Monday, October 26, 2009

Thawte retiring Web of Trust (WOT)

I got my notification titled "Thawte Personal E-mail Certificates and Web of Trust are being discontinued " with the following rational for the event, "Over the past several years, security compliance requirements have become more restrictive, while the technology infrastructure necessary to meet these requirements has expanded greatly. Despite our strong desire to continue providing the Thawte Personal E-mail Certificate and Web of Trust services, the ever-expanding standards and technology requirements will outpace our ability to maintain these services at the high level of quality we require. As a result, Thawte Personal E-Mail Certificates and the Web of Trust will be discontinued on November 16, 2009 and will no longer be available after that date.

Deciding to conclude these services was a difficult decision for us to bear, specifically because of the relationships that we've built with Notaries, such as yourself."

I guess I am not surprised that this is happening but it is still a bit of a bummer. I've been a Thawte notary for a lot of years (almost 10?) and it has been a great way to have a low cost validated and signed e-mail x.509 certificate for free mail services. I guess with most enterprises finally allowing this within their infrastructure the need isn't as great. I still say the majority of e-mail I send and receive is NOT signed but old habits die hard, e-mail is still more like sending postcards to each other than any sort of private correspondence from a security level.

I guess I will have to find a new resource for x.509 certs, I'll post up what I end up using.
- Ed

Thursday, October 22, 2009

Microsoft Windows 7 Launch

Today is it, Windows 7 is out. As a Microsoft MVP I've been testing Windows 7 for a long time and I have been using it as my primary OS for several months. I think Microsoft has escaped the Vista demons and has a great OS to go to market with. I predict even folks who run Apple hardware and OSX will end up buying Windows 7 to run as a VM or in bootcamp and XP will start disappearing quickly from the landscape.

So to all my friends who work at Microsoft, congratulations, it is a big deal. I also am excited about Server 2008 R2 because of the some of the cool "better together" features that IT Pros will get with both products.
- Ed

Tuesday, October 20, 2009

Why Cisco isn't doing what is right for the customer with VPN client

I work for a Cisco partner so I get lots of updates on product releases, roadmaps and all the business "justifications" of why they do what they do and how to explain that to customers. I also happen to be a Microsoft MVP and I have switched to using Windows 7 64-bit on a fulltime basis (though I can still boot into my Ubuntu install too if needed.) As someone who uses VPN alot, primarily to do remote support for clients it is incredibly frustrating to NOT have a Cisco supported 64-bit IPSec client for Windows Vista or 7.

The reason I bring this up is Cisco just sent out an announcement titled "Cisco VPN Client v5.0.6 (Windows 7 32-bit support) is now available!" - are you kidding me? That is it?

Cisco, you are hurting your install base of clients, you are NOT doing what is right for them. The statement at the end of the announcement says it all. " 64-bit support is under consideration, but is not yet EC'ed for an upcoming release. This support is available in the Cisco AnyConnect VPN Client today (SSL/DTLS). " Translation - we want you to by a new Cisco solution that works with AnyConnect, if you don't have it we will force you to migrate by not developing a 64-bit IPSec client or integrating that functionality into the AnyConnect client that does support 64-bit.

I do not understand this thinking. What about all the Routers, PIX and VPN Concentrator that are deployed that will not get replaced that do NOT support AnyConnect. Now clients are going to purchase new machines with Windows 7 64-bit and have NO capabilities to VPN back into their network with a Cisco solution (at least not without buying a new Cisco product.) The first thing to pop into my head would be is there a free VPN alternative so I don't have to do this upgrade? Alternately, there are other 3rd party IPSec clients that are supported on Windows 7 like NCP and TheGreenBow but honestly, why should an existing Cisco client have to pay for a new software client when they had one that was working!

I honestly have had more pushback about this one item in meetings than anything else lately. Cisco has corrected the cost difference between IPSec and SSL VPN for the ASA - it is time to correct this also.
- Ed

Tuesday, October 06, 2009

Some IPv6 information link updates

I am doing some work for a client getting their public IPv4 blocks from ARIN so I thought I would share some useful IPv6 links they have now up at the ARIN site since I was looking around anyway.

ARIN now as an IPv6 Wiki page that has some good content and an IPv6 Information Page which has additional links that might interest someone who is getting started with IPv6.
I still really recommend that folks check out Hurricane Electric's excellent free IPv6 tunnel broker services. For those that want to start playing with IPv6 this is an awesome resource.

Check out the ARIN Number Resource Policy Manual regarding IPv6, some interesting stuff is in there regarding the goals of IP address space management. Its worth a quick read, especially if you are securing IPv6 address space for a client or your own company. If you don't have IPv6 on your roadmap yet as something to address I think the year 2010 will be when you really need to add it to your list of items.

If you want some fast training on IPv6 but there are some e-learning sites like and there are some excellent white papers at Microsoft and at Cisco also.
- Ed

Monday, October 05, 2009

Why Microsoft should buy LifeSize and Shoretel

Cisco just announced their intent to aquire Tandberg last week. This cemented the number one and two players in enterprise video conferencing systems effectively. Cisco's Telepresence is still insanely expensive for even the most aggressive SMB's and I would argue even many Enterprise customers. Tandberg has an excellent solution and meets the mid tier space well but isn't know for being super in the design and user interface arena. The remaining vendors with any traction are Polycom and LifeSize.

So where does this this leave Microsoft in the OCS and Unified Communications area for larger scale video teleconferencing and telepresence solutions? Microsoft has a good solution for single laptop integration and a moderately acceptable solution with the RoundTable product. But I must admit, having that RoundTable device spinning around and having it stick up in the middle of the conference room table is incredibly annoying and distracting, two things you don't want in a meeting.

I think Microsoft is missing a critical piece in the larger scale voice and video market space and I think they could easily scale up their Unified Communications platform with some strategic purchases. I think Microsoft should buy Shoretel for their voice capabilities and LifeSize for their video conferencing and telepresence solutions. It would instantly make them a much bigger player in both markets and cement Shoretel's ability to sell into larger enterprise shops while allowing LifeSize to capitalize their growth at a much faster rate.

To gain a foothold in the voice market that leverages their OCS platform a purchase of Shoretel would allow them to meet the needs of companies that require handset deployments (call centers, corporate and sales offices, help lines, etc.) but still support many of the OCS features they require while allowing more standards integrations. Plus, given the platform that the Shoretel solution is built on their is a high probability of doing a lot more integration work.

To gain a foothold in the video conferencing space picking up LifeSize (vs Polycom) would be a huge win. LifeSize has a better product portfolio (no question on that one), has a good partnership with Shoretel and does not have the valuation baggage that Polycom has currently. Even though Polycom is a Microsoft partner and is now building the RoundTable devices for Microsoft (which I think long term Microsoft should drop) LifeSize is a better match and more likely an easier acquisition given their size. They could also easily integrate the solution with their existing OCS solution and come up with something truly scalable and able to be packaged and sold for every sized company they sell too, that alone would be a huge differentiators.

Are their potential pitfalls in this? Sure, it could spoil Microsoft's ecosystem of voice partners - but given that Nortel is no longer a factor and Mitel/Intertel don't have enough value to justify a purchase they aren't a factor either. Altigen is much too small and can't even properly support QoS so Microsoft does not have to worry about them, they will continue to work with Microsoft no matter what they do. Avaya, Siemens and Toshiba and at the low end Panasonic are the other vendors who are left for the most part. All of them have to play nice with Microsoft as Cisco is crushing them in the voice space and they do not have a Unified Communications solution that anyone is really willing to buy.

Then again, Microsoft has always been a build it in software sort of company, I just think trying to address the video conferencing market without a good hardware solution is folly and given their options I think Shoretel and LifeSize are their best shots at catching up.
- Ed