The humble desktop PC is changing radically, in a way
that promises to make the hardware more secure, enable easier PC
management and provide internet users with sophisticated graphical
user interfaces.
This reform is occurring on two fronts. First, browser-based
applications are becoming more user-friendly, and second, advances
in hardware technology will provide a secure architecture on which
applications can run.
The problem with current browser-based applications is that they
are pretty basic in terms of the user interface. Dennis Greene,
head of e-business at the Royal Mail, said, "On the internet you
have to work serially. There may be 25 browser pages to fill in to
complete an online insurance form."
Clearly this is not a good user experience, particularly when
compared to sophisticated graphical user interfaces such as
Windows, Mac OS and the KDE user interface on Linux. Desktop
applications written for these operating systems provide a rich
user interface and adapt depending on what the user types in. This
means the end-user only needs to complete a single form before
pressing the submit button.
This is now possible for internet applications too, thanks to
tools such as Ajax, an emerging set of related internet
technologies; WinFX, the graphical programming interface that will
be available when Microsoft releases Windows Vista next year; and
Macromedia Flex.
Such applications are known as smart clients or rich internet
applications, as they process information locally on the PC like a
traditional desktop application but are deployed via the
internet.
One example of this can be seen in online hotel booking
applications. "You can get a room rate and the application will
instantly show a calendar to select a date," said Greene.
Intelligent Finance, a division of HBOS, is another company
using smart client technology. The bank uses a rich internet
application built with Macromedia Flex 1.5, Central, and Jrun to
provide a single-screen mortgage calculator and information about
mortgage options.
Unlike desktop software, management of these applications is
minimal, as the software is distributed to the end-user
automatically over the internet, so there is no need to install
them manually.
Ramasamy Uthurusamy, general director of emerging technologies
at General Motors, said, "It is better to avoid installing software
on the desktop as IT has to support it. Rich internet applications
can be downloaded on the fly."
To increase the appeal, businesses do not have to build these
rich internet applications from scratch. Uthurusamy said composite
applications could be built by tying internet services together.
"With Ajax I am able to bring in data from multiple sources into my
browser [Windows]."
One example is
www.craigslist.com, which
allows users to find properties for sale in San Francisco. The site
uses the Google Map web service with Ajax to display a map of a
selected property.
The evolution of smart client applications will create the need
to access confidential information, and this will require changes
to the way the PC is secured.
In spite of advances in memory protection in modern operating
systems such as Windows XP and Linux, PCs are inherently unstable.
One application can interfere with another, as seen in the
notorious buffer overflow error used extensively in hacking, where
one application - in this case a virus or worm - simply overwrites
the memory space occupied by another application or the operating
system.
To tackle this, Intel and AMD are releasing processors and
chipsets in 2006 that will allow a single piece of hardware to be
divided into partitions, each electrically isolated from the
other.
Hardware partitioning is a mainframe technology used to ensure
workloads (or applications) run independently of each other in a
virtual machine. A variation of this technology, called VT, is
being developed by Intel. AMD is producing Pacifica, which will
achieve a similar result.
Chris Dunne, head of IT and operations at financial clearing
house Voca, said, "Partitions are used on our Sun Ultrasparc severs
to run several concurrent applications in separate partitions. PC
virtualisation will bring this down to the desktop."
One area where hardware partitioning could be deployed on a
desktop PC is in software development. Software developers need to
run the software they are developing on their development PC,
causing a potentially unstable IT environment. At the same time,
however, they require full access to corporate IT. Robin Payne,
chief technology officer at the London Stock Exchange, said, "With
two partitions, one could be used for the software development
environment and the other for applications such as e-mail."
There are many other uses. For example, an office laptop could
be set up with two totally independent configurations: one as a
home PC, perhaps with uncontrolled access to the internet,
multimedia applications and computer games; the other, a managed,
locked-down corporate desktop.
Segregation of hardware through new PC technology will also play
a significant role in securing applications. Pete Marsden, chief
technology officer at online financial services company Egg, said,
"The partitioning of the chipset is important to us. We can put our
data and our application in a secure partition so if a hacker does
get onto the laptop the banking application is still secure."
This will become increasingly important as internet applications
- whether they are consumer-facing or business-to-business - evolve
to provide a richer user experience. Clearly, a user should not
need a different PC for each service that they access. But unless
the integrity of the application running on the user's PC is
guaranteed, how can a business be certain that someone is not
attempting to steal confidential information?
With hardware partitioning, if the end-user installs another
business' application or connects to another business partner's
application, the two would not interfere with each other. "There is
no memory leakage between one and the other," Marsden said.
Beyond hardware partitioning is Next-Generation Secure Computing
Base (NGSCB), a Microsoft initiative to develop security at the
chip level. NGSCB relies on hardware technology developed by
industry body the Trusted Computing Group, a consortium that
includes AMD, Hewlett-Packard, IBM, Intel, Microsoft, Sony and Sun
Microsystems.
NGSCB is designed to provide security features such as a random
number generator, a cryptographic co-processor, and the ability to
hold cryptographic keys in a manner that makes them extremely
difficult to retrieve.
Marsden believes NGSCB will have a profound influence on how
next-generation internet applications are secured. "This is
fantastic from our perspective as it has such a high degree of
security inside the chip. Hackers will have to try breaking into a
PC, and what I am doing is putting [your money] into a very secure,
compartmentalised application residing inside an NGSCB-based chip."
Marsden believes such a configuration would be very hard to break
into. "Security will get sorted," he said.
The final piece of the hardware jigsaw is IT management. Intel
is working on hardware codenamed Averill, designed to provide
secure remote management of a desktop PC. "If the operating system
is fried or the PC is turned off, I can fix problems," said Gordon
Graylish, director of marketing at Intel.
By mid-2006, Intel will also offer so-called "circuit breaker"
technology, which is designed to prevent a rogue PC from flooding a
corporate network with virus traffic.
Multicore processors, where a single chip includes two or more
processor cores, will also play a role in IT management in Intel's
strategy. Instead of forcing an end-user to install an upgrade or
patch, Graylish said the IT department could run systems management
in a hardware partition and use the second core of a dual-core
processor to perform updates in the background, without affecting
the end-user.
"Behind the scenes I may be running Powerpoint, but I won't
notice that IT is repairing my PC environment, updating it, making
sure it is secure," he said.
A revolution is taking place, affecting both the hardware and
the software of the desktop PC. Hardware partitioning, multicore
processors, Averill and NGSCB are set to deliver a secure, remotely
managed hardware platform. On top of this platform, users will be
able to run increasingly sophisticated smart client applications
capable of accessing confidential data safely and running securely
and independently of each other.
Egg builds next-generation online banking
application
Online financial services company Egg has been working with
Microsoft since January 2002 on a proof-of-concept next-generation
internet application for online banking. The application is based
on Vista, the next version of Windows, and the WinFX graphics
programming interface.
Egg has been trying to address the IT dilemma of having two
worlds on a PC. One is made up of functionally rich applications
such as MS Office or PC games which offer user feedback, and the
other consists of limited functionality available from the
internet. End-users want instant feedback; they do not want to wait
for the internet browser screen to refresh.
The problem is how to offer functionally rich applications
without the problems of installing and supporting desktop software.
This is the aim of smart client applications, and Egg’s
next-generation banking application is a showcase for what the
technology can do.
“HTML was not designed to do things in a nice graphical way,”
said Pete Marsden, chief technology officer at Egg.
Instead, his application uses Windows Vista and, in particular, the
WinFX graphical programming model to provide a new approach to
online banking.
Rather than accessing the internet banking service over the
internet, in Marsden’s approach, the bank’s customers only access
the internet to synchronise banking data on their PC with the
back-end system at Egg.
“Previously I had to wait for customers to come to the website.
Companies such as Amazon are building little widgets that sit on a
user’s desktop and download the entire Amazon catalogue,” Marsden
said. This is what he hopes to recreate for online banking. In
effect, the PC holds an entire database of all a customer’s banking
transactions, updated each time the PC connects to Egg.
“We are relying on the hardware Intel and Microsoft have been
working on for some time,” Marsden said. Egg’s entire customer
database is only about 200Gbytes, yet Marsden believes that within
the next few years PCs will be configured with terabytes of
storage. “Within a year I could store Egg’s entire customer base on
my laptop,” he said.
Marsden’s proof-of-concept application shows how WinFX makes it
possible to run sophisticated data analysis on the customer’s
transactions, without the need for an online connection and
powerful back-end processing.
Interactive graphs can be displayed using the PC’s own graphics
hardware with WinFX, showing where the customer is spending money
each month. The interaction allows the end-user to see what would
happen if they reduced spending in a certain area, providing a
money management-like function.