The Bloor Perspective: Microsoft licensing off, nCipher - Broadcom deal on, and some technical consensus

From 1 October Microsoft is introducing its 'Software Assurance' service. In essence this is a combined licence and support scheme that includes software version upgrades. Unfortunately, for larger customers this will not constitute an addition to current schemes, but rather it will replace all existing version upgrade offerings.

As you can imagine, this hasn't been a popular move.

Under the new scheme, Software Assurance (SA) replaces all other one-time upgrade options for customers with over 250 PCs. This market previously had access to a range of EA (enterprise agreement) options. Now it hasn't.

Changing licensing schemes will not be a new experience for Microsoft's customers as the Seattle business has a long history of varying conditions almost annually. This time around though, Microsoft has annoyed end users on several counts.

First, the new scheme will increase the costs to users quite significantly unless they upgrade their systems every two years or so, which is awful news for organisations with desktop environments subject to central control and planning to minimise support costs and provide stability.

Most alarming for customers has been the timing of the scheme. The SA programme was announced in May and comes into effect between now and next February. This does not allow the majority of organisations to take account of any budget changes that must be met. It is very difficult for businesses to vary their IT budgets dramatically in mid-year at the best of times. In the current economic climate it is almost impossible.

Many users have responded by publicly criticising Microsoft for these changes and it is clear that most organisations will now make plans to evaluate all possible alternative options - but in this timeframe that could prove troublesome.

But if Microsoft keeps turning the screw to maintain its revenue stream, we may see a new market developing for desktop services. In fact, Microsoft may have given just the argument organisations need to turn to Star Office and Linux. Microsoft should tread carefully.

*nCipher and Broadcom*

There's a new partnership in the offing that should provide some good security benefits for operations managers in the near future. PKI security provider, nCipher, has just released information about its plans to work with Broadcom - a major chip manufacturer - on a solution that should be mutually beneficial and also provide better network security.

nCipher is a technology leader in its field. It develops hardware solutions that protect the keys required for cryptography. It works on the simple premise that encryption can only be secure as long as the keys are secure. Thus it builds cards and boxes that are made of steel with all sorts of resin and gunk spread all over the screws, and it embeds software to manage the keys on a chip inside.

The purpose of this is that the keys themselves are set up and stored within a box. Physical access to the box is impossible and software access is only possible through a pre-defined set of interfaces. The key information never comes out of the box. Data goes in and encrypted data comes out (or the other way around depending upon your actual needs).

The internal processor ensures that no extra load is placed on the host system. Broadcom is a major manufacturer of chips and does significant volumes of business with suppliers of network infrastructure. The biggest names in networking, such as 3Com and Cisco, are all using Broadcom chips. One of the things that the big network boys are asking for is improved security capabilities - especially when it comes to the security of encryption keys.

So here's the big win. Broadcom and nCipher develop a partnership that gives nCipher better chip technology with which to develop improved capabilities within its hardware solutions. Broadcom gains access to nCipher key protection products and the networking solutions providers have a new security feature to offer their customers.

*Raising standards*

The Object Management Group (OMG) is one of those worthy standards groups that probably doesn't generate much excitement in most IT practitioners. Yet OMG is a body that has done much to reshape the development landscape over the past decade.

Most significantly, it seems to have succeeded in the fundamentally important goal of reshaping the mindset of programmers, a precondition to widespread adoption of object oriented programming. The point is illustrated by the primary focus of its recent meeting, the OMG's Model Driven Architecture (MDA).

A decade ago, UML (Unified Modelling Language) was a nice idea that looked like the way program design ought to go, but which had little or no bearing at the time on how programs were actually written. It could easily have gone into the brimming IT dustbin of over-ambitious ideas. But, thanks to a lot of background work and lobbying by OMG, it is now the widely accepted basis for most development environments.

The same kind of work is now being devoted to MDA. The meeting voted to make MDA the official basis for OMG standards and also agreed a presentation to be made in major cities to explain and promote its use.

At the same time, the bases for two parts of a major upgrade to UML, Release 2.0, were also evaluated for future adoption. The two parts were the UML Infrastructure and Object Constraint Language.

Other moves of technical significance were five new specifications which moved from the evaluation to the adoption process and the issuing of two new RFPs. Three of the new specifications were directed at modelling: one tailors UML to Enterprise Distributed Object Computing, one adds the ability to model real-time systems scheduling and one enables XMI to take advantage of W3C's new XML schema definition.

The other two specifications were directed at CORBA, one defining management of membership in secure domains and the other providing Air Traffic Control systems with a facility to manage aircraft surveillance.

The two new RFPs were to standardise the way CORBA systems provide 24x7 service and the way publish-subscribe services are delivered in real-time systems.

Now don't yawn there at the back - even if you're not enthused, someone in your organisation should be taking note. Standards are at last becoming an important part of the IT landscape.