You can tell by the picture what kind of night it took, but the cocoon enabled Nichievo
prototype seems to be working.
You can tell by the picture what kind of night it took, but the cocoon enabled Nichievo
prototype seems to be working.
The big issue in getting it to work was figuring out how to let users submit order documents without excessively compromising security, but the obvious finally dawned on me: at that point they're not yet secure documents. So I set up a webdav enabled directory for them to use - cocoon has a webdav framework in progress but I found a Perl script adapted from something I already had simpler as a means of grabbing their uploads.
Right now its about as elegant as the fifteen vehicle pile up I passed on the Ohio turnpike a few months ago, but now that it works, it's time for diversion while users figure out what it does - but wait, as they say in the ginzu knife ads, first a comment on feedback.
I'm just not getting very much. Several readers pointed out that a commercial replication solution for PostGreSQL (from PostGreSQL Inc.) does exist. I haven't contacted the company yet to understand their product, but I used its existence as an excuse to work with PostGreSQL rather than mySQL for the prototype - not for security reasons or anything else; the truth is I already had PostGreSQL running on the box and got lazy.
One reader pointed out that some Linux diskless workstations, like those from thinknic.com, boot from CD and that this could be used to impose security at the customer end. His idea (and apparently his company works on high security applications) was that one could issue coded CDs and either provide a thinknic or ask the customer to boot his PC using the coded disk. Either way this could establish both secure communications and the customer's probable identity. It would work too; of course, the people at Nichievo would have a whole orgy of coronaries if I suggested it right now, but it would work and I'll keep it as a hole card for use when they understand the security issues.
Another reader commented that I was being unfair to SOAP. It's not, he said, a protocol for bypassing firewalls and can be filtered at the firewall level too. To help, he pointed me at a company called DataPower Technology which sells an XML firewall appliance about which Kevin Murphy (no relation) writing for Computerwire's January 12th newsletter said:
DataPower Technology Inc, known for the last six months as a maker of XML acceleration appliances, this week adds the second of a planned three-pronged attack on the XML processing market.
The company will today announce the availability of its XS40 XML Security Gateway, a $65,000 appliance that secures the XML/SOAP messages used in web services. DataPower said RouteOne LLC, a car-dealer financing venture of DaimlerChrysler, Ford, GM and Toyota, is its first major buyer.
XML security gateways, sometimes referred to as XML firewalls, intercept SOAP messages before they reach the application server. Depending on the product, they then do a combination of user authentication, data validation, routing encryption, signing, logging and reporting.
Is it just me or does having to buy a firewall appliance to protect against a protocol designed to bypass firewalls make about as much sense as adding floors to the leaning tower of Pisa?
And that, I'm sorry to say, was about it for reader feedback. On the other hand, with the prototype running I can expect a month or two away from the project while various Nichievo users try it out and think through some of the issues before coming back, maybe toward the end of March, for another go round. Meanwhile if you, or anyone you know, are interested in this stuff - please get in touch!
Two odd diversions showed up in the process of doing this work. First there was this business about Microsoft's licensing policies supporting de-consolidation and, more recently, someone drew my attention to the relative cost of Unix vs Windows software.
Readers will recall that the de-consolidation issue was raised by a number of people who pointed out that my specification of single CPU licenses for things like SQL-server to run on a four way machine wouldn't be legal under the terms of the Microsoft license. Instead I'd either have to buy four CPU licenses or use four single CPU machines in a rack. Since a 2.4GHZ Dell with 2GB of memory now costs less than a tenth of what the SQL-Server license costs, this is the ultimate no brainer.
What's most interesting about this is that it turns out to be an across the board phenomenon. It turns out that the balance between hardware and software costs has shifted in the Windows world while remaining more or less stable in the Unix world.
If we start by looking at consolidation we see that Microsoft's pricing mitigates against consolidation from uni-processors to any level of SMP machine because you pay extra for the ability to access more memory, extra for client access licenses, and extra for each CPU in the box.
Of course that's just the simplest kind of consolidation. The 360 crowd, to cite a more complex example, uses partitioning instead of a rackmount to achieve multi-processing (running more than one application at a time). As a result they often recommend consolidating from many physical servers in a rackmount to many virtual servers sharing one physical machine.
What that means is that you could logically consolidate something like 20 older NT 4.0 servers in a couple of racks to a single machine like Dell's dual processor 6650, while maintaining application separation through server virtualization.
One option for that is VMware's GSX virtualization server. For about $2,500 in VMware licenses you can slice that $15,000 Dell box into 20 virtual machines each with its own copy of Windows 2000 Advanced Server - which you need to access the 8GB of memory - (20 x $3999 = $79,980) and its own dual CPU SQL-server Enterprise license at $19,999. (=$799,960) for a total of about $882,000 in licenses.
If this strikes you as disproportionate, it is: with the software about sixty times the hardware cost. As an alternative you could let Sybase and the Linux kernel handle multi-processing for you at a license cost of about $50K for a ratio of just over three times - and a cash saving of about $832,000 for a system that most people would agree is likely to be both more stable and more responsive than the far more expensive Windows alternative.
Those numbers are startling but many people would probably argue that the example is artifical because:
So is the example exaggerated? Well, if you compare running one copy of samba under Linux on a $5,000 PC file and print server to running twenty copies of Windows 2000 file and print server under VMware, the numbers are smaller but the ratio is actually worse for the Windows side. Including VMware and twenty Windows 2000 server licenses, each with ten client access licenses, the Windows virtualization solution will cost you about $26,430 more than the fifty bucks you'd pay for a Linux CD. The SQL-Server vs Sybase example shows licensing for the Windows on VMware approach to be about 17.8 times the cost of the Linux/Sybase option - but the more realistic example using Samba shows an astonishing 528:1 ratio in favor of Linux.
Those ratios don't make sense, so how did things get this far out of whack? The answer is price change - in opposite directions for Microsoft and the rest of the world.
When you bought those 20 NT boxes to run SQL-server 7.0, say in March of 1999, those SQL-server licenses were a lot cheaper in both absolute and relative terms. SQL-Server 7.0 started at $508 per machine. You didn't need an enterprise class CPU license because users were counted as concurrent users, not identified users. To deal with web demand you added 25 concurrent users at $101 each to get a total cost per machine of about $3,000 - or $60K for the 20 machines in your rackmounts - and those would have been Compaqs at about $10K apiece for a total somewhere around $260,000.
Buying Sybase on a Sun 450 would have set you back something like a $80K for the software and $140K for the hardware.
On the Unix side both the hardware and the software are cheaper today, but on the Windows side only the hardware is. It's as if Unix software, including Linux, has participated in Moore's law - getting cheaper, better, faster over time- but Microsoft's hasn't. Their equivalent appears, instead, to have been Nixon's law - the one that can be politely restated as "when you have them by the wallet, their hearts and minds soon follow."
| One of Murphy's Laws |
|---|
| When you're negotiating for a big ticket item - a million dollar Oracle license or a big Sun server- always try to start negotiations about two weeks before the other guy's quarter ends and be prepared to accept a thirty day invoice on closing. |
But what about discounts? Surely assuming list prices for 20 copies of Enterprise server - or anything else- is absurd? If you're looking at Sybase, for example, there's always unofficial room for movement; maybe not much but it depends on things like the size of your commitment.
There appear to be four official Microsoft volume discount programs:
These agreements are nominally differentiated by differences in commitment but they all offer:
Deep discounts compared to full retail, with a fixed, annual price based on the number of eligible desktops in your enterprise(from: http://www.microsoft.com/licensing/programs/ent/)
This comes with Ginzu knives, or at least 0% financing, too:
Get 0% interest for 24 months! on Open License purchases of Licenses with Software Assurance or Software Assurance Only, by qualified Open License Customers, made from October 1, 2002 through January 31, 2003.From: http://www.microsoft.com/licensing/programs/open/finance/ (but I've omitted their four footnotes to this paragraph).
|
On December 2nd, 2002, pcmag.com's front page featured an article by Peter Gali which started:
A Microsoft-sponsored white paper from research group IDC, which compares the total cost of ownership of Microsoft's Windows 2000 and Linux server environments across five enterprise computing workload situations at 104 companies, found that the Windows 2000 server offered a lower five-year total cost in four of the five selected workloads. This "study" assumes that the Windows machines are not upgraded in any way during five years of continuous operation. Not only do few, if any, companies currently still have P2 servers with the original, unpatched, release of NT 4.0 Server but there seems to be no legal way to do this under Microsoft's current enterprise licensing.
|
If you download the enterprise agreement (EACustomerGuide.doc) from the Microsoft site and go through it you'll be struck by several features:
Note: Microsoft's product and technology catalog shows SQL-Server Enterprise Edition subject to a "Level C/200" discount -which I interpret as the price for 200 licenses- at $18,745 each, for a blistering 6.2% saving.
Before the enterprise agreements, companies could license as many Windows desktops as they had and upgrade when forced to by software change. Now, however, signatories must upgrade continually and buy licenses for desktops that don't run Microsoft operating systems.
As a result it looks like customers who sign these agreements in search of the promised "deep discount" generally end up paying more than they did before. I have to say "looks like" here because the numbers are secret - although many readers will recall Joe Barr's fine adventure with apoplexy when he reviewed the city of Austin's agreement recently.
Secret pricing isn't really a big plus with me so I looked for published discount information on the TPC site - and found something interesting.
The top performer on TPC-C with a rating of 709,220 TPM/C at $14.96 per TPM/C was done last year on a cluster of Compaq Proliants running SQL Server under Windows 2000 Advanced Server.
The 483 page full disclosure report, available on the TPC site, has a cost summary on page nine where they carefully list the cost of each piece, total it all up, and then take a 16% "Cash and large customer discount" on the total.
That total includes $4,045,312 for 256 Enterprise SQL-Server licenses at a 21% discount from list and this price is supported by a letter from Microsoft reproduced on page 483.
So does this mean that Microsoft offers 33.6% (=1-0.84 x 0.79) discounts from list for large customers? I don't think so, I think Compaq and its partners just slipped one past the TPC auditors here. The evidence for that is in the other product prices shown - almost everything is discounted twice, once in the sales quotation supporting the number claimed on the page nine summary, and once more when the total was discounted to get the number from which the $14.96 is computed. The best example of this is probably given by the ecost ad reproduced on page 481. Here some 16 port ethernet switches are shown as having a list price of $1,060 but a blow-out sale price of $398.55 - The ad offers a claimed 60% savings and that's the price on which the 16% "Cash and large customer discount" is taken for a net 66.4% discount.
Roll back the double discounting and apply pricing other people would be expected to pay and you get close to $19.40 per TPM/C with Microsoft's licensing accounting for around 40% of the total.
So how does this compare to Unix? Well, the top non clustered performer listed by TPC is a Fujitsu SPARC server with 128 UltraSparc II CPUs running at 563Mhz in August of 2001. This system got to 455,818 TPM/C at $28.58 per TPM. The detailed report not only shows no discounts at all - everything is given at list - but has realistic operating costs too. (In contrast Compaq discounted the claimed $201,120 three year cost for maintenance and support on 256 SQL-Server licenses by 16% for the computation).
Apply more realistic pricing and you get a wash on per TPM costs relative to the Windows cluster but, more interestingly, examine the detailed numbers and you find that Unix software only comes to about 14% of the system total.
I checked a few more and there's a general bottom line here: Unix software is now a lot cheaper than Windows software for similar levels of power and support. It's often not true among PC companies - HP and Adobe generally still charge more for their Unix products than their Windows products- but it is consistently true when you compare open market prices to Microsoft prices.
If you ask business people which costs more, Unix or Windows software, you usually get the kind of look reserved for idiots. Everyone knows Windows software is cheaper - that's a big reason so many people agreed to put up with the poor quality to begin with. Even three years ago that was true if you set scale aside as a consideration. Sybase for Unix was more expensive than SQL-Server for Windows - and people ignored the fact that Sybase served hundreds of concurrent users on big HP and Sun gear while SQL-Server worked for tens of people on Wintel gear. Today it's not true at any scale - and that's a big win for Unix.