The humble desktop PC is changing radically, in a way that promises to make the hardware more secure, enable easier PC management and provide internet users with sophisticated graphical user interfaces.
This reform is occurring on two fronts. First, browser-based applications are becoming more user-friendly, and second, advances in hardware technology will provide a secure architecture on which applications can run.
The problem with current browser-based applications is that they are pretty basic in terms of the user interface. Dennis Greene, head of e-business at the Royal Mail, said, "On the internet you have to work serially. There may be 25 browser pages to fill in to complete an online insurance form."
Clearly this is not a good user experience, particularly when compared to sophisticated graphical user interfaces such as Windows, Mac OS and the KDE user interface on Linux. Desktop applications written for these operating systems provide a rich user interface and adapt depending on what the user types in. This means the end-user only needs to complete a single form before pressing the submit button.
This is now possible for internet applications too, thanks to tools such as Ajax, an emerging set of related internet technologies; WinFX, the graphical programming interface that will be available when Microsoft releases Windows Vista next year; and Macromedia Flex.
Such applications are known as smart clients or rich internet applications, as they process information locally on the PC like a traditional desktop application but are deployed via the internet.
One example of this can be seen in online hotel booking applications. "You can get a room rate and the application will instantly show a calendar to select a date," said Greene.
Intelligent Finance, a division of HBOS, is another company using smart client technology. The bank uses a rich internet application built with Macromedia Flex 1.5, Central, and Jrun to provide a single-screen mortgage calculator and information about mortgage options.
Is a separate partition needed for OS and data files?
Unlike desktop software, management of these applications is minimal, as the software is distributed to the end-user automatically over the internet, so there is no need to install them manually.
Ramasamy Uthurusamy, general director of emerging technologies at General Motors, said, "It is better to avoid installing software on the desktop as IT has to support it. Rich internet applications can be downloaded on the fly."
To increase the appeal, businesses do not have to build these rich internet applications from scratch. Uthurusamy said composite applications could be built by tying internet services together. "With Ajax I am able to bring in data from multiple sources into my browser [Windows]."
One example is www.craigslist.com, which allows users to find properties for sale in San Francisco. The site uses the Google Map web service with Ajax to display a map of a selected property.
The evolution of smart client applications will create the need to access confidential information, and this will require changes to the way the PC is secured.
In spite of advances in memory protection in modern operating systems such as Windows XP and Linux, PCs are inherently unstable. One application can interfere with another, as seen in the notorious buffer overflow error used extensively in hacking, where one application - in this case a virus or worm - simply overwrites the memory space occupied by another application or the operating system.
To tackle this, Intel and AMD are releasing processors and chipsets in 2006 that will allow a single piece of hardware to be divided into partitions, each electrically isolated from the other.
Hardware partitioning is a mainframe technology used to ensure workloads (or applications) run independently of each other in a virtual machine. A variation of this technology, called VT, is being developed by Intel. AMD is producing Pacifica, which will achieve a similar result.
Chris Dunne, head of IT and operations at financial clearing house Voca, said, "Partitions are used on our Sun Ultrasparc severs to run several concurrent applications in separate partitions. PC virtualisation will bring this down to the desktop."
One area where hardware partitioning could be deployed on a desktop PC is in software development. Software developers need to run the software they are developing on their development PC, causing a potentially unstable IT environment. At the same time, however, they require full access to corporate IT. Robin Payne, chief technology officer at the London Stock Exchange, said, "With two partitions, one could be used for the software development environment and the other for applications such as e-mail."
There are many other uses. For example, an office laptop could be set up with two totally independent configurations: one as a home PC, perhaps with uncontrolled access to the internet, multimedia applications and computer games; the other, a managed, locked-down corporate desktop.
Segregation of hardware through new PC technology will also play a significant role in securing applications. Pete Marsden, chief technology officer at online financial services company Egg, said, "The partitioning of the chipset is important to us. We can put our data and our application in a secure partition so if a hacker does get onto the laptop the banking application is still secure."
This will become increasingly important as internet applications - whether they are consumer-facing or business-to-business - evolve to provide a richer user experience. Clearly, a user should not need a different PC for each service that they access. But unless the integrity of the application running on the user's PC is guaranteed, how can a business be certain that someone is not attempting to steal confidential information?
With hardware partitioning, if the end-user installs another business' application or connects to another business partner's application, the two would not interfere with each other. "There is no memory leakage between one and the other," Marsden said.
Beyond hardware partitioning is Next-Generation Secure Computing Base (NGSCB), a Microsoft initiative to develop security at the chip level. NGSCB relies on hardware technology developed by industry body the Trusted Computing Group, a consortium that includes AMD, Hewlett-Packard, IBM, Intel, Microsoft, Sony and Sun Microsystems.
NGSCB is designed to provide security features such as a random number generator, a cryptographic co-processor, and the ability to hold cryptographic keys in a manner that makes them extremely difficult to retrieve.
Marsden believes NGSCB will have a profound influence on how next-generation internet applications are secured. "This is fantastic from our perspective as it has such a high degree of security inside the chip. Hackers will have to try breaking into a PC, and what I am doing is putting [your money] into a very secure, compartmentalised application residing inside an NGSCB-based chip." Marsden believes such a configuration would be very hard to break into. "Security will get sorted," he said.
The final piece of the hardware jigsaw is IT management. Intel is working on hardware codenamed Averill, designed to provide secure remote management of a desktop PC. "If the operating system is fried or the PC is turned off, I can fix problems," said Gordon Graylish, director of marketing at Intel.
By mid-2006, Intel will also offer so-called "circuit breaker" technology, which is designed to prevent a rogue PC from flooding a corporate network with virus traffic.
Multicore processors, where a single chip includes two or more processor cores, will also play a role in IT management in Intel's strategy. Instead of forcing an end-user to install an upgrade or patch, Graylish said the IT department could run systems management in a hardware partition and use the second core of a dual-core processor to perform updates in the background, without affecting the end-user.
"Behind the scenes I may be running Powerpoint, but I won't notice that IT is repairing my PC environment, updating it, making sure it is secure," he said.
A revolution is taking place, affecting both the hardware and the software of the desktop PC. Hardware partitioning, multicore processors, Averill and NGSCB are set to deliver a secure, remotely managed hardware platform. On top of this platform, users will be able to run increasingly sophisticated smart client applications capable of accessing confidential data safely and running securely and independently of each other.
Egg builds next-generation online banking application
Online financial services company Egg has been working with Microsoft since January 2002 on a proof-of-concept next-generation internet application for online banking. The application is based on Vista, the next version of Windows, and the WinFX graphics programming interface.
Egg has been trying to address the IT dilemma of having two worlds on a PC. One is made up of functionally rich applications such as MS Office or PC games which offer user feedback, and the other consists of limited functionality available from the internet. End-users want instant feedback; they do not want to wait for the internet browser screen to refresh.
The problem is how to offer functionally rich applications without the problems of installing and supporting desktop software. This is the aim of smart client applications, and Egg’s next-generation banking application is a showcase for what the technology can do.
“HTML was not designed to do things in a nice graphical way,” said Pete Marsden, chief
technology officer at Egg.
Instead, his application uses Windows Vista and, in particular, the WinFX graphical programming model to provide a new approach to online banking.
Rather than accessing the internet banking service over the internet, in Marsden’s approach, the
bank’s customers only access the internet to synchronise banking data on their PC with the back-end
system at Egg.
“Previously I had to wait for customers to come to the website. Companies such as Amazon are building little widgets that sit on a user’s desktop and download the entire Amazon catalogue,” Marsden said. This is what he hopes to recreate for online banking. In effect, the PC holds an entire database of all a customer’s banking transactions, updated each time the PC connects to Egg.
“We are relying on the hardware Intel and Microsoft have been working on for some time,” Marsden said. Egg’s entire customer database is only about 200Gbytes, yet Marsden believes that within the next few years PCs will be configured with terabytes of storage. “Within a year I could store Egg’s entire customer base on my laptop,” he said.
Marsden’s proof-of-concept application shows how WinFX makes it possible to run sophisticated data analysis on the customer’s transactions, without the need for an online connection and powerful back-end processing.
Interactive graphs can be displayed using the PC’s own graphics hardware with WinFX, showing where the customer is spending money each month. The interaction allows the end-user to see what would happen if they reduced spending in a certain area, providing a money management-like function.
This was first published in December 2005