a presence on every major continent, offering financial services through its global network of more than 560 international offices in 25 countries and regions.
About Diebold
Diebold, Incorporated is a global leader in providing integrated self- service delivery systems, security and services. Diebold employs more than 14,000 associates with representation in nearly 90 countries worldwide and is headquartered in North Canton, Ohio, USA. Diebold reported revenue of $2.4 billion in 2004 and is publicly traded on the New York Stock Exchange under the symbol "DBD." For more information, visit the company's Web site at
http://www.diebold.com.
http://biz.yahoo.com/prnews/060201/clw084.html?.v=1
Top Russian Bank Chooses Diebold's Opteva(R) ATMs, Agilis(R) Software
Wednesday February 1, 2:51 pm ET
Deal continues relationship between Diebold and Bank Petrocommerce, supports bank's expansion in Russia
NORTH CANTON, Ohio, Feb. 1 /PRNewswire-FirstCall/ -- One of the largest banks in Russia and the Commonwealth of Independent States (CIS) will upgrade its fleet of automated teller machines (ATMs) with terminals from Diebold, Incorporated (NYSE: DBD - News). The ATMs are powered by Diebold's multivendor software solution, Agilis®.
ADVERTISEMENT
Bank Petrocommerce strengthened its relationship with Diebold through its recent purchase of 250 of Diebold's Opteva® ATMs. The deal will support the bank's planned growth in the region and will provide the bank's customers with advanced functionalities such as bulk note acceptance. Diebold's Bulk Note Acceptor(TM) (BNA) accepts a stack of mixed-denomination currency at the ATM without the use of an envelope.
The bank's Opteva terminals are powered by Agilis, Diebold's high- performance software, which is capable of interfacing with multivendor products, reducing the need for back-end support and protecting investments in legacy systems. Agilis enables Bank Petrocommerce to customize its terminals, and makes possible the bank's offering of currency exchange on Opteva terminals that include a BNA.
The new ATMs complement the bank's purchase of more than 200 Opteva terminals during the last 18 months. With a goal to expand its offering of the most advanced ATM functionality, Bank Petrocommerce chose to continue its relationship with Diebold after successful implementations of Diebold's Opteva ATMs across its self-service network.
"We are committed to making the services rendered by our bank more people- friendly and accessible," said Nadir Bakeev, deputy director of the division of information technologies for Bank Petrocommerce. "With our latest investment in Opteva ATMs, we are delivering greater functionality for even more of our customers, with features that are easy to use and that free up teller time inside our branches. We're also able to become more technologically advanced and improve our regional network."
The first Opteva sale in Russia took place in April 2003. The latest sale to Bank Petrocommerce includes three Opteva models -- the lobby cash dispenser, the through-the-wall cash dispenser and the advanced-function lobby ATM. Fifty of the terminals will be capable of bulk-note acceptance, and all will support U.S. dollars, the euro and Russian rubles.
"Bank Petrocommerce recognizes the advantage installing the latest ATMs brings to its business," said Henrik Funch, division vice president for Diebold Europe-Middle East-Africa (EMEA). "Diebold strives to provide its customers with the highest quality self-service equipment, offering the reliability, security and performance only Opteva can provide. We delivered a similar number of Opteva terminals to Bank Petrocommerce last year, and we are proud to have maintained such a strong relationship with this valued customer."
About Bank Petrocommerce
Bank Petrocommerce was established in 1992, general banking license 1776 issued by the Central Bank of the Russian Federation. Bank Petrocommerce offers a full range of services to corporate and individual clients. It ranks among Russia's largest financial institutions in terms of the main financial indicators. According to The Banker, Bank Petrocommerce is one of the world's 1,000 largest banks, placing 886th in terms of capital. Bank Petrocommerce's regional network comprises four subsidiaries and 250 branches and its reliability is evidenced by high credit rankings assigned by the international and Russian rating agencies Standard & Poor's, Moody's, Moody's Interfax Rating Agency and Expert. As of Nov. 1, 2005, Bank Petrocommerce had issued 385,000 cards and had installed 400 ATMs across Russia. The bank is majority owned by the companies of Financial Group IFD Kapital.
About Diebold
Diebold, Incorporated is a global leader in providing integrated self- service delivery and security systems and services. Diebold employs more than 14,000 associates with representation in nearly 90 countries worldwide and is headquartered in Canton, Ohio, USA. Diebold reported revenue of $2.6 billion in 2005 and is publicly traded on the New York Stock Exchange under the symbol "DBD." For more information, visit the company's Web site at www.diebold.com.
JAN 5. 2006 "Chase to Deploy Diebold's Opteva(R) ATMs"
http://tinyurl.com/pz3pp
Chase to Deploy Diebold's Opteva(R) ATMs
January 5, 2006: 8:30 a.m. EST
NORTH CANTON, Ohio (PRNewswire) - NORTH CANTON, Ohio, Jan. 5 /PRNewswire-FirstCall/ -- Diebold, Incorporated has announced that Chase will deploy more than 1,300 of its Opteva(R) automated teller machines (ATMs) in its network. The ATMs will be used in new branch and off-premises locations, as well as for the replacement of existing ATMs. An associated service agreement is also included in the deal.
"Diebold is proud to play such a big part in Chase's self-service delivery network," said David Bucci, senior vice president of Diebold Customer Solutions. "We are committed to helping Chase deliver the best ATM experience to its customers."
The agreement includes Diebold's Opteva cash dispensers and advanced- function terminals.
"A fast, standardized and reliable customer experience is critical to the success of our ATM channel, and Diebold's product line helps us effectively deliver service to our customers," said Patrick Wright, senior vice president of Chase's Retail Operations.
Chase recently launched a pilot of Diebold's deposit automation technology -- including Diebold's Intelligent Depository Module(TM) (IDM) and Bulk Note Acceptor(TM) (BNA) -- at its operations center in Columbus, Ohio.
Chase has a network of more than 7,100 ATMs in 19 states.
Diebold, Incorporated is a global leader in providing integrated self- service delivery systems, security and services. Diebold employs more than 14,000 associates with representation in nearly 90 countries worldwide and is headquartered in North Canton, Ohio, USA. Diebold reported revenue of $2.4 billion in 2004 and is publicly traded on the New York Stock Exchange under the symbol "DBD." For more information, visit the company's Web site at http://www.diebold.com.
Nokia , Philips, China Mobile, e-Tong Card team up for NFC trial
Philips has launched China's first near field communication (NFC) trial together with Nokia, China Mobile's Xiamen Office and Xiamen e-Tong Card. A hundred participants have been selected to use a Nokia 3220 mobile phone to conduct secure electronic payments in any restaurant, transportation system, movie theatre or convenience store that accepts the Xiamen e-Tong card. Trial participants can conduct transactions with the swipe of their mobile phones.
In addition to the secure mobile payment functionality, subscribers can check the balance of their e-Tong cards as well as the last nine transactions made via their handset. Through a built-in WAP site, users are able to search lists of stores that accept payment using the e-Tong card.
Click on the link and there is a picture of the Nokia N Series phone attached to this article. Jeff
http://www.afterdawn.com/news/archive/6900.cfm
DRM chip could lock mobile phones to networks and content providers
5 October 2005 20:06 by Dela
Mobile phones are one of the most popular gadgets on this planet to date, and they still spread in popularity day by day. To use a mobile phone, you simply need the phone, a SIM card and cellular network to use. Usually the network supplies you with your SIM card, which then contains information about your provider and helps you establish a connection with the network to make and receive calls etc. Additionally, many service providers impose restrictions on the phones that they sell to their customers, mostly known one being the provider lock.
Increasing numbers of people are unlocking phones and using them with many different networks, much to the annoyance of the original network that sold the phone. So what will be the next thing that will protect phones from being unlocked and used freely with any network? The answer is basically a DRM chip. At a mobile communications industry trade show, a group of engineers announced an initiative to produce standards for DRM on mobile phones.
It would build on the work of the Trusted Computing Group (TCG) for a mobile version of the company's Trusted Platform Module (TPM). TPM technology provides cryptography functions in hardware, which can be used for system and user authentication and storing of information for installed software to protect it against unauthorized use. It also can ensure that applications are only used for intended purposes and nothing else.
This means basically that documents stored in specific formats might not be interpreted by applications that they did not originate from. So imagine it being used with mobile phones for a moment. TGC's Mobile Phone Work Group introduced a concept called SIMLock/Device Personalization which effectively ensures a device remains locked to a particular network until it is unlocked in an "authorized manner". This would mean it would be a lot harder to unlock a mobile phone from a network than it is now.
Seth Schoen, staff technologist with the Electronic Frontier Foundation released a statement about the proposals saying that they "aim to help your cell phone company decide who can publish software or media for your phone, whether you can load your own documents, and even whether you can switch carriers or resell your phone. These are not innovations that consumers will applaud." These words are true as consumers generally don't like being limited with their gadgets. "The cell phone industry hasn't yet realized that cell phones are little computers, and that users expect the same amount of choice about how to use their phones as they enjoy with their PCs and PDAs." the statement continues.
Earlier today we also reported on how claims are being made that mobile phone unlocking software violates the Digital Millennium Copyright Act (DMCA) in the U.S.
Source:
Tom's Hardware Guide
Related articles:
Mobile phone unlocking software violates DMCA? (5 October 2005)
The myths and realities of mobile device security
With the increasing number of smart devices, and the increasing amounts of malware, it's imperative that a security standard for mobile devices be developed.
By Janne Uusilehto, Nokia Corp.
Mobile Handset DesignLine
(03/13/2006 5:00 AM EST)
http://www.mobilehandsetdesignline.com/howto/softwareandsecurity/181501164;jsessionid=WC5LBIQ1HF22QQ....
Sales of mobile devices are skyrocketing, and so is their appeal to cyber criminals, partly due to sheer numbers and partly due to expanded use of the devices for wireless business communications. Add to this the well-known security vulnerabilities of mobile phones and wireless communications in general, and the phenomenon amounts to an open invitation for exploitation.
Today's mobile phones, whether standalone or in converged (smart) devices, are serving many, and potentially all, of the same functions as desktop PCs and workstations. In addition to running software that performs many of the same functions as PC software, mobile phones are being used to access enterprise intranets to send or download sensitive business information. Users may also access personal bank accounts, make online purchases with credit card information stored on the phone, subscribe to various services such as music and video download sites, and send and download data to/from enterprise intranets. Sensitive personal and business information may be stored in databases, personal notes, and contact lists.
The Trusted Computing Group (TCG) believes it's imperative that an open standard for security for mobile devices be developed, and soon. To that end, a Mobile Phone Working Group is developing a specification for release in the first half of 2006.
Myth: serious mobile security threats don't exist
Early in 2005, Mark Kelly, editor of SecurityFocus, Symantec's online magazine, stated in a column "the real threat from viruses just doesn't exist today. My prediction is that mobile phones won't experience any major security issues for several years." IT research firm Gartner's June 2005 report stated "The conditions required for a real virus or worm to spread quickly among the mass of mobile devices will not converge until the end of 2007," a remark that's been widely quoted in the media.
Because early mobile phone trojans and worms seldom do more than cause the phone to stop working or launch denial-of-service attacks of limited scope, the damage—and therefore the threat—is considered slight by security firms. However, while the damage may be slight, the attacks are succeeding, and they inconvenience the end user. In addition to the threat from malware, in many handsets, the security codes are so easy to crack that mobile phone theft tops all other street crimes in many cities around the world, as cracking these codes gives access to sensitive information stored on the phone.
It's also important to note that each new edition of malware is more sophisticated and successful than the last. The virus writers are learning their medium and evolving more complex and intrusive malware. SymbOS/Cardtrap.A appeared in the latter part of 2005, planting two Windows worms on the phone's memory card that attempts to infect a PC when the card is inserted in the computer's memory card slot. Early invaders such as Cabir and Commwarrior were arguably just for practice while malware authors learned their craft.
Reality: serious mobile security threats exist
According to McAfee Avert Labs, mobile malware has grown almost 10 times faster than PC malware over a one-year period, and McAfee expects to see a significant rise in the number of global mobile threats in 2006, in part because of the increased connectivity of smartphones.
McAfee predicts that the damage caused by new mobile threats is likely to be far more extensive than that caused by today's PC threats. They estimate that a mobile threat targeting several operating systems could infect up to 200 million connected smartphones simultaneously, as the majority of these devices don't have mobile security protection installed. This fact alone points to the need for device-level embedded security.
A mobile phone is seldom a discrete device anymore, but may incorporate a camera, music, and/or video player, PDA, and trimmed-down versions of standard desktop software applications. Market analysts reports that as of Q2 2005, shipments of converged or smart mobile devices were up 186% over the year ending Q2 2004. Over 12 million such devices were shipped compared to slightly less than 6 million the prior year.
As of December 2005, the number of mobile malware exceeded 100, according to F-Secure.
Desktop PCs don't get lost
In addition to the threats common to desktop PCs, mobile phones have several additional vulnerability areas:
-Because they're small and often carried on the user or in a purse, mobile handsets are more likely to be lost or stolen, making any information stored on the phone, as well as access to services, and banking and credit card information, available to the thief.
-Using the phone in a public place is a risk the desktop user needn't be concerned with. Sensitive information may be communicated by voice, text message, or wireless email in close proximity to other phone users or cybercriminals equipped with special electronic spying equipment.
-When a person makes a call or transmits data with a mobile phone, the phone transmits information to identify itself. This information includes the phone's electronic serial number (ESN), the mobile identification number (MIN), and other electronic ID signals, all of which aren't encrypted in analog systems and can be captured by a cybercriminal using an ESN reader, which is readily available. Once captured, this information is used to clone the victim phone by implanting the ID codes in another phone. The cloned phones can be used for up to 30 days before the fraudulent charges are discovered.
These factors mean that mobile handsets are now more attractive targets for cybercriminals than they've been in the past.
Making security a priority
In mobile devices, OS, platform, and application level functions—including the Subscriber Identity Module (SIM), Universal SIM (USIM), and Universal Integrated Circuit Card (UICC)—must interact in a secure, trusted manner across various platforms. An open standard will be a major factor in bringing interoperability between different systems.
This is especially important to enterprise IT departments that need to provide access privileges remotely as well as in house. The use of smartphones by employees and clients alike to access company data and services has given rise to perplexing security issues that to date, haven't been resolved to a level of trust that encourages enterprises to support the use of such devices without reservation. Of course, this has economic implications for mobile device makers and service providers. To manage remote access, robust identity protection and user/device authentication is essential. Enterprises will spend the necessary dollars on mobile smartphones if those devices are embedded with security based on a robust standard.
The significant increase in wireless connectivity required by smartphones is another factor making security a crucial issue. Bluetooth has become a preferred entry point for malware authors. Security holes in this and other wireless standards are challenges that must be met as soon as possible.
In addition, security issues with handset identity codes make the phones such easy targets that phone theft tops all other street crimes globally. The International Mobile Equipment Identity code (IMEI) is a 15-digit code used to identify an individual GSM mobile; SIMLock ensures that a handset can only be used with the authorized user's SIM card. On many handsets, these codes can be easily broken.
Providers of hardware and services can ensure security and interoperability across computing and communications platforms by embedding standardized security in mobile devices. And all the other usual benefits of standardization apply. These include lower development costs, a faster research and development process, and broader their potential market.
To date, most of the effort to enable mobile security solutions has been to build security into the OS. However, these OSs are quite complex, making it difficult to provide robust security based on the OS alone. Implementing security in an OS also can significantly impede the development and debug process.
Although security features are evolving quickly, the current lack of a security standard has resulted in fragmented and costly efforts. Without a common approach to handle trust, security, and protection in mobile devices, managing all this becomes extremely complex. The Trusted Computing Group's (TCG) Mobile Phone Work Group (MPWG) was formed to address all these concerns. The MPWG is comprised of companies representing handset makers, service providers, silicon providers and applications developers. This includes AuthenTec, Ericsson, France Telecom, IBM, Infineon, Intel, Lenovo, Motorola, Nokia, Philips, Samsung, Sony, STMicroelectronics, Texas Instruments, VeriSign, Vodafone, and Wave Systems.
The TCG develops and promotes open, vendor-neutral, industry standards for trusted computing building blocks and software interfaces across multiple platforms. The Trusted Platform Module (TPM) is offered in discrete and integrated form factors, providing core functionality common to all platforms in such a way that it can be implemented for specific platforms. However, in its present form, it's not directly applicable to mobile equipment. The MPWG was formed to build on the TPM spec to address the particular needs of the mobile environment and the unique features and requirements of mobile phones.
The TCG MPWG specifications will address eleven areas of security concern in mobile phones:
Platform integrity
Device authentication
Digital Rights Management (DRM) implementation
SIMLock/device personalization
Secure software download
Secure channel between device and UICC
Mobile ticketing
Mobile payment
Software use
Platform and application integrity assurance
Data protection and privacy
Platform integrity ensures the use of authorized OSs and hardware and ensures that platform hardware and the principal elements of the platform software are in the state intended by the device maker. Device authentication assists a service or network provider in end-user authentication when the device identity has been bound to an end-user identity. It also proves the identity of the device itself. The device is able to store and protect all identities, and uses the appropriate identities depending on the context.
DRM implementation lets device makers establish a robust platform and provide a hardened implementation of a potential DRM solution. SIMLock/device personalization (the SIM stores the subscriber ID number, authorized networks, and encryption keys) ensures that a mobile device remains locked to a particular network until it's unlocked in an authorized manner. It also provides mechanisms to deter device theft. Subsidizing entities can be assured that end-users can't move their device to another network or service provider without authorization.
A secure software download assures that the device can securely download application software and updates, and firmware updates and patches. These downloads can be triggered by the end-user, device manufacturer, or network provider. Forming a secure channel between the device and the UICC allows security-sensitive applications to be implemented partly in the UICC and partly in the device. Making the UICC and device aware of each others' trust status prevents malicious software on the device from interfering with applications and prevents a compromised device-UICC interface from interfering with applications.
Mobile ticketing assure the ability for mobile devices to securely download and present tickets, and prevent the downloaded tickets from being duplicated or modified to change their rights as purchased. After a ticket is consumed, the rights represented by the data object must be cancelled. Mobile payment executes a secure payment protocol between an application stored in a device and a point of sale. It also ensures that payment is authorized by entering a PIN.
Software use enforces predefined software use policies, lets the OS enforce lists of functions and objects from each application, revokes an application when malware is detected, and allows a trusted object to remove, replace, or elect not to execute a revoked application. Platform and application integrity assurance immediately warns the user if the platform loses integrity and assures the end-user that a device or an application can be trusted. Data protection and privacy ensures that the user's information can't be accessed, viewed, or copied by unauthorized entities, and provides privacy-enhancing capabilities when access doesn't require a password.
The mobile specification will provide the same level of security as implemented by network and applications providers. A proper owner-authorization password will be needed to effect changes to a device, which will provide protection against device theft and loss.
The MPWG anticipates releasing the specification in the first half of this year. Like all TCG specs, it'll be available on the organization's Web site, free of charge. Typically, products follow specs by several quarters, depending on product development cycles.
Well said rachelelise! Wintel and Wave have collaborated. SKS made recent comments confirming his comfort level with Microsoft relative to the timeframe that Microsoft would become competitive. The timeframe is remarkably close to Wave's key patent expirations relating to secure execution of keys within the TPM (5-7 years). As SKS implied... He is comfortable that by then Wave would be ubiquitous IMO. Jeff
The more I think about it the RS seems to be as important relative to preventing a hostel takeover than delistment? The jockeying has begun! Company's are starting to realize where the tech market is going. EMC acquiring RSA. Cisco acquiring Meetinghouse. HP acquiring Symantec? Microsoft acquiring? All I know is I invested in Wave with the belief the company would generate over a billion in revenue. I didn't invest to merely make a good chunk of change off a buyout and then move onto the next prospective company. The RS sure makes me sleep better at night.
Symantec should be next on HP's to-do list
For his next move, HP CEO Mark Hurd needs to land a bigger fish.
By Owen Thomas, Business 2.0 Magazine online editor
SAN FRANCISCO (Business 2.0 Magazine) -- How badly did Wall Street want Hewlett-Packard to make a software acquisition? Listen to the tale of the tape: Despite paying a 33% premium for Mercury Interactive in a $4.5 billion deal, HP shares rose 42 cents - or 1.4 percent - on Wednesday.
Normally, Wall Street inventors punish an acquirer's shares, but in this case, they applauded. HP CEO Mark Hurd should take the hint. If doubling the size of Hewlett-Packard's software business to $2 billion in annual revenues is a good idea, why not take the next step and triple it?
That may sound a bit glib. But in the cutthroat software business, bigger can actually be better, since corporate software buyers increasingly want to get as much of the software they buy from a few large vendors. At $2 billion, HP's software unit will still be small fry compared to Microsoft (Charts), SAP, Oracle (Charts) and IBM (Charts). And making more purchases like Mercury will be tough, because small software companies are just going to get more expensive.
"This is only the beginning," says Citigroup analyst Brent Thill. "In the last few software transactions, the values have jumped. There are more bidders entering the market for these companies."
But just down the road from HP in Cupertino, Calif., there's the perfect target: Symantec.
Triple the fun
Why Symantec? For one thing, at $4 billion in annual sales, it's one of the few software companies large enough to put HP's software revenues into the big leagues.
There are also opportunistic reasons. Symantec doesn't have anything like Mercury's options scandal weighing it down, but it is struggling strategically, thanks to an acquisition it completed a year ago.
When it bought Veritas for $13.5 billion last July, Symantec expanded from antivirus and security software into storage management. But the two business lines haven't meshed well, and the company's shares are down nearly 33 percent since the merger.
Meanwhile, Microsoft is increasingly posing a threat to Symantec's security software business by building antivirus and firewall features into Microsoft windows. And EMC, a storage hardware maker which competes with Symantec in that arena, has been rapidly growing its storage software business.
Additionally, HP's unparalleled retail presence around the world would help Symantec sell even more consumer antivirus and firewall software. Its corporate sales force could help sell Symantec's storage software to more Fortune 500 companies. And HP's army of IT consultants could include Symantec's security and storage software in more complex services deals.
For its part, HP needs to do more to distinguish its increasingly commoditized PC and server business. And Symantec's products provide the perfect way to do that.
Computer users don't care about most of the bells and whistles PC makers include. What they want, most of all, is a system that runs well and doesn't crash. Including Symantec's security software on every box would do more to distinguish HP's computers from the competition than anything else it might do. Imagine the ad campaign: "The other guys sell Windows PCs. We sell Windows PCs that work."
Likewise, adding Symantec's storage software line would give HP's struggling storage business a mighty boost. Increasingly, it is software and not hardware that distinguishes one storage server from another. That's why EMC, primarily known as a hardware maker, has been spending so heavily on software acquisitions.
A blockbuster deal
Assuming HP (Charts) pays the same premium for Symantec that it paid for Mercury (Charts) - about 33 percent over the current share price - it would have to shell out $21 billion for the company. That would be by far the largest software acquisition ever, exceeding Symantec's Veritas deal. But HP would still be paying less than what Symantec was worth last October.
And HP could well get to bolster its executive ranks in the bargain if it keeps Symantec (Charts) CEO Thompson on board. A longtime IBM executive before joining Symantec, Thompson could run the combined software group. From his days at Big Blue, Thompson's very familiar with the strategy of selling software alongside hardware and services.
In just one move, HP could make it big in software, distinguish its PCs from the rest of the commodity pack, and give its salespeople more sophisticated technology to sell.
Hurd's purchase of Mercury Interactive shows he's not afraid of doing sizeable deals. Now he just has to prove he can take on a really big one.
Four Years Later, Microsoft Still Chases Trusted Computing
By Larry Greenemeier
InformationWeek
Feb 13, 2006 12:00 AM
When Bill Gates takes the stage this week at the RSA Conference, he will outline how Microsoft will apply its magic formula of usability and uniformity to the security functions that protect its products.
The main event: the beta of Internet Security and Acceleration Server 2006, which Microsoft rolled out last week. ISA Server 2006, available by the second half of the year in standard and enterprise editions, is an edge security gateway designed to work with Microsoft Exchange and SharePoint Servers to provide more secure remote access to applications from PCs and mobile devices. It combines application-layer firewall security with VPN, proxy, and Web-caching capabilities. ISA Server 2006 also will be integrated with Microsoft's Active Directory and support multifactor authentication devices such as smart cards and one-time passwords.
Microsoft's goal is to reduce the complexity of network security while protecting customers' systems from diverse threats. Last week the company also acquired the DynaComm i:filter Web-filtering product from FutureSoft to provide companies with a way to block employees from accessing inappropriate content and Web sites that could expose them to phishing attacks. Microsoft also released early test versions of Antigen for Exchange, an antivirus product, and Microsoft Client Protection, which combines antivirus and anti-spyware tools.
But even as it tries to convince customers that it can be trusted to handle desktop and network security, Microsoft released a pair of security advisories last week: one about a readily available tool that can escalate attackers' Windows privileges and the other concerning a new Windows Meta File hole in 5.01 and 5.5 versions Internet Explorer. Microsoft's next Patch Tuesday coincides with Gates' RSA keynote, though it's unlikely the company has had time to develop patches to address either of these latest problems.
Windows security: grin and bear it.
Photo by Nicolas Asfouri/AFP
Packaged Security
As security rises to the top of most technology executives' priority lists, vendors want to become one-stop shops for security products and services and discourage the more common ad hoc approach to securing networks, applications, and data. Cisco, Ora-cle, and Symantec each has invested millions of dollars in acquisitions to broaden their portfolios of security products.
Symantec last week signed a deal to buy Relicore for an undisclosed sum to add data-center change- and configuration-management capabilities to its core security offerings. Relicore's Clarity product identifies applications running on managed servers, tracks configuration information, maps server and application dependencies, and maintains all that information--capabilities that are critical for any application and data-security strategy.
Symantec also introduced PC, backup, and Internet-protection services code-named Genesis, which will debut in September and challenge Microsoft's OneCare Live consumer security subscription service, introduced in May. Symantec will draw from several product lines for Genesis, including antivirus, anti-spam, anti-spyware, intrusion-prevention, and firewall software from Norton Internet Security; PC-optimization and -maintenance tools from Norton SystemWorks; and zero-hour threat prevention, anti-phishing, and identity-theft prevention technologies from its September purchase of WholeSecurity.
Although Gates kicked off Microsoft's Trustworthy Computing campaign in 2002, Microsoft and the industry as a whole have struggled to inspire the level of trust needed to realize his vision of users relying on computing the way they rely on electricity or phone service. "Making trustworthy computing a reality is both an immediate challenge and a long-term research goal," Gates wrote in an April 2002 essay. Four years might not be what Gates had in mind as a long-term goal, and IT execs are still looking for the right company to trust to protect them from those security threats.
I feel something in the air today?! Looking forward to the market open!
Maybe Intel tomorrow?
or as eluded to by a few others on the board... 1:4 RS raises the share price over $2 followed by strong institutional buying never giving the shorts a chance?
micro: We haven't always seen eye to eye but in the end we'll be seeing each other eye to eye in Vegas! I look forward to it my fellow Wavoid! Jeff
kev: The following has been posted several times in the past and will help you find things you may have missed.
http://www.eds.com/services/whitepapers/downloads/synnovation_dell_trust.pdf
Network security is a hot topic in most
IT shops these days, and rightly so.
The Participation Age has ushered in
a wave of unwanted participants—hackers,
thieves, competitors, and terrorists. Securing
client computers on “untrusted” networks
requires both user security and machine
security. This growing issue has spawned two
technologies: smart cards, which address who
can access network resources, and the Trusted
Platform Module (TPM), which addresses
what hardware can access network resources.
These technologies are cornerstones in the IT
industry’s vision of developing a “trusted
computing” platform.
User Security
User security refers to methods used to
establish the identity of a user who’s logging
onto a computer system or network. The
method used can be as simple as a username
and password or it can rely on a token1 such as
a smart card in combination with a username
and password or biometric method.
A smart card is a credit card-sized electronic
device with a built-in microprocessor and
memory that is used for user identification.
User information and credentials, including
digital certificates and encryption keys, are
securely stored within the card. Because of
their versatility, smart cards are increasingly
being issued to employees of large companies
and organizations.
Smart cards are multifunctional: They can
be used to log on the corporate network or
gain entry to a building that is secured with
badge readers at exterior doors. To log on the
network, the employee inserts the smart card
into a smart card reader that may be attached
to or integrated into the computer, or embedded
in the computer keyboard. The reader
exchanges data with an authentication server,
such as a RADIUS server, to complete the
authentication “handshake.” The network
infrastructure then enforces resource access
based on the authenticated identity that has
been established.
Machine Security
In contrast to user security, machine
security refers to measures designed to
authenticate the computer system, rather than
the user. For example, the following two scenarios
require some level of machine security:
IP Security (IPsec)2-—The IPsec protocol
used on IP networks can be configured to
require a networked computer to authenticate
its identity to the network prior to generalized
network access to resources. The computer
uses a digital certificate to establish its
identity to an authentication server before the
computer attempts to use any network-available
resources. In this way, network
administrators can allow only supported client
machines to access network resources.
File Encryption on Local Drive—
Computer credentials can also be used to encrypt
files stored on the local hard drive, thus
“locking” the files to a particular machine. The
machine’s credentials are required to unlock
the files and access their content. These scenarios
and others require that the local system
A Matter
of TRUST Secure Computing in an Age of Uncertainty
By Doug Anson, Dell
1. A TOKEN IS A SECURITY DEVICE IN THE POSSESSION OF AN AUTHORIZED USER. THE
BEST KNOWN TOKEN DEVICE IS THE SMART CARD, A CREDIT-CARD SIZED DEVICE WITH
AN INTEGRATED MICROPROCESSOR AND MEMORY.
2. IPSEC IS A SECURITY PROTOCOL FROM THE INTERNET ENGINEERING TASK FORCE
(IETF) THAT PROVIDES AUTHENTICATION AND ENCRYPTION OVER THE INTERNET OR A
PRIVATE IP NETWORK. UNLIKE THE SECURE SOCKETS LAYER (SSL) PROTOCOL, WHICH
PROVIDES SERVICES AT THE APPLICATION LAYER (LAYER 4)OF THE OPEN SYSTEM
INTERCONNECTION (OSI) NETWORK MODEL AND SECURES TWO APPLICATIONS, IPSEC
WORKS AT THE NETWORK LAYER (LAYER 3) AND SECURES EVERYTHING IN THE NETWORK.
be able to generate and store the secret encryption
keys used to encrypt and decrypt data,
digitally sign documents, and authenticate
systems. The problem with the current PC
platform is that there is no standardized way to
securely store keys that are used for machine
identity so that the keys can’t be discovered if
the system is stolen or otherwise compromised.
The Trusted Platform Module (TPM) is an
emerging technology that is designed to
address this weakness in current platforms.
Trusted
Platform Module
TPM is an initial step toward the goal of
standardizing a more secure PC platform.
The TPM can be thought of as a smart card
embedded on the system board and acts as a
smart card for the machine.
The TPM is based on specifications developed
by the Trusted Computing Group (TCG).
The TCG is an industry standards group
formed to “develop, define, and promote open
standards for trusted computing and security
technologies, including hardware building
blocks and software interfaces, across multiple
platforms, peripherals, and devices.”3
Members include Dell, HP, IBM, Intel, and
Microsoft. Current TPM implementations are
based on the TCG 1.1 specification. Vendors
are developing products with TPM implementations
based on the next-generation
version, TCG 1.2.
The TPM has two components. The first is
a secure microcontroller with cryptographic
capabilities that is very similar to the microcontrollers
in smart cards.
The second component is a
proprietary software interface
between the functions
of the microcontroller and
security-aware applications.
The TPM provides
various cryptographic
capabilities: hashing,
random number generation,
asymmetric key generation,
and asymmetric encryption/
decryption. Each TPM
has a unique root key that is
initialized during the silicon
manufacturing process.
However, before a TPM can be enabled, its
“owner” must be established. The end user
establishes ownership of the computer system
and its TPM via BIOS setup commands.
These commands can’t be issued remotely;
instead, the TCG specification requires that
the end user issue the commands at the local
computer system. When completed successfully,
the TPM has a unique owner, a “trust
bond” is established, and the TPM can be
used by TPM-aware software for security
purposes. When coupled with software that
can take advantage of its features, the TPM
provides security that can be stronger than that
contained in the system BIOS, operating
system, or non-TPM applications.
Security implementations that rely on the
TPM must also include “key escrow” services
to securely back up and manage the unique
keys associated with the TPM on each >>
vol. 1 issue 1 www.eds.com/synnovation The Quarterly Journal of the EDS Agility 63 y Alliance
Smart cards are
best suited for
user credential
storage. The
TPM is best
suited to host
credential
storage.
3. WWW.TRUSTEDCOMPUTINGGROUP.ORG
The Quarterly Journal of the EDS Agility Alliance www.eds.com/synnovation 64 ation vol. 1 issue 1
computer system. In this way, if something
happens to the system, its full TPM-enabled
identity can be restored. Without this capability,
it would be impossible, for instance, to
unencrypt files encrypted with the TPM key.
Key escrow services are provided by public
key infrastructure (PKI) systems that manage
asymmetric key exchanges.
Smart Cards vs. TPMs
We see that smart card-based user
authentication and TPM-based machine
authentication are complementary, rather than
competing, technologies. Table 1 presents appropriate
uses of smart cards and TPM.
Smart cards are best suited for user
credential storage. The TPM is best suited for
host credential storage.
Future Secure
Computing Platform
The TPM is only one piece of an industry
vision of a future secure computing platform.
Ideally, this platform cannot be compromised
or accessed by unauthorized users or machines.
The platform provides robust user authentication
and protects data stored on the local
drive. This vision implies secure software and
built-in security hardware.
The future secure computing platform must
encompass more than the secure generation
and storage of encryption keys provided by
the TPM. A complete standard solution must
also encompass the client operating system,
the CPU and chip set, and methods to secure
client system I/O devices such as keyboards,
displays, and mouse devices. A number of
initiatives are under way to begin to address
these components.
Secure CPU and
Chip Set
The Intel LaGrande technology (LT) will
provide hardware support for the parallel,
protected execution environments. According
to Intel, LT consists of processor, chip set,
keyboard and mouse I/O, and graphics subsystem
enhancements that provide the following
capabilities:
Protected and isolated execution environments
with dedicated resources managed by
the processor, chip set, and operating system
kernel. These protected environments will run
parallel to standard execution environments.
Support for a hardware-based mechanism
such as TPM to provide sealed storage of
encryption keys and other secret data
Protected communication between
applications and USB keyboard and mouse
devices.
Protected communication between
applications and display output.
“Attestation” services, which provide
authentication of software applications
Figure 1 depicts a sample future Intel
LaGrande platform architecture that includes
the TPM. The CPU and chip set are key
areas affected by the new security initiatives.
Progress
The industry is making progress toward a
robust, standards-based machine authentication
security solution. This solution includes
comprehensive TPM functionality, native
operating system support, and PKI infrastructure
on the network. It is unclear when all of
these elements will be in place and mature
enough for end-to-end solutions to be
Table 1
User/Machine Smart Card Trusted Platform
Authentication Scenarios Module (TPM)
User ID for virtual private
network (VPN) access Yes No
User ID for domain logon Yes No
User ID for building access Yes No
User ID for secure e-mail Yes No
Host computer ID for
VPN access No Yes
Host computer ID for
domain access No Yes
Host computer ID for
attestation (authentication
of software applications) No Yes
kev: "I missed that one; would you please be so kind to point out the requirement for all govmnt-related PC's, and PC's that do business w/govmnt have TPM's?"
http://biz.yahoo.com/prnews/060720/dath030.html?.v=63
"The directive requires federal agencies to adopt a government- wide standard for secure and reliable identification of all employees and contractors by October 27, 2006 via a standard federal smart card."
So again, the requirement is in the technology itself. If you understand the technology then you would understand what "endpoint security" really means. The deadlines are set for the DOD as it relates to the hspd-12 mandate. The speeds to which those branches of government deploy are based on specific HSPD-12 deadlines. It's all been posted over and over. Have you been following? Hardly wishful thinking. You can criticize Wave management’s credibility all you want but at the end of the day when it's all said and done his vision will be realized and those who have relentlessly attacked and criticized will simply have to move onto another company to bash and short IMO.
HSPD-12 guidance by EDS
http://biz.yahoo.com/prnews/060720/dath030.html?.v=63
EDS Obtains Approval to Provide End-to-End Identity Management Services for Federal Agencies
Thursday July 20, 12:01 pm ET
HERNDON, Va., July 20 /PRNewswire-FirstCall/ -- EDS (NYSE: EDS - News; http://www.eds.com ) received approval today from the U.S. General Services Administration (GSA) to assist federal agencies in meeting the Homeland Security Presidential Directive-12 (HSPD-12) identity management requirements and deadlines. The directive requires federal agencies to adopt a government- wide standard for secure and reliable identification of all employees and contractors by October 27, 2006 via a standard federal smart card.
GSA's approval recognizes the ability of the EDS Assured Identity (TM) solution to assist agencies in complying with HSPD-12, and reinforces EDS' standing as a leading provider of advanced smart card identity management services to the federal government.
"EDS' track record with DMDC and in implementing systems such as the Defense Biometric Identification System demonstrates our capability to offer the services federal agencies need for HSPD-12 compliance," said Jim Duffey, general manager EDS U.S. Public Sector. "EDS is a leading provider of large- scale identity management services to federal agencies, and GSA's approval will clear the way for us to provide these solutions to more federal government clients."
The EDS Assured Identity(TM) solution, built on field-proven components and processes, is specifically designed to meet the needs of HSPD-12 and the Federal Information Processing Standards 201-1 Personal Identity Verification Standard. EDS will offer Assured Identity(TM) as an integrated, secure, modular and scalable solution for enrollment, registration, issuance and management of identity management services.
Last month, EDS announced that the company delivered its 10 millionth Common Access Card (smart card) to the U.S. Department of Defense under an aggressive program managed by the Defense Manpower Data Center. It is the largest federal government advanced smart card program.
EDS has more than 10 years of experience in federal and international biometric and card-based access control systems. EDS also is a founding member of the Federation for Identity Cross-Credentialing Systems, an industry-formed consortium working with the U.S. Department of Defense on providing secure military installation access by defense contractors.
http://www.findbiometrics.com/viewarticle.php?id=175
Department of Defense and Private Federation Sign Agreement Creating Interoperable Identity Network
A federation that includes many of the nation's largest information technology companies announced today that it has signed an agreement with the Department of Defense (DoD) to connect identity systems and establish an interoperable authentication network. The agreement formalizes the relationship between the Federation for Identity and Cross-Credentialing Systems, Inc. (FiXs) and the Defense Manpower Data Center (DMDC), which have been working together since 2003 to develop a secure means of authenticating one another's employees while protecting their personal information.
"Over the last two years the Department of Defense has worked aggressively on policies, processes, and technologies to substantively raise the bar on force protection," said DMDC Deputy Director Mary Dixon. "To do this effectively, we must ensure that the person coming through our gates or in our doors has been given access, that we can confirm that person's identity, and when that person's affiliation or trustworthiness changes, you know that in as near real-time as possible. To accomplish this we are moving towards federated agreements and solutions that allow members to trust each others' credentials. This trust is built on establishing clear, documented, and auditable rules dealing with identity proofing, vetting, authentication, privacy protection, timely revocation, and use of biometrics."
The network established by connecting the DoD and FiXs systems verifies an employee's identity by relying on a federated approach whereby each employee's personal information is maintained by his or her employer. The system is based on the model of commercial ATM networks, in which each customer can use his or her bank's card and each bank retains its customers' account information and relationship. DMDC and all private sector federation members retain their own employees' information; there is no central database. To ensure trust and interoperability, Federation members adhere to a common set of operating rules and a uniform trust model.
The Founding Members of FiXs are:
BearingPoint, Inc.
Data Systems Analysts, Inc
EDS
Lockheed Martin Corporation
NACHA - The Electronic Payments Association
Northrop Grumman
SAFLINK Corporation
SRA International, Inc.
SRP Consulting Group, LLC
3Factor
Unlimited New Dimensions, LLC
Wave Systems Corp.
The Full Members of FiXs are:
Citigroup Inc.
ChoicePoint Government Services
Disaster Management Solutions, Inc.
EID Passport
Giesecke & Devrient Cardtech, Inc.
MAXIMUS
Wells Fargo
Mike Mestrovich, President-Elect of FiXs, explained that the FiXs Board of Directors and other FiXs committees will include a DMDC member and that FiXs will have representation at related DMDC forums and meetings. Mestrovich said, "To ensure interoperability and security within this public/private network, the lines of communication and governance must be open and inclusive."
In keeping with the agreement, FiXs is operating its own trust broker, which will route identification (ID) verification requests between the participating companies. DoD will operate a separate, but connected, trust broker for its employees. The network will include major credentialing systems operated by DMDC.
By relying on both the public and private sectors, the interoperable network will be able to achieve consistency with Homeland Security Presidential Directive-12 ? a mandate from President Bush that all federal employees and contractors have secure credentials to enter federal buildings and log on to federal computers ? in a way that spreads development and implementation costs between all network participants. The costs of complying with HSPD-12 are further mitigated because in many cases participants can use their own company or government ID and existing legacy systems will remain intact. FiXs will also meet HSPD-12 requirements for secure smart cards when those standards are set in 2006.
For additional information on FiXs, please visit http://www.fixs.org/ .
Contacts:
Mike Mestrovich, mjm@undllc.com (703) 730-3556
Helena Sims, (703) 561-3930 hsims@nacha.org
Read more about Smart Card Solutions and Vendors...
Wave Systems Selects EDS
To Operate Root Key Certificate Authority
EDS Will Safeguard Wave's EMBASSY® Trust Assurance Networks Security Infrastructure
Lee, MA (March 19, 2001) – Wave Systems Corp. (NASDAQ: WAVX), developer of an advanced solution for Trusted Client platforms to enable secure e-commerce transactions and other trusted digital relationships, today announced that it has selected EDS (NYSE: EDS) to manage the creation and protection of the EMBASSY® Trust Assurance Network Root Key Certificate Authority.
EMBASSY (EMBedded Application Security SYstem) is an inexpensive, hardware-based platform that is fully-programmable, sharable by multiple service providers and targeted at a broad range of applications that demand advanced security solutions. EMBASSY delivers advanced e-commerce capabilities, support for multiple digital rights management and conditional access systems, strong user authentication features, enhanced platform security including TCPA compliance, and new privacy options to users of PCs, digital set top boxes and other network devices.
In concert with advanced silicon solutions, Wave's unique EMBASSY Trusted Client technology is backed by a robust security infrastructure, the Trust Assurance Network (TAN). This comprehensive security system is the industry's first trusted platform to provide the means to securely manage the authentication, administration and operation of the virtual network of EMBASSY Trusted Client nodes. The TAN relies upon a complex hierarchy of secure system management tasks, with the root key providing the fundamental basis of security for the entire system. Based on this significant role, the protection of the root key becomes a critical consideration for the operation of the EMBASSY Trust Assurance Network servers that will be licensed to multiple organizations and service providers.
"The maintenance of the root key for the Trust Assurance Network is of paramount importance to the security of our Trust @ the Edge architecture, and we are pleased to be working with EDS, a recognized leader in the global digital economy, to ensure its integrity," said Len Veil, Wave's Vice President of Strategy and Systems Architecture for the EMBASSY system.
"The establishment of PKI services for Wave Systems' Trust Assurance Network is an essential first step in the creation of its entire security network. This network will be hosted by EDS and will provide the infrastructure necessary to secure Wave Systems' financial transactions," said Shakil Kidwai, Vice President for EDS Global Information Assurance Services.
About Wave Systems
Wave Systems' goal is to build a worldwide network of users based on trusted electronic relationships. Trust @ the Edge defines a new architectural model for the Internet, which embeds trust and security in every user device. Wave Systems is developing, deploying and licensing its EMBASSY Trusted Client technology for the mass adoption of this revolutionary model. Wave is integrating industry standard functions from a wide range of partners that enable reliable, secure digital exchange and commerce. Wave Systems and third parties are building the services that will take advantage of this open model.
For more information about Trust @ the Edge, EMBASSY Trusted Clients and Wave Systems visit: www.wave.com.
About EDS
EDS, the leading global services company, provides strategy, implementation and hosting for clients managing the business and technology complexities of the digital economy. EDS brings together the world's best technologies to address critical client business imperatives. It helps clients eliminate boundaries, collaborate in new ways, establish their customers' trust and continuously seek improvement. EDS, with its management consulting subsidiary, A.T. Kearney, serves the world's leading companies and governments in 55 countries. EDS reported revenues of $19.2 billion in 2000. The company's stock is traded on the New York Stock Exchange (NYSE: EDS) and the London Stock Exchange.
Wave Corporate Contact:
John Callahan
413-243-7029
Email: jcallahan@wavesys.com
Wave Investor Relations Contact
David Collins, Richard Land
Jaffoni & Collins
212-835-8500
Email: wavx@jcir.com
kev: It's a technical requirement. Do you think the US government is mandating that only their internal employees and devices are authenticated and attested? C'mon man... So Japan, Europe, China and even New Zealand and Australia are jumping on board the soon to be (global) trusted computing grid because why? It's called global enterprise. Again, ALL devices will require attestation and ALL users will be required to be authenticated.
The US government has always had internal and external system requirements to transact business. The only difference here is the system is being replaced. Very simple.
Micro: The key line and word by Steven is: "We are agnostic to the ultimate solution but all of them will ultimately leverage TPM in my opinion."
Wave is agnostic because TPM's will be on ALL PC's (probably most devices) next year. What does it matter what Cisco does anyway? They are either going to jump on board trusted computing (which it looks like they are doing by purchasing meetinghouse) or their going to fight it and get squeezed out of market share until they wake up much like Xerox did in the eighties and early nineties. The interoperable solution is bundled at the device level. That in itself shows the brilliance of Wave.
People need to realize the transition from a global paradigm of centralized network computing to endpoint computing already took place for three reasons:
1. All devices will have TPMS over the next couple of years
2. The US government has adopted trusted computing and requires those who do business with them to do the same (which constitutes big enterprise in the US, other governments around the globe and enterprises who do business within and outside those foriegn governments)
3. Microsoft built a trusted OS
It's time for everybody to relax and get excited about the fact that "it's going to be awesome!". Of coarse there will be those that ask when it's going to be awesome? Could be this year but without a doubt 2007. Jeff
twinkie: Your right! I actually agree the Spragues are looking for the big paper. The presidents are important but the realization of the trusted computing paradigm is as important to the Spragues. Because they CREATED the trusted computing paradigm. The paradigm is AS important as the presidents. They already have $$$$$ in the family. They have for decades. That is a fact. So what's their motive then??????????? Motive is everything!!!!! Is their motive to live on a upper middle class income for twelve years only to desolve a company, their name and their reputation in the IT industry and PUBLIC??? You need to do some study on the Spragues and what their really all about?! It's about the presidents and GREATNESS! The family name is important if you've done your homework. In the end you'll see Stevens face on the major rags in a POSITIVE light. That in itself is AS important to the Spragues then the presidents. IMO.
Mig: Steven has an issue to deal with called delisting. The situation is what it is. He has an action plan to avoid delisting. After the RS..... The action plan best have some news with aggresive revenue projections or news that is presented in a manner which even ignorant Wallstreet will have to admit that significant revenues are on the near horizon. I side with Barge that we'll see an aggresive attempt to move that share price forward directly after the RS.
twinkie: If the Spragues were as greedy as you insinuate then why are they holding millions of shares at .60 and still desiring to do a RS? Do you think the Spragues would let those shares amount to nothing in the end? If they knew the share price was not going to rise due to realized revenues and news then why further dilute their millions with a RS? Doesn't make any sense....
Fear! Fear! Fear! SKS is sound asleep tonight with a smile on his face. Relax dude. It's gonna be greater than you can possibly imagine.
"Lenovo and HP have not wanted to tell Wave's story."
Forget about Infineon! HP and IBM screwed Wave early on! End of that chapter! Micheal Dell handing over the reigns to Kevin Rollins was the single most important event for Wave to get over that hurdle and move forward the trusted computing paradigm. Period.
http://news.com.com/2100-1014_3-5169830.html?tag=fd_nbs_ent