Cisco warns UC users of limited support for Windows 7

Cisco (NASDAQ: CSCO) is warning customers of its unified communications products that support for Windows 7 won't be forthcoming until the product's 8.0 release scheduled for the first quarter of 2010. About a dozen more UC products will not support Windows 7 until version 8.5, in the third quarter of 2010 and at that time, only the 32-bit version of Windows 7 will be supported. 7 tools for Windows 7 rolloutsDennis Hartmann on Cisco Unified Communications Only three Cisco UC products among a list of about 50 published by Cisco Subnet blogger Brad Reese specifically promised 64-bit support, and this only through the use of a 32-bit emulator. These products are the Cisco UC Integration for Microsoft Office Communicator, Cisco IP Communicator and Cisco Unified Personal Communicator. One CCIE, who asked not to be identified, is frustrated with the delay. The Communicator products are the client-side multimedia applications used with Cisco Unified Communications. He tells Network World that Cisco became a Windows supplier when it developed desktop UC applications such as the Unified Attendant Console, one of the applications that is not yet slated to support 64-bit Windows 7. The spotty roadmap for 64-bit support makes it difficult to see Cisco's UC as a good fit for companies wanting to upgrade to Windows 7, he says.

However another expressed frustration. One reader posted a comment on Reese's blog that said it is possible to run UC products on Windows 7 right now. This anonymous reader wrote, "I realize many of the Cisco UC products will probably work on Win 7 32-bit. Microsoft 64-bit OS has been available since Win XP although 64-bit processors have only been available for the masses for a few years. I'm concerned about the Cisco UC applications working on Win 7 64-bit. However, most desktop and notebook computers purchased in the last 2-3 years included 64-bit processors.

They provide many applications for the standard desktop computer. Cisco is now a desktop software application vendor. They have a responsibility to support the most current corporate desktop OS!" Microsoft released Windows 7 to manufacturing on July 22, 2009. At that point developers of Windows applications had access to the final code included Windows 7. It was released to the general public on October 22.  According to Microsoft's Windows 7 Compatibility Center, four Cisco desktop Windows applications have been certified as compatible with Windows 7. These are the Cisco VPN client version 5, the Cisco EAP-FAST Module, the Cisco LEAP Module, the Cisco PEAP Module. The Cisco Anyconnect 2.4 SSLVPN client actually does support both 32-bit and 64-bit versions of Windows 7. The Cisco VPN client 5.0.6 supports only the 32-bit version, according to Microsoft's compatibility information. These modules are methods to securely transmit authentication credentials and are used with a VPN. Cisco Subnet blogger Jamey Heary asserts that Cisco is the first major VPN vendor to support Windows 7 (as well as Mac OSX 10.6 clients). Cisco's VPN support for Windows 7 covers both its IPSEC client and SSLVPN client software.

Follow all Cisco Subnet bloggers on Twitter.

DC player Jim Payne joins Telcordia

Veteran federal government marketer Jim Payne is joining Telcordia Technologies in a bid to raise the visibility and win contracts for this New Jersey-based network research shop. Payne is credited with building up Qwest's government services division earlier this decade, winning key contracts with the Department of Energy and the Department of Defense. Payne is well-known around the Beltway, having led Sprint's successful FTS 2000 and FTS 2001 efforts in the 1990s to provide telecom services to federal agencies.

In 2005, Payne joined Bechtel, where he led the construction company's federal network division until now. Originally named Bellcore, Telcordia provided research and standards support to the seven Regional Bell Operating Companies. Payne faces a steep challenge in raising the profile of Telcordia, a 25-year-old research and development company that was founded when AT&T was split up. The company's name was changed to Telcordia after it was purchased by federal contractor SAIC in 1997. SAIC sold the company to two private equity firms - Providence Equity Partners and Warburg Pincus - in 2004. Telcordia created many aspects of today's telecommunications system—including toll-free calling, Caller ID and e-mail attachments — but the firm hasn't been able to leverage these innovations to become a household name. ``Only the most sophisticated communications engineers and network engineers really have a good understanding of what Telcordia has to offer,'' says Ray Bjorklund, senior vice president with FedSources, a McLean, Va. market research firm. ``Taking that indepth talent that Telcordia has and putting it in a less Ivory Tower world – that would be a play for them in the federal market.'' Payne plans to tout Telcordia's expertise in network architecture, standards and cybersecurity to federal agencies. ``There needs to be an independent broker in the [federal market] that's not trying to sell a box, that's not trying to sell a circuit, that says this is the network design you should migrate to,'' Payne says. ``The federal government must have a central vision across the DOD and the intelligence space.'' Payne intends to pursue contracts with the Department of Homeland Security, the Defense Department and the intelligence community. He'll work from Telcordia's office in Arlington, Va. ``We have a very good base of business here,'' Payne says. ``We need to expand tremendously our visibility…and proximity is everything.'' Bjorklund says Telcordia's key competitors in the federal market will be MITRE. ``Now that there is legislation that directs the government to be far more cautious about allowing companies to skirt organizational conflicts of interest issues in defining a system and building it, a lot of large systems integrators are a little concerned that they've got exposure in these areas,'' Bjorklund says. ``Telcordia, who is not a systems integrator, might gain some more wins out of this if they can figure out how to market themselves as really smart people who can solve complex problems.'' He's interested in providing strategic network engineering services to the Defense Information Systems Agency and the new U.S. Cyber Command. ``It's time for Telcordia to raise its awareness,'' Payne says. ``People don't realize…that there's this separate, independent organization that does the standards and the software that makes the U.S. telecommunications system work.'' Payne's official title is Senior Vice President/General Manager for National Security and Cyber Infrastructure in Telcordia's Advanced Technology Solutions arm.

Wipro, other Indian outsourcers expand in the US

Wipro, India's third largest outsourcer, is expanding its development center in Atlanta from 350 to 1,000 staff, reflecting a growing trend for Indian outsourcers to expand and hire locally in the U.S. market. India's largest outsourcer Tata Consultancy Services (TCS) said earlier this month that it was expanding its business alliance with The Dow Chemical Company, including setting up a services facility near the site of Dow's global headquarters in Midland, Michigan. The company said that 80 percent of its current 350 employees were hired locally, and includes recent graduates from reputable academic institutions in Atlanta, experienced professionals and retired army personnel. TCS also announced that it was expanding a software services delivery center in the Cincinnati suburb of Milford, Ohio.

Indian outsourcing companies are expanding both in India, and in the U.S., their key market, in anticipation of a pick up in business. Infosys BPO, the business process outsourcing subsidiary of outsourcer Infosys Technologies also said this month that it would acquire McCamish Systems, a BPO company in Atlanta focused on the insurance and financial services market. Employing staff in the U.S. is expected to go over well with the local community and politicians because of resentment in the U.S. about companies moving jobs to India and other countries, analysts said. Political considerations are evidently a factor for Indian outsourcers to expand in the U.S., said Siddharth Pai, a partner at outsourcing consultancy firm Technology Partners International (TPI) in Houston. U.S. Senators Bernie Sanders, an Independent from Vermont, and Chuck Grassley, an Iowa Republican, last week introduced legislation, called the Employ America Act that would prohibit firms that lay off 50 or more workers from hiring guest workers. U.S. companies do not also want to be seen sending jobs abroad, he added.

Certain types of work even in BPO, such as development of technology platforms for services delivery, and analytical work, require proximity to customers, he added. But there are also strong business considerations that require Indian companies to set up operations in the U.S., according to Pai. Indian outsourcers have to start looking like global players, Pai said. Japanese car makers, for example, manufacture all over the world, because some customers would like to buy locally produced goods, he added.

Gartner on cloud security: 'Our nightmare scenario is here now'

At the Gartner Symposium IT/Expo this week, thousands of IT managers packed into sessions on the topic of virtualization of enterprise computers, along with the prospect of adopting public cloud-based services or building private ones. Gartner analysts, including David Cearley and Gene Phifer, trotted out user case studies involving FedEx, Presidio Health, Johnson Diversey and others extolling the public or private cloud, while in a separate session Michael Lock, head of enterprise sales at Google, found himself looking like a budding rock star in front of an huge audience of high-tech execs eager to hear about Google Apps. Some say the revolution is underway, and security managers are caught in the middle, losing their earlier controls. With new ways of conducting enterprise computing and application development shaking up established IT practices, the darker mood about it all was mainly heard from Gartner's security analysts, recognizing the revolution underway is ripping away the security controls of today. "Our nightmare scenario is here now," said Gartner analyst John Pescatore.

In addition, corporate employees are now using handheld smartphones the company didn't even issue and spending substantial time on networks not owned by the enterprise. Botnet-driven cybercrime is clearly accelerating as online predators involved in "cybercrime as a service" plunder corporate and consumer data for financial gain. Now comes cloud computing as service offerings and "obviously attacks will come after this," Pescatore said. With the cloud taking shape nebulously as many types of public, private and hybrid services, an important technology to turn to will likely be encryption services. "In the next few years, you'll see encryption services out there," Pescatore said. In many instances, the fact is the "IT organization is being driven to have less control over software and hardware." The implication of this, Pescatore said, is they can sit and dream of something pleasant, like the return of the mainframe, or they will have to make a shift to using or developing "security as a service" to adapt to new threat scenarios in both public cloud computing and virtualization of their IT infrastructure. Gartner analyst Neil MacDonald also minced no words in describing the implications for security in the virtualization and cloud-computing revolution. "We're at a critical point," MacDonald said.

With virtualization, the key concept of "locking down a physical device" is disappearing in favor of virtual machine-oriented security, such as virtual security appliances as software instead of physical appliances, he said. Adoption of consumer technologies and the transformation of the technical infrastructure in the enterprise means that there's "frustration of the business units with us," MacDonald said. In addition, the enabling of quick deployment of virtualized applications and databases to facilitate business partnerships will need to be done, though "security becomes very difficult in this environment." Cloud computing and virtualization "break one of the foundational principles of security architecture: Us and them," MacDonald said. Antivirus must be buttressed with whitelisting to control application use, and the newer software-based virtual appliances for security have to be examined for use in a virtual-machine environment. Known technologies such as signature-based antivirus are now insufficient, increasingly useless and he added, way overpriced. About the physical security appliances out on the market today, MacDonald said "these boxes are expensive," and he disparaged Cisco, Juniper and TippingPoint as "not having much going on now because they like to sell boxes." When it comes to cloud computing services, the security professional is being pressured to "get out of the way" and figure out something that's "secure enough," said MacDonald, though the impulse will be to say no to the cloud.

But there are going to be "trade-offs" as new cloud service offerings, and the stance the security professional should take is to clearly explain the risks to the business owners of the data and make sure they accept it, not push it back onto the security and IT department. "They get all the accolades and you take all the risk, who wants that job?" he pointed out. Though the public cloud "makes sense for less-sensitive data," there are limits, such as "PCI stuff, no way," MacDonald said, referring to the data falling under the Payment Card Industry security requirements. Speaking on a panel at the Gartner conference, a number of CIOs acknowledged their prime concerns are about security in cloud computing. Sometimes there are some unexpected risks. June Hartley, CIO at the National Business Center of the U.S. Department of the Interior, said security requirements known as FISMA that the U.S. government uses for security compliance will likely be changed to meet the new world of private and public cloud computing.  Casey Coleman, CIO at the General Services Administration and co-chair of what's known as the Federal Cloud Council, agreed, but both indicated there was no apparent barrier to that. Sal Allavarpu, senior director, product marketing at Citrix Systems, a player in the virtualization market which has created virtual appliance versions of its Access Gateway, Branch Repeater and NetScaler security, network and application control appliances, says there are new security issues that arise in virtualization and cloud computing.

Without sharing detail, he said he knows of a recent occurrence in a cloud-computing arrangement where law enforcement going after someone seized the data for the entire physical server even though the suspect had data on just one virtual machine on that server. For one thing, it's not advised to run applications with different levels of trust controls on virtual machines located on the same physical server, he says. "It's best to keep them separate, virtual machines with the same trust controls on the same physical server," he said, noting auditors prefer this. This caused a lot of consternation among other companies whose data happened to be on that same physical server in separate virtual machines. Mark Hurd, chairman and CEO at HP, who gave the keynote at Gartner yesterday, evoked a knowing chuckle from the audience when he said he has visited with many CEOs and frankly, they didn't like the term "cloud" because they would prefer to think they're operating in "clear skies." But without tipping his hand, he hinted that HP could be active in this arena itself with cloud-oriented services over time, probably the more private cloud varieties. He noted that virtualization and cloud computing is new to law enforcement in some instances and this kind of issue is still being hammered out.

Profile of an IT forensics professional

A snapshot look at the IT forensics profession from the perspective of Rob Lee, an IT forensics expert at Mandiant. He is a graduate of the U.S. Air Force Academy and a founding member of the USAF's Information Warfare Squadron, the first U.S. military operational unit focused on information operations. Name: Rob Lee Title: Director and IT forensics expert at Mandiant, a Washington-based information security software and services firm Related work: Curriculum lead for digital forensics training at the SANS Institute. 30-second résumé: Before joining Mandiant, Lee served as the technical lead for a vulnerability discovery and exploit development team that worked for a variety of law enforcement, government and intelligence agencies. Skills boost: To stay current, Lee does hands-on work in the field and is an avid reader of and contributor to information security journals and blogs.

He also recommends specializing in a particular area of computer forensics. "If you're choosing forensics, be a specialist in firewalls or hacking or mobile devices," Lee says. "Mobile devices alone are extremely complex and constantly changing. "If you're just beginning, classes are the way to go," he advises. "After that, you can continue to learn online. A passion to learn and to continue learning - rather than a formal computer science degree or security certification - is the top requirement for an IT forensics expert, says Lee, who also teaches SANS certification classes. The best thing you can do once you attain a certain level [of expertise] is give of yourself back to the community. Always do research and publish it." Next: Opinion: Web 2.0 security depends on users Choose something you don't think anyone else has [expertise in] and research that.