(LinuxWorld) — The big issue in getting the Cocoon-enabled Nichievo prototype to work was figuring out how to let users submit order documents without compromising security. The obvious finally dawned on me: Before submission, the documents are not yet secure. As a result, I set up a webdav-enabled directory for clients to use. Cocoon has a webdav framework in progress, but I found a simple Perl script adapted from something I developed earlier as a means of grabbing their uploads.

Right now, it's about as elegant as a 15-vehicle pile-up on the turnpike. However, since it works, it's time for diversion while users figure out what it does. But wait, as they say in the Ginzu knife ads... first, a comment on feedback.

I'm not receiving much feedback. Several readers pointed out that a commercial replication solution for PostgreSQL exists. I haven't contacted PostgreSQL yet to understand its product, but I used its existence as an excuse to work with PostgreSQL rather than mySQL for the prototype. I chose PostgreSQL not for security reasons but because I already had PostgreSQL running on the box, and I got lazy.

One reader pointed out that some Linux diskless workstations, like those from thinknic.com, boot from a CD, and that this could be used to impose security at the customer end. His idea (and apparently his company works on high-security applications) was that one could issue coded CDs and either provide a thinknic or ask the customer to boot his PC using the coded disk. Either way, this could establish both secure communications and the customer's probable identity. Of course, the people at Nichievo would have a whole orgy of coronaries if I suggested it right now. I'll keep it as a trump card for use when they understand the security issues.

More on SOAP

Another reader commented that I was being unfair to SOAP. It's not, he said, a protocol for bypassing firewalls, and it can be filtered at the firewall level, too. To help, he pointed me at a company called DataPower Technology that sells an XML firewall appliance, about which Kevin Murphy (no relation) wrote in Computerwire's January 12th newsletter:

DataPower Technology Inc., known for the last six months as a maker of XML acceleration appliances, this week adds the second of a planned three-pronged attack on the XML processing market.

The company will today announce the availability of its XS40 XML Security Gateway, a $65,000 appliance that secures the XML/SOAP messages used in web services. DataPower said RouteOne LLC, a car-dealer financing venture of DaimlerChrysler, Ford, GM, and Toyota, is its first major buyer.

XML security gateways, sometimes referred to as XML firewalls, intercept SOAP messages before they reach the application server. Depending on the product, they then do a combination of user authentication, data validation, routing encryption, signing, logging and reporting.

Is it just me, or does having to buy a firewall appliance to protect against a protocol designed to bypass firewalls make about as much sense as adding floors to the leaning tower of Pisa?

And that, I'm sorry to say, was about it for reader feedback. On the other hand, with the prototype running I can expect a month or two away from the project while various Nichievo users try it out and think through some of the issues before coming back, maybe toward the end of March, for another go-round. Meanwhile, if you, or anyone you know, are interested in this stuff please get in touch!

Consolidation compared

Two odd diversions showed up in the process of doing this work. First, there was this business about Microsoft's licensing policies supporting de-consolidation, and more recently, someone drew my attention to the relative cost of Unix vs. Windows software.

Readers will recall that the de-consolidation issue was raised by a number of people who pointed out that my specification of single-CPU licenses for things like SQL Server to run on a four-way machine wouldn't be legal under the terms of the Microsoft license. Instead, I'd either buy four licenses or use four single-CPU machines in a rack. Since a 2.4-GHz Dell with 2 GB of memory now costs less than a tenth of what the SQL-Server license costs, this is the ultimate no-brainer.

What's most interesting about this is that it turns out to be an across-the-board phenomenon. The balance between hardware and software costs has shifted in the Windows world while remaining more or less stable in the Unix world.

If we start by looking at consolidation we see that Microsoft's pricing mitigates against consolidation from uniprocessors to any level of SMP machine because you pay extra for the ability to access more memory, extra for client access licenses and extra for each CPU in the box.

Of course, that's just the simplest kind of consolidation. The 360 crowd, to cite a more complex example, uses partitioning instead of a rackmount to achieve multi-processing (running more than one application at a time). As a result, 360 users often recommend consolidating from many physical servers in a rackmount to many virtual servers sharing one physical machine.

What that means is that you could logically consolidate something like 20 older NT 4.0 servers in a couple of racks to a single machine, such as Dell's dual-processor 6650, while maintaining application separation through server virtualization.

One option for that is VMware's GSX virtualization server. For about $2,500 in VMware licenses, you can slice that $15,000 Dell box into 20 virtual machines each with its own copy of Windows 2000 Advanced Server — which you need to access the 8 gigabytes of memory — (20 x $3999 = $79,980) and its own dual-CPU SQL Server Enterprise license at $19,999. (=$799,960) for a total of about $882,000 in licenses.

If this strikes you as disproportionate, it is. Software costs about 60 times the hardware cost. As an alternative, you could let Sybase and Linux handle multi-processing at a license cost of about $50K for a ratio of just over three times and a cash saving of about $832,000. Aside from the savings, most people would agree a Linux-Sybase machine is likely to be more stable and responsive than the more expensive Windows alternative.

Those numbers are startling. Many people might argue the example is artificial because:

1. Few people want 20 virtual enterprise servers on one box
2. Discounts await volume buyers

Is the example exaggerated? If you compare running one copy of Samba under Linux on a $5,000 PC file- and print-server to running 20 copies of Windows 2000 file- and print-server under VMware, the numbers are smaller but the ratio is actually worse for the Windows side. Including VMware and 20 Windows 2000 server licenses, each with 10 client access licenses, the Windows virtualization solution will cost about $26,430 more than the $50 you'd pay for a Linux CD.

The Microsoft SQL Server vs. Sybase example shows licensing for the Windows-on-VMware approach to be about 17.8 times the cost of the Linux/Sybase option — but the more realistic example using Samba shows an astonishing 528:1 ratio in favor of Linux.

Those ratios don't make sense. How did prices get so far out of whack? The answer is price change. Microsoft's prices went up and the rest of the world's have stayed the same or dropped.

Let's say you bought 20 NT boxes to run Microsoft SQL Server 7.0 in March of 1999. Compared to the competition, those SQL Server licenses were a lot cheaper in both absolute and relative terms. SQL Server 7.0 started at $508 per machine. You didn't need an enterprise-class CPU license because users were counted as concurrent users, not identified users. To deal with Web demand, you added 25 concurrent users at $101 each to get a total cost per machine of about $3,000. Let's say your 20 rackmounts were Compaq's that cost $10,000 apiece. This totals $260,000 plus incidentals.

Buying Sybase on a Sun 450 would have set you back something like $80,000 for the software and $140K for the hardware.

Moore's Law vs. Nixon's Law

On the Unix side, both hardware and software are cheaper today. On the Windows side, however, only hardware costs less. It's as if Unix software, including Linux, has stayed true to Moore's Law — Unix gets cheaper, better, and faster over time. On the other hand, Microsoft appears to follow Nixon's Law — the one that can be politely restated as, "When you have them by the wallet, their hearts and minds soon follow."

What about discounts? Surely assuming list prices for 20 copies of Enterprise server, or anything else, is absurd. If you're looking at Sybase, for example, there's always unofficial room for movement. There may not be much, and it depends on things like the size of your commitment.

There appear to be four official Microsoft volume discount programs:

1. Open License 6.0
2. Select License 6.0
3. Enterprise Agreement 6.0
4. Enterprise Subscription Agreement 6.0

These agreements are nominally differentiated by differences in commitment, but they all claim to offer:

Deep discounts compared to full retail, with a fixed, annual price based on the number of eligible desktops in your enterprise. (From: http://www.microsoft.com/licensing/programs/ent/)

This comes with the usual Ginzu knives, or at least 0 percent financing, too:

Get 0% interest for 24 months! on Open License purchases of Licenses with Software Assurance or Software Assurance Only, by qualified Open License Customers, made from October 1, 2002 through January 31, 2003. (From: http://www.microsoft.com/licensing/programs/open/finance/ and I've omitted four footnotes to this paragraph).

If you download the enterprise agreement (EACustomerGuide.doc) from the Microsoft site and read it, you'll be struck by several features:

1. Real numbers are secret, but there are several hints that "deep discounts" may amount to all of 15 percent.

   Note: Microsoft's product and technology catalog shows SQL Server Enterprise Edition subject to a "Level C/200" discount, which I interpret as the price for 200 licenses, at $18,745 each, for a blistering 6.2 percent saving.

2. Macs and Linux desktops qualify as "qualified desktops." This means you agree to buy Windows XP desktop for machines that won't run it.
3. The software maintenance programs included force the institutionalization of upgrades and upgrade costs.

Before the enterprise agreements, companies could license as many Windows desktops as they had and upgrade when forced to by software change. Now, however, signatories must upgrade continually and buy licenses for desktops that don't run Microsoft operating systems.

As a result, it looks like customers who sign these agreements in search of the promised "deep discount" generally end up paying more than they did before. I have to say, "looks like" here because the numbers are secret — although many readers will recall Joe Barr's fine adventure with apoplexy when he reviewed the city of Austin's agreement recently.

Probing pricing mysteries

Secret pricing isn't really a big plus with me, so I looked for published discount information on the TPC site and found something interesting.

The top performer on TPC-C with a rating of 709,220 TPM/C at $14.96 per TPM/C was done last year on a cluster of Compaq Proliants running SQL Server under Windows 2000 Advanced Server.

The 483-page, full-disclosure report available on the TPC site has a cost summary on page 9 where they carefully list the cost of each piece, total it all up, and then take a 16 percent "Cash and large customer" discount on the total.

That total includes $4,045,312 for 256 Enterprise SQL Server licenses at a 21 percent discount from list. A letter from Microsoft reproduced on page 483 supports this price.

Does this mean Microsoft offers 33.6 percent (=1-0.84 x 0.79) discounts from list for large customers? I don't think so. I think Compaq and its partners just slipped one past the TPC auditors here. The evidence for that is in the other product prices shown, almost everything is discounted twice. Once in the sales quotation supporting the number claimed on the page nine summary, and once more when the total was discounted to get the number from which the $14.96 is computed.

The best example of this is probably given by the eCost ad reproduced on page 481. Here, some 16-port Ethernet switches are shown as having a list price of $1,060 but a blowout sale price of $398.55. The ad offers a claimed 60 percent savings and that's the price on which the 16 percent "cash and large" customer discount is taken for a net 66.4 percent discount.

Roll back the double discounting and apply pricing other people would be expected to pay, and you get close to $19.40 per TPM/C with Microsoft's licensing accounting for around 40 percent of the total.

How does this compare to Unix? The top non-clustered performer listed by TPC is a Fujitsu SPARC server with 128 UltraSPARC II CPUs running at 563-MHz in August of 2001. This system got to 455,818 TPM/C at $28.58 per TPM. The detailed report not only shows no discounts at all — everything is given at list — but has realistic operating costs too. (In contrast, Compaq discounted the claimed $201,120 three-year cost for maintenance and support on 256 SQL Server licenses by 16 percent for the computation).

Apply more realistic pricing and you get a wash on per-TPM costs relative to the Windows cluster. More interestingly, examine the detailed numbers and you find that Unix software only comes to about 14 percent of the system total.

I checked a few more and there's a trend here: Unix software is now a lot cheaper than Windows software for similar levels of power and support. It's often not true among PC companies — HP and Adobe generally still charge more for their Unix products than their Windows products — but it is consistently true when you compare open market prices to Microsoft prices.

If you ask business people if Unix or Windows software costs more, you receive the look reserved for idiots. Everyone knows Windows software is cheaper. That's a big reason so many people agreed to put up with the poor quality to begin with. Even three years ago, that was true if you set scale aside as a consideration. Sybase for Unix was more expensive than SQL Server for Windows. People ignored the fact that Sybase served hundreds of concurrent users on big HP and Sun gear while SQL Server worked for tens of people on Wintel gear. Today, it's not true at any scale and that's a big win for Unix.