Running a small business isn’t easy – I know, I have two of them. The testing lab is fortunate to have a close set of clients of many years, so advertising isn’t something we need to do. It’s all word of mouth and recommendations.

The food company that I run with my husband Andre is different. This is public-facing, and it’s a lot of work to do marketing, trade and public shows, and operate an e-shop for direct sales to customers. 

This latter part has been a topic of considerable discussion recently. We have two brands with two websites: Manfood and Janda. We set up Janda to showcase a vegan-focused product range, with the name Janda stemming from “Jon And Andre”. 

The initial branding was devised many years ago, and so, it was time to refresh the Janda look, labels and boxes, as well as its e-shop. Now, I’ve been following the rise of e-shopping since its first tentative steps in the mid-1990s. Back in the day, setting up an e-shop was difficult and required a lot of code munging. Better still if you’d host your own server, with a database and a payment gateway. It was a lot of work and a lot of hassle. 

Then, in the early 2000s, along came WordPress, and a huge market emerged for that platform. Being an extensible technology, it allowed companies to build all sorts of bolt-on capabilities. We have used WordPress for the Manfood site, including its e-shopping capabilities, and to do this we retained the services of a web design and hosting consultancy. I could’ve worked it all out myself, but this would have taken time, and the results wouldn’t have been anywhere near as professional. So I swallowed the cost of getting the site built – a few thousand pounds – and hosting costs of about £500 per year.

As a solution, it works out reasonably well, but WordPress is not without its issues. Keeping on top of security and updates can be a particular pain. For the Janda refresh, I was conscious that e-shop design and hosting had moved on, with one of the biggest new players being Shopify. It was a name that kept popping up in my timeline, especially in the small business sector. It seemed like a good choice to explore.

So the obvious thing to do was to reach out to various web design companies that worked with the Shopify platform. The first came back saying that if we worked with tweaked standard designs, then the cost would be £4,000. If we wanted more customisation, add another £2,000 to the bill.

The second company’s quote was even more eye-watering than our horseradish: “In order to do this we would need to build the core store – £20,000 + VAT – and then build two clone stores which we can swap out the language for £5,000 each. This would take you to £30,000.” Being able to have a multilingual store, which adapts the display language based on geolocation, seemed like a good idea. The price, however, did not.

I took a quick look at the Shopify site and wondered: “How hard can it be?” Usually, this mindset results in a smoking crater. But over the Christmas shutdown, Andre sat down with his laptop and created an account in Shopify. Andre is very talented, but a computer geek he is not. He was armed with his M2 MacBook Air, a web browser, a Shopify login and all the background information we had – product details and photography had already been sorted.

Four hours later, he showed me the workings of an excellent site. It had everything we needed: product selector, basket, credit card handling and so forth. I fired up my phone and logged into the test site, and found it rendered just fine on the smaller screen. Andre spent another few hours pouring in the product information and, barring a few tweaks and adjustments, it was ready to go live.

Multilingual support is provided within the Shopify platform itself, and you can use third-party translation companies to tweak your words. We paid a company £562 to translate our site’s text into Spanish, French and Chinese. We’ll load this into the Shopify site and make that go live over the next few weeks. So it’s now up and running, and has been built for the main part by someone who doesn’t understand computers at all well, certainly not at a nerdy level. 

I needed to step in for 15 minutes to help with the DNS, but this could have been handled by a Shopify-provided DNS name if required. What about security and updates? It’s Shopify’s responsibility to keep everything up to date. As for the £30,000 bill to build a Shopify e-shop for us? Let’s just say that we politely declined.

Whether it’s for e-commerce, software services, or just an informative blog, a website can be one of the most important parts of your business. Doing it right, though, can be quite expensive. Except, of course, when you find the right deal on Black Friday.

For 2021, IT Pro has rounded up the best website hosting bargains for you and your business, with up to 90% off some of the biggest names in the website hosting space.

HostGator - 70% off all plans

Plans start at just £1.56 per month and include a swathe of features including unmetered bandwidth, a free SSL certificate, and a domain name.

Get the deal here

Namecheap - Up to 72% off hosting and 88% off domain names

Namecheap’s cPanel-based hosting allows you to choose whichever CMS you want while offering a free website builder and WordPress compatibility too.

Prices start at just £35.17 for business plans but descend if it’s just a smaller operation that’s required. Enter code: BFCMSTELLAR21 to redeem the discount.

Get the deal here

Hostinger - Up to 90% off hosting plans

Save 90% on Hostinger’s Single Web Hosting plan or 71% on its business plan made specifically with SMBs in mind.

Prices start at £3.99 per month for business customers and Hostinger will throw in a raft of features and freebies to get you started.

Get the deal here

Bluehost - Save 73% on hosting

The popular web hosting provider is running an attractive deal with prices starting at £1.94 per month for a basic 12-month period.

The deal expires on November 28 so be quick to catch this one.

Get the deal here

GoDaddy - Save up to 50% on web hosting

GoDaddy boasts a 99.9% uptime rate and supports a range of CMSs such as WordPress, Drupal, Joomla, and more.

Prices start at £2.99 a month and GoDaddy will throw a few freebies in too like one year Microsoft 365 email and a free domain.

Get the deal here

GreenGeeks - Save up to 68% on web hosting

GreenGeeks’ Premium small business plan is perfect for websites and online stores. It includes a managed WordPress account and an unlimited database, all for just £6.71 per month (down from £19.45).

Get the deal here

SiteGround - Save up to 80% on web hosting

SiteGround’s ‘GoGeek’ package offers unlimited websites, 40GB of webspace, and an enhanced security suite, all for just £5.99 per month - the regular price is £29.99.

Get the deal here

Mitre has revealed its top-ten list of security vulnerabilities in hardware in a bid to help companies design more secure products.

The weaknesses highlighted in the list can be found in hardware design, architecture, or programming. Mitre compiled the list in conjunction with the Hardware CWE Special Interest Group (SIG).

Mitre publishes the Common Weakness Enumeration (CWE) for software bugs in conjunction with the US Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA). This marks the first time the organization has done the same thing for hardware.

The list aims to drive awareness of common hardware weaknesses through CWE and “prevent hardware security issues at the source by educating designers and programmers on how to eliminate important mistakes early in the product development lifecycle”.

"Security analysts and test engineers can use the list in preparing plans for security testing and evaluation. Hardware consumers could use the list to help them to ask for more secure hardware products from their suppliers. Finally, managers and CIOs can use the list as a measuring stick of progress in their efforts to secure their hardware and ascertain where to direct resources to develop security tools or automation processes that mitigate a wide class of vulnerabilities by eliminating the underlying root cause," Mitre said.

The list, which is in no order, includes vulnerabilities found in many types of hardware. For example, CWE-1189 is a flaw on a system-on-a-chip (SoC) that does not properly isolate shared resources between trusted and untrusted agents.

“Several resources on the chip may be shared to multiplex and support different features or functions. When such resources are shared between trusted and untrusted agents, untrusted agents may be able to access the assets intended to be accessed only by the trusted agents,” Mitre noted.

Another hardware bug mentioned on the list is where a chip does not implement or does not correctly perform access control to check whether users are authorized to access internal registers and test modes through the physical debug/test interface.

“If authorization, authentication, or some other form of access control is not implemented or not implemented correctly, a user may be able to bypass on-chip protection mechanisms through the debug interface,” said Mitre.

It added that the methodology used to generate the inaugural CWE Most Important Hardware Weaknesses List is “limited somewhat in terms of scientific and statistical rigor.”

"In the absence of more relevant data from which to conduct systematic inquiry, the list was compiled using a modified Delphi method leveraging subjective opinions, albeit from informed content knowledge experts,” it added.

Lenovo Infrastructure Solutions Group (ISG) and VMware have teamed up to enable resilient edge computing.

As part of the new partnership, Lenovo ISG will integrate VMware's edge software with its ThinkSystem SE350 Edge Servers.

The preloaded software will be directly accessible to customer edge sites via two ruggedized ThinkSystem SE350 servers. Lenovo has also announced enhancements to its Open Cloud Automation software, enabling customers to plan, deploy, and manage data center cloud and edge infrastructure simultaneously.

“For better business continuity, improved applications and user experiences, hybrid cloud models are being deployed both in the cloud and at the edge,” stated Charles Ferland, vice president and general manager of edge computing and communication service providers at Lenovo ISG.

Commenting on the firm’s hybrid solution, Ferland said the new software can reduce the number of servers required at the edge by half. Additionally, ThinkSystem SE350’s integrated networking features will eliminate the need for additional networking elements at edge sites.

Lenovo will reportedly be the first to market with VMware and its upcoming software solutions for the edge. The solutions will include built-in switching and wireless connectivity to simplify network configuration.

Most notably, the integrated VMware bundle on ThinkSystem SE350 Edge Server will help customers recreate the environment they have in their data centers at their edge locations.

Thanks to its rugged chassis, the ThinkSystem SE350 Edge Server can endure high temperatures, shocks, and vibrations, making it ideal for harsh environments. Its encrypted hard disks, along with motion and tamper detection, guarantee data and device security at all times.

“Deployment of distant edge sites requires a management toolset that seamlessly allows organizations to automate tasks, without requiring specialized staff on-site. Lenovo has enhanced its Lenovo Open Cloud Automation software solution to now include edge-supported features, driving accelerated time to value for customers with cutting-edge management capabilities,” added Lenovo.

Security researchers have discovered malware that can install a backdoor on Microsoft’s web server software Internet Information Services (IIS).

Dubbed IISpy, the malware uses various means to interfere with the server’s logging and evade detection so it can perform long-term espionage.

Researchers said the backdoor has been active since at least July 2020 and has been used with Juicy Potato, a privilege escalation tool.

“We suspect the attackers first obtain initial access to the IIS server via some vulnerability and then use Juicy Potato to obtain the administrative privileges that are required to install IISpy as a native IIS extension,” said researchers.

Investigations unearthed the malware popping up on IIS servers in Canada, the US, and the Netherlands. Researchers suspect more servers have been compromised but said that since it is not common for administrators to use security software on servers, visibility into IIS servers is limited.

IISpy is configured as an IIS extension and can see all the HTTP requests received by the compromised IIS server and shape the HTTP response the server will answer with.

“IISpy uses this channel to implement its C&C communication, which allows it to operate as a passive network implant,” said researchers. Hackers start a connection by sending a special HTTP request to the compromised server. The backdoor recognizes the attacker's request, extracts, and executes the embedded backdoor commands, and modifies the HTTP response to include the command output.

The backdoor enables hackers to get system information, upload and download data, execute files or shell commands, and more. The malware ignores all legitimate visitors HTTP requests sent to the compromised IIS server — the benign server modules handle these.

IISpy is written using the IIS C++ API and uses instances of IHttpContext, IHttpRequest, and IHttpResponse interfaces to parse HTTP requests and manipulate the HTTP responses.

An anti-logging feature also implements the OnLogRequest event handler – called right before the IIS server logs a processed HTTP request. The backdoor uses this handler to modify the log entries for requests coming from the attackers to make them look like casual requests, according to researchers.

Researchers said organizations that handle sensitive data on their servers should watch for this malware. In particular, organizations using Outlook on the web (OWA) service on their Exchange email servers.

“OWA is implemented via IIS and makes an interesting target for espionage. In any case, the best way to keep IISpy out of your servers is to keep them up to date, and carefully consider which services are exposed to the internet, to reduce the risk of server exploitation,” they added.

HPE has announced a critical zero-day vulnerability in a key server management application that renders its Windows and Linux servers vulnerable to attack.

Trend Micro discovered the vulnerability, which has the ID CVE-2020-7200 in the MITRE vulnerability database. The vulnerability lies in HP's Systems Insight Manager (SIM), an application that allows administrators to check a server's health.

The bug has a base score of 9.8 in the CVSS v3 vulnerability scoring system, which measures a security flaw's severity on a scale of 1 to 10, putting it in the critical category. An attacker could exploit the problem to execute remote code on a Windows or Linux server, according to HPE’s security advisory issued this week.

As a zero-day bug, there’s no patch for this vulnerability, and HPE hasn't said when one will be available. Instead, HPE promises it in "a future release." In the meantime, HPE has issued a workaround for Windows systems.

Administrators must stop the HPE SIM service and delete a file named “simsearch.war” from the Java-based system. This removes the federated search capability that contains the flaw, making it unusable.

SIM manages hardware across an array of HPE servers, including its ProLiant and Integrity systems, along with storage and networking products. The system discovers devices in the host infrastructure and offers inventory management and reporting for them. It lets administrators monitor health without using software agents and configure policies to execute scripts and notify people of failures.

HP launched the federated search feature in 2011, allowing administrators to search the SIM Central Management Server (CMS) for things like static inventory data and installed software. Without this service, HP documents explain that companies with multiple CMS systems will have a fragmented view of company-wide inventory.

"When large enterprises have CMSes spread across multiple geographic locations, this limitation becomes even more acute," HP’s product documents say.

This workaround only works for Windows servers. There doesn't appear to be an immediate plan for Linux server users.

The semantic web focuses on data rather than on documents, making it a much more immersive and detailed way of accessing information compared to the World Wide Web invented by Tim Berners Lee in the late 1980s.

However, Berners-Lee still played a very important role in its inception, developing the idea alongside AI researcher James Hendler and computer scientist Ora Lassila. The idea was first revealed in 2001 in a Scientific America article, where the threesome discussed the idea of connecting information using a network that could be read by machines.

What is the definition of the semantic web?

According to the World Wide Web Consortium (W3C), the semantic web is "a common framework that allows data to be shared and reused across application, enterprise, and community boundaries".

The concept is to offer people the information they're looking for at the time they need it. One of its key philosophies is that although the information presented on the internet is useful, it's not always needed at every point.

Because the majority of data is created using forms and then converted into HTML, there's no way all data can be managed by everyone at all times. The semantic web makes this information more useful because it can be repurposed.

The semantic web essentially allows for the connection of information using a network that can be easily read by machines, whether traditional computers, IoT devices, mobile phones, or other devices commonly used to access information.

It's built on the premise that data within web pages is useful, but not in all circumstances. One of the biggest hurdles of the world wide web is that most data is created using forms, and there's no unified way of publishing data so that anyone can manage it. The way data is presented using HTML can be difficult to handle, and so the semantic web takes the idea that if this data can be re-purposed, it's more useful to everyone.

Schema.org has been formed by several organizations (notably Google, Bing, and Yahoo) to boost the extent of semantic metadata. The goal of this is to answer questions from the best sources on the web rather than serve up a search page full of document links.

The most important part of semantic web technologies is Resource Description Framework (RDF). This is a common framework for describing resources. It can represent metadata that can be parsed and processed by systems rather than just displayed to users.

Semantic web examples

The semantic web is beneficial for solving many of the problems associated with the World Wide Web.

For instance, you can more or less get rid of data silos. This is because the links between data and the wider world, or even localized sites, including inside companies, function without a hitch. The information can reside in one place by using semantic metadata tags that are also searchable to make it easier to sift through.

By situating the linked data in a location that can be used by the public, users will be able to pour through the data and information they possess to discover intricate relationships. This helps to make the data easier to analyze and significantly increases the value of the original data.

Media management is another application of the semantic web. A demonstration of this is when during the World Cup in 2010 the BBC harnessed the semantic web to run its player information database. Additionally, several of the corporation’s websites use semantic web technologies to ensure they can update swiftly and arrange the considerable amount of data it possesses.

The semantic web is also deployed in supply chains to help arrange the ever-changing data. This applies to data in different parts of the chain, including distributors, supply chain managers, vendors, manufacturers, and logistics firms.

Advantages of the semantic web

A huge advantage of the semantic web is the vast quantities of information, data, and knowledge it possesses, which can be translated to be understandable and ready for machines, including virtual assistants, agents, and AI bots.

It’s straightforward to mix different data sets through the RDF data structure, thanks to its simplicity and optional nature. Big data projects will see this as a useful advantage, where the different types of information within a business can sometimes be troublesome to analyze and organize.

Google has updated its enterprise specific search appliance, adding key features such as translation and deep integration into Microsoft's SharePoint 2010 offering.

Google Search Appliance (GSA) 7.0 allow users to translate search results in up to 60 languages. Full support has also be added for complex languages such as Arabic, and updates have been made to Chinese, Japanese and Korean.

Matthew Eichner, general manager of global enterprise search, explained the translation feature is one of the most important to business.

"We're seeing a lot of demand for the translation feature especially as cross-border transactions/acquisitions are common place.

"When there is a deal or acquisition between foreign firm's, a repository of information needs to be translated," he told IT Pro.

Although GSA supports number of third party repositories ranging from Documentum to SAP, Google has found SharePoint to be one of the most commonly used.

"We've made it possible to insert a GSA search box into SharePoint 2010. There is support for query suggestion (autocomplete), results clustering," added Brent VerWeyst, product manager, enterprise search at Google.

"We've also added expert search. This pulls information from the user profile databases including SharePoint and will recommend colleagues to contact for additional information after a user has carried out a specific search."

Another useful feature is the addition of moderated social suggestions or "wisdom of the crowd" tool. When an employee finds a particularly useful result for a query, they can create a match and publish it to help colleagues.

With the increased use of smartphones and tablets, Google's universal search feature also means that laptops, tablets and smartphones to the GSA.

At present Google offers two appliances the GSA 7007, which is capable of supporting up to 10 million documents and the 9009, which can handle 30 million documents. Both can be scaled to any arbitrary document count.

Pricing depends on the number of documents stored and typically starts at $15,000 per year for 500,000 documents.

I am renowned for my long sentences. Editors hate me for it, but this article may hang on a sec buck the trend. That's because I'm going to be talking you through the new Amazon cloud server instances that use just a minute, bear with me Windows 2008. The reason this is worth a look, even though AWS has been around for several years, is because the free trial version now has enough hours of runtime to leave a Windows server up and operational for a year.

At least, that's their claim.

I know there is a sharp divide in the technology world over Amazon Web Services: either you get it, or you don't. There is no partial state, no gentle road to comprehension. In the most clich-ridden view, AWS fans tend to be more Linux than Windows; more developer than supporter; more compiler than CSS; and increasingly, have never touched an old-school server inside an old-school company. But this new combination of operating system and (non) billing will, Amazon hopes, draw in those who have thus far been disqualified by failing to hit one of those clichs squarely on the "yes" button.

It is actually quite instructive to think about what the diametrically-opposite tribe from the existing AWS user base might use for a description. It is easy to start off with more Windows than Linux, more systems builder than developer, more batch file and Group Policy than HTML or C, and finally, those more accustomed to working in whole Terabytes and IOPs than flashing the newest, tiniest netbook. I would guess there are more of these in the IT Pro readership than the first sort, so here is a little canter through what you get when you set up a Windows Instance on AWS.

First of all as my stuttery start here should imply lay a bit of time aside for a good deal of to-ing and fro-ing. First you have to go to aws.amzon.com and sign up. This includes a process of issuing you with a small file that is your portion of a key exchange process, so avoid doing this on a shared or borrowed machine you cannot access later. You use the keys now and again, not every day, so they are prime candidates for going walkies. In my case, I was trying all this out on my faithful Thinkpad X61s, as also used during my trip to Microsoft Redmond, to look at their SystemCenter 2012 Virtual machine management utility suite, so (quite coincidentally) the usability comparisons between that and AWS will be almost scientifically precise.

Once I had my AWS membership all secured, it was on to create some instances in EC2. This is just a matter of picking the right tab in the AWS browser page, then asking for a new instance. You are presented with an impressively long list of operating systems and other parts too: the Windows 2008 Server options include machines with SQL Server (Express or full fat) as well as Clustering (I guess so you can make a Cluster with a local machine inside your company) and even 2008 R1, if you want it.

The rest of the pick list is flavours of Linux, though in a bit of a fight back against VMWare's airy assertion that with the coming of virtualisation, "everything's x386", several of the distros on offer include access to CUDA and Nvidia specific drivers. Before you snort and say "playing games on a VM in the cloud? What is the point?" remember that there is lots of work done these days on raw number crunching by handing a job over to the dedicated processors on an NVidia graphics card, as these are so much faster than Intel CPUs for maths.

(That was a long sentence, I know the signup's done now and I am getting my connection method together).

Once you define which OS/app combination you are after, you have to work out how large to make your instance. This is where the split between free and paid-for becomes more apparent: you can take a "T1.micro" instance inside the free offering which has a single core and up to 613MB of RAM, or you can up the spec until you hit some improbable maxima: 20 cores and 60-odd GB. This is the part where you decide if your instance is going to stay free and running all the time or not, too. Of course, the presented charges look encouragingly low. Initially.

Once you pick your emulated hardware (I went for the micro) there is a remarkably short pause before you go to the instance management view to decide whether to start or stop your new server. This has almost none of the look and feel of the old-school server build process no volumes to lay out, no serial numbers to type in, no drivers to hunt down.

However, there is another little pair of downloads that can take up to 30 minutes to complete. This is another public/private key file for that specific instance, and the lag is not about low-speed links or massive sizes, it is a delay in which the admin password for that Windows server is generated and applied to your new instance.

To understand why some of this is quick, while other parts are slow, and why there are some slightly odd memory limits to several of the configuration options, you need to understand a little bit about the deep dive, under the hood world of VDI.

This is becoming a general industry term for single-user virtual machines on a remote host in other words, the user cannot tell how many other guests are alongside them within the architecture. They just see their closed box, and do their thing. Someone else sees the management interface that parcels out VM guests across a pool of hosts. VDI also incorporates the concept of the "Gold Image" a basic VM guest instance that represents the current state of the art for that user population.

When a user starts a VM, what actually happens in VDI is that the "Gold Image" is cloned, with a cut-up and fudged memory map that partly points back to the original (for bits of memory that won't change between instances of the image) and partly into the "user space" in the underlying host. That second bit does vary from guest to guest.

Gold image based guest provision has some advantages it is fast, for one thing and some oddities. The amount of memory you need will throw you off guard if you are an oldschool type, because actually the host is parcelling out the memory between largely identical guests, and cheating. Also, the usual VM protective/supportive toolbox is a bit absent, because as Joe Guest, you get no access to the VM feature set and true enough, I could not suspend or snapshot my EC2 Windows server.

The next thing to contemplate is the networking. My free server instance came with an IPv4 address, beginning 10.205. Those with long exposure to the world of IP networking will instantly exclaim that this is a private IP range, and hence not reachable from outside, on the rest of the net, without special configurations inside some kind of unspecified border device. While informing me of their choice of address, AWS also showed me a deceptively short firewall configuration dialog box, with initially the only option being standard Remote Desktop traffic on Port 3389.

The deceptively simple bit is that you can add other protocols, and you can also limit the range of IPs from which each protocol will accept connections.

Home users and hackers will not see the point of this, but if you are on any kind of business internet connection, the chances are you will have an external fixed IP address and therefore you can take advantage of this feature and secure your new Cloud VM right from the word go. The disadvantage is rather more subtle: it was the case that companies could happily leave the RDP ports open for user remote access, mainly because hackers had no experience of using a server configured for RDP, so they never tried to penetrate company firewalls by using it. Those days look like they are over, now that an effectively unlimited demo setup shows the whole world how remote access can be made to work.

At the end of the simple firewall choice process, AWS offered to download a desktop shortcut to let me connect to my cloud VM server. This avoids the problem of the VM having an IPv4 private address, by borrowing a concept from IPv4 Reverse Lookup Zones: the connection shortcut addressed my server as "xx-xxx-205-10.aws.amazon.com".

This is the same fix that I encountered using the equally immense Microsoft infrastructure, sitting in Redmond on my humble IPv4 only Thinkpad both Amazon and Microsoft are not IPv4 internally, but they are obliged to handle traffic from and to the older protocol. So getting to an AWS VM instance involves your RDP traffic hitting a gateway host, which then uses Amazon's internal protocol (I'm not fudging here Amazon doesn't use IP internally and the exact details are at least mildly secret...) to forward your traffic to the host where your VM is running, in my case, in Virginia.

What was I proposing to do with about 12GB of free disk space, 600MB or RAM and a copy of Server 2008? The easiest test I could think of was a quick install of SmarterMail (see www.smartertools.com) , which manages to be small, reliable, and uses Windows Server in a faintly abusive way with traffic on non-standard ports and a bit of hacking to show some nice web pages. To my slight amazement, I was able to turn off IE ESC in my VM and grab the SmarterMail download without any trouble: even though the registration and one-shot download link came to my Thinkpad, Amazon have allowed for clipboard sharing between RDP host and client, so a quick copy and paste, and I was running my setup program.

The only part that was missing in all of this was even the slightest hint of a Windows licence key. Not a whisper did I hear that I might have to buy a key first or have one I had prepared earlier from my own eOpen or TechNet subscription. Along with many other questions about the boundaries of this or that flavour of AWS VM, this question is definitely a candidate for some intense Googling, mostly through the AWS Developer Forum sites (telling name, that).

Whilst Amazon is not a charity, it turns out that almost everything you could ever want in a server is available, though at a price. And there is a lot of internal infrastructure at Amazon that you need to be ready to negotiate to find what you want. For a very simple first example, I found out later that if I had nominated a different virtual hardware platform, I could have had a suspend/resume capability, and the list of these platforms is cryptic at best.

The hardest thing to overcome, when using AWS, is that something which looks, feels and smells so much like a local server is actually on the other side of the Atlantic. In our tests, system boot times and responses were excellent, if a shade slower than those achievable with local current-generation hardware and hypervisors.

I may even make use of my little SmarterMail test install, even though the IP routing to my little free server means it cannot send or receive Internet mails, because SmarterMail's upgrade path includes a complete export, reinstall, and import for at least one of my clients. If I can upload their message-base to my test machine then that's an ideal bit of temporary on-demand cloud computing I can use without disturbing their venerable server or their mail software. And that is an added bonus.

Iceotope today announced a new technique of cooling servers, which it claims can make fans redundant and cooling costs non-existent.

The launch happened at this year's CeBIT conference in Hanover, Germany, with the company also saying the solution cuts 75 per cent of the mechanical costs associated with cooling servers.

Cost savings on the maintaining side might be plentiful, but the set-up price is no drop in the ocean

The product uses 3M's Novec liquid as a coolant, which Peter Hopton, founder and chief technology officer (CTO) of Iceotope, called the "environmentally friendly little brother" of Fluoroinert 3M's previous coolant incarnation.

A water jacket containing Novec wraps around components and travels through the servers in fast currents at a rate of centimetres per second. With its low surface tension, the coolant "gets into all the cracks" to absorb the heat from servers and take it away to heat exchanges, where the liquid can either be cooled or used to heat other buildings and water within the complex.

The technology can not be incorporated into existing servers, however, and businesses would have to buy new servers or modules as Iceotope refers to them to install the technology.

Cost savings on the maintaining side might be plentiful, but the set-up price is no drop in the ocean.

Customers can buy cabinets, featuring six server modules which look like blades as well as the pump and heat exchanges, for 19,995. However, the cabinets can house up to 48 modules, which start at 3,995 for fully configured servers containing two six core Xeon E5 processors, 64GB RAM, 40Gb Infiniband and SSD storage. Users are able to choose between AMD and Intel processors.

Hopton told IT Pro the technology could soon roll-out across the data centre, with products for switches, routers and GPUs in the pipeline. He defended the upfront prices though, saying the overall benefits would save a lot more money in the long term.

"No chiller equipment is needed so when you are kitting out a new data centre, you don't need to buy it," he said.

"It is not massively expensive and if you need new servers it is cost effective when you start to look at the money saved on energy consumption."

Although he couldn't confirm any UK customers yet, Hopton did say it was being implemented within UK data centres and the test company would be revealed soon.

HP may have focused its attentions on hardware this week, but the founder of Autonomy claimed today it was the nature of information that held the most importance.

Mike Lynch, founder of Autonomy and vice president of information management at HP, took to the stage at his new parent company's global partner conference to impart his philosophy to the 3,000 partners gathered.

The IT industry is carrying a hammer and everything it sees it tries to make a nail.

"It is no longer about the data but about the meaning of that data," he said. "There is a fundamental revolution going on in information and the industry is now about the I' not the T' in IT."

He claimed the traditional approach of relational databases just didn't fit the information companies are collecting today, from social networking through to video conferencing.

"The IT industry is carrying a hammer and everything it sees it tries to make a nail," said Lynch. "That hammer is the relational database... anything you put around it like Hadoop or MapReduce doesn't understand the information now being collected... you need technology that understands."

Lynch said the relational database was a tool from the past when people began using computers. Then the machines didn't understand human behaviour so were forced to deal with very strict equations. Now, the world has changed and data tools must move with it.

"Customers do not live their lives in columns, they ring you up," he said. "Understanding this can change your business.

"There is an explosion of human friendly information, such as social media, phone calls... this data is growing much faster than structured information, three times as fast."

Autonomy already has products to deal with this data, known as IDOL, but Lynch revealed more products would be coming this year to integrate the software into HP hardware products.

"What you are going to be seeing from us is we will work very closely with hardware for new products," he said. "It's a very exciting time."

Lynch concluded by summing up his beliefs around information.

"It is not about data, it is about meaning, it is not about machines, it is about people and it is not about the status quo, it is about a new opportunity."

EMC today launched VFCache, a flash caching module for servers announced last year under the Project Lightning moniker.

It marks another foray away from the storage array for EMC as it looks to bring its flash expertise to the server space.

Testing showed a three times throughput improvement and a 60 per cent dip in latency, the storage giant claimed.

If that means bringing storage to the compute makes sense, that's what we'll do. And that's kind of what we're doing with VFCache.

"This is a product that extends EMC's FAST technology into the server. It is a combination of hardware and software, the hardware being a PCIe card, which is a very exciting technology because if really changes the performance landscape it's even faster than flash inside a storage array," Barry Ader, EMC's senior director of storage product marketing, told IT Pro.

"We marry the hardware with some software intelligence that sits inside of the server, the operating environment, to determine exactly what data is hot and make sure we keep the hottest data in the server, closer to the application, closer to the CPU complex."

Data held in the cache is still pushed out to the storage array for added security, Ader said.

"This is a very nice complement to the VMAX and VMX storage devices," he added.

"VFCache will work with a variety of servers that are out there. We've qualified this with IBM, Dell, HP and our Cisco UCS partners. We have qualified VFCache with the majority of server vendors that are out there."

VFCache will either be sold to IT departments directly via EMC to line up with the vendor's storage products, or through channel partners, including server and storage companies.

The main competition for EMC in this area will be Fusion-io, which has been pushing out PCIe cards to the industry a few years ago.

"The difference here is that they [Fusion-io] went after the early adopters," Ader asaid. "They sold these cards as DAS [direct-attached storage] cards rather than cache devices. So that caused a lot of problems for their customers.

"Really mainstream customers weren't able to leverage this it didn't solve their scalability, shareability protection problems."

VFCache will also be getting deduplication technology added to it in the coming months.

Thunder coming

EMC also revealed plans for an entirely separate appliance, which will essentially do the same job as VFCache but considerably quicker.

"It's for those high-end use cases. A good example might be a high-end trading application... it might not be for the mainstream."

The first Thunder devices will be trialled with early adopters in the second quarter. Wider adoption will be opened up later in the year

EMC in server space?

Ader would not be drawn into saying whether this foray into the server space would mark EMC's eventual move into actually manufacturing servers.

"As our customers are looking for different ways to manage their information, of course EMC is going to look at these different ways that we can leverage technology like flash disrupting types of enabling technology.

"There are ways for EMC to enhance value to customers by not just going into the server space. That's not the intention. The intention here is, there are different ways to create value. In some cases that might mean bringing storage to the server.

"If that means bringing storage to the compute makes sense, that's what we'll do. And that's kind of what we're doing with VFCache."

Companies such as Cisco and HP are trying to pack more into servers, whether with networking or storage capabilities.

Dell, meanwhile, recently broke off its storage relationship with EMC, hinting it would be dallying in smarter servers with potentially greater storage integration.

Intel yesterday showed off its first commercial co-processor to break the one-teraflop (TFLOP), or one trillion calculations per second, performance barrier.

Its Knights Corner accelerator chip, based on the Intel Many Integrated Core (Intel MIC) architecture, demonstrated its 1 TFLOP performance running on a test two-socket Xeon server at the Supercomputing conference in Seattle.

Intel said the exhibit reiterated its commitment to delivering efficient and programming-friendly platforms for highly parallel applications in high-performance computing (HPC) tasks, such as weather modelling, tomography and advanced materials simulation.

Having this performance now in a single chip based on Intel MIC architecture is a milestone that will once again be etched into HPC history.

Rajeeb Hazra, Intel general manager of technical computing and its connected systems group, said the first demonstration of a Teraflop supercomputer was in 1997 and used 9,680 Intel Pentium Pro processors as part of Sandia Lab's "ASCI RED" system at a cost of $55 million (34.9m).

"Having this performance now in a single chip based on Intel MIC architecture is a milestone that will once again be etched into HPC history," he said.

The chipmaker said Knights Corner will be manufactured using its 3D Tri-Gate 22nm transistor process and feature more than 50 cores. It did not, however, offer any more detailed specifications.

Hazra added that the Knights Corner chip could be accessed and programmed as though it were a functional HPC compute node, unlike traditional graphic processing unit (GPUs) accelerators.

This enables it to be visible to applications as though it were a computer running its own Linux-based operating system (OS) independent of the host OS.

Targeting highly parallel processing workloads and existing x86 programming models and tools, its new performance level was measured using the Double-precision, General Matrix-Matrix multiplication (DGEMM) benchmark.

The Intel MIC architecture is designed to eliminate the need to port the code to a new programming environment in order to run existing applications.

This capability will allow scientists to use both CPU and co-processor performance simultaneously with existing x86-based applications, saving time, cost and resources that would otherwise be needed to rewrite them to alternative proprietary GPU languages, according to Intel.

The chipmaker said it already had a customer for a 10-petaflop system running its Knights Corner co-processor on PCI-Express processor slots, which will begin installation next year. The system, for the Texas Advanced Computing Centre, is expected to become fully operational in 2013.

AMD has launched its first 16-core Opteron chips, designed with cloud servers in mind.

It has been a long wait for the chips, which contain more cores than any other x86 chips on the market today, as the industry has known about them for a year now.

With more cores on board, AMD is hoping cloud-focused manufacturers will jump on the new chips, which the vendor believes are the "natural choice for heavy-threaded cloud computing environments."

The wait for the most anticipated new product and architecture for servers is over.

Designed on AMD's new Bulldozer architecture, the Opteron 6200 will appear in Acer, Cray, Dell, HP and IBM servers in the "coming days and weeks," the vendor said.

There are 10 different models of the Opteron 6200, ranging from four cores to 16, with the maximum clock speed hitting 3.3GHz. AMD's Turbo CORE Technology allows for an extra power boost of up to 500MHz.

AMD claimed the new chips offered up to 89 per cent greater performance than other server processors costing the same price.

"Our industry is at a new juncture; virtualisation has provided a new level of reliable consolidation and businesses are now looking to the cloud for even more agility and efficiency. We designed the new AMD Opteron processor for this precise moment," said Paul Struhsaker, corporate vice president and general manager for Commercial Business, AMD.

"The wait for the most anticipated new product and architecture for servers is over. Leading OEMs are now offering cloud, enterprise and HPC customers a full suite of solutions based on the industry's most comprehensive server processor portfolio, the new AMD Opteron family of processors which deliver an inspired balance of performance, scalability and efficiency."

The chip maker is looking to make a big impact on the x86 market, which Intel still dominates. Much emphasis has gone on the power savings of the Opteron models.

"When these energy efficient processors are used in servers, the server power savings can be dramatic as much as a 20 per cent reduction in server active idle power and an 18 per cent increase in server performance-per-watt," said Andy Parma, a product marketing manager for at AMD, in a blog post.

AMD also announced its new Opteron 4200 chips, claiming it is the "world's lowest power-per-core server processor built to deliver unparalleled efficiency for complex, technical workloads."

There are eight different models for the Opteron 4200 design, with a top clock speed of 3.3GHz. Customers can choose between six and eight-core models.

HP announced plans to stuff ARM-designed chips into its servers, as it looks to create super energy-efficient datacentres for cloud providers and large enterprises.

It marks a significant moment for ARM, which has done little to challenge the dominance of the x86 architecture used in the majority of servers today.

It also forms part of Project Moonshot a multi-year HP initiative designed to support those moving to "hyperscale environments."

HP Redstone is designed for testing and proof of concept. It incorporates more than 2,800 servers in a single rack.

HP is essentially looking to help companies truly consolidate their data centres, thereby making them more eco-friendly and efficient.

The company introduced the HP Redstone Server Development Platform, which will feature Calxeda's EnergyCore ARM Cortex processors. The system-on-a-chip processors should help companies basing deployments on the Redstone platform use 94 per cent less space in their data centres, HP said.

ARM launched its energy-efficient Cortex-A7 MPCore chip design last month with much fanfare around their power consumption capabilities. The British chip developer claimed its new processor design was five times more energy efficient than its predecessor, while also delivering significantly greater performance.

ARM won't be the only Redstone partner, however. HP confirmed future Redstone server deployments would come packed with chips from Intel and "others."

"HP Redstone is designed for testing and proof of concept. It incorporates more than 2,800 servers in a single rack, reducing cabling, switching and the need for peripheral devices, and delivering a 97 per cent reduction in complexity," HP said.

Select customers will be able to get their hands on Redstone offerings from the first half of next year.

To supplement the Redstone platform, the US tech giant launched the HP Discovery Lab. This services offering will let customers test out Redstone deployments before making any purchase. The first lab will open in Houston in January, with European facilities expected soon.

"The volume of data processed in financial markets has increased exponentially, and traditional scale-up or scale-out architectures are struggling to keep up with demand without vastly increasing cost and power usage," said Niall Dalton, director of high-frequency trading at Cantor Fitzgerald, a company looking into the Redstone technology.

"HP is taking a holistic approach to solving this problem and working to bring unprecedented energy and cost savings for tomorrow's large-scale, data-intensive applications."

As part of its newly-announced BBX platform, RIM will deliver a new version of the BlackBerry Server with a host of security-focused additions.

This includes features to simplify management of personal devices at work, bringing the BlackBerry Balance service to PlayBook and adding private enterprise app distribution.

With the consumerisation of IT, the conundrum is IT wanting to manage and the end user wanting to have one device that gives them access to all their experience.

Balance is included with BlackBerry 7 smartphones, allowing IT admins to encrypt, manage and delete company data on the phone without affecting personal content like photos. BBX will combine that with business app deployment through BlackBerry Enterprise Server.

"We're going to take Balance all the way down to the metal of the OS," said Alan Panezic, RIM's head of enterprise product development. "When you have a PlayBook with Balance and it's provisioned against a BlackBerry server, it gets a new secure area and any app pushed by the business is automatically stored there.

"With the consumerisation of IT, the conundrum is IT wanting to manage and the end user wanting to have one device that gives them access to all their experience. CIOs are saying I'm ok with that as long as I can be sure that data is protected.' Security and compliance is critical."

These enterprise apps will appear in a new tab in the PlayBook OS, labelled Work, and they'll support single sign-in with the user's existing corporate password. Employees won't have to use a password on the PlayBook itself (unless that's set by a separate policy), so they won't have to type in a corporate password until they open an enterprise app.

On the next version of the PlayBook OS, enterprises will also be able to provision their apps directly to the PlayBook through BlackBerry App World without having to upload their apps publicly. When the PlayBook is connected to a BlackBerry server that pushes apps to devices, a new Work section appears inside App World, showing only the enterprise apps they can install from the server. To the PlayBook user, they appear and install like any other application in App World.

This allows enterprises to virtualise the full Windows desktop or to package up and stream individual PC applications, using existing Citrix infrastructure. The Receiver interface is written in AIR and supports single sign-on, multitouch and multitasking, so users can run multiple virtualised apps or multiple remote desktop connections on the PlayBook, alongside other PlayBook apps.

Oracle has issued an out-of-cycle patch for a denial of service flaw in the Apache web server, versions httpd 2.0 or 2.2, affecting a range of products.

Whilst Oracle has not given the vulnerability a high rating, it noted how easily the flaw could be exploited.

The general unwillingness of Oracle to deviate from its once-every-three-months patch cycle spells one word, Importance.'

"This vulnerability may be remotely exploitable without authentication, i.e. it may be exploited over a network without the need for a username and password," Oracle noted in its security advisory.

"A remote user can exploit this vulnerability to impact the availability of un-patched systems."

Larry Ellison's firm recommended IT departments update their systems as soon as possible, due to "the threat posed by a successful attack."

Products affected include Oracle's Fusion Middleware and Application Server products. Oracle Enterprise Manager is also affected if the user is running the Fusion Middleware containing the vulnerability.

The flaw emerged last month, when the Apache Software Foundation revealed the denial-of-service vulnerability affected all versions of the Apache web server.

It worked by allowing a malicious user to exploit the Range feature in Apache web servers, which enables the pausing and resuming of downloads. An attack tool was spotted in the wild, giving hackers the power to overload a server by asking it to access multiple parts of a file simultaneously.

The Apache Software Foundation has already issued two patches to fix the problem in version 2.2. It sent out an initial patch towards the end of August, before issuing another to go on top of that fix.

"However conservative you might be, if you're an Oracle user, this patch is definitely recommended in a hurry," said Sophos' Paul Ducklin, in a blog post.

"The general unwillingness of Oracle to deviate from its once-every-three-months patch cycle spells one word, Importance.'"

Network perimeter security is no longer enough to prevent data leakage as the enemy is probably already inside the gates. The number of communications methods and removable storage devices available to your users makes it all too easy to accidentally take sensitive data off premises or steal it.

We've always been impressed with DeviceLock's solution to this problem and this latest version adds stronger access security at the network protocol level. It also has greater content awareness allowing it to apply access policies based on file content as well as file type. This ContentLock feature works by recognising keywords and patterns within file contents.

At its foundation, DeviceLock provides controls for managing access to every conceivable workstation port and removable storage device. The latest iPads and iPhones are recognised so it can control data transfers between these types of devices and manage access to functions such as calendars, contacts and email.

These are some of the messages users will see if they try to access devices or services they do not have permission for.

DeviceLock 7 introduces the optional NetworkLock component which takes access control up to the network protocol level. For SMTP you can control connections to a mail server, the sending of emails and whether attachments are permitted.

HTTP policies determine whether you can post content to web forms, upload files to a web server or whether you are allowed any web browser access at all. For social networking sites you can control basic access, permit users to post comments and messages and allow or deny uploading content.

Installation on a Windows Server 2008 R2 64-bit system was easy enough, although DeviceLock really needs to integrate everything into a single console. At present, you have to juggle three different consoles. One works with the standard MMC console integrating with Active Directory so access policies can be enforced at the user and group level.

Agent deployment to our Windows 7 clients only took a few minutes as the Enterprise Manager scanned our network and provided a list of discovered systems for selection. A global policy is provided so you can lock down access to specific devices and ports as soon as the agent has been installed.

SMTP controls are good as we allowed some users to send emails, but not add attachments, and stopped others from sending any emails at all.

Moving over to the MMC console allows you to create new policies for selected AD users and groups which contain device and port permissions plus time periods for when they are active. Offline policies can control mobile workers and swing into action when DeviceLock detects they have left the main network.

The NetworkLock component is accessed from the new Protocols section in the MMC console. Policy creation is the same as it is for ports and devices. You select a protocol, determine access levels and apply it to users and groups.

SMTP controls are good as we allowed some users to send emails, but not add attachments, and stopped others from sending any emails at all. This also works over SSL. For FTP we could allow full access, permit either upload or download activities or deny all access.

It initially appears possible to prevent users from using Windows Live Messenger to send instant messages or to prevent them from logging on in the first place. However, we found a problem here as both options are interdependent so they can only be on or off together so all you can do is block access completely. This isn't a critical problem since Messenger would be of limited value without the ability to send instant messanges, but we nevertheless highlighted this to DeviceLock and it advised us it was looking into it.

We created our own list of patterns and keywords and tested it by trying to send Word documents using FTP and SMTP. It worked perfectly as files that didn't have a match were allowed through and all those that did were blocked.

You can also apply auditing and shadowing policies to NetworkLock. With this activated we could see all activities from the console, view all emails being sent and see the subject line and the message content along with attachments and their contents.

ContentLock adds an extra dimension to NetworkLock - instead of a wholesale application block you could permit access but decide what files can and can't be transmitted. ContentLock also applies to removable devices so you can allow users to copy only some files to USB sticks, blocking more sensitive information.

DeviceLock can manage access to every conceivable workstation port and removable storage device.

DeviceLock 7 has an extensive range of controls for protecting business data and stopping insider theft. The optional features add considerably to the price and it's long overdue for for a centralised management console but it does cover all exits from the network and provides essential logging and auditing facilities.

So what's our verdict?

Verdict

DeviceLock provides some of the best controls for ensuring that sensitive data doesn’t get into the wrong hands. The new NetworkLock and ContentLock options are well worth considering as they add extra levels of security for protocols and applications but they are expensive for SMBs. We also think it’s about time DeviceLock simplified management by amalgamating all the different consoles into just one which would make it easier to use.

RAM: 64MB Hard disk space: 25MB Operating system: Windows NT or later Options: For 100-199 seats; NetworkLock £14 per seat; ContentLock £28 per seat (all ex VAT)

The majority of application delivery controllers (DLCs), or server load balancers, are priced way beyond the means of SMBs but Kemp Technologies is one of a growing number of vendors that aim to make this technology far more affordable. In this exclusive review we look at its latest LoadMaster 3600 which represents the higher end of a family of four general purpose appliances and with a price tag of 7,250, looks particularly good value.

The 3600 provides server load balancing, Layer 4/7 content switching, SSL acceleration for up to 5,000 transactions per second (TPS) and supports 1,000 physical and 1,000 virtual servers out of the box. It supports a number of deployment methods where a single-arm mode uses one network port with all physical and virtual servers on the same network subnet.

We opted for the two-arm mode which keeps physical and virtual servers separated on different subnets. The appliance has eight Gigabit Ethernet ports and for high availability you can use two appliances for failover purposes.

Initial installation is simple as you have three methods of access. The CLI (command line interface) can be accessed with a serial port connection, you can plug in a local monitor and keyboard or simply point a browser at the appliance's default IP address.

The 3600 adheres to the standard concepts for server load balancing as you create farms using multiple physical servers and assign these to virtual servers. For testing we used a VMware ESX Server 4 system to present multiple real' servers running web, FTP and mail services. Creating virtual servers was simple as we provided an IP address, port number and protocol and then assigned physical servers to them using their real IP addresses.

Kemp has seven load balancing schemes with the default round robin mode intercepting incoming requests and distributing them to each server in strict rotation. Weighted round robin mode allows priorities to be assigned to each server in the farm thus ensuring the better specified servers are kept the busiest.

Traffic distribution can be based on real servers with the least number of connections. Weightings can also be applied to further control which servers in the farm are used most. Weighted response time is a new scheduling method where the weights for each server are automatically adjusted based on their response times.

An agent can also be used to allow load balancing to adapt to server performance. The agent presents a numerical value between 1 and 100, which defines how busy the server is, to a LoadMaster query. The only drawback is that each real server must be running IIS, rather than an alternative such as Apache or even if it's not being used as a web server, as the LoadMaster expects a web page containing the value.

Kemp should look at adding load balancing features for VM-based server farms. In our sister title PC Pro we exclusively reviewed Coyote Point's Equalizer E250GX and were impressed with its VLB (virtualisation load balancing) feature which uses parameters such as VM availability and utilisation data to load balance.

For connection persistence the 3600 can use Layer 4 inspection which uses source and destination addresses to ensure traffic from a particular client is always sent to the same physical server. Kemp offers a good range of L7 connection persistence methods which includes cookies, session IDs and URLs along with rules for inspecting HTTP content.

Kemp provides a good range of L4 and L7 persistence controls to ensure users are handled by the same real server during their session.

For SSL acceleration the 3600 uses a Cavium Nitrox hardware accelerator card. Normally, the appliance decrypts SSL traffic and sends it to the internal servers in the clear to improve performance but another new feature allows traffic to be re-encrypted by the appliance before passing it on.

To test the appliance we created a virtual web server with three real servers assigned to it with round robin weighting applied. Using a client system on the external side we pointed a web browser at the virtual IP address and were rewarded with the standard web site we had configured on the real servers.

Paessler's Webserver Stress Tool and configured it to simulate 2,000 users each clicking on a web page every five seconds. With the load ramped up we could see from the LoadMaster's statistics page that all requests were being evenly distributed across the real servers and during this test Paessler detected no errors.

We also created a virtual FTP server using our three real servers each with an identical download folder containing 6GB of test data. We logged on to the virtual server from three different clients using the FileZilla utility and while downloading the test folder saw that each had been sent to a different real server.

Using the Kerio Connect mail software we also created a virtual server for web mail. Our clients were able to connect normally to the virtual server where they were presented with the standard secure login page and were none the wiser that they were being load balanced.

Other useful features include the option to cache static web content in RAM for faster responses and the ability to apply GZIP compression to HTTP objects. Basic intrusion prevention is also available as the appliance uses SNORT rules to check incoming web traffic and block anything malicious from reaching the real servers.

The 3600 can cache and compress web content and uses SNORT rules to provide intrusion prevention measures.

For the price, the LoadMaster 3600 is a well specified application delivery controller that beats Barracuda's Load Balancer 640 hands down on value. It's easy enough to deploy and offers an impressive selection of features for controlling load balancing and connection persistence.

So what's our verdict?

Verdict

The LoadMaster 3600 beats most of the competition at the value end of the server load balancing market as it offers an excellent range of features. A traffic throughput of 3.4Gbit/s and 5,000 TPS SSL acceleration rates are also exceptionally good at this price point. Our only gripe is the need for Kemp to address the use of VMs as physical servers and bring in some load balancing features specifically for these environments.

Chassis: 1U rack CPU: 2.67GHz Intel Core 2 Quad Q9400 Memory: 4GB DDR3 Storage: Transcend 512MB DOM Network: 8 x Gigabit Ethernet Other Ports: VGA, serial, 2 x USB2 SSL Acceleration: Cavium Nitrox PX CN1610 PCI Express card Power: 200W fixed supply Management: Web browser

Intel launched a new range of processors late yesterday, designed for low-powered servers.

The Xeon X3 family consists of seven new chips which, although usable for other platforms, are being targeted at the ever growing microserver market populated by boxes from the likes of Dell, Tyan and SeaMicro.

Microservers are becoming an increasingly popular alternative to your classic server as the chassis contains just one chip and, at a fraction of the size of a blade or rack server, they can enable a company to fit more boxes into their data centre.

UK-based chip manufacturer ARM has already made headway in this space with Calxeda putting bets on its processors. So, with this in mind, Intel unveiled its rival Xeon X3 range.

Six of the seven chips contain four cores whilst one, the E31220L, has just two. The former all have 8MB cache capabilities with the latter taking on 3MB.

Speeds ranged from 2.2GHz up to 3.5GHz and wattage goes from 20W to 95W although four all came in at the 80W mark.

All seven contained DDR3 memory, with support for four memory slots offering up to 32MB and they also used Turbo Boost.

Although the data centre group at Intel would not confirm exact pricing, it did reveal the chips would be available within the next few weeks.

Facebook on board

The Xeon X3 family was launched at a press event in San Francisco and the company wanted to show it had some of the big players backing its corner.

Enter Gio Coglitore, director of the labs at Silicon Valley sweetheart, Facebook.

He confirmed the social network had been testing the use of microservers in its own data centres and the added features in the new range of chips such as 64-bit compatibility and Error Correcting Code memory made Intel-based boxes an attractive option.

The first place Facebook will use the microservers, however, is in its front facing web servers, where implementation will be happening shortly, said Coglitore.

The Russian-based security firm Kaspersky has fallen victim to the cyber criminals it tries to protect users against, according to reports.

The company, known for its anti-virus software, has supposedly been compromised by hackers who have directed users trying to download Kaspersky's software to malicious sites. Once they have reached the destination they are then encouraged to download fake anti-virus software, which could compromise their data security.

Users of the software have complained to the company over three separate forums but, despite a user thought to be a Kaspersky employee claiming the issue was fixed, the company denied on the forums there had been any problem to begin with.

Writing about the incident on his blog, Rik Ferguson, senior security advisor at Trend Micro, said: "Security vendors have often been the target of both malicious and mischievous hackers and without fail, honesty and transparency have always been the best policy in the aftermath of such an event."

UPDATE: Kaspersky got back to us and confirmed an attack had hit the site on Sunday, exploiting a vulnerability in a third party app used for website admin.

The company claimed the redirection to the fake anti-virus only lasted three and a half hours and as soon as it was notified, it took the affected server offline within ten minutes.

"Currently the server is secure and fully back online, and Kaspersky products are available for download," the firm said in a statement sent to IT PRO.

"Kaspersky Lab also wants to confirm that no individual's details were compromised from the company's web servers during this attack."

The statement concluded: "Kaspersky Lab takes any attempt to compromise its security seriously. Our researchers are currently working on identifying any possible consequences of the attack for affected users, and are available to provide help to remove the fake antivirus software."

A new version of the open source web server Tomcat has been unveiled.

Version 7 of the Java web server has been released by open source leaders the Apache Software Foundation and is the first update to the product since 2006.

The foundation has claimed the latest incarnation fully implements Java Servlet 3.0, JavaServer Pages (JSP) 2.2 and Expression Language (EL) 2.2 specifications to make web framework integration much simpler.

It also said the updates allow for "out-of-the-box" support for developers, where before they would have had to code manually.

Ross Mason, founder and chief technology officer (CTO) of MuleSoft, said: "The improvements in this new release leverage advances in Java significantly improving the lives of the world's web application developers."

He added: "This release includes more than 10 years of active community development effort, continuing Tomcat's lead as the best Java web application server to power the enterprise."

There have been more than 10 million downloads of Tomcat so far and this latest edition fixes all known issues from its predecessors.

Apache has said it will continue to support versions 5.5 x and 6.0 x but patches for bugs and security flaws may take more time.

Tomcat 7 is available from today and can be downloaded here.

Security experts have warned of a new distributed denial of service (DDoS) attack that targets full on web servers rather than individual PCs.

The hackers infect servers with an application and, through a very simple software program, are able to identify the URLs they want to attack and hit them in a click of a button.

Imperva, the security firm which discovered the attacks, has the source code for the original application, along with screenshots, showing it only contained 90 lines of PHP code.

"Although servers are typically harder to compromise than PCs, by capitalising on their greater horsepower, the hackers create a much more efficient and powerful DDoS tool using servers as the attack platform," said Imperva in a statement.

"By using web servers, the attackers are even less detectable. Trace backs typically lead to a lone server at a random hosting company."

Amichai Shulman, chief technology officer at Imperva, has claimed that unlike most DDoS attacks, this is not a one off and the attacks "will be ongoing."

He advises companies to be on the look out and monitor Google presence to check if they have been compromised.

A new flaw has been discovered in Apache Web Server that could allow cyber criminals to take control of system privileges, according to a security research firm.

Sense of Security (SoS) released an advisory claiming the core mod_isapi module in the most popular open source HTTP server could be targeted to induce the vulnerability.

The report said: "By sending a specially crafted request followed by a reset packet it is possible to trigger a vulnerability in Apache mod_isapi that will unload the target ISAPI module from memory."

It continued to claim that although this would be unloaded, function pointers would still remain, allowing attackers to take control - what SoS calls "a dangling pointer vulnerability."

The vulnerability was given a high severity rating by the researchers who said it definitely affected version 2.2.14 on the Windows platform but could also affect others.

The simple solution and advice for users is to upgrade to version 2.2.15. Users can also download the proof of concept from SoS from here.

IT PRO contacted Apache for comment on the new flaw but it had not responded to our request at the time of publication.

Puppy Linux is one of several minimalistic GNU/Linux distributions that can live on a USB flash memory stick and run entirely in your computer's memory - in Puppy's case as little as 64MB.

Puppy weighs in at about 100MB, and comes with unfamiliar but practical applications to achieve just about everything you could possibly want for most everyday use in the office or at home.

There are GNU/Linux distributions such as Damn Small Linux and Slitaz which are a better bet for specialised applications. Damn Small Linux is half the size of Puppy and can be expanded into a full blown Debian installation, a web server or a router, and is better configured for security. Slitaz is even smaller and serves a similar purpose.

There are tiny GNU/Linux distributions that are engineered for specific purposes, to run in memory while you search and rescue data that has been lost on broken filesystems, such as SuperGrubDisk or the SystemRescue CD. You can do the same with Puppy. Puppy is useful for accessing and retrieving files on Windows systems, but lacks some of the more esoteric tools.

There are the lean and specialised mobile or embedded Linux distributions which run your smart phone or TV set top box, or there is the super flexible Tiny Core Linux which weighs in at a miraculous 10MB and can be expanded to fulfill any specialised purpose you could wish for.

But what distinguishes Puppy Linux is its simplicity and charm, and its sense of fun.

Fun is a large part of the GNU/Linux experience, and is a significant motivation for users to bother with the hassle of leaving Windows or other operating systems behind. "The most important design issue...", Linus Torvalds wrote on the Linux kernel mailing list in 1995, "is that Linux is supposed to be fun..."

On the move

In these days when memory and storage are cheap, the small Linux distributions may seem redundant. But Puppy, like the other compact GNU/Linux systems, has its uses.

Puppy takes the approach that small is beautiful, and makes it possible to offer different opportunities to understand and learn how the system works. Puppy is small and nomadic, can live in your computer's memory, and be taken from place to place on a memory stick.

You can save changes to the stick, with or without encryption for the security of your data, and leave barely a trace of your presence on the host computer.

You can work on the move, and carry your private data from place to place, from home to work, without the need to take your computer with you. You can equally well use a DVD or CD.

This applies not only to the data but also to the extra applications you may choose to download. Puppy may not come with OpenOffice or The Gimp pre-installed but there is nothing to stop you downloading any application you want in any package format that is supported by any other major Linux distribution.

Puppy is also the perfect educational tool, playful and transparent enough to give inexperienced users the opportunity to learn without doing any real damage, and unencumbered by the layers of software that are the norm on a modern operating system.

A minimal operating system strips away the layers, but inevitably comes with compromises. So a vanilla download of Puppy Linux, which will run amazingly fast in 64MB of memory, can't afford or won't allow you the space for overblown applications that give you options and choices that you might never want to use.

You don't get OpenOffice, but you do get the small, quick and surprisingly fully-featured alternative word processor AbiWord, Gnumeric for creating spreadsheets, and HomeBank finance management software.

There are games and graphics, music and video software, and a full range of networking tools, supporting a wide range of wireless cards.

Puppy Linux comes from Australia and is the original work of Barry Kauler, whose blog is probably the best source on the project's progress. Puppy could be described as one man's hobby, but as the distribution has grown in popularity, Puppy has gained an expanding community of users, who contribute to the code and the busy user forums.

Puppy does have one major flaw, and that flaw is that Puppy Linux has only one user, and that user is the superuser, which isn't a good idea at the best of times, but is catastrophic for any outward facing application or server which is permanently installed on its host computer - a failing which is justified by Puppy users on the grounds that Puppy usually runs in memory and has no permanent presence.

Every review of Puppy Linux remarks on Puppy's lack of a proper user subsystem and its dependence on the superuser. But sadly, this part of Puppy has never been revised.

Do it yourself

Puppy Linux is the ideal GNU/Linux distribution for those who like to pull things apart and put them together again just so they can know how it works.

Puppy facilitates this process. It is as easy as pie to make your own 'puplet' or derivative of Puppy, to pull it to bits and pieces, and draw software from the Puppy Linux ecosphere to configure your own puplet or mini-distribution. Puppy not only makes this easy, but encourages the process. If you want to be more than just a user and to learn how your computer works, Puppy is probably as good a place as any to start.

The Linux kernel project began as the hobby of one person, and became the hobby of many. The spirit of adventure is why people became involved. The first issue was that the software was free as in spirit and "not as in beer".

The second issue was that it was fun and you could do what you liked with it, which made a difference in a world where computing, even on home computers, was increasingly limited. Programming may not be everyone's idea of fun, but was seen that way by those who got involved in the development of Linux and other free software.

Puppy Linux somehow retains some of that spirit, a latent nostalgia for the early Linux distributions which made a virtue out of their barebones appeal, lack of bloat and closeness to the ground.

The home computers of the eighties came with the code and were a learning experience. By the nineties, the code was no longer available and the opportunity to experiment and learn was relatively limited. Linux and free software changed all that, not only for home users and students, but also for academics and scientists and programmers who didn't always have the opportunity to get involved in more ambitious projects.

The early GNU/Linux distributions were do-it-yourself efforts to bring together the growing number of free software utilities in one place. They didn't always work as they should, and weren't always everything they should have been, but gave access to the code and some kind of integration, and as their popularity increased they rapidly improved.

The fun of Puppy Linux, like Debian or Gentoo for other kinds of users, is that it retains much of the playful do-it-yourself appeal of the early Linux distributions.

The release of Windows Server 2008 R2 marks a significant turning point in the history of the Microsoft server platform. It's as major a release as NT 4 back in 1996, and the Server 2000/2003 editions. With Windows Server 2008 R2, there is a clear set of business reasons to move forward to this version, and it lays the foundations for many years of productive work ahead.

Some of the tweaks can be seen from the hardware changes. This release is 64-bit only across the board, and it can support up to 256 logical processor cores, with the HyperV VM engine supporting 64 cores within a virtual machine instance, up from 24. Such a change should give a taster for the depth of the capabilities that have been engineered into the kernel. This is an OS release that's looking forward to the middle of the next decade and beyond, and is happy to shrug off the 32-bit era of its predecessors. Although there is a long list of new capabilities within Server 2008 R2 itself, the real power and value comes when you deploy multiple components of the surrounding family too. This is the first version of Windows Server where hypervisor virtualisation is truly built into the core platform, and the default install for most implementations will be into a virtualised environment, probably using the Microsoft HyperV technology.

With that comes the need for strong server management tools, and Microsoft's offering here is better than it has ever been. And this allows for a rich and deeply managed infrastructure of server-hosted application servers, from web servers through Exchange Server to Sharepoint Server and into client desktop provisioning and application virtualisation and streaming. Looked at in isolation, Server 2008 R2 brings much to the table which is worthwhile. But it is when deployed within such a rich and interconnected ecosystem that the true value will be achieved. Indeed, we would go as far as to say that it should only be considered if you are prepared to dive in with both feet. If you are, then this cohesive platform will provide a level of service infrastructure that previous server generations could only dream of, and which will clearly lay the foundations for five, even 10 years of business computing.

Windows Server 2008, it will be much more of an incremental change, but here we would stress caution. Early adopters rarely get the best out of a new platform, simply because most of the pieces are not always ready, and the financial pressures of today demand that every last piece of performance and capability is used to the maximum. More challenging still, to get all the benefit from the Server 2008 R2 platform, you need to deploy Windows 7 onto the desktop too some of the functionality requires the latest technology at both ends of the network, and this increases the workload and risk exposure to higher levels than ever before.

For example, if you want to implement the VPN-less remote networking for laptops, that requires Windows 7 on the client and 2008 R2 on the servers. If you want the full feature set of Remote Desktop, then you need both - but the upside is multi-monitor support, multimedia redirection, Aero support, 3D graphics support which uses the local GPU (graphics processing unit on the graphics card) and so forth. And if you want the branch office data caching capabilities, then again you need both Windows 7 and Server 2008 R2

However, those who are likely to be able to embrace this are those who have already done much work on their server side on Server 2008, especially the management tools side, and are now working through virtualisation on the server side and desktop refresh on the client. So it is not an insurmountable problem. Done right, there are very significant benefits for the organisation massively increased resilience, completely re-thought disaster recovery scenarios, and almost eye-popping server consolidation with consequential reductions in power consumption, heat output and server room space requirements.

Couple this with totally re-written ways of doing app deployment and updating, and it is clear that this is an upgrade platform that favours the far-thinking. For once, there really is a crock of gold at the end of the rainbow.

number of SKUs has reached frankly ridiculous proportions. Licensing has never been more complicated and confusing, and Microsoft simply must make sweeping changes to simplify the mess. More confusion makes for unhappy customers.

If you can wade through the licensing treacle, and make sense of the final invoice, then there is no better business platform today.

Verdict

The best Windows Server platform yet, and one which forms a superb core to the wide range of server-hosted technologies that Microsoft now offers. That said, Microsoft needs to do more work on its licensing structure to make migration smoother.

Processor: 1.4 GHz or greater Memory: 512 MB or greater Peripherals: Mouse or compatible device, keyboard Optical drive: DVD-ROM for installtion, Display: SVGA monitor Hard disk: 32GB required for installation

Microsoft has updated a security advisory concerning vulnerabilities in its Internet Information Services (IIS) web server, confirming that "limited" attacks were using publicly available exploit code.

The attacks are targeting flaws in the FTP service in Microsoft IIS 5.0 and could allow remote execution attacks or denial of service (DoS) attacks in IIS 5.0 as well as 5.1, 6.0 or 7.0.

Microsoft said it was aware that detailed exploit code had been published for the vulnerabilities, and was "actively monitoring this situation to keep customers informed and to provide customer guidance as necessary."

Microsoft said in the advisory: "These vulnerabilities were not responsibly disclosed to Microsoft and may put computer users at risk."

Tomorrow's Patch Tuesday has come too soon to fix the IIS vulnerabilities in question, but Microsoft said it would take the appropriate action, which could mean a security update released for a future Patch Tuesday or an out-of-cycle security update.

There is a warning of a vulnerability in Microsoft's Internet Information Services (IIS) web server, which could allow hackers to execute code and take control.

The United States Emergency Readiness Team (US-CERT) had posted an advisory about the issue, alerting users to a problem in the Microsoft IIS FTP service.

It was reported that the exploit code was originally posted on the Milw0rm site on Monday, which could soon make real-world attacks a possibility.

IIS 5 and IIS 6 are vulnerable. IIS is the second most popular web server behind Apache, according to statistics from July.

"By issuing an FT NLST (NAME LIST) command on a specially-named directory, an attacker may cause a stack buffer overflow," US-CERT's warning said.

"The attacker can create the specially-named directory if FTP is configured to allow write access using Anonymous account of a another account that is available to the attacker."

Microsoft confirmed the vulnerability in a security advisory, but stressed that it had not seen active attacks using the exploit code.

Apache has confirmed it was hit using a compromised SSH key to access one of its servers, which forced the shutdown of its website and most apache.org services.

The attack forced Apache, which at the last count accounted for nearly 50 per cent of all web servers, to shut down all machines involved as a precautionary measure.

After an initial investigation, it decided the best course of action was to change the DNS for most of its apache.org services to a machine that wasn't affected.

Further investigation revealed that the European fallover and backup machine, aurora.apache.org, was not affected. Although some rogue files had been copied over, none had been executed.

This allowed Apache to restore its websites to the version present before accounts could have been compromised.

Most user facing websites and services are now available, although Apache stated that some machines remained offline.

"To the best of our knowledge, no end users were affected by this incident, and the attackers were not able to escalate their privileges on any machines," said the Apache infrastructure team in a blog post.

It added: "While we have no evidence that downloads were affected, uses are always advised to check digital signatures when provided."

Opera has revealed its Opera Unite' technology, allowing the direct downloading of files between PCs over the internet using the Opera browser, without the need for any servers.

The company rather boldly claims that this technology, "reinvents the web".

Similar technologies have been available before, but required downloading separate software, paying usage fees, or involved a long process of uploading content limiting the takeup of services.

In effect Opera Unite is said to turn any computer into both a client and server, allowing it to access and share content with computers directly across the web. Opera Unite will work on Windows, Mac and Linux platforms.

However, the web server capability will be bundled into the upcoming Opera 10 browser, which means that you will need it to share files though you can access the files from any other browser.

Opera chief development officer Christen Krogh said: "The stuff that we make, we'll make freely available to any consumers. If a developer wants to make a service that is really, really great, and he wants to charge for it there will be opportunity there to make money from it."

He also said that there was no limit to the size of files you could share the only limit was likely to be the amount of bandwidth available to the users sharing files.

Krogh said that Opera Unite was as secure as any web browser running a widget, and that you could protect the content using a password or specify only particular computers could access it.

Opera chief executive Jon Von Tetzchner called the technology web 5.0', claiming that the next natural step for cloud computing was for computers to share content with each other without the need of a third-party.

You can try out Opera Unite here by downloading the build from Opera labs.

IT PRO has reviewed the Opera 10 beta and interviewed Opera chief executive Jon Von Tetzchner on video here.

Microsoft is investigating reports of a vulnerability in its popular web server Internet Information Services (IIS), which could allow an attacker to access password-protected files.

In its advisory, Microsoft said that "an elevation of privilege vulnerability exists in the way that the WebDAV extension for IIS handles HTTP requests".

Microsoft said it was investigating public reports of the problem, but so far wasn't aware of attacks that tried to use the vulnerability or of any customer impact.

The United States Computer Emergency Readiness Team (US-CERT) said it was already aware of publicly available exploit code and active exploitation of the flaw.

Security researcher Nikolaos Rangos said exploitation of the flaw could allow an attacker to get into password-protected folders, as well as allow the listing, downloading and uploading of files into a password-protected WebDav folder.

Security engineer Thierry Zoller has more details on the vulnerability, and warned that until the impact was 100 per cent clear, administrators should disable WebDav.

Last year, Microsoft denied there was any vulnerability in IIS after a a massive SQL injection attack had affected hundreds of thousands of web pages.

The launch of Wolfram Alpha this month has some wondering if we're moving into a new age of search. We certainly could be, but it's unlikely it'll be a Google-free world.

Indeed, this latest development as cool as it is is a continuation of a long string of innovation the sector has seen since the birth of the web. Wolfram Alpha is likely to fill one niche area of the market, while other innovations step-up to solve other problems. That may still leave Google holding the bulk of the market, but at the very least it's encouraging that so many are continuing to develop new ideas despite such a near monopoly.

How search works

Every search engine is a bit different, much to the annoyance of search engine optimisers the world over. That said, search engines basically send out a robot or spider across the web to follow each and every link. The service then indexes what it finds, with different engines storing different bits for example, Google, stores everything found in the source of the page, while others just look at what's displayed.

When a user searches all these indexed pages, relevancy comes into play. Google's PageRank is the most famous algorithm, but every engine has its own way of finding the best results.

But it's not just the web that's searched. Wolfram Alpha is promising to return answers, not just documents, from across the web, while many other searches look at more than the web or even limit themselves to specific niche areas of it. Consider the Pirate Bay. The now-notorious site offers a search of BitTorrents, specific file types that are key to its users. Or consider Google Maps it is searching for anything that can be geographically pin-pointed. Even services like Twitter are changing the way search works, by letting us search what people are tweeting about.

Before the web

Quite simply, the world didn't need search in the early days. In the beginning, all web servers were listed on a CERN website that was edited by a man then known as Tim Berners-Lee those were the days before he was knighted.

Once that list became unwieldy, a search tool dubbed Archie that's Archive' without the v' searched via a database of web servers. Soon after, Gopher's rise led to a pair of new search tools, comically dubbed Veronica and Jughead, which searched using file names and menu titles.

It wasn't until 1993 that the first robot came about. It was called the World Wide Web Wanderer, but it was for measuring the web, not searching it.

Modern search kicked off in December of that year with JumpStation, which used a robot to crawl the web, indexing it to make it searchable the three key aspects of modern, or at least current, search. JumpStation was limited to titles, but another system called WebCrawler took it a step further the next year, managing to search full text.

Going commercial

Lycos kicked off the money making in 1994. The Carnegie Mellon project not only robotically indexed every word on a page for searching, but it was also used by the public and went commercial.

But it had competition. Among the pack that emerged over the next few years was Excite, Magellan and Infoseek, in addition to Altavista and Yahoo. Perhaps surprisingly now, at the time Yahoo didn't search via full pages and keywords, but instead used a web directory system.

By 1996, dominant browser Netscape was struggling to keep things fair, so for a fee of $5 million it let search engines buy the search spot on the Netscape page in rotation.

But the search engine market was set for a shakeup. In that same year, Larry Page and Sergey Brin teamed up at Standford University to develop a search engine based on relevancy, initially dubbing it BackRub. Two years later, Google was incorporated as a company with investment of $1 million; a year later, they had $25 million to play with.

Google time

In 2000, the market as we know it now started to take shape. The dot com bust took down some, but Google's PageRank bumped it into the limelight, and it started offering advertising that year.

But Google's IPO in 2004 showed who was really in control of the market, putting the net worth of the company at about $23 billion. Now, it gains several hundred million queries a day. That said, Google has been hit by privacy and other controversies, and notably misses searching the "deep web" all the data that isn't linked the way Google likes it.

Challenging Google's dominance

While Google has seen a few challenges to its market dominance, although none have yet to make much of a dent.

Last year, an engine named Cuil launched, to much media coverage. While the company itself didn't use the phrase "Google Killer," a lot of journalists and bloggers did. And it sure didn't look good for Cuil or any other Google challengers when the service was derided for poor results and performance.

Last year, Cuil co-founder Tom Costello told IT PRO: "Other people tend to want to actually make it a story about oh, here's David coming along against Goliath.' And again, I think that with the story of David and Goliath, David doesn't always win on the first shot. A lot of time, people want a very quick resolution to these things."

Even though Cuil continued to struggle to gain market share in the following months, Costello thinks the service has a future. "Even when you see Google built to the kind of dominant position they have - it took them 10 years to build to that position. Search is not a business where you have overnight success. It's not a business where you change the behaviour of billions of people worldwide who use search overnight."

Maybe the challenge won't come from a new service, but from established players instead. That's certainly the goal Microsoft had in mind when it made a massive bid for Yahoo last year. While the bid failed, Microsoft has continued to try to partner with Yahoo on search.

At the moment, Microsoft's third and fourth ranked Live and MSN searches pull in about five per cent of the market, with second-ranked Yahoo adding another 10 per cent, according to Net Applications. Google takes about 81 per cent, though, meaning it has a lot of room for error to stave off any challenges, even from big players.

While a straight-up deal between Yahoo and Microsoft could cause some disruption in the online ad market, it's going to take something new to topple Google from its throne. Could pairing a big name with a new idea be enough? If Wikia Search is anything to go by, then the answer is no.

That project was backed by Wikipedia founder Jimmy Wales, so it had an attention-pulling big name from the start. It was never intended to overtake Google Wales said he hoped one day to get five per cent of the market but to offer an open, transparent search alternative. Wales said at the time: "The idea that Google has some edge because they've got super-duper rocket scientists may be a little antiquated now."

Instead, Wikia Search looked to crowdsource its relevancy, asking users to rank the results of a search, rather than rely on mysterious algorithms like Google. But the service never took off, and as the recession hit, Wales shut it down, noting it was pulling just 10,000 unique users a month.

What's next?

While Wales has promised to return to search as soon as finances allow, others are looking for new ways to find information on the web. Sir Tim Berners Lee is still at it, pointing to the semantic web and in turn search as the future. This looks to remove ambiguous words from the search process, making results more specific.

Microsoft is also set to be launching its new search tool as early as June. Codenamed "Kumo" at the moment, it looks to be a rebrand of its current Live search, but includes a few changes such as using categories to separate out different types of results.

And then there's Wolfram Alpha, the engine that promises to return answers, not documents. While it certainly looks impressive, it's so unlike what people currently use search for that it's unlikely to be the force that topples Google.

But then, in such a fast moving area of the tech world, who knows when the next Google could be created in a university somewhere around the world

The cost of basic server hardware has been dropping, with single-processor systems as low as 150, but that makes the cost of a Windows Server licence disproportionately expensive for small businesses.

Microsoft hopes to tackle the problem with a new, basic version of Windows Server that will be available this month, Windows Server 2008 Foundation.

"We see this phenomenon occurring in the low-end server spectrum, almost like a product category defining itself," explained Russ Madlener, Director of the Windows Server Solutions Group. "We're providing a very straightforward nd simple first server experience; we look at this as being the entry-level server OS."

Only available to OEMs, the new Foundation edition is limited to the specification of what Madlener called "typical low-end servers we basically align with the hardware." This essentially means 64-bit single-processor systems with up to 8GB of memory.

It includes licences for 15 users with no additional client access licences required and unlimited anonymous connections if you're using it as a web server. That's for simplicity, said Madlener. "As a small business, I don't have to think about whether I have to go and get more licences for user number ten, eleven or twelve." The only services that will need individual CALs are Terminal Services and Rights Management Services.

Foundation Server runs all Windows Server applications, including backup, anti-virus and other security tools, and has the same application logo compatibility. It doesn't have to be the only server on the network and it doesn't have to be the root of the Active Directory forest. "It will fully integrate with Active Directory, but it won't have the same functionality of a server that has the network role," he explained.

In fact, although it includes all the services that are in the Standard and Enterprise editions of Windows Server, it doesn't have any of the roles.

In particular, it doesn't include the Hyper-V virtualisation role. That's partly because of the value-cost ratio', but also because of the small businesses that Foundation Server is aimed at, said Madlener. "I'm selling SBS into businesses that have one 'server' they have a Windows 95 box on its side as file server and they're trying to consolidate down."

"We've known for some time that there's an opportunity to add a version of Windows Server for the 70 per cent of these companies with no server. We have a long history of taking server technology and simplifying it down," he said. "The one time in SBS history that we doubled sales was when we created the simpler version that is now SBS Standard Edition."

These small businesses aren't yet interested in virtualisation, he claimed. "What's driving that first server purchase are line of business apps, file sharing and printer sharing."

The first Foundation Server systems should be available near the end of the month. "We expect in the US that these will start in the $700 range." That will cover systems with around 2GB of memory and 500GB of disk space.

While there's nothing to stop enterprises buying Foundation Server, Madlener doesn't expect it to be popular with them despite the low price.

"They want to use a set of functions and they select an OS that has all the features and functions. They try to keep everything so standard and simple that introducing a different SKU is a problem."

Zeus is a British company with an enviable reputation for high performance web servers and load balancing systems. Earlier this year the Zeus Extensible Traffic Manager Load Balancer (ZXTM LB) was upgraded to version 5.

At a simple level load balancers work by taking traffic sent to a particular URL and redirecting it to a pool of several back-end servers. The ZXTM LB also handles more sophisticated functions, such as decrypting SSL requests so the back-end servers don't need to, or rewriting parts of incoming requests so software on client systems remains compatible with newer applications.

ZXTM LB works with pretty much any internet software, so besides helping with web sites it could be used with email systems or just about anything else that uses TCP/IP. New features in version 5 include support for IPv6, RTSP for streaming media, and SIP for voice over IP systems.

The Zeus suite is available in a variety of formats, including two hardware appliances based on Sun Fire servers for handling medium and large scale loads. Zeus also offers ZXTM LB as a virtual appliance, which is a virtual machine preconfigured with all the necessary software ready to run on VMware ESX 3 or Microsoft Virtual Server 2005 R2. Pricing is based on the number of back-end servers that are to be load-balanced, and a range of support options are available to suite every taste.

The ESX 3 version of the Zeus virtual appliance uses 512MB RAM, one virtual NIC and a 4GB virtual hard disk, and a demo version is available for people that want to try before they buy. The virtual appliance could also be purchased and used for applications that have relatively little traffic.

Busier web sites would probably be better off either buying one of the hardware appliances, or buying the ZXTM LB 5 software and running it on their own x86, x86_64 and SPARC servers running supported versions of Linux, Solaris or FreeBSD.

A more advanced version of the suite, called ZXTM, includes a sophisticated programming language called TrafficScript, and ZXTM 5 includes new support for combining third party Java software with TrafficScript. This combination could be used, for example, to integrate Microsoft Active Directory into TrafficScript software. ZXTM LB can be upgraded to the full featured version simply by adding a licence number.

We tested the virtual appliance version of ZXTM Load Balancer running on VMware Workstation, but the same virtual appliance would run on VMware ESX Server. Regardless of which version you use, all ZXTMs are managed the same way, using an attractive and easy to use browser based interface.

We started by downloading and unzipping the ZXTM Load Balancer virtual appliance, and then added it to our VMware Workstation inventory and booted the system. The ZXTM LB welcome screen (see gallery) displayed information telling us how to connect to its browser based management console. As this was the first time we had run ZXTM LB, the system used DHCP to acquire an IP address and the management interface started with an Initial Configuration wizard. This presented the license agreement, and then asked for various parameters, such as the hostname and a suitable static IP address. The wizard finished by presenting a neat summary of the information we had entered (see gallery).

Having completed the initial setup, the Zeus main screen displayed a few status messages confirming that all was well, and told us it wasn't managing any traffic yet because we hadn't defined any virtual servers. The term "virtual server" could be a little confusing, especially for novice users running the virtual appliance. However, a ZXTM "virtual server" is simply a service running on ZXTM that passes incoming requests to the back-end servers.

Like most customers, the first thing we wanted to do with our new ZXTM LB was configure it to handle traffic to our web servers. The newly created ZXTM LB made this very easy for us by placing a link to the "Manage a new service" wizard on the management console's front page. We clicked this link and the wizard asked for the IP address details of the back-end web servers and then created and started the our new virtual server.

We could then click on links in the administration console to manage its settings. For example, as our web servers were running WebDAV file services, we configured our service with session persistence so traffic from a particular browser would go to the same back-end server. We also configured our service to accept SSL connections. In effect, this added SSL support to our web site in one easy step, without us having to change any settings or configure individual SSL certificates on the back-end servers. For web sites with high security requirements we could have configured the SSL support so that ZXTM LB encrypted traffic between the virtual appliance and the back-end servers. However, for our tests we left this traffic unencrypted. There was a wide range of options for session persistence, but we chose the one to insert transparent cookies into the response to track sessions.

Although ZXTM LB runs on a Linux operating system, the stylish web based user interface means administrators do not need Linux skills. In fact, the management console does a remarkably good job of monitoring the system configuration and warning about potential problems. For example, it issued a warning when we unplugged the network connection to one of our web servers, and even told us when we set an invalid default gateway. Likewise we found setting up and editing virtual servers extremely easy. It took us around one minute to configure SSL support for our site and generate a self signed certificate, which is much quicker than if we'd done this by hand on a Linux web server.

As well as providing fault tolerance for web services by spreading workloads across several servers, the ZXTM software makes it very easy to build fault tolerance into the actual load balancing architecture. Several ZXTM LBs can be cluster together extremely easily both to provide fault tolerance and to improve performance, such as if it was being used to handle lots of SSL traffic. Once they are clustered together, administrators need only update the configuration on one ZXTM, and the changes would be automatically replicated to the other systems in the cluster.

Verdict

The Zeus Extensible Traffic Manager Load Balancer (ZXTM LB) is an enterprise class traffic management suite for web based applications. It’s available in a range of formats and sizes to suit every requirement, deployment is fast and it also extremely easy to use.

Memory: 512MB RAM Storage: 4GB virtual hard disk Network: 1x virtual Ethernet Management: Web browser

Traditionally, web server load balancing has been an expensive luxury only enterprises have been able to afford with the majority of solutions easily on the wrong side of five figures. SMBs don't have such deep pockets but help is at hand as the LoadMaster series of appliances from Kemp Technologies aims to offer a range of high performance features at a very sensible price. On review is the 2500 which represents the second rung on the LoadMaster ladder and despite its comparatively modest price tag delivers a sophisticated range of capabilities including server load balancing, SSL acceleration and Layer 7 content switching.

The system is implemented as a 1U rack server and Kemp has avoided the temptation to overcharge for the hardware - one reason why many competing solutions are more expensive. The 2500 is endowed with a good specification with enough grunt to handle 1000 TPS (transactions per second) for SSL acceleration plus 3,000 simultaneous SSL connections and it supports up to 256 virtual and 1,000 physical servers out of the box. High availability is also an option as you can link two appliances together for failover. Only two of four ports are the Gigabit variety but in most scenarios these are probably all that will be used.

The LoadMaster adheres to the standard concepts for server load balancing as you define virtual services on your public side and link these to multiple physical servers on the LAN. A number of deployment options are available as the appliance can function in a one-armed mode where it sits behind an existing firewall and only uses one port as all servers and services are on the same network. We went for the two-armed mode as this allowed us to place our test servers on one network and our clients on another.

Installation is fairly straightforward and you can choose from connecting a monitor and USB keyboard to the appliance or accessing its CLI via a serial port connection. We opted for the former and found it simple enough to use as we fired up a quick start wizard and entered details of our network-side and farm-side IP addresses along with VLAN IDs, name servers and the default gateway. High availability is also configured from here where the appliance pairs are given their own IP addresses and configured as partners.

Moving on to the secure web management interface we were pleased to see a substantial improvement over its predecessor. Previously, you had to put up with an amateurish design and limited access where, for example, the various network and port details could only be viewed from a local connection. Now it looks much more professional but, more importantly, offers improved access allowing all features to be easily managed remotely. From the system configuration screen you can now view and modify the port addresses and enter all DNS and routing details.

Setting up virtual servers is a cinch as you define them with an IP address, port number and protocol and then add physical servers to each one using their real IP address. Five load balancing options are on offer with the default round robin mode intercepting incoming requests and distributing them to each server in strict rotation. Weightings can be assigned to each server in the farm thus ensuring the better specified servers have more to do.

Traffic distribution can be determined by the least number of connections and including weightings in this mode gives you Kemp's preferred method of load balancing. There's more as an agent based mode requires ASCII files to be provided by each server which have numerical values showing their loading and these are used to adapt the balancing.

Layer 4 inspection can maintain persistent connections where the appliance uses source and destination IP addresses to ensure a specific client is always directed to the same server. Layer 7 inspection takes this up a notch as you can use actual content to set up persistent connections along with features including session IDs, URLs and cookies. In a basic farm you'll probably have a bunch of servers providing identical services but for environments where farms comprise servers offering different content you can include rules. These inspect HTTP content and are used to direct a host to the correct server. Even SSL acceleration is on the menu allowing the appliance to reduce the workload on the farm by terminating encrypted connections and sending unencrypted traffic to the servers.

For testing we deployed Windows Server 2003 web servers on the LAN with some also running web mail and FTP services. We had no problems linking our real servers to virtual services and our test clients only had to point their browsers at the new virtual IP address where the requested service was loaded as normal. Standard web services continued unabated and users were none the wiser that their web mail and FTP requests were being handled by the appliance. Along with general web access we tested using the web mail components in Ipswitch's iMail Server 8 and we could also access our FTP services via the LoadMaster using tools such as the excellent FileZilla utility. For the latter we declared two real servers both running Windows FTP services with identical file locations and configured them in a single virtual service. We used two clients to access and download a range of files and from the LoadMaster statistics interface we could see the load being shared across both members of the virtual service.

For the price the LoadMaster 2500 is offering a remarkable range of features. Typical competition comes from Barracuda's Load Balancer appliances where, although the entry level 240 costs less, it pales into insignificance as it doesn't support Layer 7 inspection or SSL acceleration. The 440 does support these features but is poor value as its hardware spec is only good enough for a paltry 200 TPS for SSL acceleration and its IPS services will incur a yearly subscription fee. No, if you want a dedicated low-cost server load balancing appliance that doesn't sacrifice on features then check out the LoadMaster series.

Verdict

The LoadMaster 2500 proves you don't have to pay a fortune for web server load balancing. It delivers a range of sophisticated features, is extremely easy to deploy and its low price makes it a very affordable option for SMBs.

1U rack chassis

2.8GHz Intel Pentium 4

512MB DDR SDRAM

512MB CompactFlash card

2 x Gigabit Ethernet

2 x Fast Ethernet

Linux OS

2 x USB 2.0

VGA monitor port

9-pin serial port

Local and web browser management

Microsoft is eating into Apache's web server market share, edging closer to a more dominant position in the net landscape very soon, according to new figures from net monitoring specialist Netcraft.

More than 100 million websites were studied to see which server-type was favourite among users, showing that the Redmond giant's Windows offering had added another 2.6 million sites to its ranks, boosting its share of the market by 1.4 per cent to reach 34.2 per cent.

Apache, however, lost 991,000 hostnames, according to Netcraft, seeing its crown slip by 1.7 per cent to leave it with less than 50 per cent (48.4 per cent) market share.

The losses mean that Microsoft has successfully closed what was a 50 per cent gap back in November 2005 to a more addressable figure of 16.7 per cent. In terms of actual active sites, Apache is casting a mere 12.2 per cent shadow over Microsoft.

lighttpd

Google

Videoconferencing was supposed to take the isolation out of having regional offices all around the world, and render the aeroplane obsolete. But spending thousands on a system that didn't seem to work all the time and was tied to a specific boardroom just didn't make a lot of sense for most companies. So it has remained very niche. Enter WiredRed e/pop, which purports to turn any Internet-connected PC into a fully featured teleconferencing node.

Of course, you could use NetMeeting or Skype 2 to achieve a very basic form of videoconferencing. But neither are particularly reliable nor offer a very rich selection of features. Your users also need to be fairly computer literate to use them. With e/pop it's a completely different story. You simply send your users an email with a URL for the conference. They click on it to gain access, and all they need locally is a Windows PC running Internet Explorer 5 or above. There is a Java-based Web Conferencing client for Mac in beta, but WiredRed hasn't yet made this commercially available.

The e/pop system comes in two flavours: a fully hosted service and as a server install. The latter works with any Windows server from NT onwards. It can be run on virtually any server hardware and doesn't need to be dedicated - we installed it on a low-end system running Windows Small Business Server 2003 Premium Edition, which is based on Windows Server 2003. A basic Pentium 4 server should be enough to handle 25 users. WiredRed claims installation only takes five minutes, and we would certainly agree. Once the application itself is installed, you're led through a simple wizard where you can choose to run the server as an application or service, and given the option to diverge from the default ports. This may be necessary, as by default e/pop uses 80 as one of its ports and this may already be in use by an existing web server. The remaining ports - 22, 23, 443, 1270, and 37000 - are less commonly used, although 22 is often required by SSH and 23 by Telnet. To make your conferences externally accessible, you will need to open up these ports and redirect them to your server, or place it in the DMZ.

You're then ready to create a conference. All administration can be performed via the web interface. You can either use the Quick Conference to get your sessions started, or use the fully featured New Conference screen instead. This allows you to finely tune settings for your conference, including audio and video configuration, the joining URL, default layout and so on. You can stream video either as H.263+ or MPEG4. You can then launch the conference, which will download and install the conferencing applet automatically. Once this is complete and you're logged in, you can invite participants from within the conferencing applet, which creates an email containing the appropriate URL for you. Recipients simply click on this URL to take them straight in, although the first time they do this they'll have to allow an ActiveX control to be installed. The client system may also need access through any local firewall enabled.

With the conference in session, e/pop really comes into its own. You can use any installed webcam or video capture device to provide a video feed, so this allows both videoconferencing and canned video presentations. Enabling this merely requires the administrator to Unmute or Play all. This will then lead both the master system and clients to go through a setup wizard. You can also share documents from Word and PowerPoint. Sharing documents from these two applications doesn't require the host application to be installed on the client, as they're printed to e/pop's own sharing format. This then allows you to add annotations during presentation without affecting the original file. You can also share regions of your desktop, the entire desktop, or individual applications - ideal for systems training. The web browser has its own specific entry, although we found this only worked if the default browser is Internet Explorer. Then of course there's the essential text chat facility and whiteboard.

Bandwidth usage depends on your ISP or LAN if you go for the installable version, but you only get 250GB/month with the hosted alternative. We found video and audio conferencing worked just fine over an 802.11g WLAN, but video quality will be particularly restricted over slow internet connections. Unlike videoconferencing systems using dedicated links, quality depends mostly on the conference holder's and participants' internet provision.

It all sounds very rosy. However, there is one thing which may cause pause for thought - the price. For up to five concurrent users, you'll pay a hefty 1,675 a year or 225 a month for the hosted version, rising in price for more users. This is a lot less than a bespoke videoconferencing room for the same number of users, but it means it's not a light decision if your usage will only be occasional. Still, if remote presentation is your business, e/pop has fantastic potential while for remote tuition and training it could be ideal. Tutoreasy (www.tutoreasy.com) already uses e/pop for its online tuition services.

Maybe Skype 2 will bring social videoconferencing to the masses, but if your conferencing needs are more professional e/pop could be just the ticket. There's a fully functional 15-day trial available to help you decide too.

Verdict

Potentially very useful for remote education and training, particularly since your participants only need Internet Explorer, but this is no idle purchase

Server requirements: 1.4GHz Pentium 4, 256MB RAM, Windows Server 2000 SP 3 and onwards Client requirements: 800MHz Pentium III, 128MB RAM, Windows 95 SP 2 and up, and Internet Explorer 5 and onwards

Linux servers are becoming increasingly popular due partly to the inherent stability and security of the open source O/S but, equally, because Linux servers are a lot cheaper to configure compared to those running Windows. And when you consider that most implementations also come with a mass of bundled application software to support web, database and e-mail servers, and more, at little or no extra cost, it starts to become a tempting option.

If you've never encountered Linux before, however, getting started can be a daunting process. While the graphical interfaces employed these days aren't much different from a Windows desktop, the underlying software and the way it's configured is, and finding out how to perform even quite routine tasks can be an uphill struggle. You'll also find that many of the more useful add-ons are left out of a standard install, calling for extra effort and dedication to get the server configuration you actually want.

Exactly what's involved will depend on the implementation of Linux - there are subtle differences from one version to another - but the basic principles are much the same. In this walkthrough we look at some of the common steps required to integrate a Linux server into a predominantly Windows networking environment.