Enterprise OpenSource (June-July, 2007) 0977762203, 097776222X

Citation preview

Integration:

News:

22฀Paul Nowak

34฀EOS News Desk

Will฀Open฀Source฀Scale฀the฀Walled฀Gardens฀of฀ the฀Cellular฀Network฀Providers?

Motorola:฀Precise฀Process฀ Accounting฀for฀Linux฀

Visit us at opensource.sys-con.com

THE฀LEADING฀MAGAZINE฀FOR฀ENTERPRISE฀AND฀IT฀MANAGEMENT฀

฀฀฀฀฀฀฀฀�pen฀ ฀฀฀฀฀฀฀฀S�ur�e฀ ฀฀฀฀฀฀฀฀Apps

฀ 3 D�฀Y�U฀G��K฀ ฀ ฀�PEN฀S�U�CE? ฀

฀

t�฀Pr�te�t฀an�฀C�ntr��฀ Y�ur฀S�a��฀�usiness฀Netw�r�฀

฀ MARK R. HINKLE

฀ 6 �HE฀CUS��ME�฀ ฀ ฀�S฀L�S�EN�NG ฀ DOMINIC SARTORIO

฀฀Against฀��reats

฀ 12฀฀SP��NG฀ ฀ ฀APPL�CA���NS฀฀ ฀

FRANCES ZHAO AND PAUL PARKINSON

฀ 8 US�NG฀LDAP฀���H฀ ฀ ฀�PENLDAP฀ ฀ 24฀�HE฀ECL�PSE฀F�AME���K ฀

฀ DEEPAK VOHRA AND AJAY VOHRA

JUNE/JULY฀2007฀VOLUME฀5฀ISSUE฀4

28฀Dirk Morris

BRIAN HANDLEY

PRESORTED STANDARD US POSTAGE PAID ST. CROIX PRESS

SEE PAGE 33

Sep฀24–26,฀2007 Sep฀24–26,฀2007 Santa฀Clara,฀CA Santa฀Clara,฀CA

fr��฀t�e฀e�it�r �����p��S������SYS-��N����

EDIT��IAL฀B�A�D ฀ Ed����-��-�h���฀ Mark฀R.฀Hinkle฀[email protected]฀ ฀

������b�����฀Ed����฀ Ibrahim฀Haddad฀[email protected]฀ ฀

M��������฀Ed����฀ Jon฀Walker฀[email protected] ฀

�����������������฀Ed����฀ Paul฀Sterne฀฀[email protected] ฀

D��k��p฀T��h�����y฀Ed����฀ Tim฀Griffin฀[email protected] ฀

��v���฀Ed����฀ Matt฀Frye฀[email protected] ฀ Ed����฀ Philip฀Peake฀[email protected] ฀

������b�����฀Ed�����฀ Kevin฀Larue฀[email protected] Christopher฀Negus฀[email protected] ฀ ������b����฀ Rob฀Jones฀[email protected]

INTE�NATI�NAL฀AD�IS��Y฀B�A�D Wim฀Coekaerts;฀Director฀of฀Linux฀Engineering,฀������ Brian฀E.฀Ferguson;฀Partner,฀M�D�������฀W���฀&฀E���� John฀Fowler;฀Executive฀VP,฀Network฀Systems฀Group,฀S��฀M����������� Gaël฀Duval;฀Cofounder/Director฀of฀Communication,฀M�������S��� Samuel฀J.฀Greenblatt;฀Sr฀VP฀and฀Chief฀Architect,฀L����฀�����฀�����฀�� Scott฀Handy;฀VP,฀Linux฀Strategy฀and฀Market฀Development,฀��M Bruce฀Perens;฀������,฀LLC Stacey฀Quandt;฀Principal฀Analyst,฀Q�����฀��������� Thomas฀Reardon;฀VP฀and฀GM,฀Client฀Product฀Group฀��������฀S������฀ John฀Weathersby;฀Executive฀Director,฀����฀S�����฀S�������฀��������� Ranajit฀Nevatia,฀Director฀of฀Linux฀Strategy,฀�ER���S Andy฀Astor;฀co-founder฀and฀CEO,฀E���������D�

฀ EDIT��IAL ฀ Ex�����v�฀Ed���� Nancy฀Valentine฀฀[email protected] ฀

�������h฀Ed���� Bahadir฀Karuv,฀PhD฀฀[email protected]

�FFI�ES฀฀ ฀ SYS-��N฀MEDIA 577฀Chestnut฀Ridge฀Rd.฀•฀Woodcliff฀Lake,฀NJ฀07677 Telephone:฀201฀802-3000฀•฀Fax:฀201฀782-9600 Enterprise฀Open฀Source฀Magazine฀(ISSN฀#PENDING) is฀published฀monthly฀(12฀times฀a฀year)฀ by฀SYS-CON฀Publications,฀Inc.฀ Postmaster฀send฀address฀changes฀to:฀

ENTE�P�ISE฀�PEN฀S�U��E฀MAGAZINE SYS-CON฀MEDIA฀•฀577฀Chestnut฀Ridge฀Rd.฀•฀Woodcliff฀Lake,฀NJ฀07677 Copyright฀©฀2007฀by฀SYS-CON฀Publications,฀Inc.฀ All฀rights฀reserved.฀No฀part฀of฀this฀publication฀may฀be฀reproduced฀or฀ transmitted฀in฀any฀form฀or฀by฀any฀means,฀electronic฀or฀mechanical,฀including฀photocopy฀or฀any฀information,฀storage฀and฀retrieval฀system,฀without฀ written฀permission.฀For฀promotional฀reprints,฀contact฀reprint฀ coordinator.SYS-CON฀Publications,฀Inc.,฀reserves฀the฀right฀to฀revise,฀ republish฀and฀authorize฀its฀readers฀to฀use฀the฀articles฀submitted฀for฀ publication.฀All฀brand฀and฀product฀names฀used฀on฀these฀pages฀are฀trade฀ names,฀service฀marks,฀or฀trademarks฀of฀their฀respective฀companies.

W���dW�d�฀N�������d฀D�����b����� Curtis฀Circulation฀Company,฀New฀Milford,฀NJ

F��฀LIST฀�ENTAL฀INF��MATI�N:

Do฀You฀Grok฀ Open฀Source? By Mark Hinkle

S

cience฀fiction฀writer฀Robert฀Heinlein,฀in฀the฀1961฀science฀fiction฀novel฀Stranger฀in฀a฀ Strange฀Land,฀coined฀the฀term฀“grok.”฀In฀the฀story฀the฀word฀was฀part฀of฀the฀Martian฀ language:฀

฀ ‘Grok’฀means฀to฀understand฀so฀thoroughly฀that฀the฀observer฀becomes฀a฀part฀of฀the฀observed฀–฀to฀ merge,฀blend,฀intermarry,฀lose฀identity฀in฀group฀experience.฀It฀means฀almost฀everything฀that฀we฀ mean฀by฀religion,฀philosophy,฀and฀science฀–฀and฀it฀means฀as฀little฀to฀us฀(because฀we฀are฀from฀ Earth)฀as฀color฀means฀to฀a฀blind฀man.

฀ Today,฀many฀people฀use฀the฀term฀grok฀synonymously฀with฀understand.฀To฀grok฀is฀much฀more.฀ The฀true฀meaning฀is฀lost฀on฀many฀people,฀people฀who฀may฀have฀heard฀of฀the฀term฀without฀reading฀any฀Heinlein.฀Fortunately,฀most฀of฀the฀participants฀in฀the฀open฀source฀community฀truly฀grok฀ open฀source.฀ ฀ Open฀source฀owes฀its฀success฀to฀a฀large฀group฀of฀people฀who฀have฀a฀ shared฀set฀of฀values฀about฀which฀they฀feel฀strongly.฀Mainstream฀society฀ probably฀lacks฀any฀real฀understanding฀of฀the฀things฀that฀matter฀to฀them฀ in฀the฀world฀of฀open฀source.฀It’s฀ironic฀that฀the฀term฀came฀from฀a฀fictitious฀Martian฀language.฀Most฀people฀not฀in฀the฀know฀look฀at฀devoted฀open฀ source฀developers฀as฀if฀they฀hailed฀from฀the฀red฀planet.฀ ฀ Their฀first฀question฀is฀indubitably:฀“Why฀would฀highly฀skilled฀people฀give฀ away฀the฀fruit฀of฀their฀difficult฀labor?”฀Followed฀by,฀“If฀it’s฀free,฀can฀it฀be฀any฀ good?” ฀ I฀suspect฀many฀of฀the฀people฀who฀ask฀that฀question฀have,฀at฀some฀point,฀ participated฀in฀a฀service฀organization฀of฀some฀sort.฀I฀wonder฀if฀anyone฀ asked฀them฀why฀they฀donated฀time฀to฀the฀local฀Rotary฀Club฀or฀spent฀their฀ time฀helping฀to฀build฀houses฀for฀the฀local฀Habitat฀for฀Humanity. ฀ Maybe฀the฀comparison฀doesn’t฀hold฀up,฀as฀some฀people฀might฀not฀equate฀the฀nobility฀of฀ sheltering฀those฀without฀homes฀or฀providing฀educational฀opportunities฀with฀the฀same฀degree฀of฀ altruism฀as฀giving฀away฀software. ฀ What฀if฀that฀software฀helped฀provide฀affordable฀computers฀to฀children฀in฀developing฀nations?฀Or฀made฀it฀possible฀for฀small฀businesses฀to฀become฀profitable฀where฀they฀otherwise฀ couldn’t฀be฀competitive?฀What฀if฀that฀software฀was฀used฀to฀analyze฀trends฀that฀educate฀us฀about฀ global฀warming฀or฀conduct฀analysis฀to฀help฀cure฀terminal฀illnesses?฀Does฀that฀put฀open฀source฀ developers฀on฀equal฀footing฀with฀accountants฀and฀bankers฀building฀single-family฀homes฀on฀the฀ weekend? ฀ Not฀every฀open฀source฀project฀is฀noble.฀Often฀it’s฀just฀the฀best฀way฀for฀a฀software฀engineer฀or฀ group฀of฀engineers฀to฀solve฀a฀problem,฀leveraging฀the฀work฀of฀others฀and฀drawing฀improvements฀ from฀colleagues.฀ ฀ Why฀do฀I฀care฀whether฀people฀get฀the฀nuances฀of฀the฀open฀source฀community?฀A฀recent฀IDG฀ report,฀“Open฀Source฀Business฀Models฀2007-2011฀Forecast,”฀attributed฀the฀size฀of฀the฀open฀source฀ market฀in฀2006฀to฀be฀$1.8฀billion฀dollars฀with฀revenue฀reaching฀$5.8฀billion฀in฀2011.฀That’s฀a฀lot฀of฀ suits฀mingling฀with฀the฀free฀software฀guys฀and฀there’s฀bound฀to฀be฀a฀collision฀between฀factions.฀

Kevin฀Collopy:฀845฀731-2684,฀[email protected] Frank฀Cipolla:฀845฀731-3832,฀[email protected]

—continued฀on฀page฀5

About the Author

Mark R. Hinkle, editor-in-chief of Enterprise Open Source Magazine, is the vice president, Community and Business Development at Zenoss Inc. He serves as a founder of the Open Management consortium and is the author “Windows to Linux Business Desktop Migration” (Charles River Media). [email protected]

����SYS-��N���� EnterpriseOpenSource.SYS-CON.com

PAGE 3

June/July 2007

fr��฀t�e฀e�it�r �����p��S������SYS-��N����

Open฀source฀mar�et฀in฀2006฀was฀ $1�8฀�illion฀dollars฀with฀revenue฀ reaching฀$5�8฀�illion฀in฀2011�฀ That’s฀a฀lot฀of฀suits฀mingling฀ with฀the฀free฀software฀gu�s฀ and฀t�ere’s฀b�un�฀t�฀be฀a฀ ����isi�n฀between฀fa�ti�ns�฀

P����d���฀&฀�E� Fuat฀Kircaali฀฀[email protected]

G���p฀P�b���h�� Roger฀Strukhoff฀฀[email protected]

฀ AD�E�TISING฀฀ S�����฀�P,฀S����฀&฀M��k����� Carmen฀Gonzalez฀฀[email protected]฀

Adv��������฀S����฀D������� Megan฀Mussa฀฀[email protected]

A��������฀S����฀M������ Corinna฀Melcon฀฀[email protected]

฀ ฀ E�ENTS

฀ Ev����฀M������฀

—A฀recent฀IDG฀report,฀“Open฀Source฀Business฀Models฀2007-2011฀Forecast”฀

Lauren฀Orsi฀฀[email protected]

Ev����฀A�������� Sharmonique฀Shade฀฀[email protected]

฀ P��DU�TI�N ฀

A��฀D������� Alex฀Botero฀฀[email protected]

A��������฀A��฀D�������� Abraham฀Addo฀฀[email protected] Louis฀F.฀Cuffari฀฀[email protected] Tami฀Lima฀฀[email protected]

฀ �UST�ME�฀�ELATI�NS

—continued฀from฀page฀3 ฀ These฀new฀participants฀are฀entering฀a฀community฀built฀on฀certain฀customs฀and฀a฀code฀of฀ conduct.฀They฀have฀built฀this฀community฀using฀a฀common฀set฀of฀values฀that฀have฀spawned฀the฀ Linux฀kernel฀and฀the฀Apache฀Web฀server.฀These฀are฀important฀technologies฀that฀could฀only฀have฀ accomplished฀their฀success฀in฀this฀global฀transparent฀ecosystem. ฀ Michael฀Tiemann,฀the฀founder฀of฀perhaps฀the฀first฀open฀source฀software฀company,฀Cygnus฀ Solutions,฀and฀now฀president฀of฀the฀Open฀Source฀Initiative฀(OSI),฀made฀a฀statement฀showing฀his฀ commitment฀to฀the฀“stewardship”฀of฀the฀open฀source฀brand฀and฀chiding฀some฀of฀these฀commercial฀open฀source฀newcomers.฀In฀a฀stern฀blog฀post฀he฀called฀out฀certain฀companies฀for฀what฀he฀ interprets฀as฀a฀misuse฀of฀the฀Open฀Source฀Definition฀and฀the฀open฀source฀“brand”:

�����������฀S��v���฀����d������ Edna฀Earle฀Russell฀฀[email protected] Alicia฀Nolan฀฀[email protected]

฀ ฀ ฀ SYS-��N���M฀

�P฀I����������฀Sy����� Bruno฀Y.฀Decaudin฀฀[email protected]

I����������฀Sy�����฀���������� Robert฀Diamond฀฀[email protected]

W�b฀D�������� Stephen฀Kilmurray฀฀[email protected] Richard฀Walter฀[email protected]

[28]

฀ ฀ A���UNTING฀ F��������฀A���y��

Joan฀LaRose฀฀[email protected]

A�������฀P�y�b�� Betty฀White฀฀[email protected]

฀ ฀ ฀ SUBS��IPTI�NS

TOLL฀FREE฀888-303-5282 201-802-3012 [email protected] For฀subscriptions฀and฀requests฀for฀bulk฀orders, please฀send฀your฀letters฀to฀Subscription฀Department Cover฀Price:฀$5.99/issue Domestic:฀$49.99/yr฀(12฀issues) Canada/Mexico:฀$79.99/yr all฀other฀countries฀$99.99/yr฀ (U.S.฀Banks฀or฀Money฀Orders) Back฀issues:฀$12฀U.S.฀$15฀all฀others

����SYS-��N���� EnterpriseOpenSource.SYS-CON.com

฀ Open฀Source฀has฀grown฀up.฀Now฀it฀is฀time฀for฀us฀to฀stand฀up.฀I฀believe฀that฀when฀we฀do,฀the฀ vendors฀who฀ignore฀our฀norms฀will฀suddenly฀recognize฀that฀they฀really฀do฀need฀to฀make฀a฀choice:฀ to฀label฀their฀software฀correctly฀and฀honestly,฀or฀to฀license฀it฀with฀an฀OSI-approved฀license฀that฀ matches฀their฀open฀source฀label.฀ While฀the฀Open฀Source฀Initiative฀has฀little฀formal฀power,฀its฀approval฀of฀your฀open฀source฀software฀license฀carries฀considerable฀weight฀within฀the฀open฀source฀ranks.฀ ฀ I฀know฀the฀struggles฀of฀developing฀commercial฀in฀open฀source฀companies฀all฀too฀well.฀I฀have฀ had฀the฀opportunity฀to฀help฀bring฀commercial,฀proprietary฀software฀to฀market฀with฀limited฀success.฀I฀also฀had฀the฀opportunity฀to฀partially฀open฀source฀software฀under฀a฀pseudo฀open฀source฀ license฀(which฀lacked฀OSI฀approval).฀Currently฀I฀am฀the฀VP฀of฀Community฀and฀the฀open฀source฀ conscience฀for฀Zenoss,฀Inc.฀(www.zenoss.com),฀a฀developer฀of฀a฀purely฀open฀source฀(GPL-licensed)฀systems฀management฀tool.฀My฀experience฀has฀shown฀that฀the฀greatest฀success฀has฀to฀go฀ to฀the฀purist฀of฀the฀potential฀solutions.฀ ฀ Let฀me฀offer฀these฀parting฀words฀of฀advice฀based฀on฀my฀own฀experience฀and฀observations.฀ Within฀the฀open฀source฀ecosystem฀there฀exists฀a฀certain฀open฀source฀karma.฀History฀tells฀us฀ that฀companies฀that฀have฀good฀open฀source฀practices฀and฀community฀participation฀flourish.฀ Paragons฀include฀Red฀Hat,฀MySQL,฀and฀even฀Sun฀(whose฀fortunes฀are฀turning฀on฀the฀heels฀of฀ open฀source฀Java฀and฀OpenSolaris฀initiatives).฀A฀word฀to฀the฀wise:฀as฀you฀join฀the฀open฀source฀ community,฀snake฀oil฀salesmen฀and฀hucksters฀need฀not฀apply,฀it’s฀a฀transparent฀society฀and฀while฀ you฀don’t฀need฀to฀necessarily฀grok฀open฀source,฀you฀need฀to฀respect฀and฀understand฀the฀values฀of฀ open฀source฀to฀be฀successful.฀฀

Additional฀Resources •฀ “Will฀the฀Real฀Open฀Source฀CRM฀Please฀Stand฀Up?฀Michael฀Tiemann,฀Open฀Source฀Initiative฀ Blog:฀http://www.opensource.org/node/163 •฀ “Open฀Source฀Software฀Business฀Models฀2007-2011฀Forecast:฀A฀Preliminary฀View”:฀฀ http://www.idc.com/getdoc.jsp?containerId=prUS20711507 This฀article฀is฀licensed฀under฀the฀Creative฀Commons฀Attribution฀3.0฀License.

PAGE 5

June/July 2007

�ar�etp�a�e

The฀Customer฀Is฀Listening �t’s฀�riti�a�฀t�฀�isten฀t�฀t�e฀�ust��er฀fi฀rst฀an�฀re�e�ber฀–฀ t�ey฀are฀�istening฀t�฀us by Dominic Sartorio

�

here’s฀been฀a฀lot฀of฀pubic฀discussion฀recently฀about฀what฀it฀means฀to฀be฀open.฀ While฀the฀OSI฀has฀published฀the฀Open฀Source฀Defi฀nition,฀which฀lists฀10฀attributes฀ of฀what฀it฀means฀to฀be฀“open฀source,”฀commercial฀entities฀have฀emerged฀that฀are฀

described฀as฀“hybrid”฀models.฀Many฀companies฀offer฀a฀version฀of฀a฀product฀that’s฀sold฀under฀an฀ OSI-approved฀license฀and฀another฀version฀under฀a฀commercial฀license.฀Others฀sell฀and฀support฀ products฀that฀meet฀some฀but฀not฀all฀of฀the฀10฀attributes.฀These฀companies฀purport฀to฀be฀“open”฀ without฀meeting฀this฀strict฀defi฀nition,฀leading฀to฀a฀spirited฀debate฀about฀what฀it฀means฀to฀be฀open฀ in฀an฀evolving฀market. ฀ Meanwhile,฀commercial฀open฀source฀is฀clearly฀coming฀of฀age,฀as฀was฀evident฀by฀the฀breadth฀ of฀successful฀open฀companies฀at฀this฀year’s฀ OSBC฀in฀San฀Francisco.฀I฀exhibited฀there฀and฀ can฀attest฀to฀the฀positive฀energy฀and฀optimism,฀ more฀than฀I’ve฀seen฀in฀a฀trade฀show฀in฀years.฀ The฀quality฀of฀companies฀and฀people฀both฀ exhibiting฀and฀attending฀was฀outstanding,฀with฀ many฀excellent฀panel฀sessions฀and฀show฀fl฀oor฀ conversations฀about฀how฀and฀why฀open฀source฀ businesses฀are฀succeeding.฀Open฀businesses฀are฀ truly฀taking฀the฀world฀by฀storm,฀making฀further฀ and฀further฀inroads฀into฀markets฀formerly฀ dominated฀by฀proprietary฀alternatives.฀Consequently,฀with฀the฀stakes฀increasing,฀the฀debate฀ over฀what฀it฀means฀to฀be฀“open”฀has฀been฀raging.฀Many฀thought฀leaders฀and฀industry฀pundits฀ have฀weighed฀in,฀expressing฀their฀support฀of฀ one฀viewpoint฀and฀outrage฀at฀the฀other. ฀ While฀our฀debates฀about฀defi฀nitions฀rage฀ on,฀the฀customer฀is฀listening.฀Not฀because฀ they฀care฀as฀much฀about฀what฀open฀source฀ business฀model฀a฀particular฀vendor฀uses฀but฀ because฀our฀debates฀give฀them฀reason฀to฀be฀ confused฀by฀the฀FUD฀that’s฀out฀there.

Listening฀to฀Them฀(the฀Customer)

About the Author Dominic Sartorio is president of the Open Solutions Alliance.

June/July 2007

฀ When฀it฀comes฀right฀down฀to฀it,฀being฀in฀ the฀software฀and฀services฀business฀is฀about฀ delivering฀customer฀value.฀In฀the฀universe฀of฀ open฀source฀software,฀there’s฀certainly฀been฀ discussion฀about฀preventing฀customer฀lock-in,฀ for฀example,฀but฀as฀open฀source฀matures฀and฀ PAGE 6

is฀increasingly฀considered฀by฀CIOs,฀there’s฀a฀ broad฀array฀of฀practical฀real-world฀issues฀that฀ have฀to฀be฀addressed฀to฀both฀deliver฀value฀to฀ the฀customer฀and฀provide฀the฀opportunity฀for฀ vendors฀to฀grow฀their฀business฀regardless฀of฀ where฀they฀fall฀on฀the฀“hybrid”฀spectrum฀of฀ open฀source฀defi฀nitions.฀ ฀ As฀president฀of฀the฀Open฀Solutions฀Alliance,฀ I฀admit฀it’s฀been฀diffi฀cult฀to฀focus฀solely฀on฀customer฀value฀the฀last฀couple฀months฀because฀ of฀the฀defi฀nitions฀debate.฀Multiple฀members฀ of฀the฀OSA฀have฀suggested฀that฀the฀OSA฀“take฀ a฀stand,”฀and฀many฀people฀have฀asked฀for฀the฀ OSA’s฀position฀on฀openness. ฀ The฀OSA’s฀position฀on฀such฀issues฀will฀ always฀be฀based฀on฀what฀is฀best฀for฀customers฀ looking฀to฀adopt฀open฀solutions.฀The฀Alliance฀ was฀founded฀with฀this฀principle฀in฀mind,฀and฀ its฀efforts฀and฀activities฀will฀always฀have฀this฀ pragmatic฀goal.฀The฀OSA฀is฀focused฀on฀specifi฀c฀ initiatives฀that฀give฀us฀the฀opportunity฀to฀hear฀ directly฀from฀customers฀who฀have฀adopted฀ open฀solutions฀or฀considering฀deployments,฀ and฀deliver฀value฀to฀their฀endeavors,฀specifi฀cally฀around฀interoperability.฀ ฀ Customer฀requirements฀can฀vary฀greatly,฀ depending฀on฀the฀industry,฀IT฀best฀practices,฀type฀ of฀solution฀in฀question,฀and฀the฀skills฀and฀knowhow฀required฀to฀implement฀them.฀Companies฀ that฀serve฀different฀market฀segments฀must฀evolve฀ their฀business฀models฀to฀meet฀the฀requirements฀ of฀that฀segment.฀Some฀may฀be฀more฀services-intensive,฀requiring฀frequent฀code฀customization,฀ for฀example.฀Others฀may฀be฀strictly฀regulated฀in฀ a฀manner฀that฀dictates฀how฀licensing฀and฀IP฀is฀ managed.฀Because฀open฀source,฀especially฀in฀ the฀applications฀space,฀is฀still฀relatively฀new,฀we฀ think฀there’s฀room฀for฀experimenting฀to฀see฀what฀ business฀models฀are฀best฀for฀customers.฀For฀this฀ reason,฀OSA฀hasn’t฀limited฀its฀membership฀based฀ on฀which฀business฀models฀we฀think฀are฀best.฀ We’d฀rather฀let฀customers฀decide฀that.฀Ultimately,฀ successful฀customer฀experiences฀will฀tell฀us฀which฀ business฀models฀work฀best.฀

�hat฀�e฀�ear฀(from฀Customers) ฀ So,฀what฀do฀customers฀want?฀Several฀of฀ OSA’s฀members฀have฀held฀CIO฀councils฀or฀met฀ EnterpriseOpenSource.SYS-CON.com

with฀the฀CIOs฀of฀their฀customers,฀and฀we’ll฀ continue฀to฀do฀that฀in฀the฀future.฀While฀many฀ of฀them฀can฀be฀classified฀as฀“early฀adopters”฀of฀ open฀source,฀since฀all฀of฀them฀use฀open฀source฀ products฀in฀their฀organizations,฀they’re฀also฀ well฀connected฀to฀mainstream฀audiences฀that฀ may฀not฀have฀adopted฀as฀many฀Open฀Source฀ Software฀(OSS)฀and฀solutions฀as฀they฀have. The฀feedback฀has฀been฀remarkably฀consistent. ฀ First,฀business฀customers฀often฀look฀for฀ evidence฀of฀other฀customers฀having฀been฀successful฀with฀a฀product฀before฀buying฀it.฀Proprietary฀vendors฀do฀a฀good฀job฀of฀marketing฀ their฀success฀stories,฀but฀many฀open฀source฀ companies฀have฀not,฀except฀for฀the฀largest฀ ones฀like฀Red฀Hat.฀Their฀concern฀is฀that฀the฀ relatively฀low฀volume฀of฀“proof฀points”฀shows฀ that฀OSS฀or฀open฀solutions฀are฀immature,฀ when฀in฀fact฀the฀opposite฀is฀true.฀These฀offerings฀can฀be฀very฀feature-rich฀and฀high-quality,฀ but฀many฀open฀source฀companies฀don’t฀talk฀ about฀it.฀They฀talk฀more฀about฀the฀virtues฀of฀ being฀open,฀which฀may฀well฀be฀true,฀but฀don’t฀ directly฀tie฀to฀the฀value฀that฀the฀end฀customers฀ are฀trying฀to฀extract฀from฀these฀products.฀Value฀ propositions฀such฀as฀low฀cost฀of฀ownership,฀ supportability,฀interoperability,฀and฀ease฀of฀use฀ aren’t฀discussed฀as฀frequently. ฀ Interoperability,฀in฀particular,฀is฀a฀frequent฀ pain฀point.฀No฀customer฀purchases฀just฀one฀ solution.฀They฀frequently฀buy฀multiple,฀and฀ from฀different฀vendors,฀each฀of฀which฀makes฀ independent฀decisions฀regarding฀which฀standards฀to฀adopt฀and฀how฀to฀implement฀them.฀ Frequently฀the฀customer฀is฀left฀with฀the฀cost฀of฀ making฀all฀the฀moving฀parts฀fit฀together. ฀ Moreover,฀the฀challenge฀of฀interoperability฀ is฀broad฀and฀multi-faceted.฀Issues฀ranging฀ from฀user฀management,฀to฀UI฀integration,฀ to฀consistent฀management฀and฀monitoring฀ approaches,฀to฀data฀integration฀are฀equally฀ important.฀Most฀customers฀also฀have฀mixed฀ environments,฀including฀both฀open฀and฀ legacy฀proprietary฀assets,฀and฀these฀must฀ work฀together.฀Finally,฀some฀non-technical฀ issues฀arise,฀such฀as฀consistent฀approaches฀to฀ managing฀projects฀involving฀multiple฀vendors,฀ and฀common฀support฀SLAs฀–฀it฀doesn’t฀help฀ if฀one฀vendor฀has฀a฀24x7฀help฀desk฀when฀the฀ other฀doesn’t.฀While฀not฀technical฀issues,฀they฀ represent฀interoperability฀issues฀between฀different฀vendors’฀business฀practices฀and฀can฀be฀ equally฀important฀to฀customers. ฀ Finally,฀we฀frequently฀ask฀our฀customers฀what฀they฀believe฀it฀means฀to฀be฀“open”฀ and฀the฀answers฀are฀fairly฀consistent.฀They฀ believe฀that฀access฀to฀source฀code฀is฀important฀ because฀this฀allowed฀for฀better฀customizability฀ and฀extensibility,฀and฀helps฀prevent฀lock-in.฀ They฀also฀want฀their฀licenses฀to฀be฀“clean,”฀ meaning฀vendors฀should฀exhibit฀“truth฀in฀adEnterpriseOpenSource.SYS-CON.com

vertising”฀in฀their฀licensing฀practices,฀and฀not฀ adopt฀licenses฀that฀get฀in฀the฀way฀of฀customers฀ extracting฀value฀from฀the฀code฀they฀adopt.฀But฀ the฀most฀resounding฀answer฀we฀hear฀is฀the฀ ability฀to฀work฀with฀the฀vendor฀as฀a฀partner฀in฀ a฀spirit฀of฀give-and-take฀to฀resolve฀a฀business฀ problem.฀Some฀have฀told฀us฀war฀stories฀about฀ one-way฀interactions฀where฀proprietary฀vendors฀push฀products฀on฀them฀and฀never฀listen฀ to฀their฀evolving฀needs.฀Most฀“open”฀companies,฀in฀their฀experience,฀instead฀welcome฀ working฀together฀to฀solve฀a฀problem,฀as฀well฀ as฀feedback฀and฀guidance฀on฀how฀to฀improve฀ their฀offerings.฀In฀short,฀all฀view฀“openness”฀ as฀a฀means฀of฀helping฀the฀customer฀run฀their฀ business฀better฀and฀not฀as฀an฀end฀in฀itself.฀ Consequently,฀some฀are฀bemused฀at฀the฀debate฀over฀what฀it฀means฀to฀be฀truly฀“open”฀and฀ would฀prefer฀more฀focus฀on฀how฀to฀deliver฀better฀customer฀value,฀no฀matter฀what฀“hybrid”฀ model฀they฀adopt.฀All฀feel฀there฀isn’t฀enough฀ debate฀over฀the฀best฀approaches฀to฀driving฀ adoption฀and฀solving฀customer฀problems.

The฀Real฀Relevance฀of฀“Openness” ฀ So,฀while฀open฀businesses฀are฀taking฀the฀ world฀by฀storm,฀there’s฀more฀that฀can฀be฀done฀ to฀achieve฀greater฀customer฀value.฀What’s฀been฀ missing฀so฀far฀is฀collaboration฀among฀companies฀to฀remove฀the฀remaining฀pain฀points,฀notably฀interoperability.฀This฀is฀a฀hard฀problem฀ that฀no฀one฀vendor฀can฀unilaterally฀solve฀by฀itself,฀but฀is฀exactly฀the฀kind฀of฀problem฀that฀can฀ be฀solved฀through฀the฀kind฀of฀collective฀action฀ that฀made฀open฀source฀products฀successful฀in฀ the฀first฀place.฀It’s฀this฀spirit฀of฀collective฀action฀ that฀we฀should฀continue฀to฀embrace฀as฀we฀ move฀to฀the฀next฀step฀of฀the฀“open”฀evolution. ฀ This฀collaborative฀spirit฀lives฀not฀just฀in฀ how฀source฀code฀is฀managed.฀What’s฀become฀ apparent฀through฀many฀of฀my฀conversations฀ with฀OSA฀members฀and฀other฀open฀vendors฀is฀ that฀these฀aren’t฀just฀companies฀that฀decided฀ to฀make฀their฀source฀code฀available฀(or,฀for฀ integrators,฀to฀work฀primarily฀with฀open฀source฀ products),฀but฀are฀taking฀the฀spirit฀of฀openness฀and฀collaboration฀to฀heart฀throughout฀ their฀business฀practices.฀Marketing฀managers฀ frequently฀talk฀about฀the฀“four฀Ps”฀of฀their฀offerings,฀designed฀to฀expose฀products฀to฀prospective฀customers฀on฀their฀terms,฀not฀the฀vendor’s.฀ Business฀development฀managers฀talk฀about฀ their฀more฀open฀and฀collaborative฀styles฀of฀ partnering.฀Product฀managers฀talk฀about฀their฀ roadmaps฀and฀processes฀for฀managing฀their฀ product฀requirements฀over฀time,฀designed฀to฀ incorporate฀frequent฀and฀regular฀input฀from฀ customers฀and฀other฀external฀sources฀(think฀ of฀PM฀as฀a฀facilitator,฀not฀a฀dictator,฀of฀product฀ requirements).฀In฀all฀cases,฀there’s฀been฀a฀remarkable฀tone฀of฀openness฀and฀transparency,฀a฀ PAGE 7

sense฀of฀“what฀you฀see฀is฀what฀you฀get,”฀and฀the฀ confidence฀that฀being฀open฀and฀honest฀in฀one’s฀ dealings฀(and฀accepting฀nothing฀less฀than฀the฀ same฀in฀return)฀would฀result฀in฀happier฀partners฀and฀customers.฀This฀is฀a฀refreshing฀change฀ of฀pace฀from฀the฀often฀secretive฀one-way฀communication฀of฀proprietary฀vendors,฀and฀greatly฀ facilitates฀doing฀business.฀ ฀ This฀spirit฀of฀openness฀is฀the฀core฀of฀what฀ the฀OSA฀is฀all฀about.฀It฀was฀founded฀to฀address฀ systemic฀issues฀like฀interoperability฀that฀are฀ best฀solved฀collectively,฀and฀it’s฀critical฀that฀our฀ members฀operate฀in฀an฀open฀and฀collaborative฀ fashion.฀By฀choosing฀to฀operate฀this฀way,฀we฀ can฀address฀some฀of฀the฀toughest฀challenges฀in฀ our฀industry฀in฀ways฀that฀a฀proprietary฀vendor฀ would฀hardly฀ever฀dream฀of. ฀ Interoperability฀is฀a฀diverse฀problem,฀but฀we฀ also฀have฀a฀diverse฀membership.฀Each฀member฀ claims฀to฀have฀an฀“itch฀to฀scratch”฀(to฀borrow฀a฀ euphemism฀commonly฀used฀to฀describe฀why฀ developers฀contribute฀to฀open฀source฀projects).฀ The฀“itch”฀differs฀from฀company฀to฀company,฀ but฀a฀common฀theme฀is฀that฀each฀issue฀can฀be฀ solved฀better฀through฀collective฀effort฀instead฀ of฀unilateral฀initiatives.฀For฀management฀companies,฀a฀common฀“itch”฀is฀how฀to฀encourage฀ application฀vendors฀to฀expose฀consistent฀APIs฀ for฀administration,฀management,฀and฀monitoring.฀For฀business฀applications,฀there฀are฀several฀ “itches”฀including฀data฀integration,฀single฀ sign-on,฀and฀so฀forth.฀For฀integrators,฀there’s฀ concern฀over฀inconsistent฀support฀SLAs฀and฀ inconsistent฀use฀of฀various฀standards฀that฀enable฀extending฀and฀customizing฀applications.฀ And฀so฀forth.฀But฀each฀member฀looks฀to฀the฀ OSA฀to฀foster฀and฀facilitate฀working฀with฀other฀ like-minded฀companies฀to฀work฀through฀their฀ specific฀issues.฀ ฀ Consequently,฀although฀we฀don’t฀split฀hairs฀ regarding฀what฀“open”฀models฀are฀the฀best,฀ there’s฀one฀notion฀on฀which฀we฀can’t฀compromise.฀There’s฀a฀difference฀between฀“old฀guard”฀ proprietary฀organizations฀and฀more฀open฀collaborative฀organizations,฀not฀just฀in฀terms฀of฀ how฀they฀manage฀their฀source฀code,฀but฀how฀ they฀do฀business.฀A฀company’s฀DNA฀is฀either฀ one฀or฀the฀other;฀they฀don’t฀mix.฀This฀is฀hard฀ to฀quantify,฀but฀you฀know฀it฀when฀you฀see฀it฀ when฀interacting฀with฀the฀management.฀There฀ are฀typical฀markers฀though.฀Freely฀available฀ source฀and฀“truth฀in฀advertising”฀licensing฀ practices฀is฀a฀good฀sign,฀and฀one฀prioritized฀in฀ our฀Open฀Solution฀Definition฀(http://tinyurl. com/3y5pp7).฀So฀is฀having฀public฀forums฀for฀ customer฀feedback.฀Still฀there฀are฀multiple฀ ways฀a฀company฀can฀deliver฀value฀and฀still฀be฀ “open”฀in฀how฀it฀does฀business.฀The฀critical฀ piece฀for฀us฀to฀remember฀is฀to฀listen฀to฀the฀customer฀first฀and฀remember฀–฀they฀are฀listening฀ to฀us.฀฀ June/July 2007

LDAP

Using฀LDAP฀with฀OpenLDAP Creating฀a฀�ire�t�ry฀servi�e฀using฀t�e฀�penLDAP฀�ire�t�ry฀server by Deepak Vohra and Ajay Vohra

A

directory฀service฀is฀an฀application(s)฀that฀stores,฀retrieves,฀and฀modifi฀es฀information฀about฀network฀resources฀such฀as฀network฀users.฀The฀actual฀data฀is฀stored฀ in฀a฀database;฀a฀database฀service฀is฀an฀abstract฀layer฀on฀top฀of฀the฀database.฀The฀

Lightweight฀Directory฀Access฀Protocol฀(LDAP)฀is฀a฀lightweight฀protocol฀for฀accessing฀directory฀ services.฀LDAP฀is฀based฀on฀entries;฀an฀entry฀is฀a฀set฀of฀attributes฀identifi฀ed฀by฀a฀globally฀unique฀

Attribute Type

Description

o

Organization

ou

Organizational unit

right฀to฀left฀with฀the฀rightmost฀attribute฀as฀the฀top฀entry฀and฀with฀the฀leftmost฀attribute(s)฀that฀

uid

Userid

are฀unique฀to฀its฀level฀called฀a฀Relative฀Distinguished฀Name฀(RDN).฀A฀DN฀is฀a฀sequence฀of฀RDNs.฀

mail

E-mail address

Distinguished฀Name฀(DN).฀Each฀of฀a฀directory฀entry’s฀attributes฀has฀a฀type฀and฀one฀or฀more฀values.฀The฀attributes฀in฀a฀directory฀entry’s฀distinguished฀name(DN)฀are฀arranged฀in฀a฀hierarchy฀from฀

฀ An฀entry฀in฀a฀directory฀is฀identifi฀ed฀by฀a฀ distinguished฀name฀(DN).฀An฀example฀of฀a฀ directory฀entry’s฀distinguished฀name฀is: cn=dvohra,ou=People,dc=example,dc=com ฀ In฀the฀example฀DN,฀the฀base฀entry/root฀is฀ “dc=example,dc=com.”฀The฀relative฀distinguished฀name฀is฀“cn=dvohra.”฀LDAP฀defi฀nes฀ operations฀for฀adding,฀searching,฀modifying,฀and฀deleting฀directory฀entries.฀An฀LDAP฀ server฀is฀required฀to฀provide฀a฀LDAP฀directory฀ service.฀OpenLDAP฀is฀an฀open฀source฀software฀package฀that฀includes฀a฀LDAP฀directory฀ server฀(slapd).฀OpenLDAP฀is฀built฀on฀top฀of฀ the฀Berkeley฀DB,฀an฀embedded฀database.฀In฀ this฀article฀we’ll฀create฀a฀directory฀service฀using฀the฀OpenLDAP฀directory฀server.฀

Installing฀OpenLDAP Deepak Vohra is a Sun Certified Java 1.4 Programmer and a Web developer. [email protected] Ajay Vohra is a senior solutions architect with DataSynapse Inc. [email protected]

June/July 2007

cn

dn

Domain component

Common name

Distinguished name

Table 1: Attribute Types

Some฀examples฀of฀attribute฀types฀are฀discussed฀in฀Table฀1.

About the Authors

dc

฀ Download฀OpenLDAP฀for฀Windows.฀ Double-click฀on฀the฀OpenLDAP฀application฀ openldap-2.2.29-db-4.3.29-openssl-0.9.8aBDB_ONLY-win32_Setup.exe.฀The฀OpenLDAP฀ setup฀wizard฀gets฀started฀as฀shown฀in฀Figure฀1.฀ Click฀on฀the฀Next฀button.฀ PAGE 8

฀ Accept฀the฀license฀agreement฀and฀click฀on฀ the฀Next฀button.฀Select฀the฀default฀destination,฀C:\Program฀Files\OpenLDAP฀and฀click฀ on฀the฀Next฀button.฀Select฀components฀BDBtools฀and฀OpenLDAP-slapd฀as฀NT฀service฀ and฀click฀on฀Next฀as฀shown฀in฀Figure฀2.฀ ฀ Specify฀a฀Start฀Menu฀folder฀and฀click฀on฀ Next.฀Select฀additional฀tasks฀such฀as฀“automatically฀start฀OpenLDAP฀NT฀service฀after฀ reboot”฀and฀“Create฀a฀desktop฀item”฀and฀click฀ on฀Next.฀Click฀on฀the฀Install฀button฀to฀install฀ OpenLDAP฀as฀shown฀in฀Figure฀3.฀

฀Confi฀guring฀OpenLDAP ฀ The฀confi฀guration฀for฀a฀slapd฀server฀is฀ specifi฀ed฀in฀the฀slapd.conf฀confi฀guration฀fi฀le.฀ Confi฀guration฀information฀comes฀in฀three฀ types:฀global,฀back-end฀and฀database.฀The฀ confi฀guration฀information฀is฀specifi฀ed฀with฀ directives;฀the฀global฀directives฀precede฀the฀ back-end฀directives฀that฀precede฀the฀database฀ directives.฀ ฀ The฀global฀directives฀apply฀to฀all฀backends฀and฀database฀types.฀Some฀of฀the฀commonly฀used฀global฀directives฀are฀discussed฀ in฀Table฀2 EnterpriseOpenSource.SYS-CON.com

Directive

Description

loglevel

Specifies the level at which debug information and other statistics are logged. A value of -1 enables all debugging and 0 disables debugging.

idletimeout

Specifies the number of seconds after which an idle connection is closed.

sizelimit

Specifies the maximum number of entries to return from a search operation. Default value is 500.

timelimit

Specifies the maximum number of seconds spent on a request. The default value is 3600.

Table 2:Global Directives

฀ Back-end฀directives฀specify฀a฀back-end฀and฀apply฀to฀all฀database฀instances฀in฀a฀back-end.฀The฀commonly฀used฀back-end฀directive฀is฀as฀follows: backend ฀ The฀back-end฀directive฀specifies฀a฀back-end฀declaration.฀Some฀of฀the฀ back-end฀types฀are฀bdb฀(Berkeley฀DB฀transactional฀back-end)฀and฀sql฀ (SQL฀programmable฀back-end). ฀ Database฀directives฀specify฀information฀about฀a฀database฀instance.฀ Some฀of฀the฀commonly฀used฀database฀directives฀are฀discussed฀in฀Table฀3. Directive

Figure 1: OpenLDAP setup wizard

Description

database

Specifies a database instance declaration. Some of the types are bdb and sql.

readonly {on|off}

Specifies a read-only database.

rootdn

Rootdn specifies a super-user DN that may bypass directory access and administrative restrictions.

rootpw

Specifies the password for rootdn DN.

directory

Specifies the directory in which the Berkeley DB database files are located.

suffix

Also known as ‘root’ or ‘base,’ specifies the topmost entry in a DIT (Directory Information Tree).

Table 3: Database Directives

฀ Next,฀we’ll฀modify฀the฀directives฀in฀the฀slapd.conf฀file฀in฀the฀C:\Program฀Files\OpenLDAP฀directory฀of฀the฀OpenLDAP฀server฀we฀installed฀ earlier.฀The฀database฀directive฀is฀already฀set฀to฀bdb฀for฀the฀Berkeley฀DB฀ database.฀Set฀the฀suffix,฀rootdn,฀and฀rootpw฀as฀shown฀in฀following฀listing:฀ database bdb suffix rootdn rootpw directory ./data

Figure 2: Selecting OpenLDAP components

“dc=example,dc=com” “cn=Manager,dc=example,dc=com” openldap

Creating฀a฀Director� ฀ Next,฀we’ll฀create฀a฀directory฀in฀the฀OpenLDAP฀LDAP฀server.฀For฀ example,฀create฀a฀directory฀of฀JDeveloper฀developers.฀LDAP฀entries฀are฀ represented฀in฀the฀LDAP฀Data฀Interchange฀Format฀(LDIF)฀in฀an฀.ldif฀ format.฀The฀format฀of฀an฀entry฀in฀n฀LDIF฀file฀is฀as฀follows:฀ #comment dn: : : EnterpriseOpenSource.SYS-CON.com

Figure 3: Installing OpenLDAP PAGE 9

June/July 2007

LDAP ฀ Create฀a฀jdevDir.ldif฀fi฀le฀for฀a฀directory฀of฀JDeveloper฀developers.฀A฀ root/base฀DN฀was฀specifi฀ed฀in฀the฀slapd.conf฀fi฀le฀with฀the฀suffi฀x฀directive: suffix

“dc=example,dc=com”

฀ In฀the฀.ldif฀fi฀le฀add฀an฀entry฀for฀the฀base฀DN.฀Each฀directory฀entry฀is฀ identifi฀ed฀with฀a฀dn฀attribute.฀The฀objectClass฀attributes฀specify฀the฀ type฀of฀data,฀and฀required฀and฀optional฀attributes฀in฀an฀entry.฀Object฀ classes฀form฀a฀class฀hierarchy฀and฀some฀of฀the฀commonly฀used฀object฀ classes฀are฀top,฀organization,฀and฀organizationalPerson.฀The฀object฀ classes฀that฀may฀be฀specifi฀ed฀in฀a฀directory฀entry฀and฀the฀attributes฀that฀ may฀be฀specifi฀ed฀or฀have฀to฀be฀specifi฀ed฀for฀an฀object฀class฀are฀listed฀in฀ the฀C:\Program฀Files\OpenLDAP\schema\core.schema฀fi฀le:฀ dn: dc=example,dc=com objectClass: top objectClass: dcObject objectClass: organization dc :example o: Oracle ฀ Next,฀add฀an฀entry฀for฀an฀organizational฀unit฀called฀jdeveloper฀under฀ dc=example,฀dc=com.฀Directory฀entries฀in฀an฀LDIF฀fi฀le฀are฀separated฀ with฀a฀blank฀line.฀ dn: ou=jdeveloper, dc=example, dc=com objectClass: organizationalUnit ou: jdeveloper ฀ Next,฀create฀directory฀entries฀for฀JDeveloper฀developers฀under฀the฀ organizational฀unit฀jdeveloper.฀Attributes฀sn฀and฀cn฀are฀required฀attributes฀for฀the฀object฀class฀person.฀An฀example฀directory฀entry฀is฀shown฀ in฀following฀listing:฀ #Steve’s Directory Entry dn: cn=Steve Muench,ou=jdeveloper,dc=example,dc=com objectclass: top objectclass: person objectclass: organizationalPerson cn: Steve Muench sn: Muench title: JDeveloper Developer

฀ OpenLDAP฀provides฀the฀ldapadd฀tool฀to฀add฀a฀directory฀entry.฀Run฀ the฀ldapadd฀command฀on฀the฀jdevDir.ldif฀fi฀le฀as฀shown฀below.฀The฀–d฀ argument฀specifi฀es฀the฀bind฀DN฀for฀authenticating฀the฀connection฀to฀ the฀directory.฀The฀–w฀argument฀specifi฀es฀the฀password฀for฀authenticating฀to฀the฀bind฀DN.฀The฀–fi฀le฀argument฀specifi฀es฀the฀LDIF฀fi฀le฀that฀ contains฀the฀directory฀entries.฀ C:\Program Files\OpenLDAP>ldapadd -D “cn=Manager,dc=example,dc=com” -v -w openldap -f jdevDir.ldif ฀ Directory฀entries฀get฀added฀to฀the฀LDAP฀server.฀ June/July 2007

฀ The฀ldapsearch฀tool฀is฀used฀to฀search฀an฀LDAP฀directory฀and฀display฀ the฀results฀in฀LDIF฀text฀format.฀As฀directory฀entries฀are฀identifi฀ed฀by฀ DNs,฀directory฀entries฀are฀searched฀by฀DNs.฀As฀an฀example,฀search฀the฀ directory฀for฀DN฀“cn=Steve฀Muench,ou=jdeveloper,dc=example,dc=co m.”฀The฀ldap฀command฀to฀authenticate฀to฀the฀base฀DN฀and฀search฀the฀ directory฀entry฀for฀DN฀“cn=Steve฀Muench,ou=jdeveloper,dc=example,d c=com”฀is฀as฀follows: >ldapsearch -D “cn=Manager,dc=example,dc=com” -w openldap -b “cn=Steve Muench,ou= jdeveloper,dc=example,dc=com” ฀ The฀–b฀argument฀specifi฀es฀the฀base฀DN฀to฀search.฀The฀output฀of฀the฀ ldapsearch฀operation฀is฀listed฀below. # # # # # # #

extended LDIF LDAPv3 base with scope sub filter: (objectclass=*) requesting: ALL

# Steve Muench, jdeveloper, example.com dn: cn=Steve Muench,ou=jdeveloper,dc=example,dc=com objectClass: top objectClass: person objectClass: organizationalPerson cn: Steve Muench sn: Muench title: JDeveloper Developer # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1

Modif�ing฀a฀Director�

฀ The฀LDIF฀fi฀le฀jdevDir.ldif฀is฀listed฀in฀Listing฀1.฀Copy฀the฀ldif฀fi฀le฀to฀the฀C:\ Program฀Files\OpenLDAP฀directory.฀฀Next,฀start฀the฀OpenLDAP฀slapd฀server฀ with฀the฀following฀command฀from฀the฀OpenLDAP฀installation฀directory: C:\Program Files\OpenLDAP> .\slapd -d 1

Searching฀a฀Director�

฀ OpenLDAP฀provides฀the฀ldapmodify฀tool฀to฀modify฀a฀directory.฀With฀ the฀ldapmodify฀tool฀a฀new฀entry฀can฀be฀added,฀an฀entry฀can฀be฀modifi฀ed,฀and฀an฀entry฀can฀be฀deleted.฀The฀modifi฀cations฀to฀be฀made฀can฀be฀ specifi฀ed฀on฀a฀command฀line฀or฀in฀an฀LDIF฀fi฀le.฀An฀LDIF฀fi฀le฀is฀recommended฀for฀specifying฀modifi฀cations฀since฀a฀large฀number฀of฀modifi฀cations฀can฀be฀specifi฀ed฀in฀an฀LDIF฀fi฀le.฀As฀an฀example฀add฀a฀new฀entry฀ specifi฀ed฀in฀addEntry.ldif฀in฀Listing฀2.

Listing฀2฀addEntry.ldif

dn: cn=Deepak Vohra,ou=jdeveloper,dc=example,dc=com objectclass: top objectclass: person objectclass: organizationalPerson cn: Deepak Vohra sn: Vohra title: JDeveloper Developer ฀ The฀–a฀option฀of฀the฀ldapmodify฀command฀is฀used฀to฀add฀a฀new฀ entry.฀Run฀the฀ldapmodify฀command฀as฀shown฀below.฀The฀LDIF฀fi฀le฀is฀ specifi฀ed฀with฀the฀–f฀option. PAGE 10

EnterpriseOpenSource.SYS-CON.com

���������������� ldapmodify -D “cn=Manager,dc=example,dc=com” -w openldap -a -f addEntry.ldif ฀ A฀new฀directory฀entry฀gets฀added.฀A฀directory฀entry฀can฀also฀be฀modified.฀For฀example,฀modify฀ the฀title฀in฀the฀previously฀added฀entry.฀The฀directory฀modifications฀are฀specified฀in฀an฀LDIF฀file฀as฀ shown฀in฀Listing฀3.

Listing฀3.฀modifyEntry.ldif

dn: cn=Deepak Vohra,ou=jdeveloper,dc=example,dc=com changetype: modify replace: title title: Oracle DBA

1 ���฀���������฀

���������฀��฀�฀��������฀ �������฀���฀������

฀ Run฀the฀ldapmodify฀command฀as฀shown฀below. ldapmodify -D “cn=Manager,dc=example,dc=com” -w openldap -a -f modifyEntry.ldif ฀ The฀directory฀entry฀gets฀modified. ฀ Next,฀delete฀a฀directory฀entry.฀As฀an฀example,฀delete฀the฀entry฀that฀was฀added฀with฀ldapmodify.฀ Specify฀the฀DN฀of฀the฀entry฀to฀delete฀an฀LDIF฀file฀as฀shown฀in฀Listing฀4.฀The฀delete฀operation฀is฀ specified฀with฀changetype:delete.฀

Listing฀4฀deleteEntry.ldif

dn: cn=Deepak Vohra,ou=jdeveloper,dc=example,dc=com changetype: delete

blog-n-play™ is the only FREE custom blog address you can own which comes instantly with an access to the entire i-technology community readership. Have your blog read alongside with the world’s leading authorities, makers and shakers of the industry, including well-known and highly respected i-technology writers and editors.

2 ���฀�฀����฀

�����������฀����฀��������

blog-n-play™ gives you the most prestigious blog address. There is no other blog community in the world who offers such a targeted address, which comes with an instant targeted readership.

฀ Run฀the฀ldapmodify฀command฀as฀shown฀below: ldapmodify -D “cn=Manager,dc=example,dc=com” -w openldap -f deleteEntry.ldif

3 ����฀����฀������฀ ��฀���฀��������

฀ The฀directory฀entry฀gets฀deleted.฀

Deleting฀a฀Director�฀ ฀ The฀ldapdelete฀tool฀is฀used฀to฀delete฀directory฀entries.฀The฀DNs฀for฀the฀entries฀to฀delete฀can฀be฀ specified฀on฀the฀command฀line฀or฀in฀an฀LDIF฀file.฀As฀an฀example฀delete฀the฀directory฀entry฀for฀DN฀ “ou=jdevloper,dc=example,dc=com.”฀To฀delete฀recursively฀specify฀the฀–r฀option.฀The฀ldapdelete฀ command฀to฀delete฀a฀directory฀entry฀by฀authenticating฀to฀the฀directory฀is฀shown฀below:

blog-n-play™ is powered by Blog-City™, the most feature rich and bleeding-edge blog engine in the world, designed by Alan Williamson, the legendary editor of JDJ. Alan kept the i-technology community bloggers’ demanding needs in mind and integrated your blog page to your favorite magazine’s Web site.

>ldapdelete -D “cn=Manager,dc=example,dc=com” -r -v -w openldap “ou=jdeveloper,dc=example,dc=com”

�����������������������

฀ Non-leaf฀entries฀don’t฀get฀deleted฀with฀the฀ldapdelete฀tool.฀

�����฀�����฀��฀������฀�����

Conclusion ฀ The฀OpenLDAP฀LDAP฀server฀provides฀a฀directory฀service฀to฀store฀and฀modify฀information฀ about฀network฀resources฀in฀a฀directory฀that’s฀stored฀in฀the฀Berkeley฀DB.฀฀

Listing฀1฀jdevDir.ldif dn: dc=example,dc=com objectClass: top objectClass: dcObject objectClass: organization dc :example o: Oracle

dn: ou=jdeveloper, dc=example, dc=com objectclass: organizationalUnit ou: jdeveloper

#Steve’s Directory Entry dn: cn=Steve Muench,ou=jdeveloper,dc=example,d c=com

EnterpriseOpenSource.SYS-CON.com

objectclass: top objectclass: person objectclass: organizationalPerson cn: Steve Muench sn: Muench title: JDeveloper Developer

#Kimbrley’s Directory Entry dn: cn=Kimbrley Floss,ou=jdeveloper,dc=example ,dc=com objectclass: top objectclass: person objectclass: organizationalPerson cn: Kimbrley Floss sn: Floss title: JDeveloper Developer

PAGE 11

����฀����฀����฀�����������฀������� ��฀���������฀�����฀

��฀����฀�������฀

����������������฀�������฀

����������฀����฀�������฀

����฀����

�����������

���฀��������฀�������฀

��������฀��������฀������

����฀����฀�������฀

���������฀�������฀

����������฀��������฀

�����฀��������

�����������������

������������฀����฀�������฀

�������฀����฀�������฀

฀�฀������฀

�����

Sign฀up฀�or฀your฀฀ FREE฀blog฀Today�

June/July 2007

fra�ew�r�

Bringing฀Advanced฀Transaction฀ Capabilities฀to฀Spring฀Applications฀ �nversi�n฀�f฀��ntr��฀an�฀�epen�en�y฀inje�ti�n by Frances Zhao and Paul Parkinson

�

he฀Spring฀Framework฀provides฀a฀consistent฀abstraction฀for฀transaction฀management฀that฀ delivers฀the฀following฀benefi฀ts:

About the Authors Frances Zhao is a principal product manager in the Oracle Fusion Middleware team. Her focus is on the core J2EE container.

Paul Parkinson has been working with and developing transaction processing technology for 15 years. His work at Oracle includes the development of the Java Transaction API and Java Transaction Service implementations in the OC4J application server as well as performance and high-availability features, Web Service Transactions, and the transactional aspects of JCA.

June/July 2007

•฀ A฀consistent฀programming฀model฀across฀ different฀transaction฀APIs฀such฀as฀JTA,฀JDBC,฀ Toplink,฀Hibernate,฀JPA,฀and฀JDO •฀ Declarative฀transaction฀management •฀ A฀simple฀API฀for฀programmatic฀transaction฀ management฀rather฀than฀a฀number฀of฀complex฀transaction฀APIs฀such฀as฀JTA •฀ Integration฀with฀Spring’s฀various฀data฀access฀ abstractions. ฀ This฀article฀discusses฀Spring’s฀transaction฀ management฀facilities฀and฀the฀common฀use฀cases฀ in฀Spring฀where฀an฀external฀transaction฀manager฀ is฀required.฀A฀real-world฀application฀is฀used฀to฀ illustrate฀the฀transactional฀aspects฀and฀features.฀ The฀focus฀is฀on฀leveraging฀JTA฀transaction฀management฀in฀the฀Spring฀Framework฀for฀enterprise฀ applications.฀The฀article฀shows฀how฀Spring’s฀ transaction฀services฀can฀seamlessly฀expose฀and฀ interact฀with฀a฀Java฀EE฀application฀server’s฀transaction฀manager฀such฀as฀the฀Oracle฀Application฀ Server฀and฀the฀OC4JJtaTransactionManager. ฀ A฀traditional฀bank฀account฀transfer฀application฀is฀used฀in฀this฀article฀to฀demonstrate฀basic฀ Spring฀principles:฀the฀classic฀distributed฀twophase฀commit-transaction฀use฀case฀requiring฀ ACID฀properties;฀and฀Oracle’s฀extended฀support฀ for฀Spring฀with฀JTA฀using฀Spring’s฀OC4JJtaTra nsactionManager.฀The฀transfer฀in฀the฀sample฀ application฀is฀from฀a฀bank฀account฀to฀a฀brokerage฀account฀for฀the฀purchase฀individual฀stocks.฀ It฀includes฀asset฀reporting฀to฀further฀illustrate฀ particular฀transactional฀aspects฀and฀features.฀฀ ฀ Let’s฀start฀with฀an฀overview฀of฀the฀related฀ technologies,฀Spring฀basics,฀transactioning฀ basics,฀and฀transactioning฀features฀in฀Spring.฀ Then฀we’ll฀look฀at฀the฀implementation฀strategy฀ and฀use฀the฀sample฀application฀to฀show฀in฀ more฀detail฀how฀they฀all฀work฀together. PAGE 12

Spring฀Basics฀and฀�eatures ฀ As฀a฀Java฀EE฀developer,฀you฀may฀be฀thinking,฀ “Not฀another฀framework.”฀The฀Spring฀Framework฀simplifi฀es฀development฀with฀its฀modular฀ architecture฀and฀handles฀confi฀guration฀in฀a฀ consistent฀manner.฀It฀achieves฀this฀simplifi฀cation฀by฀using฀inversion฀of฀control฀and฀dependency฀injection฀so฀enterprise฀functionality฀can฀ be฀built฀into฀POJOs,฀making฀it฀powerful฀as฀well.฀ Spring฀is฀a฀state-of-the-art฀technology฀in฀terms฀ of฀making฀Java฀EE฀and฀other฀existing฀technologies฀easier฀to฀use.฀It฀also฀provides฀an฀abstract฀ level฀for฀using฀JTA฀or฀other฀transaction฀strategies฀as฀well฀as฀other฀J2EE฀components฀such฀as฀ data฀sources. ฀ Additionally,฀the฀Spring฀Framework฀can฀be฀ integrated฀with฀different฀application฀servers฀ such฀as฀Oracle฀Application฀Server,฀BEA฀WebLogic,฀and฀IBM฀WebSphere. ฀ Spring฀provides฀many฀features.฀Let’s฀look฀at฀ the฀following฀major฀areas฀in฀detail.

Inversion฀of฀Control฀Container฀and฀ Dependenc�฀Injection ฀ First,฀let’s฀take฀a฀look฀at฀how฀to฀simplify฀ development฀by฀using฀inversion฀of฀control฀and฀ dependency฀injection. ฀ A฀main฀abstraction฀of฀inversion฀of฀control฀ is฀the฀bean฀factory,฀which฀is฀a฀generic฀factory฀ that฀retrieves฀objects฀by฀name฀and฀manages฀ the฀relationships฀between฀objects.฀ As฀Rod฀Johnson฀explained฀in฀his฀article฀on฀ the฀Spring฀Framework,฀the฀concept฀behind฀ inversion฀of฀control฀is฀often฀expressed฀in฀the฀ infamous฀Hollywood฀principle,฀“Don’t฀call฀me,฀ I’ll฀call฀you.”฀Inversion฀of฀control฀moves฀the฀ responsibility฀for฀making฀things฀happen฀into฀ the฀framework฀and฀away฀from฀the฀application฀ code.฀ ฀ Dependency฀injection฀is฀a฀form฀of฀inversion฀ of฀control฀that฀removes฀explicit฀dependence฀ EnterpriseOpenSource.SYS-CON.com

on฀container฀APIs.฀Ordinary฀Java฀methods฀are฀used฀to฀inject฀dependencies฀such฀as฀collaborating฀objects฀or฀configuration฀values฀into฀application฀object฀instances.฀ ฀ Dependency฀injection฀is฀not฀a฀new฀concept,฀although฀it’s฀only฀ recently฀made฀prime฀time฀in฀the฀Java฀EE฀community.฀The฀definition฀ of฀dependency฀injection฀between฀the฀J2EE฀community฀and฀the฀Spring฀ Framework฀is฀the฀same,฀but฀obtained฀via฀different฀mechanisms.

�ML฀Bean฀Definitions฀(ApplicationContext) ฀ You฀can฀configure฀your฀Spring฀applications฀in฀XML฀bean฀definition฀ files.฀In฀some฀ways฀these฀are฀similar฀to฀the฀Java฀EE฀platform฀in฀which฀ you฀use฀XML฀configuration฀files฀and฀XML฀deployment฀descriptors฀to฀ define฀the฀relationship฀of฀the฀resources฀and฀how฀they฀are฀to฀be฀deployed.฀The฀root฀of฀the฀XML฀bean฀definition฀is฀a฀฀element฀that฀ can฀contain฀one฀or฀more฀฀definitions.฀ ฀ The฀following฀example฀shows฀the฀configuration฀of฀the฀application฀objects,฀which฀is฀similar฀to฀the฀object฀relationships฀we฀are฀familiar฀with฀in฀ J2EE฀applications.฀We฀will฀define฀a฀J2EE฀DataSource,฀bankDataSource;฀a฀ DAO,฀bankDAO;฀and฀a฀business฀object฀that฀uses฀the฀DAO,฀assetManagementService.฀The฀following฀examples฀are฀from฀the฀sample฀bank฀account฀ transfer฀application฀that฀shows฀the฀relationships฀between฀bankDataSource,฀bankDAO,฀and฀assetManagementService. ฀ First,฀let’s฀look฀at฀the฀bankDataSource฀definition฀in฀XML฀format.฀As฀ shown฀in฀the฀following฀example,฀we฀could฀use฀Spring’s฀JNDI฀location฀ FactoryBean฀to฀get฀the฀data฀source฀from฀the฀Oracle฀Application฀Server.฀ (There฀would฀be฀no฀impact฀on฀Java฀code฀or฀any฀other฀bean฀definitions.)



jdbc/bankDataSource

Now,฀we฀define฀the฀DAO฀bean฀that฀has฀a฀bean฀reference฀to฀the฀bankDataSource.฀Relationships฀between฀beans฀are฀specified฀using฀the฀“ref”฀ attribute฀or฀฀element:







ContextLoaderListener฀and฀DispatcherServlet ฀ ContextLoaderListener฀is฀the฀bootstrap฀listener฀to฀start฀up฀Spring’s฀ root฀webApplicationContext฀when฀integrating฀with฀a฀J2EE฀Web฀container.฀As฀the฀example฀shows,฀the฀J2EE฀standard฀web-app฀descriptor,฀web. xml,฀can฀include฀a฀Spring฀ContextLoaderListener฀listener฀that฀causes฀ the฀WEB-INF/applicationContext.xml฀specified฀by฀the฀contextConfigLocation฀฀to฀be฀loaded฀by฀the฀Spring฀Framework.฀ The฀Spring฀DispatcherServlet฀servlet฀deployed฀with฀the฀servlet-name฀ jta-spring฀causes฀the฀jta-spring-servlet.xml฀to฀be฀loaded฀by฀the฀Spring฀ Framework:

JTA Spring Integration WebApp

contextConfigLocation WEB-INF/applicationContext.xml

org.springframework.web.context.ContextLoaderListener

jta-spring org.springframework.web.servlet.DispatcherServlet 2

jta-spring JTADispatcherServlet

Transactioning฀Basics ฀ When฀purchasing฀stocks฀from฀a฀broker,฀money฀is฀transferred฀from฀a฀ bank฀account฀to฀the฀brokerage.฀A฀series฀of฀related฀operations฀ensures฀ that฀the฀stocks฀are฀added฀to฀the฀purchaser’s฀portfolio฀and฀the฀brokerage,฀ in฀turn,฀gets฀the฀purchase฀money.฀If฀a฀single฀operation฀in฀the฀series฀fails฀ during฀the฀exchange,฀the฀entire฀exchange฀fails.฀You฀don’t฀get฀the฀stocks฀ and฀the฀broker฀doesn’t฀get฀your฀money.฀Transaction฀processing฀makes฀ the฀exchange฀balanced฀and฀predictable฀even฀in฀the฀face฀of฀failures฀in฀ any฀of฀the฀systems฀or฀resources฀involved.฀

ACID฀Properties

The฀business฀object,฀assetManagementService,฀has฀a฀reference฀to฀the฀ DAO฀as฀in฀the฀following฀example:









EnterpriseOpenSource.SYS-CON.com

฀ Transaction฀processing฀systems฀provide฀the฀guarantee฀of฀ACID฀properties.฀ ฀ ACID฀properties฀include฀atomicity,฀consistency,฀isolation,฀and฀durability.฀ •฀ Atomicity:฀All฀changes฀within฀the฀scope฀of฀a฀transaction฀(the฀unit฀of฀ work)฀are฀either฀committed฀or฀rolled฀back.฀For฀example,฀a฀consumer฀ obtains฀stocks฀and฀a฀broker฀receives฀the฀payment,฀or฀the฀consumer฀ doesn’t฀get฀the฀stocks฀and฀the฀broker฀doesn’t฀get฀the฀payment.฀ •฀ Consistency:฀The฀state฀(data)฀of฀the฀system฀moves฀from฀one฀valid฀ state฀to฀another฀from฀the฀beginning฀of฀the฀transaction฀to฀its฀completion.฀This฀applies฀to฀both฀the฀infrastructure฀and฀the฀applications.฀ PAGE 13

June/July 2007

fra�ew�r�

For฀example,฀in฀a฀stock฀purchase,฀the฀integrity฀constraints฀that฀are฀ defi฀ned฀on฀the฀database฀of฀either฀the฀consumer฀or฀the฀brokerage฀are฀ maintained. •฀ Isolation:฀The฀effects฀of฀one฀transaction฀aren’t฀visible฀to฀another฀until฀ the฀transaction฀completes.฀For฀example,฀the฀effects฀of฀a฀stock฀purchase฀aren’t฀visible฀to฀an฀asset฀report฀until฀the฀purchase฀is฀complete. •฀ Durability:฀Changes฀made฀within฀the฀scope฀of฀the฀transaction฀must฀ be฀made฀permanent.฀For฀example,฀the฀records฀of฀the฀transfer฀of฀ money฀to฀a฀brokerage฀account฀are฀written฀to฀stable฀storage. ฀ It’s฀entirely฀possible฀to฀make฀these฀guarantees฀without฀any฀supporting฀infrastructure,฀but฀this฀would฀require฀a฀considerable฀amount฀ of฀error-prone฀and฀repetitive฀work฀by฀the฀application฀developer฀and฀ generally฀a฀less฀flexible฀design.฀Transaction฀processing฀systems,฀and฀ the฀application฀servers฀they฀run฀within,฀provide฀this฀service฀implicitly.฀ ฀ Many฀transactioning฀systems฀and฀applications฀allow฀relaxing฀one฀ or฀more฀of฀the฀ACID฀properties.฀Often,฀this฀is฀done฀to฀provide฀better฀ performance฀once฀a฀risk฀assessment฀has฀been฀done฀and/or฀an฀acceptable฀tolerance฀established.฀Isolation฀is฀the฀most฀commonly฀relaxed฀ property.฀฀฀

Isolation฀Levels ฀ An฀isolation฀level฀defi฀nes฀how฀concurrent฀transactions฀that฀access฀a฀ shared฀resource฀are฀isolated฀from฀one฀another฀for฀read฀purposes.฀ ฀ Dirty฀reads,฀non-repeatable฀reads,฀and฀phantom฀reads฀are฀the฀three฀ main฀conditions฀in฀which฀an฀application฀reads฀data฀in฀a฀transaction฀ that฀has฀been฀altered฀outside฀of฀the฀transaction.฀ ฀ Dirty฀reads฀occur฀when฀data฀that฀has฀been฀updated฀in฀a฀transaction฀ —฀and฀not฀yet฀committed฀—฀is฀read฀by฀another฀transaction.฀If฀an฀asset฀ report฀is฀being฀run฀while฀a฀stock฀is฀being฀purchased฀and฀before฀the฀ purchase฀(transaction)฀has฀committed,฀the฀asset฀report฀may฀get฀a฀dirty฀ read.฀For฀example,฀if฀the฀read฀came฀after฀the฀debit฀but฀before฀the฀credit,฀ the฀result฀could฀be฀a฀report฀that฀doesn’t฀balance฀ ฀ Non-repeatable฀reads฀occur฀when฀a฀transaction฀reads฀data,฀a฀second฀ transaction฀subsequently฀updates฀that฀data,฀and฀the฀fi฀rst฀transaction฀ reads฀the฀data฀again฀after฀the฀second฀transaction’s฀update.฀If฀an฀asset฀ report฀is฀being฀run฀while฀a฀bank฀account฀balance฀is฀being฀updated฀and฀ the฀value฀of฀the฀bank฀account฀is฀queried฀twice฀during฀the฀report฀for฀ some฀reason,฀the฀bank฀account฀values฀reported฀may฀be฀inaccurate฀and฀ inconsistent.฀฀฀ ฀ Phantom฀reads฀occur฀when฀a฀transaction฀reads฀a฀range฀of฀data฀ (rows),฀a฀second฀transaction฀subsequently฀deletes฀or฀inserts฀data฀(a฀ row)฀in฀this฀range,฀and฀the฀fi฀rst฀transaction฀reads฀the฀range฀of฀data฀again฀ after฀the฀second฀transaction’s฀delete฀or฀insert.฀If฀an฀asset฀report฀is฀being฀run฀while฀a฀new฀stock฀is฀being฀purchased฀(inserted)฀and฀the฀stock฀ purchased฀detail฀is฀queried฀twice฀during฀the฀report฀for฀some฀reason,฀the฀ report฀may฀be฀inaccurate.฀As฀such,฀the฀stock฀portfolio฀may฀be฀reported฀ inconsistently. ฀ The฀read฀issues฀described฀may฀or฀may฀not฀be฀a฀concern฀for฀an฀ application.฀Whether฀it’s฀a฀problem฀or฀not฀depends฀entirely฀on฀the฀ business฀context.฀For฀example,฀if฀the฀report฀is฀being฀used฀for฀public฀ reporting฀or฀in฀an฀asset฀management฀decision฀system,฀the฀inconsistencies฀will฀be฀unacceptable.฀However,฀if฀used฀for฀ad฀hoc฀real-time฀ reporting฀or฀in฀some฀situation฀where฀inconsistencies฀are฀unlikely,฀the฀ possible฀inconsistency฀may฀be฀tolerable.฀There฀are฀also฀resource฀and฀ performance฀costs฀involved฀that฀must฀be฀considered฀in฀the฀design฀of฀ the฀system.฀Isolation฀levels฀can฀be฀used฀to฀prevent฀or฀allow฀these฀situations. June/July 2007

฀ The฀most฀common฀use฀of฀isolation฀levels฀is฀when฀accessing฀a฀ database.฀Different฀vendors฀have฀proprietary฀isolation฀levels,฀locking฀ mechanisms,฀and฀other฀behaviors฀that฀are฀well฀beyond฀the฀scope฀of฀this฀ article฀and฀so฀we’ll฀briefl฀y฀explain฀the฀standard฀isolation฀levels฀defi฀ned฀ only฀in฀the฀JDBC฀API.฀Note฀that฀this฀list฀is฀provided฀in฀order฀of฀the฀weakest฀to฀strongest฀isolation฀with฀an฀inverse฀correlation฀as฀far฀as฀performance฀is฀concerned. •฀ TRANSACTION_NONE:฀transactions฀are฀not฀supported.฀ •฀ TRANSACTION_READ_UNCOMMITTED:฀dirty฀reads,฀non-repeatable฀reads,฀and฀phantom฀reads฀can฀occur. •฀ TRANSACTION_READ_COMMITTED:฀dirty฀reads฀are฀prevented;฀ non-repeatable฀reads฀and฀phantom฀reads฀can฀occur. •฀ TRANSACTION_REPEATABLE_READ:฀reads฀and฀non-repeatable฀ reads฀are฀prevented;฀phantom฀reads฀can฀occur. •฀ TRANSACTION_SERIALIZABLE:฀dirty฀reads,฀non-repeatable฀reads,฀ and฀phantom฀reads฀are฀prevented.

Local฀Transactions฀and฀�TA฀Glo�al฀Transactions ฀ The฀complexity฀of฀a฀transaction฀increases฀with฀the฀number฀of฀resources฀the฀application฀enlists฀in฀the฀transaction. ฀ A฀local฀transaction฀involves฀only฀one฀resource฀and฀the฀transaction฀ activity฀is฀scoped฀and฀coordinated฀locally฀to฀the฀resource฀itself.฀ ฀ A฀global฀transaction฀may฀enlist฀more฀than฀one฀resource฀manager฀ including฀multiple฀databases,฀message฀systems,฀and฀legacy฀mainframe฀ systems.฀To฀achieve฀atomic฀outcomes฀in฀the฀global฀transaction,฀coordination฀between฀a฀transaction฀manager฀and฀these฀resources฀is฀required.฀ This฀coordination฀is฀achieved฀via฀the฀distributed฀transaction฀protocol฀ defi฀ned฀in฀the฀DTP฀and฀XA฀specifi฀cations฀published฀by฀the฀Open฀Group. ฀ The฀following฀diagram฀is฀a฀DTP฀model฀that฀illustrates฀the฀relationship฀ and฀interaction฀between฀the฀application,฀resource฀managers,฀and฀the฀ transaction฀manager.

(1) AP uses resources from a set of RMs

Application Program (AP)

Resource Managers (RM’s)

XA

Transaction Manager (TM)

(2) AP defines transaction boundaries through the TX interface

(3) TM and RMs exchange transaction information

฀ Applications฀communicate฀with฀the฀transaction฀manager฀to฀begin฀ and฀end฀transactions฀and฀enlist฀resources.฀When฀the฀application฀ requests฀that฀a฀transaction฀be฀committed,฀the฀transaction฀manager฀ —฀such฀as฀Oracle฀Application฀Server,฀BEA฀WebLogic,฀or฀IBM฀WebSphere฀ —฀coordinates฀the฀two-phase฀commit฀protocol.฀The฀transaction฀manager฀mediates฀between฀applications฀and฀resource฀managers฀to฀delineate฀ the฀boundaries฀of฀units฀of฀work.฀It฀also฀performs฀a฀termination฀protocol฀ that฀communicates฀the฀outcome฀of฀the฀transaction฀to฀all฀participants. A฀component฀can฀begin฀a฀JTA฀transaction฀programmatically฀using฀the฀ UserTransaction฀interface฀or฀it฀can฀be฀started฀by฀the฀EJB฀container฀as฀ specifi฀ed฀in฀the฀transaction-attributes฀of฀the฀EJB’s฀deployment฀descriptor.฀

PAGE 14

EnterpriseOpenSource.SYS-CON.com

��������฀������

�����฀�����฀����฀���� ���������������������

�฀�������฀

���฀����฀������������� ������฀���฀���� ���฀���������฀����� ���฀����฀����

��������฀����������

— Sponsored by —

���฀�������฀����฀���������฀ �����฀��฀���฀����฀����� �฀��������฀����฀������������฀���฀��฀����฀����฀����฀����฀���฀������฀��฀���฀����฀���������฀����฀��฀ ������฀�฀���฀��฀������������฀������������฀���฀����������฀������������฀�฀������฀��฀�����������฀ ����������฀����฀��฀������฀��฀���������฀���฀������฀����฀��฀�฀�������฀��฀����฀�������������฀�����������฀ ����฀���฀�������������฀���������฀���฀������������฀����฀�����฀����฀��������฀���฀����฀���฀�฀����฀ ��������฀����฀�������������฀

— Produced by —

For this and other great events

visit www.EVENTS.SYS-CON.com

�����฀����฀���฀��������

฀����฀���฀�฀���฀��������

�

฀���฀��฀������฀���฀����������฀ �฀�����������฀��������฀���฀ ���������������

�

฀�����฀����฀���฀����฀����������

�

�

฀����฀��������฀฀ ���฀���฀��฀���฀�����

�

฀���฀����������฀��฀����

�

฀�����������฀����฀฀ ������฀���������

�

฀���฀��฀���฀฀ ����฀�����������฀���

฀����฀���฀����฀����������

� �

฀����������฀�������฀���฀��฀฀ �฀�����������฀��฀���฀฀ �����������฀����฀����

�

©COPYRIGHT 2007 SYS-CON MEDIA

฀����������฀�����������฀฀ ��฀����

฀����฀��฀�����฀���฀฀ ����฀����������

�

The Java Coffee Cup logo and Sun logos are trademarks of Sun Microsystems

fra�ew�r�

�h�฀Spring฀with฀�TA฀TransactionManager฀ ฀ The฀transactioning฀requirements฀for฀most฀applications฀are฀met฀by฀ either฀a฀Spring฀transaction฀management฀strategy฀or฀a฀JTA฀transaction฀ manager฀in฀the฀middle฀tier.฀On฀occasion,฀applications฀must฀support฀ remote฀calls฀in฀which฀a฀transaction฀context฀is฀propagated฀over฀multiple฀ processes.฀In฀this฀case,฀using฀the฀facilities฀inherent฀in฀the฀EJB฀distributed-component฀model฀with฀container-managed฀JTA฀transactioning฀support฀is฀appropriate.฀If฀you’re฀looking฀for฀a฀J2EE฀framework฀that฀provides฀ declarative฀transaction฀management฀and฀a฀fl฀exible฀persistence฀engine,฀ Spring฀is฀a฀great฀choice.฀It฀lets฀you฀choose฀the฀features฀you฀want฀without฀ the฀added฀complexities฀of฀EJB.฀ ฀ Like฀J2EE,฀Spring฀provides฀support฀for฀programmatic฀transaction฀ demarcation.฀However,฀a฀more฀dynamic฀application฀design฀comes฀from฀ the฀use฀of฀demarcation฀specifi฀ed฀either฀by฀annotation฀or฀AOP.฀These฀two฀ techniques฀are฀illustrated฀in฀the฀example฀provided;฀complete฀details฀can฀ be฀found฀in฀the฀Spring฀documentation.฀฀ ฀ Another฀unique฀and฀clever฀Spring฀feature฀is฀the฀ability฀to฀switch฀ from฀using฀a฀local฀transaction฀manager฀—฀such฀as฀a฀database฀datasource฀—฀to฀a฀JTA฀transaction฀manager.฀This฀can฀be฀done฀simply฀ by฀manipulating฀a฀few฀lines฀of฀configuration฀and฀using฀a฀different฀ PlatformTransactionManager฀implementation.฀Migration฀of฀this฀ nature฀—฀that฀is฀the฀need฀to฀add฀another฀resource฀within฀the฀scope฀ of฀a฀transaction฀previously฀designed฀for฀only฀resource฀local฀transactional฀work฀—฀is฀common฀in฀the฀extended฀lifecycle฀of฀an฀application.฀ However,฀it’s฀dangerously฀error-prone฀in฀conventional฀J2EE฀applications.฀Note฀that฀the฀datasource฀being฀used฀in฀this฀scenario฀must฀be฀ one฀that฀has฀a฀contract฀with฀the฀JTA฀implementation฀being฀used฀to฀ provide฀enlistment฀in฀the฀global฀transaction.฀This฀is฀generally฀the฀ case฀if฀the฀(XA)฀datasource฀is฀obtained฀from฀the฀application฀server฀ using฀JNDI.฀This฀is฀shown฀in฀the฀example฀provided฀by฀using฀Spring’s฀ JndiObjectFactoryBean฀that฀frees฀the฀application฀code฀from฀JNDI฀ dependency. ฀ Most฀enterprise฀applications฀such฀as฀high-end฀fi฀nancial฀applications฀and฀highly฀available฀telecom฀systems฀require฀comprehensive฀ transactional฀support.฀By฀using฀Spring฀in฀tandem฀with฀an฀enterprise฀ JTA฀implementation,฀powerful,฀and฀generally฀proprietary,฀quality฀of฀ service฀features฀—฀such฀as฀high-availability,฀clustering฀and฀grid฀support,฀fail-over,฀peer฀recovery,฀non-stop฀transactioning,฀integration,฀ interoperability฀(such฀as฀OTS฀and฀WS-TX),฀monitoring฀and฀administration,฀and฀other฀features฀present฀in฀enterprise฀JTA฀implementations฀and฀application฀server฀environments฀—฀can฀be฀exploited฀while฀ the฀application฀itself฀retains฀all฀of฀the฀benefi฀ts฀of฀Spring฀previously฀ described. ฀ Two฀examples฀in฀which฀Spring฀has฀provided฀support฀and฀integration฀beyond฀standard฀JTA฀are฀transaction฀names฀and฀per-transaction฀isolation฀levels.฀Due฀to฀the฀complex฀nature฀of฀transactions฀—฀in฀ particular฀global฀transactions฀where฀a฀number฀of฀systems฀are฀involved฀ in฀a฀single฀activity฀—฀it฀becomes฀critical฀to฀have฀meaningful฀information฀ for฀administration,฀monitoring,฀and฀debugging.฀Named฀transactions฀ provide฀a฀way฀of฀identifying฀and฀grouping฀transactions฀by฀a฀type.฀Spring฀ provides฀the฀name฀of฀the฀class฀and฀method฀that฀initiated฀the฀transaction฀as฀this฀transaction฀name฀identifi฀er.฀This฀is฀very฀useful,฀particularly฀ when฀imported฀into฀a฀transactioning฀system฀that฀can฀then฀correlate฀ this฀information฀with฀other฀data.฀Suddenly,฀the฀enterprise฀system฀has฀a฀ debuggable฀holistically฀monitored฀transactional฀business฀process฀rather฀ than฀a฀cryptic฀log฀of฀Xid฀byte฀arrays.฀฀ ฀ As฀discussed฀in฀the฀section฀on฀isolation฀levels,฀it฀becomes฀apparent฀that฀a฀number฀of฀factors฀including฀performance,฀strict฀versus฀ June/July 2007

relaxed฀ACID฀requirements,฀data฀representation฀and฀usage,฀and฀even฀ vendor฀implementation฀behaviors฀dictate฀that฀different฀isolation฀levels฀must฀be฀used฀for฀different฀cases.฀This฀leads฀to฀the฀need฀for฀finegrained฀control฀of฀isolation฀levels,฀particularly฀when฀connectionrelated฀resources฀are฀at฀a฀premium.฀Again,฀this฀is฀a฀case฀in฀which฀ littering฀application฀code฀with฀common฀API฀calls฀—฀such฀as฀setting฀ and฀resetting฀transaction฀isolation฀levels฀—฀is฀not฀ideal.฀Instead,฀ Spring฀presents฀a฀dynamic฀solution฀by฀exposing฀the฀per-transaction฀ isolation-level฀features฀present฀in฀some฀extended฀JTA฀implementations.฀Spring฀provides฀this฀in฀exactly฀the฀same฀fashion฀as฀transaction฀ demarcation฀in฀which฀demarcation฀is฀specified฀as฀a฀“propagation”฀attribute฀and฀the฀isolation฀level฀is฀specified฀as฀an฀“isolation”฀attribute.฀ These฀settings฀are฀described฀in฀detail฀in฀the฀example฀application฀as฀ well฀as฀in฀Spring฀documentation.฀ ฀ Let’s฀take฀a฀step-by-step฀look฀at฀our฀sample฀trading฀application฀showing฀how฀Spring฀can฀be฀used฀when฀an฀external฀transaction฀manager฀is฀ required. ฀ Let’s฀use฀the฀Oracle฀Application฀Server฀transaction฀manager฀as฀an฀example฀that฀demonstrates฀the฀integration฀of฀JTA฀with฀Spring’s฀OC4JJtaTra nsactionManager.฀The฀application฀demonstrates฀the฀classic฀distributed฀ two-phase฀commit฀transaction฀use฀case฀requiring฀ACID฀properties:฀the฀ bank฀account฀transfer.฀Funds฀are฀debited฀from฀one฀account฀and฀credited฀to฀another.฀Either฀both฀the฀debit฀and฀credit฀must฀occur฀or฀neither฀ must฀occur.฀In฀this฀example,฀the฀transfer฀is฀from฀a฀bank฀account฀to฀a฀ brokerage฀account฀to฀purchase฀individual฀stocks.฀The฀example฀includes฀ a฀very฀simple฀MVC-style฀application฀consisting฀of฀a฀test฀controller,฀fi฀nancial฀service,฀asset฀management฀service,฀and฀two฀data฀access฀objects฀ representing฀a฀bank฀and฀a฀brokerage.฀Container-manager฀transactions฀are฀used.฀The฀example฀adds฀additional฀aspects฀to฀this฀scenario฀to฀ demonstrate฀the฀extended฀features฀of฀the฀OC4JJtaTransactionManager฀ that฀include฀named฀transactions฀and฀per-transaction฀isolation-level฀ designation.฀ ฀ The฀following฀HowToJTASpringController฀implements฀the฀Spring฀ Controller฀and฀InitializingBean฀interfaces.฀Note฀that฀the฀setFinancial฀ method฀provides฀the฀FinancialService฀implementation฀(as฀specifi฀ed฀in฀ applicationContext.xml). public class HowToJTASpringController implements InitializingBean, Controller { private FinancialService m_financial; public ModelAndView handleRequest(HttpServletRequest request, HttpServletResponse response) throws Exception { try { FinancialReport financialReport = m_financial.processFinancials(); request.setAttribute(“financialReport”, financialReport); return new ModelAndView(“/jsp/success.jsp”); } catch (Exception e) { request.setAttribute(“error”, e.getMessage()); return new ModelAndView(“/jsp/error.jsp”); } } ฀ The฀FinancialServiceImpl฀class฀implements฀the฀Spring฀InitializingBean฀interface฀as฀well฀as฀the฀FinancialService฀interface.฀The฀setAssetManagement฀method฀is฀called฀by฀the฀Spring฀Framework,฀which฀also฀ provides฀the฀AssetManagementService฀implementation฀(as฀specifi฀ed฀

PAGE 16

EnterpriseOpenSource.SYS-CON.com

in฀applicationContext.xml)฀using฀dependency฀injection.฀The฀Transactional฀class-level฀annotation฀(transaction฀annotation฀support฀is฀specified฀in฀applicationContext.xml)฀designates฀that฀business฀methods฀ of฀this฀class,฀namely฀processFinancials,฀have฀a฀propagation฀value฀of฀ REQUIRED.฀That฀is,฀the฀methods฀execute฀in฀a฀transaction฀if฀one฀exists฀ or฀a฀transaction฀is฀started฀if฀none฀exists.฀The฀annotation฀also฀specifies฀ that฀the฀transaction฀is฀to฀be฀readOnly฀and฀that฀the฀isolation฀level฀of฀ any฀connections฀used฀in฀the฀transaction฀are฀set฀to฀SERIALIZABLE. @Transactional(readOnly = true, propagation = Propagation.REQUIRED, isolation = Isolation.SERIALIZABLE) public class FinancialServiceImpl implements InitializingBean, FinancialService { AssetManagementService m_assetManagementService;

Wiley and the Wiley logo are registered trademarks of John Wiley & Sons, Inc. Linux is a registered trademark of Linus Torvalds.

public FinancialReport processFinancials() { AssetReport assetReportBeforeStockPurchase = m_assetManagementService. reportAllAssets(); StockPurchaseReport stockPurchaseReport = m_assetManagementService. purchaseNewStockAndReport(); AssetReport assetReportAfterStockPurchase = m_assetManagementService. reportAllAssets(); return new FinancialReport(assetReportBeforeStockPurchase, stockPur chaseReport, assetReportAfterStockPurchase); }

public final void afterPropertiesSet() throws Exception { if (m_assetManagementService == null) throw new BeanCreationException(“NoAssetManagementService was set. Verify context xml.”); } { }

public void setAssetManagement(AssetManagementService assetManagementService) }

m_assetManagementService = assetManagementService;

฀ The฀AssetManagementServiceImpl฀class฀implements฀the฀Spring฀ InitializingBean฀interface฀as฀well฀as฀the฀AssetManagementService฀interface.฀The฀setBank฀and฀setBrokerage฀methods฀are฀called฀by฀the฀Spring฀ Framework฀providing฀the฀Bank฀and฀Brokerage฀DAO฀implementations฀ (as฀specified฀in฀applicationContext.xml)฀using฀dependency฀injection.฀ ฀ The฀Transactional฀method-level฀annotation฀(transaction฀annotation฀support฀is฀specified฀in฀applicationContext.xml)฀designates฀that฀ the฀purchaseNewStockAndReport฀method฀has฀a฀propagation฀value฀ of฀REQUIRED.฀That฀is,฀it฀executes฀in฀a฀transaction฀if฀one฀exists,฀or฀a฀ transaction฀is฀started฀if฀none฀exists.฀The฀annotation฀also฀specifies฀the฀ isolation-level฀of฀any฀connections฀used฀in฀the฀transaction฀be฀set฀to฀ READ_COMMITTED.

When Chris Negus speaks, people learn Linux!

EnterpriseOpenSource.SYS-CON.com

978-0-470-08278-2

978-0-470-08279-9

Get the latest Linux Bibles by Christopher Negus. The books you need to succeed. PAGE 17

June/July 2007

fra�ew�r�

฀ Another฀method-level฀Transactional฀annotation฀designates฀that฀ the฀reportAllAssets฀method฀has฀a฀propagation฀value฀of฀SUPPORTS.฀ That฀method฀executes฀in฀a฀transaction฀if฀one฀exists฀but฀doesn’t฀throw฀ an฀exception฀or฀start฀a฀transaction฀if฀none฀exists.฀The฀annotation฀also฀ specifi฀es฀that฀the฀noRollbackFor฀be฀set฀to฀ConcurrencyFailureException.class,฀which฀indicates฀that฀if฀a฀transaction฀exists฀and฀this฀Spring฀ DAO฀RuntimeException฀is฀thrown,฀the฀transaction฀shouldn’t฀rollback฀as฀ a฀result. public class AssetManagementServiceImpl implements InitializingBean, AssetManagementService { private Bank m_bank; private Brokerage m_brokerage; @Transactional(propagation = Propagation.SUPPORTS, noRollbackFor = ConcurrencyFailureException.class) public AssetReport reportAllAssets() { return new AssetReport(m_bank.selectBalance(), m_brokerage.selectAllStocks()); } @Transactional(propagation = Propagation.REQUIRES_NEW, isolation = Isolation. READ_COMMITTED) public StockPurchaseReport purchaseNewStockAndReport() { int stockAmount = 10; String stockSymbol = “ABC”; m_bank.updateBalance(m_bank.selectBalanceForUpdate() - stockAmount); m_brokerage.insertStock(stockSymbol, stockAmount); return new StockPurchaseReport(stockSymbol, stockAmount); } public final void afterPropertiesSet() throws Exception { if (m_bank == null) throw new BeanCreationException(“No Bank was set. Verify context xml.”); if (m_brokerage == null) throw new BeanCreationException(“No Brokerage was set. Verify context xml.”); } public void setBank(Bank bank) { m_bank = bank; } public void setBrokerage(Brokerage brokerage) { m_brokerage = brokerage; } } ฀ The฀BankImpl฀class฀extends฀the฀Spring฀JdbcDaoSupport฀class฀and฀ uses฀the฀Spring฀JdbcTemplate฀to฀act฀on฀the฀bankDataSource฀datasource.฀ public class BankImpl extends JdbcDaoSupport implements Bank { public int selectBalance() { return getJdbcTemplate().queryForInt(“select balance from bank where account = ‘101’”); } public int selectBalanceForUpdate() { June/July 2007

return getJdbcTemplate().queryForInt(“select balance from bank where account = ‘101’ for update”); } public void updateBalance(int amount) { getJdbcTemplate().execute(“update bank set balance = “ + amount + “ where account = ‘101’”); } } ฀ The฀BrokerageImpl฀class฀extends฀the฀Spring฀JdbcDaoSupport฀class฀ and฀uses฀the฀Spring฀JdbcTemplate฀to฀act฀on฀the฀brokerageDataSource฀ datasource. public class BrokerageImpl extends JdbcDaoSupport implements Brokerage { public List selectAllStocks() { return getJdbcTemplate().queryForList(“select * from brokerage”); } public void insertStock(String symbol, int amount) { getJdbcTemplate().execute(“insert into brokerage values (‘”+symbol+”’, ‘”+amount+”’ )”); } } ฀ Let’s฀look฀at฀the฀confi฀guration฀fi฀les.฀The฀J2EE฀standard฀web-app฀descriptor฀web.xml฀includes฀a฀Spring฀ContextLoaderListener.฀The฀ContextLoaderListener฀causes฀the฀WEB-INF/applicationContext.xml฀specifi฀ed฀ by฀the฀contextConfi฀gLocation฀context-param฀to฀be฀loaded฀by฀the฀Spring฀ Framework. ฀ The฀Spring฀DispatcherServlet฀servlet฀deployed฀with฀the฀servlet-name฀ jta-spring฀causes฀the฀jta-spring-servlet.xml฀to฀be฀loaded฀by฀the฀Spring฀ Framework.฀

JTA Spring Integration WebApp

contextConfigLocation WEB-INF/applicationContext.xml

org.springframework.web.context.ContextLoaderListener

jta-spring org.springframework.web.servlet.DispatcherServlet 2

jta-spring JTADispatcherServlet

index.html

PAGE 18

EnterpriseOpenSource.SYS-CON.com

fra�ew�r�

฀ The฀descriptor฀jta-spring-servlet.xml฀contains฀a฀bean฀defi฀nition฀ for฀the฀HowToJTASpringController,฀namely฀the฀fi฀nancialService฀bean฀ named฀fi฀nancial฀(the฀property฀name฀corresponds฀to฀the฀setter฀in฀HowToJTASpringController).









฀ The฀descriptor฀ApplicationContext.xml฀contains฀bean฀defi฀nitions฀for฀ the฀FinancialServiceImpl,฀AssetManagementServiceImpl,฀BankImpl,฀ and฀BrokerageImpl฀classes.฀The฀฀element฀specifi฀es฀support฀for฀annotationdriven฀demarcation฀of฀transactions.฀ Finally,฀the฀descriptor฀specifi฀es฀OC4JJtaTransactionManager฀as฀the฀ transactionManager฀to฀be฀used.฀





jdbc/bankDataSource





jdbc/brokerageDataSource











฀ In฀this฀example฀we’ve฀discussed฀how฀to฀develop฀a฀simple฀Springenabled฀JTA฀application฀using฀the฀OC4JJtaTransactionManager฀to฀automatically฀provide฀named฀transactions฀and฀per-transaction฀isolation฀ levels.฀

Summar� ฀ Spring฀aims฀to฀make฀J2EE฀development฀easier฀by฀using฀inversion฀of฀ control฀as฀one฀of฀its฀central฀features.฀This฀enables฀you฀to฀develop฀enterprise฀applications฀using฀simple฀Java฀objects฀that฀collaborate฀with฀each฀ other฀through฀interfaces.฀These฀beans฀are฀wired฀together฀at฀runtime฀by฀ the฀Spring฀Container.฀ ฀ Staying฀true฀to฀assisting฀enterprise฀development฀and฀fi฀lling฀out฀its฀ support฀for฀the฀middle฀tier,฀Spring฀offers฀integration฀with฀various฀J2EE฀ services.฀It฀also฀provides฀integration฀with฀several฀transaction฀strategies฀ and฀supports฀a฀variety฀of฀transaction฀scenarios,฀including฀integration฀ with฀enterprise฀JTA฀transactioning฀systems.฀฀

PAGE 20

EnterpriseOpenSource.SYS-CON.com

ENTERPRISE CLASS

ADVANCEDDESIGN

OPENSOURCE

CUSTOMERMANAGEMENT

Robust security. Fully scalable.

Best-of-breed CRM modules.

Source code freely available.

Manage sales pipeline end-to-end.

Java/J2EE environment.

Runs on all standard-based platforms.

Flexible license.

Leads manage-ment. Sophisticated

Supports leading SQL databases.

VoIP integration.

Freely extend product capabilities.

Help Desk. Custom surveys and

In use today by Fortune 500

Customizable workflows.

Integrate with existing systems.

marketing communication.

No Matter the Weather, The Weather Channel Is Open

®

The Weather Channel is open for business 24/7. When they decided to

®

make their IT systems open as well, they turned to Centric CRM, the most advanced Open Source CRM system available. Centric CRM gave The Weather Channel’s sales and support teams access to data from their patented technologies housed in 10,000 cable headends across the country.

Brian Shields CTO,The Weather Channel

The result? Reduced total cost of ownership (TCO), improved customer

Centric CRM is a key part of

view, and the elimination of multiple proprietary applications. Regardless of

Open Source software, allowing us

the conditions outside, Centric CRM helps The Weather Channel stay open.

to mothball expensive, proprietary

The Weather Channel’s move to

applications. Centric CRM is Reliable, low cost and easy to use, adding feature

Find out how Centric CRM can help your business get open: Visit www.centriccrm.com Set up a free demo system / Become a Centric CRM Partner

rich functionality and flexibility to the way critical data is managed.

�� ��� �� �� ��� � �฀� �฀� �� ��� ฀�� �฀�� �� ฀��� ฀�� ��฀ ฀� �� ฀�� �� �฀

Because Great Minds Are Open

Centric CRM and the Centric CRM logo are trademarks of Dark Horse Ventures, LLC. The Weather Channel and The Weather Channel logo are service marks of The Weather Channel, Inc. © Copyright 2006 Dark Horse Ventures, LLC.

integrati�n

Will฀Open฀Source฀Scale฀the฀Walled฀Gardens฀ of฀the฀Cellular฀Network฀Providers? ��ey’re฀�i�e฀�rug฀�ea�ers�฀��ey฀get฀y�u฀����e�฀t�en฀�a�e฀y�u฀pay by Paul Nowak

�

recently฀wrapped฀up฀an฀18-month฀stint฀on฀the฀business฀subcomittee฀of฀the฀Wireless฀Washtenaw฀Initiaitive,฀a฀project฀to฀bring฀wireless฀broadband฀to฀the฀citizens฀of฀Washtenaw฀County,฀ Michigan.฀It’s฀part฀of฀a฀growing฀movement฀by฀local฀government฀to฀help฀citizens฀participate฀in฀

today’s฀high-speed฀data฀networks.

About the Author Paul Nowak first used Linux in 1995 while migrating from Sun to Linux at the University of Michigan. He used Linux in subsequent IT projects including web, telecom, telemetry and embedded projects and is currently CIO of a small professional association based in Washington D.C. [email protected]

June/July 2007

฀ One฀of฀the฀many฀concepts฀that฀came฀up฀during฀ the฀many฀committee฀meetings฀was฀that฀of฀the฀ walled฀garden.฀Walled฀gardens฀are฀a฀common฀ way฀for฀a฀network฀provider฀to฀make฀some฀goodies฀ available฀over฀its฀network฀and฀then฀get฀customers฀to฀pay฀up฀if฀they฀want฀more฀open฀access.฀Cell฀ phone฀providers฀are฀classic฀walled฀gardens...to฀the฀ point฀they฀take฀services฀like฀YouTube฀and฀make฀it฀ unfree,฀unopen,฀censored,฀limited,฀and฀community-less.฀This฀GigaOM฀article฀has฀more฀details: http://gigaom.com/2006/11/28/walled-gardenyoutube/.฀For฀Verizon’s฀business฀model฀to฀work฀ with฀YouTube฀content,฀it฀has฀to฀treat฀it฀like฀a฀drug,฀ get฀you฀hooked฀then฀make฀you฀pay฀for฀the฀part฀of฀ the฀service฀outside฀the฀walled฀garden.฀Classic. ฀ Lately,฀I’ve฀been฀researching฀the฀feasibility฀of฀ running฀Linux฀on฀any฀of฀the฀several฀excellent฀ smartphone฀platforms฀out฀there.฀There’s฀the฀long฀ running฀Treos฀650/680/700฀that฀have฀a฀lot฀of฀units฀ in฀service฀and฀surprisingly฀consistent฀internal฀ technology฀with฀which฀to฀focus฀an฀open฀OS฀ development฀team฀on.฀Developer฀interest฀in฀the฀ platform฀seems฀to฀be฀growing฀(link฀to฀shadowmite฀and฀hack’n฀dev).฀ ฀ Samsung฀is฀also฀out฀with฀what฀looks฀like฀a฀superb฀platform฀and฀it’s฀hitting฀the฀U.S.฀market฀now,฀ the฀SPH-600.฀The฀U.S.฀version฀is฀the฀BlackJack฀ from฀Cingular฀and฀it’s฀safe฀to฀assume฀other฀carriers฀will฀be฀picking฀it฀up฀soon.฀The฀phone฀comes฀ with฀quad฀band฀radio฀and฀offers฀Wi-Fi฀–฀although฀ the฀initial฀U.S.฀intro฀drops฀Wi-Fi฀–฀perhaps฀Cingular฀doesn’t฀want฀you฀making฀voice฀calls฀over฀Wi-Fi. ฀ For฀the฀cell฀phone฀companies,฀the฀ultimate฀ walled฀garden฀is฀voice.฀You฀pay฀for฀access฀to฀the฀ voice฀network฀and฀for฀your฀money฀you฀get฀to฀ PAGE 22

make฀calls฀to฀certain฀kinds฀of฀phone฀numbers฀for฀ a฀certain฀number฀of฀minutes.฀What฀if฀suddenly฀ you฀could฀place฀a฀high-฀or฀higher-quality฀call฀from฀ the฀same฀device฀over฀Wi-Fi?฀What฀if฀the฀call฀was฀ free฀or฀a฀fraction฀of฀the฀cost฀of฀your฀cellular฀call?฀ What฀if฀you฀could฀make฀and฀take฀calls฀anywhere฀ in฀the฀world฀with฀Wi-Fi?฀Sounds฀like฀a฀good฀deal฀ for฀most฀of฀us฀because฀I,฀like฀many,฀am฀in฀Wi-Fi฀ coverage฀most฀of฀the฀day฀as฀part฀of฀work. ฀ Going฀to฀a฀completely฀open฀platform฀like฀Linux฀ on฀a฀Blackjack฀just฀to฀get฀VoIP-over-Wi-Fi฀seems฀ like฀a฀long฀way฀to฀go฀but฀there฀are฀a฀range฀of฀other฀ features฀that฀come฀to฀the฀fore฀if฀you฀have฀open฀ phone฀platforms฀in฀an฀environment฀that฀also฀has฀ PCs฀running฀an฀open฀OS,฀open฀PBXs฀(Asterisk),฀ and฀a฀combination฀of฀open฀and฀closed฀wireless฀ networks. ฀ To฀me,฀some฀of฀the฀big฀hitters฀here฀are฀the฀ability฀to฀integrate฀my฀voice฀service฀across฀networks.฀I฀ want฀my฀phone฀to฀choose฀the฀best-quality฀or฀lowest-cost฀network฀available.฀That฀means฀a฀phone฀ that฀may฀have฀sophisticated฀network฀quality฀ detection฀(latency,฀packet฀drops,฀bandwidth)฀and฀ makes฀a฀smart฀choice฀among฀available฀networks.฀ Just฀that฀requirement฀probably฀means฀a฀Wi-Fienabled฀BlackJack฀not฀running฀Windows฀Mobile.฀ Why?฀Because฀such฀a฀platform฀requires฀low-level฀ integration฀with฀the฀phone฀network฀choice.฀It฀ means฀that฀the฀phone฀dialer฀software฀is฀no฀longer฀ connected฀directly฀to฀the฀phone฀cellular฀radio.฀ Between฀the฀dialer฀and฀the฀radio฀is฀a฀software฀ layer฀that’s฀testing฀and฀selecting฀the฀voice฀network฀ automatically฀(and฀with฀manual฀override).฀Voice฀ on฀this฀phone฀is฀not฀a฀simple฀matter฀from฀the฀ network฀selection฀aspect. ฀ The฀other฀big฀hitter฀here฀is฀the฀network฀side฀ of฀things.฀How฀is฀your฀incoming฀call฀going฀to฀ be฀routed?฀Just฀to฀make฀it฀real,฀let’s฀assume฀you฀ use฀a฀Skype-in฀or฀Vonage฀number฀as฀your฀main฀ number.฀Neither฀Skype฀nor฀Vonage฀are฀open฀but฀ the฀point฀of฀this฀example฀is฀just฀to฀establish฀that฀ your฀incoming฀calls฀initiate฀on฀an฀IP฀network฀of฀ EnterpriseOpenSource.SYS-CON.com

some฀sort.฀When฀the฀call฀is฀incoming฀it฀has฀to฀be฀ routed฀to฀your฀device฀via฀one฀of฀several฀methods฀ –฀traditional฀cellular,฀Skype-over-Wi-Fi,฀Skype฀ over฀cellular฀Internet,฀or฀open฀VoIP-over-Wi-Fi.฀ How฀is฀the฀routing฀of฀that฀call฀to฀your฀phone฀going฀ to฀happen?฀The฀network฀doesn’t฀know฀which฀network฀is฀currently฀best฀for฀you฀unless฀your฀phone฀ can฀somehow฀tell฀it. ฀ And฀there฀you฀have฀it.฀Your฀phone฀has฀to฀be฀the฀ device฀that฀tells฀some฀other฀device฀on฀the฀network฀ what฀routes฀to฀the฀phone฀work฀and฀how฀well฀they฀ work.฀This฀means฀the฀phone฀is฀going฀to฀connect฀ through฀one฀of฀its฀available฀networks฀to฀an฀Internet฀server฀and฀send฀some฀data฀to฀that฀server฀to฀tell฀ that฀server฀its฀options฀for฀routing฀the฀call. ฀ Where฀is฀this฀server฀going฀to฀sit฀and฀what’s฀going฀to฀run฀in฀terms฀of฀software?฀It’s฀probably฀going฀ to฀be฀an฀industry฀standard฀server฀sitting฀at฀a฀highquality฀ISP฀running฀a฀custom฀version฀of฀Asterisk.฀ That’s฀the฀best฀way฀to฀support฀the฀lowest-cost,฀ highest-quality฀option฀you฀have,฀which฀is฀open฀ VoIP-over-Wi-Fi,฀and฀the฀best฀way฀to฀support฀the฀ remote฀status฀and฀configuration฀that฀your฀phone฀ is฀going฀to฀need฀to฀signal฀the฀server.฀All฀the฀other฀ options฀such฀as฀Skype฀and฀traditional฀cellular฀ voice฀will฀be฀options฀within฀this฀infrastructure. ฀ All฀of฀this฀is฀a฀leap฀in฀level฀of฀service฀and฀an฀ order฀of฀magnitude฀drop฀in฀cost.฀Are฀the฀cellular฀

EnterpriseOpenSource.SYS-CON.com

providers฀going฀to฀like฀it?฀No.฀Can฀they฀stop฀it?฀ Yes.฀They฀can฀lock฀their฀phones฀from฀being฀taken฀ over฀by฀the฀open฀source฀community.฀Will฀they฀ succeed?฀I฀don’t฀know฀but฀the฀question฀is฀“what฀ doesn’t฀run฀Linux฀these฀days?” ฀ Besides฀the฀advantages฀of฀voice฀alone,฀just฀ think฀what฀an฀open฀PC฀like฀a฀laptop฀running฀ Ubuntu฀working฀in฀unison฀with฀a฀smartphone฀ running฀Linux฀can฀do.฀You฀could฀sync฀up฀your฀ contacts฀over฀Bluetooth,฀Wi-Fi,฀or฀wired฀Ethernet฀ via฀a฀cron฀job฀that฀runs฀in฀the฀background.฀How฀ nice฀is฀that?฀You฀can฀download฀your฀call฀history฀ and฀dispute฀any฀bill฀discrepancies.฀Want฀to฀set฀ up฀a฀DUN฀connection฀and฀access฀the฀Internet฀ through฀your฀phone’s฀cellular฀network฀via฀Bluetooth฀when฀on฀the฀road฀and฀out฀of฀Wi-Fi฀coverage?฀Simple,฀it’s฀an฀icon฀on฀your฀desktop฀and฀it฀ configures฀your฀phone฀automatically.฀No฀need฀to฀ manually฀twist฀knobs฀on฀the฀phone’s฀preferences฀ then฀do฀some฀knob฀twisting฀on฀the฀PC฀to฀select฀ a฀network฀then฀wait฀for฀it฀all฀to฀come฀together.฀It฀ can฀just฀work. ฀ Trust฀me฀on฀this...the฀amount฀of฀integration฀ that฀can฀happen฀between฀phone฀and฀PC฀and฀ between฀phone฀and฀Internet฀hasn’t฀begun฀to฀ be฀scratched.฀And฀it฀won’t฀until฀we฀open฀up฀the฀ phones฀and฀take฀a฀swing฀at฀the฀wall฀surrounding฀ the฀cellular฀networks’฀garden.฀฀฀

PAGE 23

The฀amount฀of฀ integration฀that฀ can฀happen฀ �etween฀phone฀ and฀PC฀and฀ �etween฀phone฀ and฀Internet฀ �asn’t฀begun฀t�฀ be฀s�rat��e�

June/July 2007

e��ipse

A฀Low-Cost฀Cross-Development฀ Environment฀Using฀the฀ Eclipse฀Framework S�a�ing฀t�e฀barriers by Brian Handley

�

he฀Eclipse฀development฀environment฀has฀become฀the฀de฀facto฀industry฀standard฀ environment฀in฀which฀to฀host฀embedded฀development฀tools.฀Many฀of฀the฀traditional฀ embedded฀tools฀vendors฀who฀used฀to฀sell฀their฀own฀proprietary฀development฀

tools฀and฀environments฀have฀embraced฀Eclipse฀and฀ported฀their฀products฀to฀run฀within฀it฀to฀take฀ advantage฀of฀the฀sophisticated,฀feature-rich฀framework฀it฀provides.฀

About the Author Brian Handley is a senior engineer at Macraigor Systems LLC. He has over 20 years of experience working with embedded systems. Brian holds BS in computer science and engineering from MIT. [email protected]

June/July 2007

฀ These฀tools฀and฀environments฀are฀powerful,฀but฀they฀can฀still฀be฀expensive.฀For฀ projects฀on฀a฀tight฀budget,฀it’s฀now฀possible฀ to฀use฀the฀freely฀available,฀open฀source฀ Eclipse฀IDE฀along฀with฀open฀source฀GNU฀ tools฀(binutils,฀gcc,฀and฀gdb)฀to฀construct฀a฀ complete฀cross-development฀environment฀ at฀little฀or฀no฀cost.฀ ฀ However,฀piecing฀together฀all฀the฀components฀necessary฀to฀build฀a฀system฀such฀as฀ this฀isn’t฀easy.฀Eclipse฀wasn’t฀built฀to฀handle฀ cross-development,฀or฀even฀the฀C฀or฀C++฀ languages฀typically฀used฀in฀most฀embedded฀ projects.฀So฀a฀signifi฀cant฀amount฀of฀effort฀is฀ needed฀to฀get฀Eclipse฀to฀do฀this฀adequately.฀ Eclipse฀also฀doesn’t฀have฀any฀concept฀of฀a฀remote฀debug฀connection฀of฀its฀own.฀If฀a฀debug฀ interface฀such฀as฀JTAG,฀or฀even฀an฀Ethernet฀or฀ serial฀connection฀to฀a฀target-resident฀debug฀ monitor,฀is฀used,฀Eclipse฀must฀be฀reconfi฀gured฀ to฀handle฀the฀situation.฀And฀the฀GNU฀tools฀ required฀are฀typically฀available฀only฀in฀source฀ format,฀and฀must฀be฀built฀for฀the฀particular฀ host฀and฀target฀processor฀being฀used฀by฀a฀project.฀Getting฀these฀tools฀to฀build฀for฀a฀particular฀ host/target฀combination฀can฀be฀diffi฀cult,฀ consuming฀engineering฀time฀better฀spent฀on฀ application฀development. ฀ This฀article฀describes฀how฀to฀construct฀a฀ free฀or฀low-cost฀cross-development฀environment฀for฀Intel฀XScale฀processors฀based฀on฀ Eclipse฀IDE฀and฀GNU฀toolsets.฀ PAGE 24

De�ugging฀�sing฀�ree฀Tools ฀ To฀build฀a฀functional,฀free,฀cross-development฀environment,฀you฀have฀to฀get฀several฀ components฀and฀integrate฀them.฀The฀Eclipse฀ development฀environment฀is฀the฀framework฀ in฀which฀the฀other฀necessary฀tools฀are฀integrated.฀Eclipse฀itself฀includes฀an฀editor,฀project฀ manager,฀and฀debugger฀interface.฀Since฀the฀ environment฀is฀intended฀for฀embedded฀crossdevelopment,฀the฀C฀and฀C++฀languages฀must฀ be฀supported.฀This฀means฀using฀the฀CDT฀plugin฀for฀Eclipse฀(http://www.eclipse.org/cdt/).฀ The฀assembler,฀compiler,฀linker,฀and฀other฀ code-generation฀utilities฀will฀be฀provided฀by฀ open฀source฀GNU฀code.฀ ฀ If฀the฀goal฀were฀to฀develop฀native฀applications฀in฀C/C++฀using฀Eclipse฀then฀these฀tools฀ would฀suffi฀ce.฀However,฀for฀embedded฀crossdevelopment,฀a฀few฀more฀pieces฀are฀needed.฀ Eclipse฀with฀a฀CDT฀plug-in฀has฀no฀concept฀ of฀a฀remote฀debug฀connection฀to฀connect฀to฀ an฀embedded฀processor.฀Zylin฀AS฀Consulting฀ (www.zylin.com)฀offers฀an฀open฀source฀embedded฀CDT฀and฀another฀plug-in฀that฀together฀ let฀the฀Eclipse฀debugger฀connect฀to฀a฀remote฀ target฀via฀any฀debug฀connection฀(see฀the฀Zylin฀ plug-ins฀section฀below).฀This฀debug฀connection฀is฀typically฀a฀JTAG,฀Ethernet,฀or฀serial฀connection.฀And฀if฀a฀JTAG฀connection฀to฀the฀target฀ is฀needed,฀a฀method฀must฀be฀provided฀for฀the฀ GNU฀Project฀Debugger฀(GDB)฀to฀communicate฀ with฀the฀target฀using฀this฀interface. EnterpriseOpenSource.SYS-CON.com

฀ The฀completed฀development฀system฀using฀a฀ JTAG฀target฀connection฀is฀shown฀in฀Figure฀1. ฀

Building฀on฀Eclipse

฀ According฀to฀the฀official฀Eclipse฀Web฀site฀ (www.eclipse.org),฀the฀Eclipse฀Foundation฀ manages฀open฀source฀development฀of฀projects฀ that฀“are฀focused฀on฀providing฀a฀vendor-neutral฀open฀development฀platform฀and฀application฀frameworks฀for฀building฀software.”฀The฀ Eclipse฀Foundation฀has฀created฀the฀Eclipse฀ Platform฀that฀provides฀a฀feature-rich฀integrated฀development฀environment฀with฀a฀well-defined฀interface฀that฀allows฀additional฀features฀ to฀plug฀in฀and฀work฀seamlessly฀with฀existing฀ code. ฀ Eclipse฀has฀rapidly฀gained฀favor฀among฀ embedded฀tools฀companies฀because฀it฀provides฀a฀sophisticated฀IDE฀into฀which฀they฀can฀ plug฀their฀tools฀and฀no฀longer฀have฀to฀worry฀ about฀building฀and฀maintaining฀their฀own฀ proprietary฀environments.฀The฀Eclipse฀Public฀ License฀lets฀the฀creator฀of฀derivative฀works฀ based฀on฀Eclipse฀retain฀their฀distribution฀ rights฀so฀companies฀can฀focus฀on฀their฀core฀ embedded฀competencies฀and฀still฀profit฀from฀ their฀efforts. ฀ This฀is฀excellent฀news฀for฀those฀trying฀to฀ put฀together฀a฀free฀development฀environment.฀ It฀makes฀a฀commercial-quality฀IDE฀available฀ that฀has฀the฀backing฀and฀support฀of฀a฀large฀ number฀of฀both฀embedded฀and฀enterprise฀

software฀tools฀companies.฀However,฀as฀mentioned฀above,฀Eclipse฀by฀itself฀provides฀only฀a฀ framework฀and฀some฀generic฀tools,฀such฀as฀an฀ editor,฀code/project฀manager,฀and฀debugger฀ interface.฀To฀construct฀a฀cross-development฀ system,฀several฀more฀packages฀must฀be฀obtained฀and฀integrated฀into฀Eclipse.฀

bler,฀compiler,฀linker,฀and฀loader฀are฀also฀still฀ required฀to฀generate฀downloadable฀code฀for฀ the฀XScale฀target฀processor.฀The฀next฀section฀ discusses฀using฀GNU฀tools฀that฀provide฀these฀ utilities.

C/C++฀Development฀Tooling

฀ The฀Free฀Software฀Foundation฀makes฀free฀ source฀code฀available฀for฀a฀wide฀range฀of฀ programs฀and฀utilities,฀including฀a฀set฀of฀tools฀ that฀together฀can฀provide฀everything฀necessary฀ to฀build,฀link,฀load,฀and฀debug฀an฀embedded฀ application.฀The฀combination฀of฀GNU฀binutils฀ (http://www.gnu.org/software/binutils/),฀the฀ GNU฀Compiler฀Collection฀(GCC)฀(http://gcc. gnu.org/),฀and฀GDB฀(http://sources.redhat. com/gdb/)฀provide฀a฀fairly฀complete฀toolset฀ for฀building฀and฀debugging฀embedded฀applications.฀These฀tools฀can฀be฀used฀on฀their฀ own฀for฀this฀purpose.฀The฀binutils฀package฀ provides฀an฀assembler,฀linker,฀archiver,฀and฀ several฀other฀utilities฀for฀code฀development,฀ the฀GCC฀provides฀the฀C/C++฀compiler,฀and฀the฀ GDB฀allows฀the฀code฀to฀be฀downloaded฀to฀and฀ debugged฀on฀the฀target฀processor. ฀ The฀downside฀of฀using฀these฀tools฀as฀they฀ are฀is฀that฀there’s฀no฀graphical฀user฀interface฀ (GUI)฀and฀no฀real฀integration฀of฀the฀tools.฀Used฀ by฀themselves฀they฀basically฀provide฀a฀command-line฀interface.฀However,฀Eclipse฀with฀the฀ CDT฀is฀capable฀of฀sufficiently฀integrating฀these฀ tools฀into฀an฀environment฀with฀a฀GUI฀so฀most฀ of฀the฀command-line฀use฀of฀the฀tools฀can฀be฀ avoided. ฀ The฀other฀problem฀with฀using฀the฀GNU฀ tools฀for฀code฀development฀is฀that฀they฀generally฀come฀only฀in฀source฀form.฀Although฀the฀ tools฀support฀a฀huge฀array฀of฀various฀target฀ processors฀and฀just฀about฀any฀host฀OS฀and฀ hardware฀one฀could฀imagine,฀the฀user฀usually฀ has฀to฀configure฀and฀build฀them.฀This฀build฀ process฀can฀be฀a฀time-consuming,฀frustrating฀ experience,฀especially฀for฀someone฀who฀hasn’t฀ done฀it฀before.฀ ฀ Fortunately,฀several฀embedded฀tools฀vendors฀make฀available฀free฀pre-built฀versions฀of฀ the฀GNU฀tools฀for฀ARM/XScale฀that฀can฀simply฀ be฀downloaded฀and฀installed.

฀ Eclipse฀was฀originally฀developed฀in฀and฀for฀ the฀Java฀programming฀language,฀and฀the฀basic฀ framework฀is฀still฀specific฀to฀Java.฀Most฀embedded฀cross-development฀projects฀still฀have฀device฀drivers,฀operating฀system฀(OS)฀code,฀and฀ applications฀written฀in฀C,฀C++,฀or฀assembly฀ language.฀To฀make฀Eclipse฀compatible฀with,฀ and฀useable฀for,฀C/C++,฀a฀sub-project฀called฀ C/C++฀Development฀Tooling฀was฀created฀to฀ build฀a฀plug-in฀that฀would฀add฀these฀features฀ to฀the฀basic฀Eclipse฀framework.฀This฀plug-in฀ is฀available฀as฀a฀free฀download฀from฀Eclipse฀at฀ www.eclipse.org/cdt/downloads.php. ฀ With฀the฀Eclipse฀framework฀and฀CDT฀in฀ place,฀the฀environment฀is฀capable฀of฀supporting฀and฀enabling฀code฀development฀in฀C/C++.฀ However฀this฀environment฀will฀only฀work฀for฀ native฀application฀development.฀For฀embedded฀cross-development,฀there฀are฀still฀some฀ issues฀that฀must฀be฀addressed,฀primarily฀the฀ handling฀of฀remote฀debug฀connections฀to฀a฀ target฀processor.฀The฀Zylin฀plug-ins฀section฀ discusses฀this฀problem฀further.฀An฀assem-

�ree฀Software฀�oundation฀ GN�฀Tools

Z�lin฀Em�edded฀CDT฀Plug-Ins ฀ An฀environment฀consisting฀of฀Eclipse,฀the฀ CDT฀plug-in,฀and฀the฀appropriate฀GNU฀tools฀ is฀close฀to฀being฀a฀functional฀embedded฀crossdevelopment฀system.฀As฀mentioned฀above,฀ however,฀Eclipse฀and฀the฀CDT฀don’t฀support฀ remote฀target฀connections฀to฀an฀embedded฀ processor.฀They฀assume฀that฀debugging฀is฀ occurring฀on฀the฀host฀machine.฀To฀download฀

Figure 1: Completed development system using a JTAG target connection EnterpriseOpenSource.SYS-CON.com

PAGE 25

June/July 2007

e��ipse

the฀debugger฀to฀an฀embedded฀processor฀via฀a฀ JTAG.฀This฀is฀usually฀handled฀by฀a฀proprietary฀ standalone฀utility฀that฀runs฀on฀the฀host฀and฀ provides฀a฀TCP/IP฀port฀that฀will฀accept฀a฀GDB฀ connection฀on฀the฀front-end฀and฀connect฀to฀ the฀JTAG฀hardware฀device฀on฀the฀back-end.฀ Most฀JTAG฀interface฀device฀vendors฀provide฀ a฀utility฀for฀this฀kind฀of฀connection฀with฀their฀ hardware. ฀ Figure฀2฀shows฀the฀Eclipse฀Debug฀Perspective฀during฀a฀debugging฀session฀using฀the฀ system฀described฀in฀this฀article.฀The฀target฀ is฀an฀XScale฀81348฀I/O฀processor฀evaluation฀ board฀and฀the฀debug฀connection฀is฀made฀via฀ an฀USB-connected฀JTAG฀device.

�ull-�eatured฀Integrated฀Cross-Development฀Environment

Figure 2: shows the Eclipse Debug Perspective during a debugging session using the system described in this article. The target is an XScale 81348 I/O processor evaluation board and the debug connection is made via an USB-connected JTAG device

the฀embedded฀code฀from฀the฀host฀to฀the฀target฀ and฀then฀connect฀to฀a฀debug฀agent฀of฀some฀ type฀running฀on฀the฀target฀hardware,฀some฀ changes฀must฀be฀made฀in฀the฀way฀the฀CDT฀ handles฀debugging.฀ ฀ To฀address฀this฀problem,฀Zylin฀AS฀Consulting,฀a฀Norwegian฀company,฀has฀created฀and฀ made฀Embedded฀CDT฀and฀another฀small฀plugin฀available฀that฀together฀“understand”฀and฀ properly฀handle฀embedded฀debugging฀using฀ GDB฀from฀within฀Eclipse.฀These฀free฀plug-ins฀ are฀available฀at฀http://www.zylin.com/embeddedcdt.html. ฀ It’s฀also฀worth฀noting฀that฀an฀Eclipse฀Project฀ called฀the฀Device฀Software฀Development฀ Platform฀(DSDP)฀is฀now฀available.฀This฀project฀ is฀specifi฀cally฀aimed฀at฀enabling฀Eclipse฀to฀ be฀used฀for฀embedded฀cross-development฀ so฀that,฀at฀some฀point฀in฀the฀future,฀the฀Zylin฀ Embedded฀CDT฀modifi฀cations฀may฀become฀ unnecessary.฀Further฀information฀about฀the฀ DSDP฀project฀can฀be฀found฀at฀http://www. eclipse.org/dsdp/.฀

Traditional฀Target฀Connections ฀ The฀only฀piece฀that฀remains฀missing฀in฀the฀ integrated฀cross-development฀system฀is฀some฀ kind฀of฀debug฀communication฀method฀to฀connect฀the฀host฀computer฀to฀the฀target฀processor.฀ Traditionally,฀this฀connection฀is฀usually฀made฀ via฀a฀serial,฀Ethernet,฀or฀JTAG฀interface.฀If฀a฀ June/July 2007

project฀is฀using฀hardware฀for฀which฀a฀board฀ support฀package฀already฀exists,฀it฀may฀be฀ feasible฀to฀simply฀run฀a฀GDB฀debug฀agent฀on฀ the฀target฀and฀connect฀GDB฀to฀it฀using฀a฀serial฀ or฀Ethernet฀connection.฀ ฀ However,฀for฀new฀custom฀XScale฀boards,฀ the฀interface฀of฀choice฀is฀usually฀JTAG.฀This฀ debug฀interface฀is฀built฀into฀XScale฀processors฀ and฀provides฀a฀dedicated฀debug฀connection฀ directly฀to฀the฀processor฀core฀that฀has฀several฀ advantages฀over฀using฀a฀serial฀or฀Ethernet฀connection: •฀ It’s฀built฀into฀the฀processor฀and฀only฀requires฀ that฀the฀processor฀is฀powered฀and฀getting฀a฀ clock฀signal฀to฀work. •฀ It฀can฀be฀used฀to฀write฀and฀debug฀boot฀code฀ and฀drivers฀that฀must฀be฀implemented฀and฀ tested฀before฀getting฀a฀debug฀agent฀running฀ on฀the฀processor. •฀ It฀doesn’t฀use฀any฀valuable฀target฀resources.฀ A฀serial฀or฀Ethernet฀debug฀connection฀usually฀requires฀dedicated฀hardware฀for฀the฀ interface฀besides฀using฀processor฀cycles฀and฀ memory฀for฀a฀driver. ฀ To฀connect฀a฀JTAG฀interface฀device฀to฀the฀ target฀using฀the฀Eclipse/GNU฀environment฀ described฀above,฀a฀debug฀agent฀of฀some฀sort฀ is฀required.฀GDB฀has฀a฀well-defi฀ned฀backend฀interface฀called฀GDB฀Remote฀that฀has฀ become฀a฀common฀standard฀for฀connecting฀ PAGE 26

฀ This฀article฀has฀shown฀that,฀using฀readily฀ available,฀free,฀open฀source฀software฀tools,฀it’s฀ possible฀to฀construct฀a฀full-featured฀integrated฀ environment฀for฀XScale฀embedded฀cross-development.฀The฀process฀of฀gathering฀components,฀integrating฀them฀and฀–฀in฀the฀case฀of฀ the฀GNU฀tools฀—฀building฀applications฀from฀ source฀is฀likely฀well฀within฀the฀capabilities฀of฀ most฀embedded฀software฀engineers.฀However,฀ this฀process฀can฀still฀be฀a฀time-consuming฀ and฀diffi฀cult,฀eating฀into฀engineering฀time฀ that฀might฀be฀better฀spent฀writing฀code฀for฀the฀ target฀hardware. ฀ Several฀JTAG฀debugger฀vendors,฀as฀a฀way฀of฀ promoting฀and฀enabling฀their฀JTAG฀interface฀ devices,฀have฀greatly฀simplifi฀ed฀the฀task฀of฀ constructing฀the฀integrated฀development฀ environment฀described฀in฀this฀article.฀These฀ companies฀make฀available฀free฀downloads฀ that฀include฀Eclipse,฀the฀Zylin฀Embedded฀ CDT฀plug-ins,฀pre-built฀GNU฀tool฀kits฀for฀ ARM/XScale฀processors,฀and,฀typically,฀prebuilt฀Eclipse฀projects฀confi฀gured฀for฀standard฀ XScale฀evaluation฀boards.฀The฀pre-confi฀gured฀ Eclipse฀projects฀and฀the฀pre-built฀GNU฀tools,฀ with฀install฀programs฀for฀Windows฀operating฀ systems฀and฀RPM฀scripts฀for฀Linux฀operating฀ systems,฀allow฀a฀user฀to฀get฀a฀complete฀environment฀up฀and฀running฀quickly฀on฀actual฀ hardware.฀ ฀ In฀conclusion,฀constructing฀a฀free฀or฀ low-cost฀cross-development฀environment฀ based฀on฀the฀open-source฀Eclipse฀IDE฀and฀ GNU฀toolsets฀is฀possible,฀though฀time-consuming฀and฀challenging.฀Vendors฀of฀JTAG฀ interface฀hardware฀have฀simplified฀the฀ process฀by฀providing฀downloads฀that฀help฀ facilitate฀construction฀and฀lower฀the฀barriers฀to฀achieving฀the฀sophisticated฀XScale฀ cross-development฀environment฀developers฀are฀seeking฀today.฀฀ EnterpriseOpenSource.SYS-CON.com

� ��฀��� ������

����� ����� ��� �����

����

฀฀���������฀����� ฀฀���฀����฀����

����฀������฀����

���������������฀ ���������฀���฀���฀����������� ����������฀฀ ���฀��฀������������฀ �����������฀���฀����������฀ �����฀��฀���฀����� ��฀�������฀����฀���฀��฀��������฀����฀��฀���฀���������฀��฀�����฀�����฀����������฀���������฀������ ���������฀��฀����������������฀��฀��������฀�����฀���������฀����������฀��฀����������฀���฀��������฀ �����������฀���฀��������฀��฀��������฀��฀��������������฀��������฀��������������฀���฀������฀����฀���฀ ����฀����������฀ �฀�����������฀�������������฀����������฀����฀������฀�������฀��฀��������฀��฀������฀��������฀����� �����฀��฀����฀��������฀�����������฀��������������฀��฀�฀�����������฀�����฀����฀���฀�����฀���฀ �������������฀���฀��฀����฀���������฀��฀��������฀���฀��������������฀��฀�����������฀����������฀��฀��฀ ���������฀����฀��฀��������฀����������฀���฀���฀�������฀ ���฀��������������฀���฀����฀�����฀��฀�฀�����฀��฀������฀�������฀���������฀��������������฀����������� �����฀���������฀������฀�����฀���������������฀���฀����������฀��������฀�������฀���������฀

��������฀�������฀ ��������������������������������

���฀�����฀�����฀��������������฀�����฀��฀���฀������

������฀���฀���������฀���฀ �����������฀�������������

����฀������������

�����฀����฀ ���฀���������� �฀�������฀฀��฀฀���฀���

�������������������������������������������������� COPYRIGHT ©2007 SYS-CON MEDIA

ALL RIGHTS RESERVED

�verview

Protect฀and฀Control฀Your฀ Small฀Business฀Network Five฀�pen฀s�ur�e฀app�i�ati�ns฀t�฀get฀y�u฀starte� by Dirk Morris

F

or฀a฀small฀business,฀fl฀exibility฀and฀cost฀are฀key฀factors฀to฀bear฀in฀mind฀when฀considering฀a฀ network฀threat฀management฀solution.

About the Author Dirk Morris is the founder and CTO of Untangle, which incorporates more than 30 open source projects into a single open source network gateway platform to stop spam, spyware, viruses, and more. [email protected]

June/July 2007

฀ The฀network฀security฀space฀has฀been฀dominated฀by฀big฀proprietary฀vendors฀like฀Barracuda,฀SonicWall,฀and฀WatchGuard.฀However,฀ many฀people฀simply฀don’t฀have฀the฀time฀or฀ budget฀to฀research฀all฀the฀possible฀vendors฀ and฀order,฀install,฀and฀confi฀gure฀a฀network฀appliance,฀so฀they฀postpone฀addressing฀network฀ security.฀ ฀ Given฀the฀cost฀and฀infl฀exibility฀associated฀ with฀proprietary฀vendors,฀open฀source฀solutions฀may฀seem฀like฀a฀good฀option.฀However,฀ many฀businesses฀have฀traditionally฀steered฀ clear฀of฀open฀source฀alternatives,฀because฀early฀ projects฀lacked฀the฀commercial฀support฀and฀ documentation฀that฀they฀were฀familiar฀with.฀In฀ addition,฀most฀people฀who฀haven’t฀had฀experience฀with฀open฀source฀don’t฀even฀know฀where฀ to฀begin฀when฀evaluating฀if฀a฀particular฀application฀is฀appropriate฀for฀the฀business.฀฀ ฀ As฀a฀result฀of฀the฀perceived฀downsides฀of฀ both฀proprietary฀and฀open฀source฀solutions,฀ many฀small฀businesses฀simply฀choose฀to฀live฀ with฀insecure฀networks฀and฀don’t฀deploy฀a฀ proper฀suite฀of฀security฀applications.฀However,฀ leaving฀the฀network฀uncontrolled฀and฀vulnerable฀to฀attacks฀is฀obviously฀not฀the฀optimal฀ solution,฀nor฀is฀investing฀a฀lot฀of฀money฀in฀a฀ proprietary฀solution฀that฀may฀not฀provide฀the฀ desired฀fl฀exibility,฀as฀the฀needs฀of฀the฀network฀ evolves฀as฀the฀company฀grows฀and฀changes.฀฀ ฀ The฀reality฀is฀that฀open฀source฀can฀provide฀ an฀excellent฀solution฀for฀small฀businesses.฀ However,฀because฀of฀the฀slew฀of฀open฀source฀ options฀out฀there,฀it฀is฀important฀to฀have฀both฀ some฀basic฀starting฀information฀and฀a฀system฀ by฀which฀to฀evaluate฀which฀projects฀are฀appropriate.฀(It฀also฀doesn’t฀hurt฀to฀have฀some฀ patience฀and฀a฀sense฀of฀adventure฀when฀diving฀ into฀the฀sea฀of฀available฀open฀source฀projects.) In฀the฀spirit฀of฀helping฀to฀create฀a฀jumping-off฀ point฀for฀those฀considering฀open฀source,฀here฀ are฀fi฀ve฀free฀open฀source฀security฀applications฀ that฀every฀small฀business฀should฀evaluate:฀ PAGE 28

1)฀SpamAssassin ฀ Everyone฀hates฀the฀unsolicited฀e-mail฀called฀ spam.฀The฀open฀source฀SpamAssassin฀(http:// spamassassin.apache.org/)฀is฀an฀extremely฀effective฀spam฀fi฀lter฀that฀is฀typically฀installed฀on฀ the฀mail฀server฀or฀relay.฀For฀those฀who฀already฀ have฀a฀mail฀server฀in฀place฀(even฀Microsoft฀ Exchange),฀there฀are฀a฀variety฀of฀ways฀to฀plug฀ in฀SpamAssassin.฀It฀boasts฀a฀large฀community฀ of฀users฀who฀consistently฀write฀new฀SpamAssassin฀plug-ins,฀and฀a฀SpamAssassin฀user฀ inherits฀all฀of฀the฀benefi฀ts฀and฀support฀of฀this฀ very฀active฀community.฀฀฀ ฀ However,฀there฀are฀downsides฀to฀using฀it.฀ The฀installation฀can฀be฀tricky,฀and฀the฀platform฀ lacks฀some฀of฀the฀features฀that฀businesses฀ might฀want,฀such฀as฀a฀mail฀quarantine,฀and฀ blocklist฀and฀passlist฀capabilities฀because฀ SpamAssassin’s฀job฀is฀only฀to฀detect฀whether฀or฀ not฀an฀e-mail฀is฀spam.฀However,฀there฀are฀ways฀ to฀set฀up฀SpamAssassin฀to฀mimic฀quarantinelike฀actions,฀such฀as฀moving฀spam฀to฀other฀ mailboxes฀to฀achieve฀some฀of฀the฀same฀results.฀ The฀spam฀detection฀engine฀is฀one฀of฀the฀best,฀ including฀technology฀like฀Bayesian฀fi฀ltering,฀ RBLs,฀and฀plug-ins฀for฀the฀Razor฀database฀ and฀even฀optical฀character฀resolution฀(OCR).฀ Because฀the฀community฀is฀so฀large฀and฀active,฀ there฀are฀consistently฀free฀updates฀readily฀ available.฀฀ ฀ In฀short,฀SpamAssassin฀is฀a฀great,฀low-cost฀ alternative฀to฀a฀proprietary฀spam฀fi฀lter฀like฀ Barracuda’s฀appliance,฀which฀performs฀the฀ same฀functions฀and฀adds฀documentation,฀support,฀and฀a฀few฀features฀that฀they฀feel฀SpamAssassin฀is฀missing,฀including฀a฀hefty฀price฀tag.฀ If฀you฀have฀time฀for฀the฀installation฀and฀don’t฀ mind฀taking฀some฀time฀to฀poke฀around฀the฀ community฀to฀answer฀questions,฀give฀SpamAssassin฀a฀try.

2)฀ClamA� ฀ ClamAV฀(http://www.clamav.net/)฀is฀an฀ effective,฀well-performing฀virus-scanning฀engine฀that฀can฀be฀used฀in฀a฀few฀different฀ways.฀ You฀can฀treat฀ClamAV฀like฀SpamAssassin฀and฀ EnterpriseOpenSource.SYS-CON.com

integrate฀it฀with฀a฀mail฀server฀to฀scan฀pieces฀ of฀mail฀for฀viruses.฀You฀can฀also฀install฀ClamWin฀(http://www.clamwin.com/)฀on฀every฀ desktop฀in฀the฀company฀for฀an฀extra฀layer฀of฀ security.฀This฀is฀similar฀to฀using฀commercial฀ products฀like฀Norton฀Anti-Virus,฀but฀ClamWin฀does฀not฀have฀some฀of฀the฀fancy฀features.฀ On฀the฀plus฀side,฀ClamAV,฀like฀SpamAssassin,฀ has฀both฀the฀advantage฀of฀price฀(it’s฀free)฀and฀ of฀a฀large฀community฀of฀users฀submitting฀ signatures,฀which฀are฀often฀available฀sooner฀ than฀they฀are฀for฀any฀other฀virus-detection฀ product.฀

3)฀L7฀�ilter ฀ L7฀Filter฀(http://l7-filter.sourceforge.net/)฀ is฀a฀module฀for฀iptables,฀the฀Linux฀firewall,฀so฀ it฀requires฀a฀Linux฀firewall฀on฀the฀network.฀L7฀ Filter฀makes฀it฀possible฀to฀detect฀and฀block฀an฀ array฀of฀protocols฀that฀are฀traditionally฀difficult฀to฀detect฀and฀block฀because฀they฀jump฀ around฀to฀different฀ports.฀Companies฀that฀ want฀to฀block฀their฀employees฀from฀using฀AOL฀ Instant฀Messenger,฀for฀example,฀need฀to฀block฀ whatever฀port฀AOL฀IM฀uses,฀which฀theoretically฀is฀port฀5190฀but฀often฀shifts฀to฀other฀ports฀ (including฀the฀Web฀port,฀port฀80,฀which฀every฀ firewall฀has฀open)฀to฀ensure฀a฀connection.฀ L7฀Filter฀is฀great฀for฀detecting฀and฀blocking฀ tougher฀protocols฀like฀Instant฀Messaging฀from฀ Yahoo,฀AOL,฀and฀Microsoft,฀and฀P2P฀protocols฀ such฀as฀BitTorrent.฀ ฀ Like฀ClamAV฀and฀SpamAssassin,฀L7฀Filter฀ has฀a฀user฀community฀that฀develops,฀maintains,฀and฀updates฀important฀signatures.฀ Proprietary฀vendors฀often฀have฀signature฀lists฀ that฀try฀to฀cover฀a฀broad฀array฀of฀topics฀and฀are฀ outdated฀and฀poorly฀maintained.฀Open฀source฀ projects฀like฀L7฀Filter,฀because฀of฀its฀larger฀ community฀and฀its฀focus฀on฀a฀single฀aspect฀of฀ security,฀tend฀to฀have฀newer฀and฀larger฀signature฀lists฀that฀lead฀to฀more฀effective฀product฀ use.

4)฀Snort ฀ Snort฀(http://www.snort.org/)฀has฀evolved฀ into฀an฀industry฀standard฀for฀intrusion฀ detection฀and฀intrusion฀prevention.฀The฀best฀ thing฀about฀Snort,฀aside฀from฀its฀reputation฀ as฀an฀effective฀intrusion฀detection฀system,฀ is฀that฀the฀community฀is฀so฀large฀and฀active฀ that฀you฀can฀essentially฀find฀a฀proven฀signature฀for฀virtually฀anything,฀be฀it฀detecting฀a฀ certain฀attack฀or฀even฀whether฀or฀not฀someone฀is,฀among฀other฀nefarious฀activities,฀ using฀a฀protocol฀that฀should฀be฀blocked฀or฀ accessing฀a฀Website฀that฀is฀deemed฀inappropriate฀for฀the฀network.฀These฀signatures฀ are฀available฀free฀with฀a฀30-day฀delay฀from฀ SourceFire฀and฀are฀professionally฀mainEnterpriseOpenSource.SYS-CON.com

tained.฀Snort’s฀beauty฀lies฀in฀its฀flexibility฀ –฀there฀are฀so฀many฀proven฀signatures฀out฀ there฀that฀there฀are฀almost฀limitless฀options฀ for฀what฀it฀can฀be฀used฀for฀beyond฀just฀intrusion฀detection.฀฀

5)฀Open�PN ฀ OpenVPN฀(http://openvpn.net/)฀is฀a฀great฀ VPN฀tool฀for฀remote฀access,฀if฀you฀have฀a฀ lot฀of฀users฀trying฀to฀access฀the฀network฀ remotely.฀OpenVPN฀is฀similar฀to฀other฀VPN฀ protocols฀like฀IPSec฀and฀PPTP,฀but฀it’s฀much฀ simpler฀(and฀is฀free).฀There฀are฀clients฀available฀for฀Windows,฀Mac,฀and฀Linux,฀and฀it฀ avoids฀issues฀that฀commonly฀plague฀users฀ of฀PPTP฀and฀IPSec,฀including฀problems฀with฀ NAT.฀IPSec฀and฀PPTP฀can฀be฀tricky฀to฀set฀up฀in฀ a฀lot฀of฀cases,฀and฀they฀require฀you฀to฀invest฀ time฀and฀energy฀dealing฀with฀complex฀issues฀ like฀key฀management.฀OpenVPN฀is฀much฀less฀ complex,฀and฀if฀you฀are฀willing฀to฀do฀research฀ into฀how฀to฀get฀it฀up฀and฀running,฀it฀will฀be฀ a฀cost-effective,฀much฀more฀stable฀VPN฀than฀ either฀IPSec฀or฀PPTP.฀฀ ฀ Obviously,฀open฀source฀provides฀a฀cost-effective,฀flexible฀alternative฀to฀proprietary฀solutions฀for฀the฀network฀security฀gateway.฀These฀ five฀projects฀each฀can฀be฀used฀to฀perform฀a฀ vital฀network฀security฀function.฀However,฀there฀ is฀no฀guarantee฀that฀any฀given฀open฀source฀ project฀is฀right฀for฀your฀business.฀It฀is฀important฀to฀evaluate฀each฀project฀on฀the฀basis฀of฀ several฀criteria฀to฀see฀if฀it฀is฀appropriate฀for฀you฀ to฀implement฀and฀use.฀ ฀ Questions฀you฀should฀ask฀yourself฀before฀ implementing฀any฀open฀source฀project฀are: •฀ What฀is฀the฀installation฀process฀like?฀฀ •฀ How฀good/clear฀is฀the฀documentation?฀Is฀it฀ easy฀to฀find?฀ •฀ How฀large฀and฀active฀is฀the฀user฀community? •฀ Is฀there฀someone฀at฀your฀company฀who฀is฀ willing฀to฀go฀to฀the฀project฀community฀for฀ support฀rather฀than฀having฀a฀telephone฀ number฀or฀a฀helpline฀to฀call? •฀ Is฀there฀someone฀in฀your฀company฀who฀is฀ willing฀to฀take฀some฀time฀to฀find฀and฀review฀ online฀documentation฀and฀to฀figure฀out฀the฀ use฀of฀the฀project?

open฀source฀ provides฀a฀costeffective�฀flexi�le฀ alternative฀to฀ proprietar�฀ solutions฀for฀the฀ netw�r�฀ se�urity฀ gateway

฀ The฀key฀for฀any฀business฀of฀any฀size฀thinking฀ of฀implementing฀open฀source฀is฀to฀beware฀of฀ downsides,฀know฀the฀upsides,฀and฀make฀sure฀ this฀project฀is฀right฀for฀you.฀If฀there฀is฀someone฀ at฀your฀company฀willing฀to฀put฀in฀a฀little฀elbow฀ grease฀to฀read฀the฀documentation฀(RTFM),฀to฀ seek฀out฀support,฀and฀to฀go฀the฀extra฀mile฀to฀ engage฀with฀the฀community,฀then฀low-cost,฀ flexible฀open฀source฀solutions฀can฀be฀the฀best฀ way฀to฀secure฀your฀network.฀฀ PAGE 29

June 2007

news

Centric฀CRM฀Receives฀�unding฀from฀Intel฀Capital (Norfolk,฀VA)฀–฀Centric฀CRM,฀a฀developer฀of฀open฀source฀Customer฀Relationship฀Management฀ (CRM)฀technology,฀has฀announced฀the฀company฀will฀receive฀investment฀funding฀from฀Intel฀Capital,฀the฀venture฀capital฀arm฀of฀Intel฀Corporation.฀Centric฀CRM฀will฀use฀the฀funds฀to฀pursue฀growth฀ opportunities฀forecast฀for฀the฀CRM฀technology฀industry. ฀ The฀rapid฀growth฀in฀the฀CRM฀technology฀market฀is฀being฀fueled฀by฀an฀increased฀business฀focus฀ on฀strengthening฀customer฀relationships,฀as฀well฀as฀an฀increased฀acceptance฀by฀businesses฀of฀ open฀source฀and฀Software฀as฀a฀Service฀(SaaS)฀business฀models.฀Open฀source฀software฀developers฀make฀the฀software’s฀source฀code฀available฀to฀users฀under฀a฀license฀or฀other฀arrangement฀that฀ allows฀users฀to฀modify฀the฀software฀to฀fi฀t฀their฀needs.฀The฀SaaS฀model฀involves฀a฀Web-delivered฀ software฀application฀that฀the฀vendor฀hosts฀and฀operates฀for฀use฀by฀its฀customers,฀who฀do฀not฀ pay฀for฀owning฀the฀software฀itself฀but฀for฀using฀it.฀Centric฀CRM฀delivers฀its฀software฀using฀both฀ methods,฀allowing฀its฀customers฀to฀choose฀the฀approach฀that฀works฀best฀for฀them.฀ www.centriccrm.com

Blac�฀Duc�฀Software฀Deepens฀�or�฀with฀IBM฀Rational฀ Through฀Expanded฀Software฀Integration (Orlando,฀FL)฀–฀Black฀Duck฀Software,฀a฀global฀provider฀of฀software฀governance฀solutions,฀has฀announced฀another฀signifi฀cant฀integration฀between฀its฀protexIP/development฀platform฀and฀IBM฀ Rational฀software.฀Black฀Duck฀has฀linked฀protexIP,฀a฀software฀compliance฀management฀system,฀ with฀IBM฀Rational฀Portfolio฀Manager,฀the฀end-to-end฀software฀product฀and฀portfolio฀management฀ solution.฀Black฀Duck’s฀work฀with฀IBM฀Rational฀has฀yielded฀several฀points฀of฀integration฀between฀the฀ companies’฀product฀lines.฀Each฀helps฀executives฀and฀legal฀counsel฀work฀with฀developers฀to฀ensure฀ software฀is฀developed฀in฀a฀way฀that฀meets฀corporate฀and฀legal฀objectives.฀Black฀Duck’s฀protexIP฀ platform฀checks฀software฀code฀for฀compliance฀with฀hundreds฀of฀open฀source฀licenses.฀ ฀ In฀addition฀to฀gaining฀Ready฀for฀IBM฀Rational฀software฀validation,฀protexIP฀with฀IBM฀Rational฀ Portfolio฀Manager,฀Black฀Duck฀has฀integrated฀its฀fl฀agship฀product฀with฀IBM฀Rational฀ClearCase,฀ IBM฀Rational฀Application฀Developer฀for฀WebSphere,฀and฀Rational฀Software฀Architect.฀Black฀Duck฀ and฀IBM฀Rational฀solutions฀give฀joint฀customers฀a฀range฀of฀options฀for฀helping฀executives,฀lawyers,฀and฀developers฀collaborate฀throughout฀the฀software฀life฀cycle,฀with฀the฀goal฀of฀making฀use฀ of฀open฀source฀technologies฀while฀complying฀with฀software฀licenses฀and฀company฀policies.฀ www.blackducksoftware.com

McO�ject’s฀e�tremeDB฀3�1฀Tested฀as฀Compati�le฀with฀ Monta�ista฀Linux฀Carrier฀Grade฀Edition฀4�0 (Issaquah,฀WA)฀–฀McObject฀announced฀that฀eXtremeDB฀3.1,฀the฀latest฀release฀of฀McObject’s฀ in-memory฀embedded฀database฀for฀real-time,฀high฀availability฀applications,฀has฀been฀tested฀as฀ compatible฀with฀MontaVista฀Linux฀Carrier฀Grade฀Edition฀(CGE)฀4.0. eXtremeDB฀version฀3.1฀targets฀telecom฀and฀datacom฀embedded฀software฀with฀index฀functions฀for฀more฀effi฀cient฀communications-related฀sorting฀and฀retrieval,฀and฀with฀an฀improved฀ high฀availability฀sub-system.฀That฀makes฀it฀an฀ideal฀fi฀t฀with฀MontaVista฀Software’s฀full-featured,฀ deployment-proven฀Linux฀CGE฀4.0,฀which฀adds฀hard฀real-time฀capabilities,฀new฀and฀unique฀ clustering฀services,฀and฀other฀features฀for฀building฀carrier฀grade฀telecom฀and฀datacom฀systems.฀ MontaVista฀is฀a฀provider฀of฀Linux฀for฀intelligent฀devices฀and฀telecommunications฀infrastructure. http://www.mcobject.com/extremedbfamily.shtml

�erio฀Linux฀Managed฀�osting฀and฀Application฀Solutions฀ �ree฀Businesses฀�rom฀IT฀Management (Centennial,฀Co)฀Verio฀Inc.,฀announced฀the฀availability฀of฀its฀Managed฀Private฀Server฀(MPS)฀on฀the฀ Linux฀platform,฀part฀of฀Verio’s฀360o฀Managed฀Servers฀suite฀of฀services.฀Verio’s฀Linux฀MPS,฀built฀on฀ Red฀Hat฀Enterprise฀Linux฀ES฀version฀4,฀takes฀advantage฀of฀the฀stability฀of฀the฀Linux฀platform฀by฀ bundling฀it฀with฀dedicated,฀enterprise-level฀hardware,฀a฀highly฀secure฀managed฀hosting฀platform,฀ and฀managed฀services฀for฀added฀power฀and฀performance.฀Coupled฀with฀Verio’s฀time-tested฀reliability,฀security฀and฀fl฀exibility,฀the฀solution฀delivers฀cost-effi฀cient฀Linux฀hosting฀to฀mid-market฀ and฀small฀businesses,฀as฀well฀as฀solution฀provider฀partners,฀including฀independent฀software฀ vendors,฀Web฀developers฀and฀IT฀professionals.฀All฀Verio฀MPS฀solutions฀include฀managed฀backup฀ to฀protect฀business฀data;฀a฀raid฀array฀for฀greater฀redundancy,฀reliability฀and฀speed;฀managed฀ security฀patches;฀and฀fully฀managed฀hardware฀and฀software฀updates. www.verio.com June/July 2007

PAGE 30

EnterpriseOpenSource.SYS-CON.com

� ฀ �� ��฀ ���฀������ � ฀ � ��

�� ��� �฀����฀���� � � � �฀� ���

� �� �������฀� �

��

�OIN฀T�E฀A�A� RE�OL�TION�฀

ISBN 0-9777622-0-3

�������฀��฀���฀��������฀

����������฀���� Edited฀��฀Dion฀�inchcliffe฀�฀�ate฀Allen

�฀��฀������฀�������฀���฀�฀��������฀����฀���฀��฀����฀����������฀�����฀����฀�฀����฀������฀ ฀ ��฀�฀��฀�฀������฀�������฀��������฀����฀����฀���฀�฀��฀��฀���฀��������฀��฀����฀������ Order฀Online฀at฀�ea���r��A�A���������฀and฀get

�� � � � � ��� ���� �� ��฀฀ ��฀������ � � �฀ ����

�� ฀��� �฀���฀���� � � �� �฀� ����

� � ������฀�� ��

ISBN 0-9777622-2-X

��

����FF฀

Regular฀Boo�store฀Price�

����������������� from the Worldʼs Leading i-Technology Publisher

© COPYRIGHT 2007 SYS-CON MEDIA

B�ILD฀RIC� INTERNET฀APPS�฀

฀

����฀��������฀������������฀����

�����฀����฀�฀����

�ritten฀��฀�a�ov฀�ain�฀Dr�฀�ictor฀Rasputnis฀and฀Anatole฀Tarta�ovs�� ����฀�������฀����฀����฀���฀������������฀��฀������฀�������฀���฀�����฀�������������฀��฀���฀����฀���������฀�����฀��฀ ���������฀�������������฀��������������฀���฀����฀������������������฀�฀���฀��฀������฀���฀������฀�������฀���฀�������฀ ����฀����฀��฀���������฀���฀�����������฀���฀��฀����������฀���฀����฀��฀����฀��฀�����฀�฀������฀������������� �฀����฀�������฀������฀�������฀�������

Order฀Online฀at฀��e��A��������฀and฀get

�� � � � � ��� ���� EnterpriseOpenSource.SYS-CON.com

����FF฀

Regular฀Boo�store฀Price�

����������������� from the Worldʼs Leading i-Technology Publisher

PAGE 31

© COPYRIGHT 2007 SYS-CON MEDIA

June 2007

news

Talend฀Launches฀Open฀Source฀Data฀Integration฀on฀Demand (Palo฀Alto,฀CA)฀–฀Talend,฀a฀provider฀of฀open฀source฀data฀integration฀software,฀has฀announced฀the฀ availability฀of฀Talend฀On฀Demand,฀the฀company’s฀fl฀agship฀open฀source฀data฀integration฀solution,฀Talend฀Open฀Studio,฀delivered฀as฀a฀service.฀Leveraging฀the฀widely฀recognized฀benefi฀ts฀of฀the฀ software-as-a-service฀(SaaS)฀model,฀such฀as฀reduced฀infrastructure฀requirements,฀product฀maintenance฀and฀administration,฀Talend฀On฀Demand฀enables฀enterprise฀information฀management฀ teams฀to฀cost-effectively฀and฀effi฀ciently฀solve฀their฀complex฀data฀integration฀challenges.฀฀ Talend’s฀SaaS-based฀solution฀provides฀an฀alternative฀to฀traditional฀stand-alone฀software฀data฀ integration฀applications,฀delivering฀a฀service฀that฀can฀be฀obtained฀anywhere฀over฀the฀Internet.฀It฀ is฀a฀cost-effective฀way฀for฀resource-strapped฀organizations฀to฀obtain฀the฀same฀benefi฀ts฀of฀commercially฀licensed,฀internally฀operated฀software฀without฀the฀associated฀administration.฀As฀a฀SaaS฀ offering฀that฀is฀also฀built฀with฀open฀source฀components,฀Talend฀On฀Demand฀requires฀no฀new฀ software฀to฀support฀or฀infrastructure฀to฀maintain,฀and฀can฀be฀deployed฀in฀minutes฀anywhere฀in฀ the฀world.฀฀ ฀ Talend฀On฀Demand฀is฀the฀fi฀rst฀open฀source฀data฀integration฀solution฀on฀the฀market฀delivered฀ as฀a฀service.฀It฀provides฀a฀centralized฀and฀shared฀repository,฀facilitating฀project-team฀collaboration฀and฀object฀and฀code฀reuse,฀and฀promoting฀development฀best฀practices,฀without฀requiring฀ sensitive฀enterprise฀data฀to฀be฀moved฀outside฀the฀corporate฀fi฀rewall.฀Project฀data฀is฀hosted฀separately,฀facilitating฀optimal฀performance฀while฀ensuring฀privacy.฀ www.talend.com.

Novell฀Announces฀Real-Time฀Linux฀Enhancements฀and฀Partnerships฀ (New฀York)฀–฀Novell฀has฀announced฀new฀enhancements฀to฀SUSE฀Linux฀Enterprise฀Real฀Time฀ and฀unveiled฀new฀partnerships฀that฀expand฀the฀ecosystem฀around฀Novell’s฀low-latency฀Linux฀ solution.฀SUSE฀Linux฀Enterprise฀Real฀Time,฀an฀enterprise-class,฀open฀source฀real-time฀operating฀ system,฀is฀a฀customizable,฀fully฀supported฀solution฀for฀running฀mission-critical฀applications฀that฀ require฀deterministic฀processing฀and฀speed.฀As฀a฀result,฀customers฀can฀run฀their฀time-sensitive฀ mission-critical฀applications฀reliably฀and฀predictably,฀even฀under฀severe฀system฀loads,฀with฀SUSE฀ Linux฀Enterprise฀Real฀Time. ฀ Built฀on฀top฀of฀SUSE฀Linux฀Enterprise’s฀desktop฀to฀datacenter฀platform,฀SUSE฀Linux฀Enterprise฀ Real฀Time฀contains฀the฀kernel฀enhancements,฀packages,฀tools฀and฀utilities฀that฀create฀a฀robust,฀ high-performance,฀deterministic฀and฀low฀latency฀operating฀system.฀Novell฀builds฀SUSE฀Linux฀ Enterprise฀Real฀Time฀in฀conjunction฀with฀Concurrent฀Computer฀Corporation,฀a฀provider฀of฀realtime฀Linux฀software฀technology.฀With฀real-time฀technology,฀customers฀can฀segment฀portions฀ of฀their฀processors,฀network฀bandwidth฀and฀other฀hardware฀for฀high-priority฀mission-critical฀ workloads.฀ http://www.novell.com/beta/auth/request_form.jsp

Capgemini฀and฀Novell฀Enter฀Broad฀Mixed-Source฀Partnership฀ (Paris฀/฀Waltham,฀MA)฀–฀Capgemini฀and฀Novell฀have฀announced฀a฀broad฀partnership฀that฀will฀deliver฀new฀solutions฀to฀enterprise฀customers฀using฀a฀combination฀of฀open฀source฀and฀proprietary฀ software.฀Under฀terms฀of฀the฀agreement,฀Capgemini฀will฀enhance฀its฀open฀source฀consulting฀ practice฀with฀Novell฀capabilities,฀specifi฀cally฀centered฀on฀the฀deployment฀of฀IT฀solutions฀using฀ SUSE฀Linux฀Enterprise฀from฀Novell฀along฀with฀mixed-source฀applications฀and฀management฀ tools.฀As฀a฀result,฀customers฀can฀deploy฀a฀Linux฀platform฀across฀their฀entire฀desktop-to-data฀center฀infrastructures฀with฀the฀confi฀dence฀that฀comes฀from฀working฀with฀a฀global฀consulting฀leader. ฀ With฀this฀partnership,฀Capgemini’s฀customers฀gain฀fully฀supported฀mixed-source฀solutions฀ built฀on฀open฀source฀and฀proprietary฀software฀that฀Capgemini฀will฀help฀build,฀deploy฀and฀ maintain.฀The฀Capgemini฀Open฀Source฀practice฀will฀help฀customers฀defi฀ne฀enterprise฀open฀ source฀governance฀and฀select฀the฀right฀open฀source฀packages฀and฀solutions฀to฀deploy฀on฀top฀of฀ a฀fl฀exible,฀fully฀supported฀Novell฀platform฀that฀delivers฀optimized฀performance.฀World-class฀enterprise฀solutions฀for฀servers฀and฀desktops฀will฀be฀delivered,฀along฀with฀data฀center฀virtualization฀ and฀management฀capabilities.฀In฀addition,฀Novell฀open฀source฀solutions฀will฀be฀supported฀via฀ Capgemini’s฀open฀source฀Support฀Service฀Center฀(OSSPartner)฀offering.฀Novell฀plans฀to฀provide฀ Level฀3฀support฀to฀Capgemini. www.novell.com www.capgemini.com June/July 2007

PAGE 32

EnterpriseOpenSource.SYS-CON.com

��������������������������������������������������������������������������������� ��������������������������������������������������������������������������������� ��� ��������������������������������������������������������������������������������� ���� ��� ������������������������������������������������������������������������������� ��� ��� ��������������������������������������������������������������������������������� ��� ������������������������������������������������������������������������������ ��� ��� �������������������������������������������������������������������������������� ������������ ����������� ���� ���� ������������� ����������� ���� ���� ������������� �� �������� ���� ���� ������������� ����������� ���� ���� ������������� ����������� ���� �� ������������ ����������� ���� ���� ������������� ����������� ���� ���� ������������� �� �������� ���� ���� ������������� ����������� ���� ���� ������������� ����������� ���� ��

����������� ����������� ������������������ ������������������

��������������������� ����������������������������� ���������������������������� ��������������� ������������ �������������������� ����������������������� ���������������������� ������������������������������

������������������������������������������������ ������������������������������������������������������� �������������������������������������������������������������� �������������������������������������������������������������� ������������������������������������������������ ������������������������������������������������� ������������������������������������������������������� ������������������������������������������������� ������������������������������������������������ ������������������������������������������������������ ������������������������������������

COPYRIGHT ©2007 SYS-CON MEDIA

ALL RIGHTS RESERVED

���������������������������������� ������������������������������� ���������������������������������� ����������������������������������������������������� �������������������������������������������������� ��������������������������������������������������� ��������������������������������������������������� ���������������������������������������������������� ��������������������������������������������� �������������������������������������������������� ����������������������������������������������� ���������� ������������������������������������������������ ����������������������������������������������������� ������������������������������������������������ �������������������������������

COPYRIGHT ©2006 SYS-CON MEDIA

ALL RIGHTS RESERVED

Hyatt Regency Silicon Valley Santa Clara, CA

���������������� �������������������� ���������������� ����������������� ������������� ������������������� ����������������������������������������������������������� ������������������������������������������������������������� ��������������������������������������������������������������� ������������������������������������������������������������� ������������������������������������������������������������ �������������������������� ����������������������������������������������������������� ������������������������������������������������ ������������������������������������������������������������ ������������������������������������������������������������� ��������������������������������������������������������� ���������������������������������������������������������� �����������������������������������������

������������������������

�������������������������������������������������� VISIT WWW.AJAXWORLD.COM FOR THE MOST COMPLETE UP-TO-DATE INFORMATION

news

Motorola฀Has฀Released฀Precise฀Process฀Accounting฀ for฀the฀Linux฀Kernel฀Under฀GPL฀version฀2

M

otorola฀has฀released฀the฀source฀code฀of฀Precise฀Process฀Accounting฀(PPA)฀for฀ the฀Linux฀Kernel฀to฀the฀Open฀Source฀community฀on฀April฀23,฀2007,฀under฀the฀ GNU฀General฀Public฀License฀(GPL)฀version฀2.฀The฀current฀release฀supports฀the฀

Linux฀kernel฀version฀2.6.18.6.

Future฀PPA฀features The PPA team is planning to implement the following features by the end of 2007: • Support for thread overload protection, i.e., signal runaway threads • Settable thresholds (per-thread) counters to measure various thread latency occurrence counts – schedule, interrupt, system calls. Allows further root cause of sporadic field incidents and related latency bottlenecks in the system. • CPU enforcement based on user, group IDs or group of process IDs. • Port PPA to other architectures For additional information, access to source code, articles and whitepapers, mailing list and contact information, please visit http:// sourceforge.net/projects/ppacc/.

Please฀consider฀this฀an฀open฀invitation฀to฀ participate฀in฀the฀PPA฀project,฀provide฀feedback฀ and฀comments,฀offer฀contributions,฀and฀help฀ guide฀PPA฀development.฀

June/July 2007

Overview฀and฀Benefi฀ts฀of฀Precise฀ Process฀Accounting Current฀CPU฀accounting฀introduces฀many฀gaps฀ in฀carrier-grade฀environments,฀making฀it฀unfi฀t฀ for฀high-availability฀environments฀(fi฀ve-nines฀ and฀six-nines฀availability).฀PPA฀is฀an฀additional฀ timing฀and฀activity฀framework฀in฀the฀Linux฀kernel฀ that฀coexists฀with฀the฀existing฀Linux฀kernel฀CPU฀ accounting.฀It฀fi฀lls฀the฀gap฀between฀current฀CPU฀ accounting฀and฀Performance฀Monitoring฀Unit฀ (PMU)฀based฀profi฀lers฀and฀trace฀tools,฀and฀it’s฀ light฀enough฀for฀fi฀eld฀deployment฀in฀fi฀ve-nines฀ environments.฀PPA฀is฀lightweight฀and฀is฀usable฀in฀ the฀fi฀eld฀for฀root฀cause฀of฀execution฀and฀scheduling-related฀incidents.฀Furthermore,฀PPA฀is฀fully฀ scalable;฀all฀measurements฀may฀be฀runtime฀ disabled฀(i.e.,฀user,฀interrupt,฀system).฀Along฀with฀ the฀PPA฀kernel,฀patch-related฀tools฀are฀provided฀ such฀as฀ppatop,฀which฀makes฀use฀of฀PPA฀measurements฀and฀provides฀sorting฀of฀processes฀or฀ threads฀based฀on฀PPA฀measurements฀(i.e.,฀overall,฀ user,฀system฀CPU฀usage,฀scheduling฀latency,฀etc. PPA฀is฀especially฀designed฀for฀carrier-grade฀Linux฀ servers฀running฀in฀mission-critical฀environments฀ and฀it฀offers฀precise: •฀ Measurement฀of฀per-thread฀and฀process฀ execution฀intervals •฀ Measurement฀of฀system-wide฀execution฀ intervals •฀ Accounting฀of฀scheduling฀events •฀ Accounting฀of฀scheduling฀latencies •฀ Enforcement฀of฀execution฀limits ฀ PPA฀features฀and฀capabilities฀are฀derived฀from฀ Motorola’s฀experience฀in฀environments฀that฀ require฀high฀availability,฀high฀reliability,฀high฀scalability,฀and฀support฀for฀large฀traffi฀c฀capacity.฀Furthermore,฀PPA฀helps฀solve฀day-to-day฀operational฀ problems฀in฀carrier-grade฀and฀mission-critical฀ environments,฀manage฀capacity,฀improve฀reliability,฀harden฀the฀system฀during฀development,฀and฀ expose฀risks฀or฀probable฀incidents฀that฀otherwise฀ would฀remain฀unknown฀until฀fi฀eld฀deployment.฀

PAGE 34

PPA฀hardens฀network฀elements฀in฀several฀ways: •฀ System฀characterization:฀Ability฀to฀characterize฀system฀performance,฀latency,฀and฀ execution฀behavior฀during฀development฀ to฀prevent฀surprises฀in฀later฀phases฀(for฀ example,฀during฀or฀after฀fi฀eld฀deployment). •฀ Capacity฀management:฀Ability฀to฀manage฀reliably฀available฀compute฀bandwidth.฀ Based฀on฀available฀CPU฀bandwidth,฀the฀network฀element/server฀can฀selectively฀process฀ inbound฀requests,฀throttle฀back฀low-priority฀ activities,฀or฀distribute฀and฀migrate฀load. •฀ Field฀incident฀root฀cause:฀Ability฀to฀root฀ cause฀high-CPU฀load฀or฀excessive฀latencies฀that฀often฀get฀attributed฀to฀unrelated฀ causes.฀In฀mission-critical฀environments,฀ there฀is฀a฀need฀to฀immediately฀fi฀nd,฀analyze,฀ and฀solve฀incidents฀that฀require฀immediate฀ analysis฀and฀the฀root฀cause฀of฀incidents.฀PPA฀ provides฀data฀and฀clues฀to฀solve฀complex฀ incidents. PPA฀Technical฀Specifi฀cations:฀ •฀ Ported฀to฀x86,฀x86_64,฀PPC32,฀Intel฀Itanium฀ processors฀ •฀ Developed฀to฀characterize฀today’s฀various฀ fl฀avors฀of฀SMP฀architectures •฀ Large฀percentage฀of฀measurements฀lives฀in฀ kernel฀generic฀code •฀ Precise฀time-stamped฀measurements฀utilizing฀native฀high-resolution฀time฀stamp฀counter,฀eliminates฀statistical/sampling฀errors •฀ Precise฀system-wide฀and฀per-cpu฀–฀idle,฀ interrupt,฀deferred฀interrupts฀and฀systemmode฀measurements •฀ Precise฀thread฀–฀user,฀system,฀and฀interrupt฀ measurements •฀ Precise฀process฀wide฀–฀user,฀system,฀and฀ interrupt฀measurements •฀ Precise฀enforcement฀of฀CPU฀exhaustion฀ limits฀and฀profi฀le฀(facilitates฀reliable฀gprof฀ measurements),฀virtual฀timers •฀ Precise฀measurement฀of฀various฀thread฀execution฀latencies:฀associate฀users฀reported฀incidents฀to฀execution฀latencies฀in฀the฀system. •฀ Offers฀tools฀such฀as฀ppatop฀that฀abstract฀the฀ PPA/proc฀interface฀ •฀ PPA฀conformance฀test฀verifi฀es฀all฀PPA฀measurements฀and฀margin฀of฀error฀introduced฀ by฀native฀accounting

EnterpriseOpenSource.SYS-CON.com

Systems Management is Now Open ��฀���฀����฀���฀����฀����������฀����������฀���฀���������฀��฀����฀�������฀���฀����������฀����� �����฀�����������฀���฀�����������฀��฀����฀������฀�������฀��������฀����������฀���������฀���฀��������฀ �������฀��฀���฀����������฀���฀�������฀���฀���������฀���������฀��������฀�������฀���฀������� ��������฀����������฀��฀���฀����฀����������฀����������฀�������� ฀฀฀฀�฀������฀���������฀��฀����฀������฀����������฀�����฀��฀���฀������ ฀฀฀฀�฀�������฀���������฀���฀���������฀��฀����฀���฀�����฀����฀��������฀���������฀���������฀����฀������ ฀฀฀฀�฀���������฀�����������฀���฀���������฀����฀������฀�����������฀���฀���������������� ฀฀฀฀�฀������฀�������������฀���฀������������฀��฀������฀�����������฀�������� ฀฀฀฀�฀�������฀�������������฀����฀������฀�������฀����������฀��������� ����฀������฀�������฀����������฀��������฀����������฀������฀�������฀����฀�฀�������฀���������฀����฀ ����฀���฀�����฀���������฀��฀��฀����฀�����฀��������������฀���฀���฀��฀��฀��฀����฀�����฀�������฀�������฀����฀ ������฀��������฀�������฀�������������฀��฀������฀��������฀���฀�����฀�����฀��������฀����฀����฀��฀ ����������������฀����฀���������������฀��������฀�����������฀����������������฀�������฀����฀������฀����� �����฀������฀���฀�������฀����������฀����฀������฀

www.open-management.org

BREAK THE CYCLE. The HP BladeSystem c-Class, featuring efficient Dual-Core AMD Opteron™ processors, helps free I.T. from the cycle of server management. It’s equipped with HP’s exclusive Insight Control Linux Edition, a comprehensive blade management and deployment package built specifically for Linux. Manage multiple servers and infrastructures while automating routine tasks, giving you more time to spend on the tasks that really drive your business.

Download the IDC White Paper “Better Together: Blades, Linux and Insight Control.” Call 1-866-625-0806 Visit www.hp.com/go/breakthecycle66

Set I.T. Free

Linux is a U.S. registered trademark of Linus Torvalds. AMD, the AMD Arrow logo, AMD Opteron, and combinations thereof are trademarks of Advanced Micro Devices, Inc. The information contained herein is subject to change without notice. © 2007 Hewlett-Packard Development Company, L.P.