VeriSign is in many ways synonymous with managing the Web, thanks to its handling of key DNS root servers and of name resolution for .com, .net, and other domains. In recent years, it's had both strong ups and strong downs.

On the up side, VeriSign has aggressively pushed PKI, SSL/TLS, EV, and digital certificates, making these authenticated security approaches commonplace. And VeriSign has spent millions of dollars building out and protecting the Internet's massive DNS infrastructure, even though its contract with the DNS's governing body required that VeriSign spend just a fraction of that amount. Although VeriSign's extra investment was a business decision meant to keep its lead as DNS infrastructure manager, the result for Internet users is still a better DNS infrastructure than was required.

On the downside, in the 2005-2007 period, the company angered many users by adding new services to the Internet, such as domain waitlisting, and by raising registration fees. It garnered significant ill will when its Network Solutions domain registration unit (later sold) began redirecting misspelled URLs to ads, causing an uproar among users. When VeriSign met resistance over such actions from ICANN, the global steward of Web domains, it sued the organization. Although that suit was resolved after VeriSign agreed to new ICANN procedures, users and elected officials remained nervous about VeriSign's potential actions. In 2007, the company ran afoul of federal regulators, resulting in its CFO's resignation and a restatement of earnings.

During this same period of ups and downs, VeriSign entered several new lines of business, such as Wi-Fi roaming services, RFID contract resolution (to translate an RFID tag's electronic number to a product's common name), andone-time-use security credentials. More recently, VeriSign has been part of a consortium promoting the OpenID federated certificate standard.

Today, VeriSign is refocused on its Internet roots, after having dropped some of its new ventures, to focus on DNS management. The company processes about 48 billion name resolution requests per day across 60 different locations, peaking at 700,000 queries a second. It is a major provider of PKI technologies and services, including digital certificate products, managed security services, and IT consulting services.

InfoWorld interviewed CTO Ken Silva on the company's current and past challenges. Silva manages VeriSign's technical operations, which handle much of the world's DNS traffic and cryptographically protect millions of Web sites. Before joining VeriSign, Silva spent 10 years with the National Security Agency (NSA). Roger asked about VeriSign's current status and future plans. Here are some excerpts from that interview:

Q: In the first part of this decade, the global DNS infrastructure came under a few big denial-of-service attacks that caused service disruptions, but in the last few years, we haven't seen any significant service outages. How well have we done in making DNS resistant to DoS attacks?

A: VeriSign services have never completely been taken out from a DoS attack because of our distributed nature. We do get DDoS [distributed DoS] attacks, and they are getting bigger, and bigger, and bigger, but they haven't affected us that greatly. In February 2006, we launched our Project Titan initiative, in response to our growing legitimate services and to handle DDoS attacks in the multiple tens of gigabytes. Our goal was to fortify the infrastructure to over 10 times the predicted infrastructure needed. Project Titan will increase bandwidth 10,000 times the 2000 levels by 2010. It's already at 1,000 times the size today [as compared to the 2000 levels], and will be another 10 times today's level in the next two years. It will be able to handle 4 trillion queries a day.

Q: Why are DNSSec and any of the other "advanced" DNS security proposals slow to gain more widespread acceptance?

A: These are complicated technologies, and you have to agree to get the entire world to agree on the standard, what makes up the standard, and do it at the same time. That alone makes it difficult.

Q: Users have a tendency to ignore or bypass digital certificate errors, undermining the whole system of trust. What can be done to improve the user's security experience in light of that fact? What are browser vendors missing?

A: VeriSign has been working closely with browser vendors to improve the user experiences, but there isn't enough real estate in the browser to do it perfectly. But many vendors, especially Microsoft, are doing innovative things like Extended Validation (EV) certificates. When a user browses to an EV-protected Web site, an EV-enabled browser [such as Microsoft Internet Explorer 7, Mozilla Firefox 2, and Opera 9.5] will turn the address bar green, identifying that the site as trusted using the strongest assurance we can offer today. Users can trust EV certificates. It is proven that sites that use EV certificates have much lower abandonment rates than sites without EV. For example, Overstock.com found users were abandoning their shopping cart at the point at which they were supposed to put in their credit card information ? at the moment they really needed to trust the vendor. Overstock.com start using EV certificates and saw a 16,000 times return on investment.

Q: Critics say that Extended Validation is really asking consumers to pay more for the trust assurance that they were originally promised in normal Class 3 Web site certificates. How do you respond?

A: EV gives the certification authority vendor more time to do the proper validation. With EV, we do a complete background investigation, including a financial check, articles of incorporation, and verifying their identity.

Q: But that's included with the normal Class 3 certs. What's different?

A: We ensure the subject is who they say they are and that they own the domain.

Q: Again, VeriSign does this with Class 3 certificates, so what's different?

A: VeriSign has always done a high-quality assurance job, but more time to conduct the background investigation means improved security for everyone. Plus, prior to EV, each CA [certification authority] could determine what processes were performed to provide assurance. A user could not be assured about whether a CA vendor did the same high-quality checks without reading the assurance statements. EV defines what assurance processes must be accomplished prior to the issuance of an EV certificate. An EV certificate means consistent, standard assurances across CA vendors.

Q: How will Web services, SaaS (software as a service), and cloud computing affect VeriSign and DNS over the next 10 years?

A: Any new Web functions, like Web 2.0, will impact us. Today, it's normal for a single Web site page to generate 20 DNS queries. [Our challenge is] not only scaling, but making sure that services are always reliable, especially with services such as TV and telephony coming over the Internet. With some new services, we have created a game-changer. Our VeriSign Identity Protection Services generate a single token or one-time password on any device the customer or vendor desires (such as a cell phone or credit card). It can be used across multiple sites and vendors. You can use that one token to do a lot more in your life than you previously could using older technologies.

In the future, you might be able to say something similar to the LifeLock CEO on TV [who promotes his identity protection service by reading out his Social Security number] and say, "My real password is ?" and not minimize your security. The authentication, identity, and protection will be in the cloud. Ask yourself: Would we use bank cards as much as we do today if they only worked at your bank? No, banks created the ATM network to allow users to shop and spend nationwide and globally. We've essentially done the same thing in the online world. We allow one token or password to be used in multiple places. It's like an ATM network for the online world. Visit our new Personal Identity Portal to see the beta. It's very cool.

Q: A few years ago, VeriSign dropped Network Solutions to pick up the RFID contract resolution work. It was predicted that the RFID resolution traffic would be orders of magnitude bigger than DNS. How has that project scaled over the last few years? Is it bigger than DNS yet?

A: No, RFID is still fairly new and hasn't surpassed DNS traffic levels yet. We've seen a recent uptick in the garment industry. They use it to track inventories and to help keep inventories low. We expect the RFID work to grow, but we want to focus on our core services of DNS, SSL certificates, and identity and authentication services.

After weeks of speculation, it appears that the general public will soon be able to get its hands on the first beta of Microsoft's follow-up to Windows Vista. A message on the MDC (MSDN Developer Conference) site states that all attendees of the upcoming MDC events, a series of Microsoft-sponsored road shows running from early December through mid-February, will receive a Windows 7 Beta 1 DVD in the mail "when they become available."

Microsoft isn't giving an exact delivery date for the Windows 7 beta, but some reports speculate the disc will be ready before January 13.

[ InfoWorld's Randall C. Kennedy and OSNews' Thom Holwerda debated the best way to assess Windows 7's changes ]

Some bloggers, the few who've actually tested the pre-beta code, have voiced concerns about the Windows 7 feature set. Infoworld's Randall C. Kennedy, for instance, recently declared that Windows 7 was essentially a slightly tweaked version of Vista. Other reports have praised-with some reservations-Windows 7's interface improvements, such as a vastly remodeled Windows Taskbar.

Microsoft has indicated that Windows 7 will likely be ready by late 2009 or early 2010, and given the lack of spectacular new features in Vista's replacement, there's no reason to think that Redmond won't meet that timeline. Certainly, the average Vista user would be thrilled if the hated User Account Control security feature would simply go away. Early indications are that it won't, but UAC will undergo some major changes in Windows 7.

PC World is an InfoWorld affiliate.

IT vendors may be growing increasingly desperate amid the global economic downturn, but customers must employ a range of tactics -- not just bullying -- to extract cost savings from them, a group of Forrester Research analysts said during a client teleconference Wednesday.

Companies simply can't use a shotgun-style approach and expect to succeed, said software licensing analyst Duncan Jones: "Anything that is undifferentiated, like a general letter that goes out [to vendors] saying we've got to cut everyone's maintenance by 10 percent? That's not going anywhere."

[ For more on how to deal with the recession, check out InfoWorld's special report: IT and the financial crisis. ]

Analyst Paul Roehrig, who focuses on outsourcing and IT services, said it is difficult and awkward to extract price concessions on a signed contract.

"Either you're begging or threatening.... Those [tactics] tend to work, but only for a short time," he said, adding, "unless you're really overpaying, there's really not that much room in the provider's margin where they can lower the price point without changing the service level."

And if a customer does succeed in lowering its services costs, "the vendor is going to immediately substitute junior people," said analyst John McCarthy, whose coverage areas include offshoring.

Instead of begging for a rate cut, customers could instead ask their vendors to assign more seasoned workers to their projects, resulting in productivity gains and cost savings, McCarthy said.

Meanwhile, the tactics are different for software licenses and maintenance agreements, according to Jones.

"One of the problems is, you're dealing with a software rep who has different goals than you. He needs to sell new licenses and has no interest in helping you cut costs," he said. "But if you get up higher in the organization, there are going to be people who care more about the long-term relationship, and there's flexibility there."

That said, now is the time to push for bigger discounts on new licenses, as sales representatives "are desperate to meet their number by end of the year," Jones added.

Companies could even indicate they'd be happy to let any outstanding deals float over into 2009, he said: "That will probably be too late for the rep, so try it as a tactic and see how much flexibility you've got."

Also, customers could use money they're prepared to spend on new software as leverage, Jones said: "Anything you're trying to get, like cutting maintenance on products you're not using, you might be able to get that as a quid pro quo for spending in another area."

Beyond maximizing their buying power, companies should save money by determining which software assets no longer need a maintenance contract, Jones said: "You save costs with minimal impact on the business, but you put pressure on other vendors because it shows you're seriously looking at everything."

A similar approach should be taken to IT services contracts, Roehrig said. "If you're asking for the highest levels of service, you're going to be paying top dollar, when the reality is that the enterprise can function just fine with not everyone having gold-plated service."

Companies should also try to get more value out of outsourcing in general through strategic hiring, he said. "If I had money as a client to invest in one thing ... I would get someone who really knows how to manage a service provider. Some of the best outsourcing deals I've come up against have really good people who know how to get a service provider to do what you want."

Customers should also seek to lower the total number of service providers they contract with, leading the way to bigger volume discounts, Roehrig said. But he noted that this can be difficult for heavily federated organizations to accomplish.

It's also possible to save money by actually helping one's vendor cut costs, according to Jones.

If four divisions within a company are negotiating separately with a vendor, they should consider consolidating those relationships, he said: "I would go to the vendor and say, how can I earn cost reductions by dealing with you in a centralized fashion?"

Microsoft on Wednesday unveiled a free plug-in for Firefox to translate Open XML documents, an update to its document translator, and a toolkit for Java developers that was built under the umbrella of its Document Interoperability Initiative.

The group released the OpenXML Document Viewer as an open source project on its Codeplex Web site. The viewer translates documents in the Open XML format, which became an ISO standard in April after much contentious debate , to HTML so they can be viewed on a browser. The viewer, which is still in the preview stage, eliminates the need for a user to install Microsoft Office or any other productivity tool set.

[ Discover the top-rated IT products as rated by the InfoWorld Test Center. ]

The first implementation developed by MindTree and Microsoft works with Firefox 3.0 running on Windows or Linux and translates font types, images, text styles, diagrams, tables, and hyperlinks. In early to mid-2009, the project will add support for Opera and add server-side features.

The software was released during a Document Interoperability Initiative (DII) meeting this week in Belgium.

Microsoft created DII in March with the help of Novell, Mark Logic, Quickoffice, DataViz, and Nuance Communications. The goal was to foster interoperability between document formats, most notably Open XML and the Open Document Format (ODF).

"Basically this is Microsoft sincerely going out and following up with what they did with OpenXML," said Peter O'Kelly, principal analyst with O'Kelly Consulting.

As part of that follow-up, Microsoft plans to support ODF in Office 2007 SP2, which is slated to ship next year.

On top of the Firefox plug-in, DII released Version 2.5 of the Open XML/ODF Translator , which supports Office 2003, 2007 and XP. The new version includes a set of ODF 1.1 compatible templates and chart enhancements for spreadsheet programs.

The templates provide preformatted documents, such as a business letter or fax sheet, that are based on either ODF or Open XML and allow predetermined conversions between formats.

DII also introduced an software developer kit for Java developers that aids in working with Open XML documents. The project aligns with the Apache POI project, which provides Java libraries for reading and writing in Microsoft Office formats.

All the DII software was released as open source projects.

"We have been seeing that a lot of people now understand that what is most important is the end user," said Jean Paoli, general manager of interoperability strategy for Microsoft. "Since for maybe a year now, we are seeing far less passion about the format issue and more rationality."

Network World is an InfoWorld affiliate

Scotland is to host two pioneering datacenters, with plans being announced to build an eco-friendly cloud centre in Inverness, and the world's largest computing facility in Lockerbie.

A new business park, a "sustainable village" with hundreds of homes and what is claimed to be the world's largest datacenter, are to be built in the south-west of Scotland under an ambitious £800 million development plan.

[ Find out more on being environmentally responsible while saving money. And stay up to date on green tech with InfoWorld's Sustainable IT blog, with our Green Tech Topic Center, and with the Green Tech newsletter. ]

The Peelhouses datacenter in Lockerbie, which is being built by Scottish firm Lockerbie Data Centres, will use green energy generated from wind turbines and a new bio-mass power station.

The entire facility will be spread over 250,000 square metres, including the development of 800 new homes in the village. Waste heat generated by the banks of computer servers will be reused to heat the new village as well as the existing town, and the business park

Scottish IT services company Alchemy Plus, with backing from Microsoft, has revealed plans to build a £20 million cloud computing center on the Inverness harbour. Inverness was chosen as an ideal site for the large computing facilities because of its cold climate, which Alchemy intends to harness to reduce the need for cooling.

[ Learn more about what cloud computing really means from InfoWorld's cloud computing primer. ]

The 20,000-square-foot facility is billed as Scotland's first eco-friendly computing facility, with the heat created by the center being used to warm nearby businesses, including a nearby hotel.

The Inverness center will operate on a cloud computing model, enabling users to subscribe on a monthly basis for the IT resources their businesses uses. Alchemy claims this companies that took part in an 18-month pilot saw an average cost savings of 28 percent.

Lockerbie Data Centres still waiting for planning permission of its plans, but chief executive John Hume said he had already received interest from a number of IT firms keen to get involved with the project.

Hume said: "The worldwide shortage of suitable data storage and the high demand for local affordable housing presents a unique opportunity for Scotland and local residents."

"With global demand for data storage expected to double by 2012, demand already outstrips supply."

Chief executive of Alchemy Plus, Peter Swanson, echoed similar sentiments on the demand for datacenter space. "The current economic downturn is driving a rapid shift towards cloud-based services which offer greater economy and flexibility."

Computerworld UK is an InfoWorld affiliate.

VMware has introduced View 3, the updated version of its virtual data infrastructure (VDI) offering. The company claimed that the new product would reduce desktop storage demands by as much as 70 percent.

In addition, the company said that it could "decouple" a desktop from specific locations to create a personalized view of that desktop, accessible from any other device -- so that a desktop could now be visible from a laptop in another office.

[ Read about VMware's VDI Storage Considerations guide. And stay up to date on the latest virtualization developments with InfoWorld's Virtualization Report blog and newsletter. ]

Jocelyn Goldfein, VMware's global manager for its desktop business said that the move supported the current trend towards mobile working. "Users are no longer tied to a desk," she said. "They use PCs, thin clients, notebooks or even smartphones."

Goldfein said that View3 was part of the vClient initiative announced at VMWorld. She said that the company was now looking at the desktop in the same way that it had looked at the datacenter. "The problem with desktop virtualization is that you still need a device. When you consolidate in a datacenter, you can get rid of 90 percent of the servers, you can't do that with the desktop." She added that View 3 would help bring virtualized desktops to devices.

The main element in View3 is View Composer. This uses a new technology called Linked Clone to generate many virtual desktops from a master image. Only desktops could be created in seconds and centrally controlled by View Manager.

Tommy Armstrong, VMware's senior marketing manager for enterprise desktops said that View 3 users would be able to provision many machines with common software -- for example, Windows, with that "golden master" as VMware calls it. He said that this could also be used for patch management.

In addition, the company has released Offline Desktop, a feature that provides the means to securely move virtual desktops between the datacenter and a local laptop or desktop. The company claimed that this would enable users to "check out" a virtual desktop onto an ordinary PC, such as a laptop, run the virtual desktop locally, and then check it back in to the datacenter.

Techworld is an InfoWorld affiliate.