Two digital rights advocacy groups have filed a lawsuit against the Office of the U.S. Trade Representative (USTR) in an attempt to get the office to turn over information about a secret international treaty being negotiated to step up cross-border enforcement of copyright and piracy laws.

The Electronic Frontier Foundation (EFF) and Public Knowledge filed the lawsuit Wednesday after USTR ignored their repeated requests to turn over information about the proposed Anti-Counterfeiting Trade Agreement (ACTA).

[ Your source for the latest in government IT news and issues: Subscribe to InfoWorld's Government IT newsletter. ]

ACTA could include an agreement for the U.S., Canada, the European Commission and other nations that are part of the talks to enforce each other's intellectual-property (IP) laws, with residents of each country subject to criminal charges when violating the IP laws of another country, according to a supposed ACTA discussion paper posted on Wikileaks.org in May.

The document posted on Wikileaks also talks about increasing border searches in an effort to find counterfeit goods, encouraging ISPs (Internet service providers) to remove online material that infringes copyrights and increased cooperation in destroying infringing goods and the equipment used to make them. The full text of the ACTA has not been released, despite requests by EFF and Public Knowledge, as well as Canadian groups. Wikileaks is a site that posts anonymous submissions of sensitive documents.

"ACTA raises serious concerns for citizens' civil liberties and privacy rights," EFF international policy director Gwen Hinze said in a statement. "This treaty could potentially change the way your computer is searched at the border or spark new invasive monitoring from your ISP. People need to see the full text of ACTA now, so that they can evaluate its impact on their lives and express that opinion to their political leaders. Instead, the USTR is keeping us in the dark while talks go on behind closed doors."

A USTR spokesman didn't immediately respond to a request for comment on the lawsuit, filed in U.S. District Court for the District of Columbia.

In the lawsuit, Public Knowledge and EFF say the trade agreement's documents are subject to the U.S. Freedom of Information Act (FOIA), which requires U.S. agencies to turn over most documents, with some exceptions, when a U.S. resident requests them.

The two groups filed an FOIA request in June, then clarified the request two weeks later. USTR did not respond after that, and in August, a lawyer for the two groups tried to reach a USTR official dealing with the FOIA request, but a voice message was not returned.

ACTA is being negotiated as an executive agreement, not a treaty, meaning it wouldn't be subject to congressional scrutiny and approval, said Art Brodsky, Public Knowledge's communications director.

"This is an unusual situation," he said. "At this point, we're trying to figure out what's going on. The other side is clearly working with USTR. USTR will have public meetings and listen to us, but won't show us what's going on."

U.S. Trade Representative Susan Schwab announced plans last October to negotiate the trade agreement. USTR posted a notice asking for public comments on ACTA in February, but the only documentation included in that request was a one-and-a-half page fact sheet.

Nevertheless, several groups filed comments about ACTA. The Business Software Alliance, a trade group representing large software vendors, said it "strongly supports USTR's efforts to address counterfeiting and piracy through a plurilateral trade agreement."

The Recording Industry Association of America (RIAA) filed comments offering suggestions for the trade agreement. Among its recommendations: Countries should allow investigators to treat piracy like organized crime, giving IP enforcement efforts additional resources used to fight organized crime. The RIAA also wants laws requiring ISPs to remove infringing materials posted by subscribers, the trade group said in its comments.

The Motion Picture Association of America also filed comments supporting ACTA and offering suggestions.

Other countries involved in the ACTA talks are Switzerland, Japan, South Korea, Singapore, Australia, New Zealand, Mexico, Jordan, Morocco, and the United Arab Emirates.

Mozilla's second alpha of Firefox 3.1 is upping the ante in the next-generation browser battle. So how do the main contenders stack up so far now? One thing's for sure, the Firefox team has taken note of Google's recent Chrome release and worked hard to make sure its offering can hold its own.

Mozilla had already claimed its 3.1 version could outperform Chrome when it comes to speed (and most independent tests show it at least tying). Now, the engineers have incorporated Chrome-initiated options such as the ability to drag and drop tabs in and out of browser windows. The second alpha release also adds support for the HTML 5 video tag, which gives Web developers expanded options for embedding video within a page. Don't forget, too, that Microsoft's new Internet Explorer 8 beta 2 -- released at the end of August and quickly eclipsed by Chrome's introduction -- is also vying for a piece of the pie.

[ See the related special report on Google's open source Chrome browser and related story "Firefox fights back." ]

Here's a breakdown of the high and lowlights of each offering and where it stands as far as a full release.

Contender #1: Google ChromeThe status: Windows beta released September 2. Mac OS X and Linux versions still under development and said to be coming soon. No indication of targeted full release date.

The good:-- Reliability. Chrome's multiprocess architecture makes a bad Web page less likely to take down the whole browser.-- Speed. Chrome loads fast and keeps your surfing superfast.-- Simplicity. Its clean design wastes no screen space.-- Searching. The Omnibox lets you type search terms or URLs into a single spot and figures out what you want.-- Privacy. Chrome offers an "Incognito" mode that lets you easily leave no footprints from where you've been.

The bad:-- Privacy. Chrome's taken a lot of heat for its monitoring and collection of user data, some of which happens before you even hit Enter.-- Security. It didn't take long for users to discover vulnerabilities in the beta browser. Several of these have already been patched.-- Reliability. Some sites and online services still don't work with Chrome.-- Consistency. Because Chrome is build on the WebKit system, it differs from the dominant platforms that most designers focus on.-- Support. Chrome doesn't yet have any add-ons or customization options available. It's yet to be seen how these, once developed, will compare to the rich options available for Firefox.

Contender #2: Firefox 3.1The status: Second alpha build released September 5. Beta expected in the next month. Full release targeted for end of 2008.

The good:-- Strong foundation. Mozilla's already built a loyal following with Firefox, and it doesn't intend on letting that go. With Firefox 3.1, you know you'll have a powerful library of add-ons and support already at your fingertips, not to mention the slew of other assets unveiled in Firefox 3.0.-- Speed. Mozilla says its still-under-development TraceMonkey JavaScript platform will leave Google's V8 in the dust. The second alpha build revs things up, too, with added support for "Web workers" -- a system that lets multiple scripts run as background processes.-- Competitive edge. Mozilla's developers have good reason to watch what Chrome is doing -- and work to match it, if not one-up it.The bad:-- Security questions. Some studies -- albeit, Microsoft-funded ones -- have suggested Firefox, with its frequent new versions, is more susceptible to threats than the other options.-- Crash potential. Unlike Chrome, Firefox does not have separate environments for each tab -- so one rogue page can still take the whole program down.-- Support. Firefox has worked hard to snag a small portion of the browser market share, and most early predictions show Chrome taking away more of its userbase than IE's.-- Google's focus on Chrome will also take away some of its previous focus on Mozilla's development efforts. Will Firefox be able to remain a key player in the browser war?

Contender #3: Internet Explorer 8The status: Second beta released August 27. Full release expected before the end of 2008.

The good:-- Support. Love it or hate it, Internet Explorer is hanging on to about three-quarters of the browsing market with its default status in all Windows machines. You know developers and designers are going to cater to it.-- Security. With Microsoft at its helm, IE hangs on to a reputation of safe and reliable browsing.-- Privacy. IE 8 was the first to offer a no-record browsing mode, branded here as InPrivate Browsing.-- Searching. IE 8's Smart Address Bar offers similar functionality to Chrome's Omnibox, letting you type in URLs or search terms and taking you to the right place.-- Added add-ons. IE 8 finally catches up to Firefox with a new "Gallery" full of third-party add-on options..

The bad:-- Speed. Independent tests have found IE 8 to be significantly slower than the alternative choices. Resources. IE 8 uses a lot of memory compared to its competitors -- a factor that could considerably slow down the rest of your system.-- Crash potential. While IE 8 does use separate processes for tabs, similar to Chrome's approach, it does not do so to the same degree still leaving room for a total meltdown.-- Competition questions. Can IE's add-ons reach the level of Firefox's? Already, some users are complaining of problems even getting them to work.

That's the lowdown on the battle's current status. Remember, all three of these programs are still early in their development, so many of the pluses and minuses could change as things move forward. One thing's for sure, though: This battle is on, it's growing fierce, and each of its contenders will do anything it can to win.

PC World is an InfoWorld affiliate.

Industry organization GSM Association (GSMA) has launched the Green Power for Mobile program, which will help operators that want to use renewable power sources, including solar, wind or sustainable biofuels, to power base stations, it announced on Thursday.

"We've had a number operators ask us informally if the GSMA could do some research in this area, and actually look at the feasibility of different energy sources, particularly in off-grid locations. They also wanted to see if we could bring some economies of scale to the operators -- electricity and energy is not their core competency," said David Pringle, spokesman at GSMA.

[ Keep up on green IT trends with InfoWorld's Sustainable IT blog and Green Tech newsletter. ]

The list of supporters includes Bharti, Mobinil, Orange, Orascom, Safaricom, Telefónica, Vodafone, and Zain.

The goal is to power 118,000 new and existing off-grid base stations in developing countries by 2012, saving up to 2.5 billion liters of diesel per year and cutting carbon emissions by up to 6.3 million tons. Up to 50 percent of new off-grid base stations in the developing world could be powered by renewable energy by that time, according to research done by the GSMA Development Fund. "These are not pie-in-the-sky figures; we have taken a very measured view of what can be done," said Pringle, and as the underlying technology improves the numbers can go up.

Currently only 1,500 base stations worldwide are powered by at least one form of renewable energy, according to the GSMA Development Fund. Challenges to date have included commercial viability, equipment availability, and lack of expertise. But as the cost of diesel goes up, environmental interest grows and operators also want to move into new areas interest is on the rise, according to Pringle.

Vodafone, for example, announced in April it plans to reduce its carbon dioxide emissions by 50 percent by 2020, and that it will help customers lessen their burden on the environment.

All mobile carriers are currently investigating how to improve energy efficiency. "The main driver is to reduce the cost of running mobile networks, but then you also get to reduce CO2 emissions as a bonus," said Gartner analyst Martin Gutberlet.

The Green Power for Mobile program will take what the GSMA Development Fund has learned working with a number of different operators using renewable energy sources and develop step-by-step instructions for others that want to do the same. "What the Development Fund produces, as a way to spread the knowledge, are replication manuals, which is a hefty document that shows what the operators need to do to reach a certain goal," said Pringle.

The GSMA Development Fund has gathered its findings at its Web site.

A hacker has released attack code that exploits an unpatched vulnerability in Apple's QuickTime,  just a week after the company updated the media player to plug nine other serious vulnerabilities, a security researcher said Wednesday.

The exploit, which was published on the milw0rm.com site Tuesday, takes advantage of a flaw in the "" parameter in QuickTime, which is not prepared to handle excessively-long strings, said Aaron Adams, a researcher with Symantec's  DeepSight threat notification network.

"Symantec is currently investigating this flaw further to determine the underlying technical details," said Adams in a research note Wednesday.

In its present form, the exploit triggers a QuickTime crash, but it may be more serious. "The exploit suggests that code execution may be possible," Adams added, "[and] if this flaw were to allow arbitrary code to run, it may pose a significant risk, because attackers may be able to exploit the issue by embedding a malicious file into a site."

The anonymous hacker who posted the attack code was just as uncertain as Symantec of the exploit's power. "Code execution may be possible," the milw0rm.com entry read.

Adams had little advice for users beyond urging them to be wary while browsing and to consider disabling the QuickTime plug-in, which is commonly found on Windows machines and installed by default on all Macs.

Last week, Apple updated QuickTime to 7.5.5 to patch nine other vulnerabilities, eight of which were tagged with the "arbitrary code execution" phrase that Apple uses to describe the most serious threats. Apple has updated the player five times since the beginning of this year, and fixed more than 30 flaws in the process.

Computerworld is an InfoWorld affiliate.

PHP (Hypertext Preprocessor) 5.3, a significant upgrade to the server-side scripting language for Web applications, is expected to be available in a beta release in October, a representative of the PHP community said on Wednesday.

Version 5.3 features improved support for Windows, said Andi Gutmans, who is participating in development of the release and is CTO at PHP tools vendor Zend Technologies. Gutmans spoke about the release during an interview at the company's ZendCon 2008 conference in Santa Clara, Calif. on Wednesday afternoon.

"The community has worked on creating a much better binary package for PHP on Windows, which includes the latest [Microsoft] compilers," to benefit performance, Gutmans said. Additionally, more recent third-party libraries are featured for running PHP applications on Windows, with support for XML, graphic manipulation, and database access.

Namespaces, a capability enabling mixing and matching of PHP code from various sources, is highlighted in 5.3. This feature enables better maintenance and reuse, Gutmans said. "It allows you to modularize your applications for better maintenance and it makes it easier to use various frameworks together," he said. Frameworks like Zend's PHP framework and PEAR (PHP Extension and Application Repository) could be leveraged, said Gutmans.

A full implementation of garbage collection, which provides more efficient use of memory, is featured in PHP 5.3 as well. With garbage collection, long-running PHP scripts will make more efficient use of memory by avoiding conditions that could lead to memory leaks, Gutmans said.

Another feature, PHP archive (phar) files, enables bundling of a PHP application into a single archive. This makes it easier to distribute and deploy a PHP application, Gutmans said. The concept is similar to the JAR (Java Archive) files used in the Java world.

Version 5.3 also offers significant performance enhancements as well a client library integrating PHP with the MySQL database. In general terms, PHP 5.2 applications should function on the PHP 5.3 runtime, according to Gutmans.

Internationalization support has been enhanced, for building of applications that can be multilingual. Specifically, the ICU (International Components for Unicode) library is being exposed. Developers can perform functions like sorting and transformations.

Although Gutmans previously estimated a late-2008 release for PHP 5.3, the release now is expected to reach the release candidate phase in the first quarter of 2009. General availability will follow.

Also at ZendCon on Wednesday, Zend offered insights on what it views as the next-generation of PHP applications. These will be easily maintained, extensible, powerful, and lucrative, said Wil Sinclair, manager of the advanced technology group at Zend.

The first generation of PHP applications was very simple and lacked testing, he said. They had layers for presentation, application control, database access, and business logic. The next generation of applications has had perhaps millions of users, is object-oriented, and is typically modular, Sinclair said.

Next-generation systems have been built on the Model View Controller framework and are unit-tested. "Now, we've got an assurance of quality, not necessarily a guarantee," Sinclair said.

PHP has entered the commercial world, he said. Sinclair presented as an example Magento, an open-source e-commerce platform built on PHP 5 on top of Zend Framework. Built by Varien, Magento has had more than 450,000 downloads and more than 170 Magento Connect extensions. The application has processed millions of dollars in transactions, according to Sinclair.

The first public beta of Magento appeared in August 2007, and the 1.0 launch was on March 31, he said.

"We definitely see Magento as a next-generation PHP application, said Roy Rubin, founder and CEO of Varien.

Meanwhile, open-source SOA vendor WSO2 leveraged ZendCon to make a play in the PHP realm. The company launched WSO2 Web Services Framework for PHP (WSF/PHP) 2.0 this week, featuring a scripting language library enabling developers to build and consume SOAP and REST Web services. Security and reliability are offered for enterprise SOA, the company said. The technology was demonstrated at ZendCon.

Data services, interoperability, and security are extended in the release. Developers also gain a framework for deploying PHP services meeting enterprise SOA standards, according to WSO2. Additionally, developers can bridge to tens of thousands of PHP Web applications and enterprise data sources, applications, and services.

Capabilities are added in four key areas with version 2.0:

* Replay detection to track whether a message is fresh or has been sent previously, thus preventing replay attacks that could lead to denial of service * WS-Trust backing to issue, renew, and validate security tokens for trusted relationships * WS-SecureConversation support to allow a series of messages to be protected by a single session key and improve efficiency of the operation * Public Key cryptography standards enablement for handling multiple client x509 certificates simultaneously

Developers can send and receive binary data as attachments using MTOM or a SOAP message with attachments. MTOM in version 2.0 has been optimized via caching. WSDL support has been expanded via tools. WSF/PHP 2.0 is available for download now.

Recent research shows IT executives worry the challenges associated with implementing and maintaining next-generation datacenter technologies such as virtualization and power consumption controls could outweigh the potential benefits.

Separate surveys found that IT executives and high-tech managers are concerned over their ability to both manage virtual operations and maintain the efficiencies virtualization deployments promise to deliver. Research results also showed that while companies seek ways to monitor and reduce power consumption in their datacenters, doing so with their current tools is challenging and limited.

"Our survey confirms that businesses are indeed challenged most by the need to effectively manage the increased complexity in today's datacenters, while at the same time keeping networks running smoothly and power consumption costs down," said Ben Grimes, Avocent CTO and vice president of corporate strategy, in a statement.

Avocent in April 2008 commissioned Actionable Research to survey nearly 300 executives and IT managers, and the company this week at VMworld shared the results. According to Avocent, 89 percent of companies polled currently use server virtualization, most of which is in production. About one-third of those indicated their companies adopted virtualization to reduce hardware costs, and another 32 percent said reducing power consumption motivated them to deploy virtual servers.

About 20 percent of respondents to Avocent's survey reported losing a virtual server location, and about one-quarter have experienced the disappearance of a virtual server from their system entirely. The findings also show that 45 percent of those polled are concerned about being able to get virtualization skills in house, with about the same amount saying getting skilled IT staff in house is among the biggest datacenter headaches today. More than 42 percent indicated that change and configuration management ranked as a top concern, with another 40 percent saying infrastructure management caused concerns. Another 44 percent worried about protecting virtual servers from failure.

When it comes to measuring power consumption, more than 80 percent find this capability valuable, and 55 percent of respondents said they measure power usage in their datacenter, primarily at the UPS level.

"Survey respondents said that energy conservation was the most difficult issue to resolve with their current tools," Avocent's report reads. "Respondents felt that managing the total costs of power was the second-most-difficult task, and many of the respondents noted that their interest and work with virtualization technology were influenced by the hope of ultimate energy savings."

Separately, EMC released at VMworld 2008 the results of a survey of 150 IT business professionals conducted on the company's behalf by the Enterprise Strategy Group. The results show that less than one-fourth of respondents feel confident in maintaining service levels in virtual environments when using existing management tools. The top three concerns for managing VMware environments were application performance monitoring, virtual security management, and mapping virtual machines to physical infrastructure, according to EMC.

"As virtualization technologies continue to be deployed in larger and more complex production environments, greater emphasis will be placed on day-to-day management needs of these environments," said Bob Laliberte, an analyst with Enterprise Strategy Group, in a statement. "Specifically the requirement for operations teams to have complete visibility of the virtual infrastructure and how that maps to the physical infrastructure will be critical."

VMware CTO Stephen Herrod drew a cheer at the VMworld conference Wednesday by announcing plans to bring the next version of VMware's VirtualCenter management software to Linux and the iPhone.

In a speech opening day two of the VMworld show in Las Vegas, Herrod also described improvements to VMware's core virtual machine technology that should allow businesses to run larger, more demanding applications on virtualized servers.

[ Special report: IT's guide to the iPhone ]

VirtualCenter Management Server, the control node for VirtualCenter, today runs only on versions of Microsoft's Windows Server OS. VCenter, an updated and renamed version planned for next year, will also be available as a "virtual appliance" that runs on Linux, Herrod said.

The company is also working to bring the VirtualCenter client, which currently runs on Windows PCs, to Linux, the Mac OS, and also devices like Apple's iPhone. Herrod showed only a slide photo of the iPhone interface, but it was enough to get him some applause.

VMware has been emphasizing application performance and availability throughout the show. "The focus for VMware is to make sure we can run any application at all, no matter how much performance it demands," Herrod said.

To that end VMware will increase the compute capacity its virtual machines can address next year to four CPUs and 64GB of RAM, from two CPUs and 4MB of RAM today. I/O throughput will increase to 9Gbps, from 300Kbps today.

IT staff will be able to put up to 64 server nodes in a virtual resource pool cluster -- the pool of computers available for use in a virtual environment.

Herrod walked through VMware's plan to deliver next year a "virtual data center OS," a set of technologies for aggregating all resources in a data center, including storage and networking, and for moving virtual machines between them more easily with their policies attached.

He demonstrated VMware Fault Tolerance, which was previewed at VMware last year and is also expected in 2009. It uses what VMware calls vLockstep technology to make a constantly updated copy of a virtual machine on a different physical server.

Herrod demonstrated the technology running a one-arm bandit application (the slot machine being endemic to Las Vegas). He showed how if the primary server goes down because someone kicks a cable or switches it off by accident, the workload switches to the remote server and the application keeps running without interruption with the same data available to it.

IBM is opening the Center for Social Software, a think tank for developing social technologies, officials said during a presentation at the Massachusetts Institute of Technology on Wednesday.

Researchers from IBM's labs in Cambridge, New York, San Jose, Haifa, Tokyo, and Beijing, as well as officials from various business units, may do stints there, IBM said.

[ Discover the top-rated IT products as rated by the InfoWorld Test Center. ]

The global scope will allow the company to pull various cultural perspectives into the development of social software, said Irene Greif, IBM Fellow and center director.

IBM is also planning outreach to local universities, internship programs, and "corporate residencies," where private companies can send development teams to work alongside IBM scientists on social-software projects.

"What people will be able to take home from this is IP... tailored applications and vision pieces," Greif said.

Thomson Reuters' health-care division, which does contract research for governments, private foundations and the pharmaceutical industry, is one of the initial companies planning to take part, said William D. Marder, senior vice president and general manager of the division.

Marder's group analyzes administrative data generated by the health-care industry and generates visualizations from it, providing clients with insights that might not be easily obtained from a large set of raw data, he said.

"The problem is that physicians really treat patients one at a time," he said. "The challenge with that is seeing what's happened over time."

Thomson Reuters hasn't applied social networking to its research yet, but hopes to find out how by working with the new center, he said.

One possibility would see regional initiatives around the country, where data from various sources would be pooled together for common use. "We're I'm thinking we're going to go with this is to build a database, built tools on top of it, and provide views for multiple physicians in the area," he said.

In addition, the general social-networking model lends itself to the health-care culture, since physicians are already "part of a social network of professional peers," he said.

Hewlett-Packard is getting ready to launch the ExDS storage system, which will use up to 820 1TB drives for file-based storage, packaged in two 42U cabinets.

The system is an online content repository that comes in the shape of an appliance, according to Jim Haberkorn, whose job description as a director at HP's StorageWorks division includes hyping the system to potential customers.

[ Get the latest on storage developments with InfoWorld's Storage Adviser blog and Storage Report newsletter. ]

"We first designed the product specifically for streaming media and for static media. We've got a company called Snapfish, and they have over 5 billion online images. We were kind of thinking of them when we designed it, and it wouldn't take much to go from static to streaming media, and it actually works really well for that," Haberkorn said.

But as HP has started to show the ExDS to potential customers, more ways of using it have come to light, including oil and gas companies that want to use it for seismic research. But in the end, many industries are thinking of ways to handle fast data growth.

Most likely companies that are interested in the new system have already looked at their old kind of storage, but have found it too expensive, that it takes up too much space or uses too much power for what they want to do, according to Haberkorn.

"Maybe they want to start an online backup service or start saving their customer's videos, or their snapshots themselves -- traditional storage doesn't allow them to reach the right economies in order to make that viable," Haberkorn said.

The system will cost less than $2 per gigabyte or $2,000 per terabyte. "That includes everything, so it includes the software, the hardware, the infrastructure, the cabinets, all the installation and all the services," Haberkorn said.

HP has tried to make it as easy as possible to manage. "We can install this in hours, and the customers can then install the storage and the compute power themselves," he said.

To keep costs down, HP's storage division has taken advantage of what already exists at HP, instead of starting from scratch. The system uses HP blade servers, and the drives are of course their own. "The hardware was the easiest thing to solve," Haberkorn said.

Both the number of blade servers and the number of drives can be scaled independently, depending on how much performance and storage are needed.

The model for building these kinds of storage systems is Google. By and large, how the search giant has managed to grow its infrastructure remains a closely guarded secret, according Haberkorn, but he is convinced ExDS can deliver better performance than Google's in-house system. "We, for example, get double the density, they get 6TB per U, we believe, and we get 12TB," said Haberkorn.

Haberkorn doesn't want to specify a launch date for the ExDS, other than saying it will be out later this year.

VMware CEO Paul Maritz said the company has considered open sourcing its hypervisor and supporting virtualization tools made by competitors, but didn't give any indication about if or when those changes will be implemented.

"We have thought about whether we want to open source ESX," Maritz said Tuesday during a public Q&A session at VMworld in Las Vegas. (See a slideshow of virtualization tools.) 

[ Track the latest trends in open source with InfoWorld's Open Sources blog. ]

Maritz, who recently took over the CEO role previously held by VMware co-founder Diane Greene, noted that he has already decided to offer VMware's basic hypervisor for free. He expressed admiration for how the open source model encourages participation by anyone regardless of where they are located, but he didn't say whether VMware will actually open source ESX.

Maritz also addressed questions about whether VMware should support multiple hypervisors, as some customers want to use virtualization technology from more than one vendor.

Microsoft System Center is capable of managing both Microsoft's own Hyper-V technology and VMware virtual servers, but as of today VMware only manages its own virtualization products.

Maritz said VMware often gets asked whether it will support other hypervisors, such as the open source Xen software.

"At this point in time, we don't support hypervisors other than our own, but it is something we look at," Maritz said. "As soon as we've got our framework in full execution we'll come back and look at that question."

Maritz, a former Microsoft executive, said VMware is entering a new phase because of competition from vendors such as Microsoft.

"Clearly we have competitive challenges," Maritz said. VMware "has been the huge beneficiary of essentially being the only game in town."

Maritz said it will "take a while" for Microsoft to build up its own virtualization technology but that it still presents a threat to VMware.

"We can never count [Microsoft] out," he said. "They have a lot of resources. We can't rest on our laurels."

Network World is an InfoWorld affiliate.

Just 10 months after Google first announced the creation of its Android open source mobile phone platform, T-Mobile will unveil the world's first Android-powered phone next week.

The phone, which is widely expected to be called the HTC Dream, will get its first airing during a press conference on Sept. 23 in New York City. T-Mobile says that the event will include presentations from Google and T-Mobile and will give attendees the opportunity to conduct a hands-on product demonstration. While T-Mobile will be the first carrier to offer an Android phone, carriers such as Sprint Nextel and Verizon have also signed on to support Android devices in the near future.

[ Special report: Google Android: Invader from beyond ]

Although the phone will be the first official Anrdoid-powered device to hit the market, Google has been giving live demonstrations of the Android operating system in action on an unknown mobile device.

Android is a Linux-based open platform for mobile devices that includes an operating system, middleware, and some key mobile applications. The idea behind the platform, Google says, is to spur innovation in developing mobile applications that will give users the same experience surfing the Web on their phone as they have on their desktop computers.

Because Android is an open source platform, it will let users connect to any network they choose, and will also let them add whatever applications they want. To encourage application development, Google announced last year that it would give $10 million worth in prizes to software development companies to develop innovative and useful applications for the platform. The application contest winners, which Google announced late last month, help users do everything from calling their nearest taxi cabs to comparing sale prices at different stores to calculating their carbon footprint.

Network World is an InfoWorld affiliate.

For companies trying to grow their global operations, supply chain demands and risks make it an uphill battle. The majority of organizations are fumbling along the way, according to a new report from research firm Aberdeen Group.

Boston-based Aberdeen surveyed 138 companies about their supply chain risk management practices and priorities and found that over the past year 58 percent of companies suffered financial losses as a result of supply chain disruptions. And despite their concern about the security and smooth operation of their supply chains, many companies are still at the early stages of thinking about supply chain risk management.

[ Keep up on the latest tech news headlines at InfoWorld News, or subscribe to the Today's Headlines newsletter. ]

"Companies are just now catching onto fully understanding the tradeoff of having a global business," said Viktoriya Sadlovska, a research analyst in the Global Trade Management/ Supply Chain Finance group at Aberdeen. "Because of changes over the last few years, like product quality issues and customer demands, there needs to be an understanding that companies need to be much more proactive in managing all risks if they want to keep reaping the benefits of being a global company."

More than a third of companies polled reported unexpected customer demands and shipment demands in the last year. Other supply chain disruptions commonly seen were supplier capacity that did not meet demand, and delayed, damaged, or misdirected shipments.

"Companies need to be managing business planning and continuously monitoring the risk of customers demand changes," said Sadlovska. "They need to adapt their own manufacturing processes for the need that is out there. They have to be in touch with the market and make sure their business is going in direction demands are taking it."

Most of the businesses surveyed still have a long way to go in figuring out solutions for potential problems, according to the report. The study investigated current activities across various supply chain risks and revealed that less than one-third of companies are actively managing each individual risk. Areas included import and export compliance risks, raw material shortages and price risks, demand fluctuations, product quality associated risks, financial risk (e.g. critical shortage of working capital to support operations), risk profile of suppliers and customers, currency volatility, non-environmental catastrophic events (damaged equipment, fire, infrastructure collapse), logistics capacity and congestion, supply chain security, and environmental disasters.

"It was striking to me that in each of those categories less than a third of companies actively said they were managing those risks," said Sadlovska.

While many of the findings highlight business risk for companies, Sadlovska said security risks are a major issue on the minds of corporations as well.

"From a CSO point of view, cargo security is one part of risk. Then you also have trade compliance risks on the border side. Companies really have to make sure, for instance if they are in a sensitive technology space, they aren't exporting certain technologies. Or if they are importing, they have to make sure not importing from restricted, embargoed countries," she said. "It's hard for trade compliance professionals to make a case in this instance because it's hard to make a case on avoidance of potential penalties."

CSO is an InfoWorld affiliate.

India has been portrayed as a beehive of innovation, where engineers at Indian subsidiaries of global technology companies design sophisticated new products for global markets.

The reality is quite different, as most companies do mainly product maintenance and testing, and development of small components of products in India, according to Sudin Apte, an analyst at Forrester Research, and Vinay Deshpande, a developer of the Simputer, a handheld computer designed in India. Their sentiments are shared by a range of others in IT in India.

[ Discover the top-rated IT products as rated by the InfoWorld Test Center. ]

"The situation is a lot better than it was some years ago, but most Indian operations of multinational companies are still far away from defining and architecting products," Deshpande said.

A lot of the product innovation in the country is coming from small and medium-size Indian companies, he added.

Multinational technology companies typically claim in their advertisements and press announcements that they are doing innovative product development in India. That image helps companies attract employees, said an executive of the Indian subsidiary of a technology company, under condition of anonymity.

Most technology product firms, however, still see India only as a "limitless source of bulk staffing," Forrester said in a report.

Multinational technology companies are setting up offshore development operations in India, mainly to take advantage of the lower cost of staff in India, and the availability of talent, Apte said. But innovation, which he describes as thinking out a product or having ownership of a product, does not happen at the Indian subsidiaries, he added.

Respondents to a Forrester survey of development centers in India of multinational technology firms cited availability of talent, and low cost of staff as the main considerations for having their centers in India.

"We do not think out new products or architect products in India," said a software engineer at a multinational vendor of banking software in Bangalore, who requested anonymity. "We get to do the coding for new products, and are mainly involved in maintenance or making improvements to legacy products," he added.

When technology companies have outsourced to Indian companies, they have usually contracted for staff on a " time and materials" basis, which reflects the kind of work that is getting done in India, Apte said.

There are some exceptions, however. Intel, for example, announced on Monday that its new Xeon 7400 series of server chips were designed in India.

Companies like Intel and Texas Instruments have started creating and developing products in India, but such companies are still few, Deshpande said.

In the long term, more subsidiaries of multinational technology companies will do full product design in India, rather than support product development teams elsewhere in the world, Deshpande said. Having tried Indian staff on support work with good results, some of these companies are taking the risk of doing product development as well in India, he said.

Companies having development centers in India will benefit if they start focusing on product innovation, Apte said. Indian outsourcers will also have to focus more on their capability to deliver product innovation, rather than promote their companies as mere low-cost service providers, Apte said.

In Part 1 of this series, I looked at the mechanisms available to IT staffers to activate, deploy and configure iPhones in business environments. But the biggest new business-oriented feature available on the iPhone, thanks to the iPhone 2.x firmware (included with the iPhone 3G and available for free to users of first-generation iPhones or for $9.95 for iPod Touch users), is the addition of ActiveSync for accessing Microsoft Exchange.

ActiveSync allows for automatic over-the-air push updates of new e-mails, calendar events and personal contacts to the iPhone (functionality that was already available to Windows Mobile, Palm and Symbian devices). ActiveSync also lets iPhone owners search a company's Global Address List (GAL) using the included Contacts application, and allows administrators to enforce some security policies on the iPhone, including the ability to remotely wipe the contents of a phone that is lost or stolen.

[ Read Tom Yager's review of the iPhone 3G and its over-the-air capabilities. | See InfoWorld's guide on how to make the new iPhone work in your business. ]

But getting iPhones to connect and sync with Exchange servers can be tricky. In this story, I'll provide tips for integrating and managing iPhones in an Exchange environment. (Part 3 of this series, which will be posted in the next month, will cover the options for developing and deploying in-house iPhone applications.)

How ActiveSync worksUnlike push services for BlackBerry devices, which rely on an intermediate server (RIM's BlackBerry Enterprise Server) that receives update notifications from an e-mail server and then provides push notification to remote devices, ActiveSync maintains a connection directly to an Exchange server. For those new to working with over-the-air syncing via direct push in Exchange, the following is a brief introduction. Understanding the basic concept can help in both planning and troubleshooting iPhone access to Exchange.

Direct push between an Exchange server and remote client devices relies on a persistent connection between the server and the device. When the device is powered on or configured, it sends an HTTP/HTTPS request (known as a ping request) to the server to establish the connection.

The ping request identifies the device and the user as well as the Exchange folders that the device will monitor. (The iPhone supports monitoring of Inbox, Calendar and Contacts, but unlike other devices that implement ActiveSync, it does not support monitoring of Tasks at this time.) Additionally, the request identifies a time limit for the connection -- also known as a heartbeat interval.

Upon receipt of the client request, the Exchange server monitors the specified folders until changes occur or until the heartbeat interval is reached. If the server detects changes to a folder being monitored (e.g., incoming e-mail or a new calendar item), it responds to the ping request by identifying the folder(s) that has been updated, which causes the client to issue a sync request for those folders (and thus update appropriately and alert the user if the update contains new e-mail).

If the server doesn't detect changes within the heartbeat interval, it responds to the ping request with an HTTP 200 OK message, which causes the client to generate a new ping request. A new ping request is also generated following a successful sync.

The heartbeat interval is dynamically determined by the client device, such as an iPhone or Windows Mobile phone. ActiveSync clients maintain a log of interactions with the server and choose intervals that allow for persistent connections with the longest possible network timeout (the time at which the mobile carrier and/or any network devices between the client and the server will drop the connection).

By using the longest possible heartbeat interval, the client can maintain persistent open connections (those which the client has initiated but the server has not yet responded to) between the client and server without requiring active use of the connection and thus conserving battery life on the device.

Understanding Exchange requirementsAs anyone who has administered Exchange knows, there are a number of variables and options in determining the best configuration for an Exchange environment. Factors such as firewall and proxy server configurations, internal and external DNS, the optional use of front-end and back-end servers, the Active Directory forest and domain topologies, and the versions of Exchange and Windows Server used all impact the ultimate design of an Exchange environment.

Other major factors include the use of SSL, whether self-signed certificates or a certificate authority are used (and how they're implemented), which authentication options are used, and which virtual directories on the Exchange server are secured.

In many cases, the variations among unique Exchange environments don't have a huge impact on clients. However, the iPhone is not a particularly forgiving Exchange client, it seems. There are numerous threads on Apple's discussion forums about issues preventing successful communication or sync between the iPhone and Exchange servers. In some cases, administrators report problems trying to integrate iPhones even in environments that already include other ActiveSync mobile devices such as Windows Mobile phones.

Although some admins have pointed fingers at Apple, saying that the company has created a buggy implementation of ActiveSync, the problems in many cases appear to relate to overall network and Exchange environment configuration, or environments that don't meet the specific requirements that Apple has listed for the iPhone. Apple also seems to have designed its ActiveSync implementation to require rather strict adherence to Microsoft's guidelines for mobile device support. (Links to guidelines, documentation, and other resources from Microsoft and Apple are included at the end of this article.)

Unfortunately, Apple's documentation contains very limited details about those guidelines, which means a very solid understanding of and experience with Exchange and its support for mobile devices is a must. Before trying to add iPhones to your network, do your homework and ensure that your Exchange environment meets Apple's stated requirements as well as Microsoft's recommendations for supporting mobile devices via ActiveSync, particularly if you have not worked with mobile device support before. I've included some valuable resources, along with some advice to help avoid commonly reported problems, at the end of this article.

It is also important to ensure that your environment is running either Exchange 2003 SP2 or Exchange 2007 SP1 or newer. Apple has specifically listed these as requirements, and the iPhone will not function properly, if at all, with earlier versions.

If you are working with Exchange 2003, you will need to download and install the Exchange ActiveSync Mobile Administration Web Tool. The Mobile Administration Web Tool can be used with Exchange 2007 as well, though it's not required; Exchange 2007 has a built-in Exchange Management Console. You might opt to use the Mobile Administration Web Tool if you want to give nonadministrators (such as helpdesk staff) remote wipe or other administration capabilities without giving them full access to the Exchange Management Console.

Managing users' mobile accessFrom an administrator's perspective, managing access and policies for iPhone users is largely the same as managing access for any other mobile device. Exchange direct push and ActiveSync are enabled by default for all users, meaning that unless you have explicitly changed things, all iPhone users with existing accounts should be able to access their accounts without requiring per-user configuration. (If you rely on iPhone configuration profiles, you should also be able to deploy iPhones to users so that they only need to enter their Exchange username and password -- see Part 1 of this series for details.)

If you are running Exchange 2007, the iPhone also supports Exchange Autodiscovery based on a user's e-mail address.

As with other devices, you can adjust the organizationwide policies or user-specific policies to grant or deny mobile device access. Once a user has configured an iPhone with his Exchange account information and connected to Exchange, you will be able to use either the Exchange ActiveSync Mobile Administration Web Tool or the Exchange Management Console to view additional information about the device, including the last time the iPhone was synced with Exchange, the last time Exchange policies were updated on the iPhone, and the time of the last ping request. You can also use these tools to initiate a remote wipe of a lost or stolen device and view the status of a remote wipe request.

Configuring passcode policiesThe only Exchange policies (other than allowing users to access their accounts from mobile devices) that you can enable for the iPhone via Exchange are passcode policies. You can require users to create a passcode that must be entered to unlock the iPhone, specify a minimum passcode length, require an alphanumeric passcode, and specify a period of inactivity after which the iPhone locks automatically.

Apple's iPhone configuration profiles include the same options plus some stricter ones, such as the number off passcode attempts before the iPhone must be resynced with iTunes to re-establish access. Passcode policies configured via Exchange are automatically pushed to the device over the air and enforced as long as the iPhone is associated with an Exchange account. (IPhone configuration profiles, on the other hand, must be e-mailed or hosted on a Web server, and users must choose to install them and can delete them at any time.) If both a configuration profile and Exchange passcode policy are in place on an iPhone, the strictest options will be enforced.

Remote wipeThe ability to remotely wipe confidential data from a smart phone is one of the most important features in a business device. In the event that an iPhone associated with an Exchange account is lost or stolen, administrators can remotely wipe it from within the Exchange ActiveSync Mobile Administration Web Tool or the Exchange Management Console. If Outlook Web Access is enabled, as it is in most environments, users can also initiate a remote wipe of an iPhone using the mobile device management features available in Outlook Web Access.

When a remote wipe command is issued, the iPhone will revert to an Apple-logo screen and remove all user data and settings. This includes user account information (both Exchange accounts and other e-mail accounts) and associated e-mails, contacts and calendar items. It also includes all media (music, photos and videos), applications and Web browser bookmarks.

Because a remote wipe of an entire iPhone may take considerable time and battery power, an iPhone may power down before completely erasing if its battery becomes depleted. If this happens, the iPhone will continue erasing data when (or if) it is connected to a power supply. Once an iPhone has been wiped, it will need to be activated in iTunes again before use. To ensure successful future use, you may need to remove any residual association between the phone and a user in Exchange if the phone is recovered and reactivated within your network.

Connecting the iPhone to ExchangeAssociating an iPhone with an Exchange account is designed to be a relatively simple process. As indicated by Apple's instructions, users simply need to create a new e-mail account on the iPhone, select Exchange as the account type and enter their account information (e-mail address, server address, username and password, and an optional account description). You can also automatically configure either all or just the server-specific components of these settings using configuration profiles.

Apple does not take a firm stand on whether or not the username should be entered in domain\username format or with only the username (omitting the domain), but in most environments domain\username is required. Typically, this depends on the default domain option for an Exchange environment (as well as whether or not the environment exists in a multidomain network), but in some situations, the full domain name may be needed even if the default doesn't use it. It's wise to test with an iPhone before developing instructions for users or support staff.

The iPhone prefers connections that encrypt all communication using SSL. If it cannot establish an SSL connection to the server (or in some environments to a Windows ISA Server), it is designed to attempt to connect without using SSL. Ideally, you should configure an environment that requires SSL.

If you are using SSL, you will also need to ensure that any certificates used to sign communications are installed on the iPhone. The iPhone ships with root certificates for a number of common certificate authorities. If you use certificates signed by these authorities or certificates that build an effective chain of trust, you will not likely need to install additional certificates on the iPhone. If you choose to use self-signed certificates or are relying on certificates signed by a certificate authority other than one available via the installed root certificates, you can use a configuration profile to install the certificates on each iPhone that will access your environment.

Once an iPhone is associated with an Exchange account, users will be prompted to enter a passcode that conforms to any policies established in Exchange. They will also have the option of choosing which types of data to sync -- Mail (Inbox), Calendar and/or Contacts. Once the iPhone has established a connection to Exchange, it should initiate a first sync (for performance issues, you may wish to have users establish their initial connection using Wi-Fi within your network). By default, the iPhone will sync only three days' worth of Mail items, though this can be changed using the Settings application on each iPhone.

Note: An iPhone can be associated with and sync to only one Exchange account.

iPhone ActiveSync feature limitationsAlthough Apple has implemented a number of Exchange functions on the iPhone, it has not included all the features found in Outlook or on Windows Mobile devices. As mentioned earlier, the iPhone will sync a user's Inbox, calendar items, and personal contacts using direct push and ActiveSync. It will not sync tasks created in Outlook, provide management of personal or public folders available in Outlook, support the opening of links to Microsoft SharePoint server sites, let users set out-of-office autoreplies, create meeting invitations using the Calendar application, or support flagging of messages (such as for later follow-up).

It is also worth noting that at this point, direct push notification and sync occur for new e-mails only if they are delivered to a user's in-box. If users create filtering rules in Outlook that filter incoming mail into other mailboxes, the iPhone will not receive push notification of their delivery (though opening the mailbox in the iPhone's Mail application will cause it to be synced manually) because only the in-box is monitored. As a result, users should either remove such rules or configure them to be run manually when they are at their computer.

Common problemsAs I mentioned earlier, the iPhone can be a rather picky device when it comes to getting it working with Exchange. The following is a list of common issues that prevent the iPhone from being able to reliably access or sync Exchange accounts. This isn't a complete list of all known problems, but being aware of the most likely problems and their causes should help ensure a smoother iPhone implementation.

CertificatesOne potential cause for problems with iPhone/Exchange access is certificate management and SSL. As noted earlier, the iPhone prefers SSL and will attempt to connect to Exchange using SSL during setup as well as when sending ping requests. Microsoft suggests using SSL for all mobile devices with Exchange (which relies largely on HTTP/HTTPs as a communications protocol) because it ensures that casual sniffing of packets will not easily identify ping or sync requests for Exchange.

If you are using SSL, however, it is important that the certificate being used to sign communications is either installed on the iPhone or is signed by a certificate authority trusted by the iPhone. If a certificate cannot be verified, users will receive alerts to that affect when attempting to configure access to an Exchange account and when accessing the account. The inability to verify a certificate may also lead to additional connection and sync problems. Although disabling the use of SSL might appear to be one solution, it raises serious security concerns, particularly if users are connecting via unsecured Wi-Fi networks (which there is no feasible way to prevent).

Internal and external DNSOne of the challenges that the iPhone presents is that it can connect to network resources using a variety of mechanisms: a carrier's mobile network, a Wi-Fi network within your organization, or external Wi-Fi hot spots or home networks. Depending on how DNS and namespaces are implemented in your network, DNS lookups for the name of your Exchange server(s) may return different IP addresses when iPhone users are connected to an internal Wi-Fi network and when they attempt to connect from external Wi-Fi networks or via a carrier's mobile network. (This doesn't typically present a problem for mobile devices that rely solely on a carrier's network, since they will rely on external DNS servers for lookups and thus always receive IP addresses.)

This can result in situations where users can interact with Exchange while at work but not at other times. To avoid this problem, you can either use a VPN configuration on the iPhone or ensure that the DNS records accessed from the iPhone routinely receive an external IP address for your Exchange server(s).This may require review of your Exchange configuration as well as your overall network planning and perimeter devices (firewalls, ISA servers, etc.).

Needed ports and front-end/back-end server configurationExchange communication requires configuration of appropriate ports for computers and devices that are outside your network. You should ensure that you have configured ports to allow traffic and to forward that traffic to the appropriate server(s). As an additional layer of security when configuring mobile device access, Microsoft recommends using Windows ISA Server and Exchange front-end and back-end servers (in which devices outside your network communicate only with the front-end server and not directly with the server that processes internal transactions). Refer to the Microsoft documentation listed at the end of this article for additional details on all of these configuration variables.

You will also need to verify that all network devices, such as routers, firewalls and other security appliances, that will process communication between your Exchange servers and iPhones outside your network are configured with timeout limitations that will not interfere with the heartbeat interval used for direct push. Using too-short timeouts for network communication devices could result in overall notification and sync failures for mobile devices, including the iPhone.

Forms-based authentication, SSL and single-server environmentsEnvironments where Exchange is configured using a single server (as opposed to a front-end/back-end server configuration) can present their own challenges. As documented by Microsoft (along with details of the cause and potential resolutions), such environments will not properly support mobile device access if SSL is used to secure the related virtual directories used by Exchange and forms-based authentication is enabled.

Similarly, forms-based authentication can require additional configuration in any Exchange environment in relation to virtual directories, SSL and the use of a default domain. These issues can be resolved by implementing a front-end/back-end environment or by creating a secondary virtual directory for Exchange and adjusting the server's Windows registry to point to it.

Virtual directory permissionsExchange relies on virtual directories in IIS for several pieces of functionality, including the implementation of Outlook Web Access, Outlook Mobile Access (a variation of OWA intended for mobile browsers) and ActiveSync with mobile devices. Altering the permissions or security properties of these virtual directories can result in problems or failures for accessing Exchange services from the iPhone.

Case sensitivity in e-mail addressesTypically, usernames in e-mail addresses are not case sensitive, but they are case sensitive when configuring an Exchange account on the iPhone. As a result, if the e-mail address entered as part of an Exchange account has case differences from the way the address is entered in the Exchange Global Address List, users will receive calendar events as if they were event invitations to which they need to respond. This can be avoided by ensuring that the GAL entry and the e-mail address entered on the iPhone match in their use of upper/lowercase lettering.

The iPhone 2.1 update and ExchangeApple's 2.1 firmware update for the iPhone -- released on Sept. 12 -- included a wide range of bug fixes, security updates, and improvements for overall performance and reliability with 3G networks. It has also generated its own series of ActiveSync issues for some users. The problems seem to occur only on iPhones running the earlier iPhone 2.0.x firmware that were configured and able to successfully communicate with Exchange before the update.

Following the update, some users reported being unable to access items on the Exchange server with a "connection to the server failed" error message being displayed when trying to access Exchange items stored on the server. Over-the-air syncing also may be affected. Detailed reports of problems can be found in a thread on Apple's discussion forums.

While the problems appear to affect a number of users, it's not universal and some of the posters to the forum reported no issues after the update. Although the exact cause isn't clear from the information available so far, there do seem to be a couple of consistent points. First, problems seem to occur when an iPhone with an existing Exchange configuration is updated. Restoring rather than upgrading the firmware may be one way to avoid the problem.

Even some of those experiencing a problem have found that performing a restore operation and activating the restored phone as a new iPhone in iTunes -- rather than restoring settings from a backup of the iPhone made prior to the restore -- resolves problems completely. Note that this will require configuring the Exchange account on the iPhone again. Some users have also suggested that a full restore may not always be required and that simply resetting the iPhone can be effective. To reset the iPhone, power it off by holding the sleep button down until the Slide to Power Off display appears, then restart it.

Another tip noted by several users is that adjusting the use of the domain in a username for an Exchange account (adding it if it wasn't there originally or removing it if was) may help resolve the situation. Why the update would have changed the iPhone's behavior in this area compared to previous firmware versions isn't clear, but multiple users have reported this as a workable solution.

ResourcesThe following are additional resources that you should review if you are planning to implement the iPhone in an Exchange environment or if you are trying to resolve problems with iPhone access to Exchange. Many of these resources are mobile device guidelines from Microsoft; also included are resources from Apple and relevant discussion threads from Apple's iPhone in the Enterprise forums.

As I noted earlier, a full understanding of and experience with Exchange will go a long way toward making the integration of the iPhone as seamless as possible, and I strongly suggest reviewing all these resources before beginning such an integration. Smaller organizations or less-experienced Exchange administrators may also want to consider hiring a consultant who specializes in Exchange to ensure optimal configuration.

Microsoft's Exchange 2003 mobile device documentation

Microsoft's step-by-step guide to mobile device deployment with Exchange 2003 SP2 (solid and helpful, although it only specifically references Windows Mobile devices)

Microsoft's Exchange 2007 mobile device documentation

Microsoft's guide to deploying mobile devices using Exchange 2007 (again, very helpful but specifically geared toward working with Windows Mobile devices)

Microsoft Exchange Team Blog: iPhone 2.0, Welcome to Exchange!

The iPhone blog: Walkthrough: Exchange ActiveSync On Your iPhone 2.0

Apple's iPhone and iPod touch Enterprise Deployment Guide (download PDF)

Apple's iPhone enterprise support site

Apple's iPhone in the Enterprise discussion forum

Apple knowledge base articles: Setting up a corporate email server for iPhone and iPod touchiPhone 2.0 software: Exchange ActiveSync email attachments do not downloadiPhone and iPod touch: Very large Exchange attachments can cause Mail to quitiPhone 2.0 software: Troubleshooting iPhone or iPod touch Exchange ActiveSync "Push" issues

Ryan Faas is a frequent Computerworld contributor specializing in Mac and multiplatform network issues. You can find more information about him at RyanFaas.com. Computerworld is an InfoWorld affiliate.

Movie star Brad Pitt has shoved Paris Hilton off the top of a list neither will have coveted being on. A fan entering Pitt's name in a search engine now has a startling one in five chance of finding a malware-hosting site instead, says McAfee.

Pitt is top of the fake Web site malware league, just ahead of a collection of pop and film stars that reads (in descending order) Beyonce, Justin Timberlake, Heidi Montag, Mariah Carey, Jessica Alba, Lindsay Lohan, Cameron Diaz, George Clooney, and Angelina Jolie.

[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

Hilton no longer even makes the fake Web top ten, but can perhaps take some solace from her continued popularity with spammers.

If you're never heard of some of these people then it's a fair bet that you are not the intended target of a technique that has been for some years one of the commonest ways to infect a PC. But still it persists, driven by an apparently insatiable appetite among some Internet users for computer screensavers, wallpaper, ring tones and star pictures, at whatever risk to themselves.

"Cybercriminals employ numerous methods, yet one of the simplest but most effective way is to trick consumers into infecting themselves by capitalizing on Americans' interest in celebrity gossip," commented McAfee's Jeff Green. "Tapping into current events, pop culture or commonly browsed sites is an easy way to achieve this."

Reading the latest statistics, it's hard to avoid the conclusion that malware writers think that the celebrity-obsessed are as recklessly naive as they are star-struck. Most malware-infection techniques have shown some evolution over the last two years, but the fake Web sites ploy just goes on and on.

In fact, a deeper problem is the way users interact with search engines, as was pointed out by McAfee itself only a year ago. McAfee's motives for publicizing the issue aren't entirely neutral -- at least one search engine, Yahoo, recently took up using McAfee's SiteAdvisor tool to filter the Web sites it returns in search boxes.

And for those users who only visit legitimate Web sites they know about, there is also bad news. The biggest hack trend of the last year has been compromising perfectly legitimate Web sites to serve malware -- witness this week's large attack on the Web site of BusinessWeek magazine. For Internet users there is no easy escape, only the awareness of the growing number of pitfalls.

Techworld is an InfoWorld affiliate.

Samsung's $5.85 billion offer for flash memory chip developer SanDisk will probably be rejected by government regulators fearful such a tie up would harm competition, analysts said Tuesday.

With such an acquisition, Samsung would likely gain control of the majority of the global supply of NAND flash memory chips and could squelch potent rivals, said Jim Handy, memory chip analyst at researcher Objective Analysis.

[ Your source for the latest in government IT news and issues: Subscribe to InfoWorld's Government IT newsletter. ]

Apple and other major buyers of NAND flash memory would likely find their price negotiating power "severely constrained" if Samsung and SanDisk combine, he added.

Cheng Ming-kai, chip analyst at CLSA Asia-Pacific Markets, said a Samsung/SanDisk alliance would likely be viewed as uncompetitive by the U.S. Justice Department, based on measures the regulator uses to determine market competitiveness.

iPod and iPhone lovers could feel the brunt of any increase in NAND flash memory prices caused by the acquisition because the chips are at the heart of those devices as well as other digital music players and digital cameras, storing songs and other data.

For example, the 16GB iPod Nano, at $199, costs $50 more than the 8GB Nano ($149), according to Apple's Web site, and the only difference between the two devices is the amount of NAND flash memory inside. Similarly, the 16GB version of Apple's iPhone 3G costs $299 while the 8GB version is $199, and the main difference is the amount of NAND flash memory.

Last year, Samsung and SanDisk together supplied nearly 50 percent of the world's NAND flash memory chips, Handy said, measured in either dollars or gigabytes.

"Objective Analysis is very doubtful that the government would allow such an acquisition to proceed, even in todays dire market," Handy said.

Samsung, already the world's largest producer of NAND flash memory chips, could also increase its production at the expense of SanDisk's current manufacturing partner, Toshiba.

Toshiba and SanDisk have co-invested in NAND flash production lines in Japan and share chip output for their products. It's unclear what would happen to Toshiba in a Samsung deal for SanDisk, but Handy speculates that the Japanese company may be pushed aside as Samsung produces all the chips needed for a combined Samsung/SanDisk on its own.

Toshiba representatives declined to immediately comment on Samsung's offer for SanDisk.

CLSA's Cheng said Toshiba will likely see how Samsung's offer for SanDisk unfolds before making any comments.

SanDisk has already rejected the offer as too low.

Samsung first approached SanDisk about a deal in May, and indicated it might be willing to pay a "significant premium to the SanDisk $28.75 per share closing price on May 22, 2008," SanDisk said in a statement.

The $26 per share offer Samsung made on Tuesday is lower than the May indication and 55 percent below SanDisk's 52-week stock market high. SanDisk shares ended regular trading Tuesday at $15.04 on the NASDAQ, up 4.4 percent on talk of an offer from Samsung and a possible rival bid from Toshiba.

SanDisk shares soared after Samsung made its bid public, rising $7.89, or 52.5 percent, in aftermarket trading to $22.93 per share.

VMware customers are getting a bit more freedom in the way they can transfer virtual machines from one Intel-based server to another, but they shouldn't hold their breath waiting for a bridge between Intel and AMD-based systems, an Intel executive said Tuesday.

With its line of Xeon 7400 processors released this week, Intel is enabling customers using VMware's vMotion technology to move virtual machines between two servers even when they are based on different families of Intel chips.

[ Stay up to date on the latest virtualization developments with InfoWorld's Virtualization Report blog and newsletter. ]

VMotion is VMware's technology for moving running virtual machines onto a different physical server. It's used by some customers for load balancing or for building fault tolerance into applications.

Before the 7400 series, formerly known as Dunnington, the two servers had to use the same family of Intel chips for vMotion to work, said Doug Fisher, vice president with Intel's Software Solutions group, at the VMworld conference in Las Vegas. With the 7400 and future chip families, that restriction is lifted.

VMware CEO Paul Maritz mentioned the development in his speech at the start of VMworld Tuesday. "Now you'll be able to buy hardware essentially independent of your vMotion strategy," he said.

The compatibility goes back only to the previous processor family, the 7300 "Tigerton" series, and will extend to the next generation, known as Nehalem. "We'll always give at least three generations of compatibility," Fisher said.

Intel made a big deal about the news, but AMD said its Opteron processors have had a similar capability for years. AMD doesn't change the microarchitecture of its processors as frequently as Intel, so compatibility between different Opteron lines is not an issue, said Margaret Lewis, AMD director of commercial solutions.

Customers looking to move virtual workloads between AMD- and Intel-based servers are out of luck, however, at least for the foreseeable future, according to Fisher.

"It's not going to happen," he said on the sidelines after his speech. The companies' chip architectures, while both x86, are too different and change too frequently to be made compatible. "We'd have to slow the pace of innovation to make it happen," he said.

Lewis suggested it was only Intel, not AMD, that changes its architecture frequently. "We'd need to sit down with Intel and VMware and discuss how to make it happen, and we would welcome that discussion," she said.

AMD would stand to gain the most from such compatibility, since it would give companies one less reason to buy Intel-based servers.

Dunnington is a six-core processor with a larger, 16MB Level 3 cache to boost performance. VMware CTO Steve Herrod said VMware will keep its per-socket pricing the same for Dunnington, "so customers can get more virtual machines per processor" without paying more in licenses.

It was one of several ways Fisher said Intel is working with silicon to usher in a "second wave" of virtualization. The first wave was using the technology for server consolidation and building virtual environments for software testing, and the second is to use it for load balancing, high availability, and disaster recovery.

Citing IDC figures, he said that in 2007 about 12 percent of all servers in production were using virtualization, up from 8 percent in 2006 and 4 percent the year before. Virtualized servers run at 52 percent capacity on average, he said, compared to 10 to 15 percent for nonvirtualized systems.

VMworld continues through Thursday.

Business travelers will soon need to carry the name of their corporate lawyer in addition to their passport when returning home to the United States, and they may need to bring with them a different business laptop as well. This is because U.S. Customs can search and confiscate your laptop without any prior cause, according to policies that have been posted online since a Ninth U.S. Circuit Court ruling in April.

Alice Stitelman, a consultant who writes about e-mail usage and legal matters, says this is just one example of "what you don't know about legal computer issues [that] can hurt you. Many business users mistakenly believe that their data is private -- whether it is on their laptop, cell phone, or mobile device. In fact, they should have no expectation of privacy. Users have much less control over who reads their data than they may realize."

There are other examples of new regulations and policies that will have a profound impact on business technology policy in the coming years. As legal battles over content filtering, Net neutrality, tracking Web history, and laptop searches ensue, corporate IT managers will need to rethink their strategies on how they implement cloud computing, formulate their e-discovery and records retention policies, and safeguard business data carried by traveling executives using various mobile devices.

Confiscated laptops: Time to revise data access strategies for execs The Department of Homeland Security has reaffirmed its policy that lets it search, copy, or even impound your employees' laptops when they return to the United States. This is completely at the security screeners' discretion, and applies to anyone entering the country -- citizens and noncitizens alike. Security consultant Jeff Bardin, writing on the CSO Online blog, calls it a "virtual strip search" and cautions somewhat facetiously, "I'd best not forget to take the microdot off the woolly boogers that collect in my pockets."

But all kidding aside, this policy is very much a reality and not just for the tin-hat paranoids. "It definitely has been happening more and more recently, and we have gotten lots of complaints," says Danny O'Brien, the international outreach coordinator for the Electronic Frontier Foundation, an advocacy group.

"A CEO I know was detained and his computer's hard drive was copied and returned," says David Burg, a principal at PricewaterhouseCoopers' advisory and forensics practice. As a result, his client's company has changed its practice, so "employees aren't allowed to travel outside their home countries with their standard-issue laptops," he says. Instead, they are issued bare-bones laptops that have very little corporate data and use VPNs to communicate securely back to their offices.

Other countries are also randomly inspecting laptops: "Canada has been looking for child pornography on laptops entering their country," says John Pescatore, a Gartner security analyst and a former security engineer for the U.S. Secret Service. "It is hard for anyone to argue against that." And as more countries claim the right to copy or confiscate laptops -- or, worse, to install monitoring software -- soon this idea of having a "travel laptop" will become more common practice so that sensitive corporate data is left behind.

"Given that the majority of corporate PCs are laptops now, your data is now more vulnerable," says the EFF's O'Brien.

"You might want to consider limiting the data on your laptop to what you are willing to share with the government," says Kevin Clark, network operations manager of Clearpointe, a managed services provider.

"I would never travel with any data that I cared about anyway," says John Kindervag, a senior analyst for Forrester Research. "I would put it on my iPod or encrypt it." Certainly, "you should have been encrypting the hard drives of your laptops; these are just more reasons to do so," says Gartner's Pescatore.

But using encryption is no guarantee that the government won't obtain your employee's data, according to legal authorities, especially if a security screener demands your password to decrypt your files. "We would say that you have some strong protections against giving out your password, and believe that falls under self-incrimination," says the EFF's O'Brien. Other lawyers agree that requiring users to give up their passwords to the government could fall under the category of unreasonable searches that the courts have long ruled are impermissible, but they note that overall case law is still evolving, so there's no hard-and-fast rule to rely on.

"A lot of this is just security theater," says Forrester's Kindervag, meaning it's just for show. He was detained -- although not at an airport -- and "I stood my ground and refused to give up my data, and eventually the screener backed down." Clearly, one prudent course of action is to have ready access to legal counsel when returning to the United States.

If your execs' laptops are impounded, you have several critical issues to address. First, do you have the executives' data backed up so that you can get them up and running quickly on new computers? Second, is sensitive data protected from prying eyes -- whether bored screeners or investigating authorities? This is where having the cleaned "travel laptop" begins to sound compelling. Finally, does this change your corporate policies on other mobile devices besides laptops, such as smartphones and PDAs that often have all sorts of personal and customer confidential information on them?

Net neutrality: Carrier controls could limit remote work and cloud computing The topic of Net neutrality also has unintended consequence for IT managers. The concept of Net neutrality is that all Internet traffic should be treated the same and not prioritized (in terms of service or price) by the carriers. The carriers have justified non-neutral traffic management, such as metering and blocking, as necessary because of a few people who continually access large video files or play bandwidth-intensive games. The carriers argue this traffic fills their networks and gets in the way of everyone else's access to the Internet. They also cite the rise of peer-to-peer sharing of music and video files, which the entertainment industry says is a form of theft.

But in a Net neutrality case involving Comcast, the Federal Trade Commission recently ruled that Comcast can't entirely block peer-to-per file sharing traffic, at least not without prior notification to its customers. The FTC's concerns were based on how such controls might limit the overall Internet access marketplace and lead to possibly monopolist practices by carriers as their policies favored certain types of usage or providers.

Businesses had more immediate concerns about Comcast's actions since it affected their home-based workers. "Comcast, in trying to block BitTorrent, inadvertently was also blocking some Lotus Notes traffic," says the EFF's O'Brien. And at least one Canadian ISP has had a peer traffic block that also affected business-related traffic.

The ruling has major implications for distributed corporate workforces and on the projected greater reliance on cloud computing and Web-based services and applications in the coming years. As more businesses make use of Internet-based services and store more of their data in the cloud, the assumption is that this data is universally accessible no matter where a user is located and no matter what provider is used to get online. That may not be an assumption businesses can count on.

The FTC ruling was not conclusive, and Comcast has appealed, so the door is still open to carriers controlling traffic that passes through them to the Internet. And other countries -- such as China and Saudi Arabia -- already block and regulate Internet traffic, so global companies may face this issue even if the United States ends up supporting Net neutrality.

And Comcast continues to find ways to regulate Internet access. After the FTC ruled against controlling peer-to-peer traffic specifically, Comcast decided to place a blanket cap of 250GB of data usage per month per residential account.

The FTC action was not the only place where federal policymakers have shown concern over carriers' actions or possible actions to regulate Internet traffic. Last month, FCC commissioner Robert McDowell asked AT&T Wireless to provide the information on its peer-to-peer policy during a recent hearing tied to broadband issues. Although AT&T doesn't block peer-to-peer traffic today across its wireless network, there is concern that it and other major carriers may do so in the future.

In the meantime, businesses can see what their carriers are doing to Internet traffic to find out if it hinders business and employee access to the Internet. The EFF has developed a test tool called Switzerland that shows what ports a provider is blocking. And it recommends that IT use its purchasing power to make the carriers come clean on what they are controlling, O'Brien recommends: "Anyone who signs up a new provider should consider adding a clause to their contracts about service level agreements that should hold the provider to any transparency about what network management and blocks that they are doing."

Privacy and Web history: Is your corporate information actually confidential? Earlier this summer, senior members of the U.S. House Energy and Commerce Committee wrote to broadband Internet providers and other online companies, asking whether they have "tailored, or facilitated the tailoring of, Internet advertising based on consumers' Internet search, surfing, or other use." Although seemingly a consumer issue, this inquiry also raises issues over what is being monitored by corporate users outside of the corporate infrastructure, and whether this will become a legal liability later on if this information is subpoenaed by a court.

Within the enterprise, many companies use end-point scanning technology, Web security gateways, and other tools to view what is stored on and transmitted through their employees' PCs when they are on the corporate network. But remote offices and traveling users may not be required to access the Internet through that network. So company-confidential information may be accessible by outsiders.

Or consider the implications of smartphones with integrated GPS or other location-detection capabilities. "Given that Google Maps can triangulate your location at any given point in time, imagine if I, as a forensic investigator, can use that data to track your movements as part of an investigation or in connection with discovery related to a legal proceeding," says PricewaterhouseCoopers' Burg.

Other risks include the use of external threat-detection services, in which your e-mail and other traffic passes through their services to be scanned for data leaks. Who has access to the results of the scans?

More likely is the risk of na?ve user actions, such as sending files to their personal e-mail accounts so that they can work on a project at home, or inadvertently posting confidential information and business contacts on social networks. For example, Google scans all e-mail sent through its Gmail system so that it can target ads, and while the first version of its Chrome browser's terms of service gave Google nonexclusive ownership of all content that passes through its browsers, this was later removed. Employees that use Gmail or Chrome could be putting corporate information into an outsider's hands. And LinkedIn, for example, now aggressively promotes a contact-import feature when you log in, making it easy for employees to upload business contacts outside the corporate system.

Gartner's Pescatore asks, "Are you checking up on what your employees are doing with their laptops, even when they are outside of the corporate network? You need to know what your employees are doing when they are online."

One possibility is to insist on a service level agreement from your Internet providers that cover privacy issues. "I want SLAs from my Internet providers that guarantee me that my e-mail isn't going to be compromised. These agreements aren't about uptime, but for the purposes of privacy and security. I want secure and assured services, including the ability to browse and search the Web without having this information recorded on a server somewhere. I don't think a lot of people are doing this right now," says David O'Berry, director of Information Technology Systems and Services for the South Carolina Department of Probation, Parole, and Pardon Services. He blocks access to peer-to-peer file-sharing sites and others that could compromise his network security.

Another solution is to segregate Internet users from those who have access to customer data. "We have taken the stance that if an employee doesn't need the Internet to do his or her job, that computer won't have access of any kind. Those with Web access don't store medical data," says Tony Maro, CIO at HCR Imaging, which processes medical scans and is subject to the strict HIPAA privacy regulations for health care.

Clearly, the legal landscape is shifting with respect to individual computing. But the implications reach far beyond the individual and into corporate IT. Technology managers need to consider these and other regulations and adjust their computing policies to ensure that they can deliver IT services in the shifting landscape.

A correction was made to this article on Sept. 17, 2008.