Sunday, December 31, 2006
Saturday, December 30, 2006
I had the opportunity to take Jerry's 3-day intensive course on PowerPoint, public speaking and handling the press while I was at Microsoft. What an amazing course! At Microsoft it was common to hear someone say "you need to build a Jerry slide". All of us who took the course knew what that meant and it was easy for us (and still is) to see presentations that have been built by those that have taken his course and those that haven't.
I still regularly refer to Jerry's book "Presenting to Win". Jump on any opportunity you get to hear Jerry speak, present or attend his course.
Jerry Weissman, PowerPoint, Power Presentations
We dropped by a friend's place this morning to see the storm damage to her home. My guess is that the tree that fell down was at least a hundred feet high and had about a 3.5 foot diameter trunk. She's out of the house for six months while they fix it up. Terrible. She's just one of many in the same boat.
Do you remember the movie Colossus - The Forbin Project? It probably dates me a bit but I thought of it when an energy customer that I was talking to started telling me how they are TCP/IP enabling their power meters. In one of my previous posts I discussed how I set up a wired LAN connection in my home by using "ethernet over powerline" technology. That same technology will enable the electric (and water and gas) utilities to retrofit their meters so they can talk to them.
Now, on the surface of things my immediate reaction was "cool!". I assumed that would mean that the utility could do things like:
- in real-time know when someone or an area actually lost power
- turn on or off someone's service without needing to send a truck out
- get a better view of consumption across their network
- run diagnostics and the like
Then I started to use Goggle to read up about this area and that's when I started to get worried. Some of the other benefits I have seen espoused on various websites include:
- enabling devices within the home to communicate with the utility meter
- enabling the utility to communicate with the meter to limit usage in certain situations like peak times or an emergency
- enabling the meter to communicate with the devices in the home to turn them off or lower usage
Apparently I am not the only one concerned about this because Homeland Security has a working group that studies our country's infrastructure and the concept of utility disruption by terrorists concerns them. I'm much more concerned about the teenage hacker around the corner or on the other side of the country figuring out how to turn off my home's power at a whim.
I couldn't find a single article or technical document out there that talked about the security of this technology. It's TCP/IP-based. Will it implement IPSec? How will the utility prevent the hacker from spoofing them or preventing man-in-the-middle attacks? Southern California Edison is in the process of implementing advanced metering infrastructure (AMI) for 4.6 million customers. I guess it's a good thing Enron isn't running the show down there anymore - I'd be really worried.
I also have a pile of just geek-boy type questions like:
- Does AMI use IPv6?
- Does AMI support multi-casting?
- What security does AMI implement? Who has tested and certified it?
- How will meters be "provisioned"?
- Can I "tap" my electrical outlet to watch my household devices talking to each other?
- Will other utilities be able to ride the wires?
Anyway, lots of questions and few answers that I could find. Let me know if you stumble across anything. This is an awesome project but I'm worried about the security of it and I have a bit of the Colossus syndrome: What happens when these devices start talking with each other??
I'm sorry Dave, but I had to reduce the power consumed by the refrigerator which is why your cold beer isn't really a cold beer...Please enjoy the football game on the radio tonight as the TV is not functioning because of current power demands across the state...
There will be no hot water today due to the cold weather in Ohio as we have diverted your home's (town's/city's/state's) gas supply. Please enjoy a hot shower tomorrow!Technorati Tags:
identity management, IPSec, advanced metering infrastructure
Friday, December 29, 2006
We had a nice cross-section of customers include some from the healthcare, financial and energy industries. I’ve tried to capture some of my key takeaways below:
Don’t forget the mainframe identities
Each one of the customers reported that mainframe and midrange systems were still alive and well within their organizations. On the basis of the industries represented I was not surprised to hear this. However, each and every one of the customers talked about how these systems were still “islands unto themselves” when it came to identity management. There still was not enough integration of those systems within their existing identity management projects. It appears there’s a need to better integrate all of those RACF, ACF2 and TopSecret identities. Not just plain synchronization of those identities with other systems like Active Directory but alignment of password policies and integration of LDAP and Kerberos for single sign-on.
Federation underway or being looked at
Each of the customers stated they were looking at federation except for one who has already rolled out a federation project. No one mentioned using Active Directory Federation Services (ADFS) – everyone in the group has pretty much decided to go with a non-Microsoft implementation based on SAML. The customer that has already rolled out a federation project is using PingFederate to provide federation services to some of their key customers. So far, in the first nine months of their project they have had over 2.5 million “federated” transactions. Impressive!
Group Policy catching on
Each of the companies is starting to leverage group policy for more than the basic password strength policy. I probed around this a lot because I have always considered group policy to be the real value behind implementing Active Directory. Most of the customers attributed their new interest in group policy to the fact that they are either want to do more with AD or they don’t want to deploy SMS.
More questions than answers
Many of the attendees are confused about things like SOA (“it sure sounds great, but…?”), entitlement management and role mining. What are the benefits? Is role mining a soluable problem? When will software deliver these capabilities? Etc.
Clearly, there’s still a lot of work to be done in these areas.
The reality tour kicks off 2007 with customer roundtables in Paris (January) and San Francisco (February) along with the annual Quest Software sales kickoff event.
Active Directory, Active Directory Federation Services, ADFS, Gartner, group policy, identity management, PING, Quest Software, SAML
Darren has not only included support for Vista in this product but he has also added some of the nice touches that I know AD administrators will really appreciate like: Group Policy processing time, slow link and loopback status, RSOP and group policy reports and exporting reports to PDF or Excel files.
Keep an eye on Darren’s site. He’s a smart guy and I know will be releasing more great products in 2007!
Active Directory, group policy, SDM Software
Thursday, December 28, 2006
Quest Software recently commissioned a study on the use of passwords in London’s financial district. The study consisted of interviews of 200 city workers. The findings were pretty interesting…
City firms are contravening SANS Institute best practice guidelines for passwords.
- Half of respondents’ passwords are below recommended eight characters
- 84% of respondents make up their own passwords (not recommended)
- About a quarter of respondents use the same password for business/personal systems
- Nearly 50% of the respondents had passwords that were under 8 characters in length.
- 31% of respondents have told a co-worker their password
- 15% of respondents either never change their passwords or change their passwords only once a year or less often.
Some other interesting tidbits...
- 75% of respondents use multiple passwords for different applications during a typical work week
- 12% of respondents use 5 or more passwords in a typical work week
- Only 22% of the workers surveyed had to use more than a password to logon (i.e., smartcard or other such two-factor device).
Conclusion: End-users are still suffering from hyperpassworditis (i.e., too many passwords to remember); companies still have a long ways to go to improving their security and compliance posture; and, more education about this topic is still needed!
identity management, Quest Software
Sunday, December 24, 2006
When Halo2 for the Xbox hit the company store I was in a line - before the store opened - that stretched fully around the building and people kept pouring onto the end of the line. Halo2 was hot. The store is usually the very last place to get newly released software. When Vista finally hits the shelves it might make it to the company store after a few months in the retail/consumer channel and when it does hit the store it will probably sell out immediately.
While I was in the store picking up XP for a friend I happened to see a display of Microsoft’s new Zune priced at $220 which is a small discount from retail. There were a few “Oh, there’s a Zune” type comments from the folks in the very long line but no one picked one up to buy.
So, that’s my worry?? Why are their Zunes on the shelf at the Microsoft company store?? If consumer demand for the Zune is heavy the last place it should be found is the company store. I’m still a Microsoft shareholder so with that hat on I’m worried. Remember the SPOT watch? Well, there’s a very dusty display of them over in a corner of the Microsoft company store. Will the Zune suffer the same fate? I sure hope not.
Friday, December 22, 2006
The management pack provides proactive performance monitoring and real-time diagnostics for detecting, troubleshooting and rapid resolution of replication, performance, and availability problems in ADAM environments. There's also a graphical topology view of ADAM, and numerous rules to monitor the health of ADAM instances and the systems that host them.
The management pack enables administrators to quickly identify the root-cause of problems in ADAM, and promptly resolve them so if you have ADAM and MOM then get downloading!
Active Directory, ADAM, Microsoft Operations Manager, MOM, Quest Software
Alex specifically uses ActiveRoles Server to add a number of benefits to his original solution:
1. Create virtual attributes and therefore avoid Active Directory schema extensions
2. Define dynamic groups in Active Directory, therefore avoiding the need to use another tool for group management
3. Defining dynamic groups based on multi-value attributes
4. Specification of input rules for custom attributes therefore avoiding potential human input errors
5. Rapidly create custom user interfaces to incorporate new functionality available through Active Directory
Two of Quest’s technical experts who contributed to this effort were Stuart Harrison and Noel Sidebotham – good job fellas – and thanks to Alex for putting the webcast together.
The webcast is nearly 40 minutes long so grab a coffee or a cocktail and enjoy!
ActiveRoles Server, Microsoft, MIIS, Quest Software, identity management
The article is published in productmarketing.com which is "The Marketing Journal for Technology Product Managers" and is published by Pragmatic Marketing. The journal is free so if you want a subscription visit their web site and sign up.
Gartner, Pragmatic Marketing, productmarketing.com
Thursday, December 21, 2006
I recently attended Gartner’s first Identity Management show which was held in Las Vegas from Nov 29-Dec 1. I’m certainly no stranger to identity management and related shows like Burton Group’s excellent Catalyst conference, Digital ID World, RSA, etc. They each offer different perspectives and, I believe, cater to different audiences.
Quest Software was a sponsor of the Gartner show. In addition, we exhibited and had a hospitality suite. I also had the opportunity to speak. Now, I will be the first to admit that I only flew in for that day and left not long after my speaking session but I have two perspectives on the show that I wish to share in addition to the fact that it was very well attended for a first time event.
1. I spoke to and surveyed the staff who attended (sales, marketing and technical) and the Quest customers that we know who attended. The feedback was resoundingly positive. Customer feedback was very positive that the show was beneficial and meaningful to them. The Quest staff was totally over the top with the “quality” of the customers who came by to ask questions or see demos. I was specifically told that the customers were all decision makers (i.e., weren’t network administrators or junior staff). This is important to me because I need to justify to both myself and my management that our investment was appropriate. Finally, I use this type of feedback to stack rank my expenditure on this show versus my expenditure on shows like Catalyst, Digital ID World, etc.
2. My session was titled “Tenets of Identity Management” and was a non-Quest pitch that related my learning’s around identity management over the past 10+ years. It was well attended despite the fact that Microsoft was pitching their IDM strategy next door. Since my session was not a technical session I did not expect it to be well attended but I was surprised to see about 75 people in the room. Feedback from those that attended was very positive. In fact, as I got into my cab to take me to the airport my phone rang. A Quest sales person had just received a call from someone in my session who wanted to talk to us regarding our products and how they could help. Our staff on the show floor stated that numerous people who attended my session came by looking for me or commenting on how much they enjoyed it.
My conclusions from these observations are the following:
o For a first time show, attendance was ~850 people which is similar to what I’ve seen at Burton Group’s Catalyst show for their IDS track (identity management). This is impressive and means, in my mind, that they clearly have the power to draw attendees.
o The quality of the attendees (decision makers, senior IT staff) means that my marketing dollar is being spent wisely.
o The fact that Gartner drew this many attendees and corporate sponsors (Microsoft, Oracle, Novell, Quest, Sun, etc.) is good for all of us. More people will be educated about IDM and that, in turn, raises the water level in the pool for everyone.
o Based on the feedback from my session there was clearly a cross-section of the audience that was new to identity management. The Gartner show is the perfect show for those new to IDM to get their grounding and get some real feedback from Gartner analysts, other attendees and the exhibitors.
Let me state the great respect I have for Dave Kearns and Phil Becker (Digital ID World founder). I know both of them and have worked very closely with Dave since my Microsoft days. Dave also quotes blog comments by Nishant Kaushik, Oracle’s architect for identity management products. My commentary on Dave’s article, based on my experience above would be:
o Dave didn’t attend the Gartner show in Las Vegas so I’d invite him to attend the next Gartner identity management conference in London or Los Angeles and judge for himself.
o I agree that the technical identity management staff can get a lot from a combination of Burton’s Catalyst conference and Phil’s DIDW conference. However, thanks to compliance and other market influences, IDM is getting more airplay and more head time with other executives and senior staff in organizations (HR directors were at Gartner’s show!!). These people would be in very deep water if their first show they attended was Catalyst or DIDW.
o DIDW is a great conference but it just isn’t attended enough. That means that either the agenda or speakers don’t appeal or that DIDW isn’t effectively marketing their show. We don’t spend marketing dollars (i.e., exhibit) at DIDW for this simple reason. I will commit to attending the next DIDW conference though and re-visiting my previous conclusions.
o Nishant disagreed with some of the conclusions and statements made by Gartner’s Roberta Witty regarding user provisioning (UP). Nishant has every right to disagree with Roberta. I guess we’ll have to review Roberta’s prediction in 2010 – watch for the blog entry!
Nishant followed up his first blog post with another that directly states “the Gartner summit was a good primer on IAM”. That’s exactly my point! More specifically, the Gartner show is filling a big gap that existed: An industry recognized group (Gartner) providing education, information, sessions and user case studies on identity and access management. A show that is not super technical, a show that is not too bleeding edge and, most importantly has broad appeal and is well attended.
My hat is off to Gartner. The more people that attend Gartner’s show the better it is for me, Dave, Phil and Nishant. Let’s not forget that we are all educators in this space and there’s a place for teachers at all levels.
Dave Kearns, Gartner, identity management, Quest Software
Wednesday, December 20, 2006
Anyway, a few months ago I was reconfiguring my network and in checking the DHCP leases I noticed a host name that I didn't recognize. And I noticed it again the next day. And the day after that. I just reconfigured my network so all the wireless and wired clients could "see" the new 1TB TeraStation NAS device I just installed to store all my digital pictures and my backups - horror of horrors, my new friend could do some real damage now if he wanted to.
So, off I went into Google-land to figure out how to solve the problem. I didn't want to run a cable downstairs since that would be too messy so I was faced with purchasing a new wireless bridge that supported WEP or WPA. While checking out Netgear's product page I came across the solution to my problem: a "Powerline Ethernet Adapter".
I plug one of these puppies in to the outlet by my router, run a cable from the router to it then plug the other one in to the power outlet by the device downstairs and run a cable into it and I have an instant "wired" ethernet connection. It's worked flawless since I installed it last month! The only hiccup came when I plugged the device into a surge protector - it doesn't work as apparently the surge protector filters out the ethernet goo.
About 15 minutes after successfully installing the Netgear stuff I had WPA2 turned on and all my wireless devices reconfigured. Awesome!
I flew in to NYC to attend our partner holiday reception last night. It was quite the event. First, it was held in a private room at the trendy Blue Fin restaurant in the “W” Hotel on Broadway. Second, the food was an awesome combination of sushi, lobster rolls, Kobe beef and to-die-for sweets. Lastly, and most importantly, there was an open bar!
Quest has a pretty big push on to get more engaged with partners since the only way we are going to grow from a $0.5B to a $1B+ company is with the help of partners to which I couldn’t agree more. The room was packed the whole night. In addition to catching up various Quest muckity-mucks I managed to spend some time with folks from Avanade, CGS, Conchango, Double-Take, INS, Intrinsic, Evidian, PassLogix, SMA, Mycroft, Microsoft and many others.
It was interesting to hear from Intrinsic how much their migration to Active Directory business is taking off. It seems there are a lot of people who have decided to abandon the Novell ship in the north-east and are using Quest's NDS migration product. In addition, they're working more and more Microsoft SMS and MOM deals and, of course, that means most of those customers will eventually need Quest’s Management Extensions products – the products formerly known as Vintela (VMX and VSM).
We seem super engaged with Microsoft’s NYC office. I spoke to three people from their office including our partner account manager (Hi Susan!) and some of their pre-sales identity management folks.
It was awesome to see Liz Mann and many of her colleagues from Mycroft in attendance. I know we are going to do great things with Liz and Jonathan. Mycroft is so well connected – as we are – and have such a sterling reputation and a great practice in the identity management, infrastructure and migration space. We know the same people.
After the event shut down around 10:30PM we needed nightcaps and ended up at Russian Samovar. Their food specials were listed on the tables and consisted of an amazing choice of about two dozen different, home made flavored vodkas. I guess I wasn’t too surprised that at the RS vodka is considered food. There are big gallon containers along the back of the bar filled with vodka and whatever is flavoring it. There were three of us so we ordered by the carafe with no thought of the next morning. Anyway, in pretty short order we went through four carafes. If you are ever there I highly recommend the pineapple flavored vodka – it was truly awesome. Pineapple was followed by raspberry which was pretty good, lemon which was okay and finally apple-cinnamon which was indistinguishable from Jet-A fuel. There are others I’d like to try like cherry and some I’d really never like to try like horseradish. So if you ever have a hankering for flavored vodka head over to RS, and don't forget to order a chicken Kiev to share!
Active Directory, identity management, Mycroft, Quest Software, Vintela, vodka
Nick, along with a number of other great Novell folks – like Brad Anderson, Greg Macris and Ed Anderson – left Novell during the rein of Jack Messman. Nick joined The Burton Group where he served as an analyst in their identity management practice for a number of years. Over that time I worked with Nick both when I was at Microsoft and at Quest. We talked a number of times about the possibility of returning to Novell but it always seemed to be a non-starter with Nick (and everyone else!) that he’d want to go back while Jack was at the helm. Well, Jack left, Nick got a call and the rest is history. Nick is now VP, Product Management at Novell and I wish him the best of luck.
I’ve always been a big believer in Novell’s strategy, vision and products. If there is a company that really and truly “gets” directory it is Novell. Novell’s identity management products currently generate about $100M in revenue annually. The other players in this business do not break out their IDM revenue but I am willing to bet everyone trails this number by a lot. A couple of reasons for their success are the fact that they do have a good product, an integrated product stack and they have been successful penetrating the SMB (small & medium business) market.
I’m looking forward to seeing Nick’s influence at Novell!
identity management, Microsoft, Novell, Quest Software, Zoomit