HP is also announcing a set of products to boost the security of Windows-based infrastructure that will not be available through normal HP channels, but rather through an engagement through HP Services.
The HP appliance has the unwieldy name of the ProLiant DL320 Firewall/VPN/Cache Server. Unlike some appliances, which are locked boxes that cannot be modified, this machine is a preconfigured ProLiant DL320 server with a single 2.66GHz or 3.06GHz Pentium 4 processor, 512 MB of main memory, and either ATA or SCSI disk drives.
This machine has built-in Ethernet network interface cards, but the open slot on the motherboard can also be used to install another NIC that can be used to set up a DMZ on the internal network for users on the other side of the firewall to have less restrictive access to each other and still be protected by the firewall and VPN software. On top of this hardware platform, HP adds Windows Server 2004 – presumably the basic Web Edition – and Internet Security & Acceleration (ISA) Server 2004.
A base DL320 with 512 MB of memory and a 40GB disk drive costs $1,650, but the security appliance bundle is expected to sell for around $3,000. Bill Carlisle, director of Microsoft solutions at HP, said the Windows software accounted for more than half the cost of the appliance, which suggests that HP is discounting the hardware side a bit – probably in the range of 15% and 20% is my guess – for the appliance. Carlisle says that the appliance with first start selling sometime in the third quarter of this year, which is when the future ISA Server 2004 is expected to ship. Microsoft has the shipment date bracketed between July and September 2004.
HP also announced a new offering at TechEd called the HP ProtectTools, which is a layer of HP software that rides on top of Microsoft’s Windows operating systems and related servers to boost the security of the products.
There are five components to this toolset. First, says Rick Delaney, HP’s director of enterprise Microsoft server products, HP has created its own authentication server using an alternate method used by Windows servers. HP doesn’t want to come out and say this, but the implication is that Windows authentication can be breached and the company’s customers like the idea of having an alternative.
HP has also added a new device manager that can better restrict what users have what access to what devices. For instance, the pen flash drives that are proliferating at home and in the office might as well be shared needles spreading disease. Any virus or worm that can infect a disk drive can infect a little flash drive plugged into a USB port. The device manager created by HP will simply only allow such devices to be activated on machines where this is permitted.
A roles-based access module for ProtectTools lays on top of Terminal Services and puts a sandbox around different sessions so users coming in do not simply get full access to everything on the Windows servers.
HP has also created what it calls the email release manager that works in conjunction with Microsoft’s Exchange groupware and its various Outlook clients. Outlook allow emails to be sent with different priorities, and the HP add-on will allow users to create emails with different security clearances (such as public, private, eyes-only, confidential, top secret, and such). In Active Directory, each user profile is given a security clearance level. So, for example, if someone tries to send a top secret email to someone with only public access, then the email will not go through. This tool will also apparently integrate with Microsoft’s Rights Management Services, which was launched last November for Windows 2003 and which controls the distribution of digital content stored on Windows boxes.
Finally, ProtectTools includes a Windows Mobile module that beefs up the security on PDAs linking into Windows networks. This software can be programmed to wipe out the contents of the PDA if too many unsuccessful logins are attempted or otherwise lock down the contents of the device.
Delaney says that the ProtectTools will be sold on a per-seat basis through HP Services with volume discounts, but adds that pricing has not yet been determined. The product has been rolled out in the United Kingdom, but Delaney was vague about when it would be rolled out around the world.
HP has a vast installed based that it can sell these new products into, according to Carlisle. He says that HPs own sale force has control of accounts that represent some 13 million Exchange seats and some 10 million Windows NT, Windows 2000, and Windows 2003 seats; when you throw in the partner channel, he reckons that the Exchange seats number doubles, and to make the numbers work the Windows seat count on all HP iron has to more than double. Call it 25 million seats just for argument’s sake. This is as big of an installed base as anyone in IT has ever had. At its peak, the IBM mainframe base probably comprised 25 million seats, and in the mid-1990s, the IBM AS/400 base probably was in the same neighborhood in terms of seat count.
