Tuesday, March 24, 2009

I believe we did TEC justice

I've spent the last couple of days talking to many customers here at TEC. My typical questions are:
  • Are you a first time attendee?
  • What did you like?
  • What didn't you like?
  • And, if the customer had attended before: Did they feel that the change to Quest was good, bad or not noticeable?
All in all, customers were happy. I don't want to start clapping myself on the shoulder - it really isn't my doing anyway. I felt (and still feel) that as long as Gil and Christine are happy then I am happy - and they seem happy. The customers seem happy with the transition so I am happy.

We've got another day to go and I've got more meetings to attend, but I'm positive that Quest has done the right thing with TEC by just letting the "experts" - pardon the pun - do their thing.

p.s. Just happened to see this blog post by Michael Ostermann a few minutes after I posted this one that parallels what I have been hearing.

Technorati Tags:
, , , ,

Monday, March 23, 2009

Microsoft's ILM"2" delay hurts

Yesterday we were officially told that Microsoft's next release of their Identity Lifecycle Manager product (ILM2) would be delayed until Q1 of 2010. I'm sure the decision to delay the product was not an easy one. It has never been easy for me to delay release of a product because I hate to disappoint customers who are waiting to acquire and implement it. As a software vendor I also hate to disappoint my sales force and with Microsoft having a dedicated specialty sales force for ILM2 this must really hurt.

However, as an independent software vendor who builds products that add value to ILM2 we are faced with having to delay release of our products, too. After all, a customer isn't going to buy our piece before they have purchased ILM2. Over the last year we've been under a lot of pressure to ensure that we are making wise bets with our resources (people, money, time) so this delay further hurts us because I could have bet those resources in a different way.

Then there's the whole FUD (fear, uncertainty and doubt) factor. As long as software is being marketed as slideware it is very difficult have a conversation with a customer about what the software really does. There's a lot of FUD about ILM2. It comes across as "all singing, all dancing" to many. If you sell a product that enhances the logging and audit of ILM2 there will be people who are saying "ILM2 already has logging and auditing" leaving the impression directly or indirectly that a third-party product may not be needed. Until ILM2 is actually in a customer's hands it is pretty hard for them to figure out if they need our product.

I'm sure Microsoft is making the right decision for their customers but it really hurts.

Technorati Tags:
, , , ,

Saturday, March 21, 2009

Learn to Love Microsoft Vista - NOT

I received this email while I was traveling:
Jackson

Join us at no charge! Based on a tremendous response KnowledgeWave is hosting another no fee webinar titled Tips and Tricks for Windows Vista.

What will you learn? Explore the powerful new features in the Windows Vista operating system, including, the new user interface, search, and organizational tools. We also provide useful tips on using Windows Internet Explorer 7 and illustrate practical desktop techniques that help you to be more productive right away. Join us for this informative session to see how Windows Vista represents a breakthrough in user experience.
Bad news guys: I've already moved on. I've been running the Windows7 Ultimate beta for six weeks now and loving it. How is it different? Well, on my old Lenovo (IBM) X60 laptop it runs faster and better than Vista ever did. It has never barfed on me, failed to shut down, failed to start or generally made me want to pull my hair out.

Vista, I'm over you.

Technorati Tags:
,

Tuesday, March 17, 2009

Defender is a hit with Tod


I spent a couple of hours with Tod (holding the Quest "GO-6 token") and the security guys at an company here in Columbus, OH this week. Tod and the team picked Defender to increase the protection around employees who have privileged access who need to remotely access systems via the VPN network.

In today's economic climate, customer's are demanding that any product purchase is able to show immediate cost and ROI benefits. We were able to do that for Tod and his team. It was really interesting to hear from Tod that despite our competitor offering their product at zero cost that they still picked Defender. Why? Defender's integration with Active Directory. This integration just made the job of managing the Defender tokens much easier for their helpdesk and security staff. It improved their operational efficiency and that translated into a greater savings for them.

Technorati Tags:
, , , ,

Wednesday, March 11, 2009

Park that cloud over here please!

I'm touring around meeting customers and partners this week. I had a comment from a customer who was looking at cloud computing that made me laugh so I wanted to share. We were talking about whether or not this customer had cloud computing as part of their strategy and he said "yes". I asked what was his biggest concern about cloud computing. Of course, I expected him to mention security or availability. He totally surprised me with something I had never heard before:
We need to know that the cloud will be located in Canada. If the cloud is not located in Canada then we won't use that cloud. It must be a Canadian cloud.
Frankly, I'm not quite sure how you prove the nationality of the cloud. If I look at a server can I see what cloud is sitting on or in it? When I look at a cloud can I see what nationality that cloud is? How do your prove the cloud is a certain nationality?

Any you thought cloud security and cloud availability was hard???

Technorati Tags:
, , ,

Friday, March 06, 2009

TEC 2009 discounts for loyal readers

If you would like a discount to TEC 2009 in Vegas please let me know via email at jackson.shaw (at) gmail.com

I'll save you a few dollars that you can use at the tables and put back into the local economy. They need our support!

Technorati Tags:
, , , , ,

Wednesday, March 04, 2009

Please, please, stop the bus!

Will X.500 become fashionable again? That is what I am wondering after reading Dave Kearn's article "How a universal directory might work. A worldwide, distributed, replicated virtualized directory system would be useful for provisioning across boundaries."

My stomach turned over as I read the article. Not because there's anything wrong with the story or Dave's comments but because I started my career in this field just at the height of the X.500 craze when it was the buzzword of the day. Do you support X.500? Is your product an X.500 directory? Is your X.500 product interoperable? Do you support the DSP protocol? Will you be at EMA interoperability challenge showing your product? Sound familiar? (Just swap out X.500 for "XACML" or "SAML" or "SPML" and you'll know where I am coming from. Or, will we be swapping in "WWDS" soon?)

I never kept my wide ties, bell-bottom jeans and velour clothing from those days. I threw it all out despite. I hoped that style would never come back then and I still hope not now. I feel exactly the same about X.500 or anything that looks, smells and walks the same even if it is called a "Worldwide Directory Service".

Please, please, stop the bus. I gotta get off. I think I'm gonna puke...

Technorati Tags:
, , ,

Tuesday, March 03, 2009

Towards Kerberizing Web Identity and Services

The Kerberos Consortium recently published a white paper titled "Towards Kerberizing Web Identity and Services". The 42 page PDF caught my eye generally and specifically when I read this passage:
This document sets out to describe a number of missing pieces of the puzzle which, when combined, can help the Kerberos Consortium realize the full potential of Kerberos as an authentication technology for the Web.
Personally, I could care less about helping the Kerberos Consortium realize the full potential of Kerberos as an authentication technology for the Web but, for my customers, I am all ears! Some of the highlights that I pulled from the document are listed below - any emphasis is mine.
  • Mutual authentication is an essential part of building trust between users and systems, and the lack of mutual authentication in many Web authentication dialogs is the root causes of many security and privacy violations on the Web, such as phishing. Kerberos provides mutual authentication as a normal feature of its protocol operation.
  • Kerberos service tickets can be embellished with authorization data describing the privileges accorded to the user. This facility is used extensively by Microsoft's Kerberos implementation to assert a user's authorizations within a data structure called the Privilege Attribute Certificate (PAC).
  • ...credentials delegation in Kerberos still remains one of its truly unique properties – no other widely deployed security protocol has the ability to pass credentials between members of a multi-tiered architecture.
  • Microsoft's identity provider (which probably won't be available until 2009) will support all four defined methods, including Kerberos.
All of the preceding points are important. Who doesn't want more mutual authentication? I would like the ability to pass credentials across a multi-tiered architecture - I too have grown weary of entering my userid and password over, and over, and over again.

Enabling Kerberos to play a bigger part in web services makes me salivate. Why? All the work that has been done within the enterprise now can be extended outside the enterprise. That's leverage. Extending Kerberos-based authentication and richer authorization capabilities from your enterprise desktop across the web. I like it.

So far the main organization that has enabled Kerberos to play a bigger part in computing is Microsoft - not MIT. My bets are on Microsoft's Geneva to become the prevalent driver of Kerberos-enabled web services. I am much more interested in enabling my customers to completely harness the power of Active Directory!

P.S. Hats off to the authors for writing their requirements as user stories, which typically appear in "Agile" development frameworks. "We have chosen to describe requirements as user stories in an attempt to make the requirements easier to evaluate from the point of view of the various stakeholders."

Technorati Tags:
, , , , , , , , , , ,

Monday, March 02, 2009

Quest Authentication Services dramatically reduces help desk costs

My Google news alert subscription alerted me to a great story about the use of Quest Authentication Services at the University of East Anglia (UEA). Apparently, the UEA is using Quest Authentication Services to enable single sign-on authentication for over 40,000 user accounts and 2,000 Unix servers and workstations.

It's interesting to note that UEA first implemented Microsoft's Services for Unix which was "unable to cope" with the demands placed on it. IT staff at UEA also were uncomfortable with the level of security offered by Services for Unix: "Limitations in the password security could potentially have left the system open to security abuses and phishing attacks."

The best part of the story?

UEA estimates that a full ROI was reached less than a year after implementation.

It's personally very satisfying when I hear this kind of success story - especially during these tough economic times.

Technorati Tags:
, , , , , ,