Blue Screen Of Death.. Blue Screen Error.. Windows

Many of you have come across a blue screen while trying to install windows xp in your new laptop. This BSOD (Blue Screen Of Death) is due to the fact that your Windows XP does not have the SATA drivers which is required to detect your Hard Disk Drives. The solution to this is to integrate SATA drivers to your winxp CD, the following steps will let you do it.
If you don’t have Floppy Disk Drive especially on a notebook. You still can install Win Xp by Slip streaming SATA driver into WinXp boot cd using nLite.
Materials needed:
1) nLite(download here), a free tool to help you slipstreaming(integrate) your SATA drivers into WinXp installation disk.
2) Extract SATA drivers (Please see the corresponding Laptop models for SATA drivers )
(if you are using Intel chipset Intel 82801GR/GH, 631xESB/632xESB, 82801GHM, ICH8R/ICH9R, 82801HEM SATA RAID Controller, get the drivers from here)
Steps:
1) Get your Windows XP installation disk and copy the contents to a new folder(I named it “WinXp”).
2) Extract the SATA drivers you downloaded into a folder
3) Run nLite->choose “Next”.

4) Now, locate the Windows folder(for me, it’s “WinXp”).
5) Next again and you will come to “Presets”. Ignore this by choosing “Next” again. 6) In “Task Selection”, choose “Drivers” and “Bootable ISO” by high-lighting them. 7) Choose “Insert”->”Single driver” Browse to the SATA driver folder and select either one of the .INF file, I choose “iaahci.inf”. 9) A screen like below will pop-up, make sure it’s “Textmode driver” ( This is the most important step ) and select all of them by holding CTRL+A key and choose “OK” 10) You shall see something like this. Choose “Next” and you will be prompted. 11) Choose “Yes” to start the process. 12) Let it finish and choose “Next”. 13) Finally, you can create your project as ISO image or burn it directly to CD-R under “Mode”. I choose “Direct Burn”. You can put anything for “Label” but not too long. Choose “Burn” and you will be prompted again. 14) Choose “Yes” to burn it to CD-R. Wait for it to finish and choose “Next”
15) Choose “Finish” to exit nLite.
Thats all You can now boot your PC or laptop with this CD and install Windows Xp with out Blue screen showing.
Credits:: http://maxeasyguide.blogspot.com

Adobe snaps to attention over security vulnerabilities

Adobe Systems, whose applications have been hit hard by hackers, is combing through legacy code for bugs in its products and plans a regular quarterly patch release, according to a top security official.

The move comes after Adobe noticed "significant changes in the threat landscape," said Brad Arkin, director for product security and privacy at the company, on Wednesday.

Adobe plans to issue patches every three months on the second Tuesday of the month, the same day that Microsoft releases its patches, Arkin said. Releasing patches in tandem with Microsoft is easier for administrators, who can test the fixes from both companies at the same time before updating desktop PC images.

Adobe's Reader and Acrobat software are used for creating and reading PDF files, which is the widely used format for saving Web pages, creating forms, and other uses.

The programs also use JavaScript, a programming language that, if not implemented correctly, can allow hackers to create PDFs that trigger, for example, a memory corruption problem that can allow for complete control of a computer and all of its data.

Adobe has had a security development lifecycle -- a set of protocols for dealing with problems -- for at least four years. But as Adobe has developed Reader and Acrobat, the company didn't review the old legacy code for security vulnerabilities, Arkin said. It is doing that now.

Since February, Adobe has been hardening its code in its applications, Arkin said. That has included doing automated as well as human code reviews. Adobe is using "fuzzers," or tools that try to inject code into an application to see if it accepts data it shouldn't.

Adobe's engineers are also practicing "threat modeling," where engineers try to figure out areas where hackers could potentially cause mischief and find flaws in source code, Arkin said.

Adobe wants to speed up the time it takes to create a patch when a vulnerability is disclosed, Arkin said. It took Adobe two weeks to come up with a patch for the JBIG2 vulnerability revealed around the end of April. That "wasn't as fast as we'd have liked it to be," he said.

Arkin said Adobe plans to have its first quarterly patch update release within the next three to four months, although the exact date hasn't been set.

The intensive security review plans will be nearly permanent. "We don't think we're going to hit a point where it's done," Arkin said. "No product is going to be completely free of vulnerabilites."

Wi-Fi hikes security by adding to WPA2 requirements

The Wi-Fi Alliance has expanded its WPA2 certification program to include a tool for secure handoffs between Wi-Fi and 3G networks, as well as an authentication system that uses multiple secured tunnels.

WPA2 (Wi-Fi Protected Access 2) is the most advanced security standard for Wi-Fi. The WPA2 certification program already included five other EAP (extensible authentication protocol) methods. The Wi-Fi Alliance tests routers, access points, and client devices for interoperability using certain protocols and certifies them with its logo.

The newly added protocols, EAP-AKA (Authentication and Key Agreement) and EAP-FAST (Flexible Authentication via Secure Tunneling), are designed to better secure enterprise Wi-Fi LANs.

EAP-AKA was developed by the 3GPP (Third-Generation Partnership Project), the main standards body for 3G networks, and has been in use for a few years on both UMTS (Universal Mobile Telecommunications System) and CDMA2000 (Code-Division Multiple Access) networks. It allows for the handoff of calls between cellular and Wi-Fi networks using a single user identifier. As more mobile phones are equipped with Wi-Fi and more laptops and netbooks gain cellular data capability, having a standard way to shift calls from paid carrier networks to free Wi-Fi could be valuable, especially in enterprises that have rolled out Wi-Fi across their offices.

Cisco Systems created EAP-FAST several years ago as a replacement for its LEAP (Lightweight EAP), which was found to be vulnerable to certain types of attacks. Those included "dictionary" attacks, so-called because they generate a series of likely guesses at the network's decryption key or passphrase. EAP-FAST is now an open international standard.

For the next 90 days, support for the two newly added EAP types will be optional in WPA2-certified products, said Edgar Figueroa, executive director of the Wi-Fi Alliance. After that, WPA2 certification will require support for all seven EAP types, except in certain special cases. Any product that gets a firmware upgrade after the grace period will have to be re-certified under the new requirements, Figueroa said.

Cisco Nexus 5000 bridges the network gap

Traditionally, network transport has run on two separate technologies, FC (Fibre Channel) and Ethernet, which, like two railroads with different gauges, seemed bound to never meet.

Just about everybody agrees that having a unified network could bring significant financial and administrative benefits, but when exploring possible simplifications to the datacenter fabric, customers faced discouraging and costly options such as tearing down their FC investments or extending the FC network to reach every server and every application.

2008 started with industry signals that it would be the year when those two "railroads" would finally come together. We had a first glimpse that things were changing in that space when Brocade announced the DCX in January. Later that winter a new technology, FCoE (Fibre Channel over Ethernet) -- created by an offspring of Cisco, Nuova Systems -- came to maturity in the Nexus 5000 switches, promising to finally bring these two most critical networks under the same administrative banner.

This spring, about one year after first introducing the concept of FCoE, Cisco announced the Nexus 5000, a 10G Ethernet switch that supports the new protocol and promises to make consolidating FC and Ethernet traffic as easy and as reliable as bringing together Ethernet connections with different speeds on the same switch.

How do the approaches from Brocade and Cisco differ? I won’t stretch that rail analogy further than this, but it helps if you think of the first as a converging point for different railroads, and see the second as a unified rail where to roll heterogeneous transports.

In fact, FCoE brings seamlessly together the two protocols, potentially reaching any application server mounting a new breed of adapters, aptly name converged network adapters or CNA. A CNA essentially carries both protocols, Ethernet and FC on a single 10G port, which cuts in half the number of server adapters needed and, just as important, reduces significantly the number of connections and switches needed south of the servers.

The other important component of the FCoE architecture is obviously the Nexus 5000 switch, a device that essentially bridges the FC and Ethernet networks using compatible ports for each technology. Moreover, adding an FCoE switch requires minimal modifications, if any, to the existing storage fabric, which should grab the interest of customers and other vendors.

Cisco declares for the first model released, the Nexus 5020, an aggregate speed in excess of 1Tbit/sec and negligible latency. This, together with an impressive lineout of 10G ports, makes the switch a desirable machine to have when implementing server virtualization. To paraphrase what a Cisco executive said, perhaps a bit paradoxically, with FCoE you can burden a server with just about any traffic load.

Getting to the nexus of the 5000
A switch that promises to deliver the services of Ethernet and FC over the same wire without packet losses and without appreciable latency is certainly worth reviewing, but it didn’t take me long to realize that the evaluation required bringing together more equipment than it’s convenient to ship, which is why I ran my battery of tests at the Nuova Systems premises in San Jose, Calif.

In addition to 10G Ethernet ports, my test unit mounted some native FC ports, which made possible running tests to evaluate its behavior when emulating a native FC switch. Other items in my test plan were exploring the management features of the Nexus 5000 and running performance benchmarks to measure latency, I/O operations, and data rate.

The Nexus 5020 is a 2U rack mounted unit and packs in that small space an astonishing number of sockets: 40 to be precise. Each socket can host Ethernet ports running at 10G. Using an optional expansion module (the switch has room for two), you can extend connectivity with six more 10G Ethernet ports, eight more FC ports, or a combo module with four FC and four 10G Ethernet ports.

However, those sockets don’t need to be completely filled. For example, my test unit had only 15 10G ports and 4 FC ports active. At review time the Nexus 5000 offered support for all FC connectivity speeds, up to but not including 8G.

Typically, you would deploy the 5020 in the same rack where your app servers reside, or in an adjacent rack. Considering a resilient configuration with two 10G connections for each server, two Nexus 5000 can connect up 40 servers and still have room for more ports with the expansion modules.

The front of the 5000 hosts five large, always spinning and rather noisy fans. With only one power supply (a configuration with dual PSU is also available) I measured around 465 watts absorbed by the switch. Interestingly, the Nexus kept running when I removed one of the fans but, as I had been warned, shut down automatically when I removed a second fan. However, the remaining three fans kept spinning to keep the internal electronics cool.

When reinserted, the two fans I had removed began spinning immediately, but the rest of the system was still no go and I had to power cycle to restart. Taking advantage of this behavior (it’s by design), I measured 243 watts with only the five fans spinning, which suggests that the power usage of the other components of the switch is the delta to 465 watts, at least in my configuration.

Having more connections would obviously push up that number, but the consumption I measured seems to be in the same ballpark of what I read from the specs of 20 ports 10G switches from other vendors.

Policing with a policy
Obviously, the most important novelty that the Nexus 5000 brings to a datacenter and the greatest differentiator with other, single protocol switches is that Ethernet and FC are just two supported applications that you monitor and control from the same administrative interface.

With that in mind it’s easy to understand why the Nexus runs a new OS, the NX-OS, which, according to Cisco, inherits and brings together the best features of their Ethernet-focused IOS and their FC focused SAN-OS.

To access the OS features administrators can choose between a powerful CLI or the GUI-based Fabric Manager. I used the plural because the administrative tasks of the switch can be easily divided between multiple roles, each with a different login and confined to a specific environment, as defined by and under the supervision of a super admin. That’s a critical and much-needed option if you plan to bring multiple administrative domains and their administrators under the same banner.

This and other configuration setting of the Nexus 5000 are policy-driven, which makes for easy and transparent management. Another remarkable feature is that you can define classes of service that logically isolate different applications.

For example, after logging in to the switch, a simple command such as "sh policy-map interface Ethernet 1/1" listed all traffic statistics on that port, grouped for each CoS (class of service) and listing separated numbers for inbound and outbound packets.

Combining a certain CoS with a proper policy, an admin can not only monitor what traffic is running on the switch but can also automatically control where packets are routed and how. Load balancing is a typical application where that combination of policy and QoS shines, but there are others -- for example, automatically assigning packets with different MTU to different classes of traffic.

The NX-OS makes easy some otherwise challenging settings, such as mirroring the traffic flowing on one interface to another on the same or on a different VLAN. A similar setting can be useful for sensitive applications such as surveillance and remote monitoring, but can also help test the impact of a new application on a production VLAN.

Defining a correct policy can help also make sure that FC traffic, or any other traffic running on the 5000, will never drop a frame. Dropping a frame is obviously a mortal sin if a storage device is at one end of the connection, but other performance-sensitive applications can benefit from uninterrupted transport.

I was surprised to learn how easy that was to set up with just a handful of commands:

class-map critical
match cos 4
policy-map policy-pfc
class critical
pause no-drop
system qos
service-policy policy-pfc

In plain English this means the following: Never drop a frame and pause the traffic if you can’t keep up with the rate.

I should also mention that PFC stands for priority flow control, a new feature which is at the heart of the FCoE protocol and essentially makes Ethernet able to survive traffic congestion without data loss, by pausing the incoming flow of packets when needed.

My next command, a line that I am not showing, was to assign that policy to two ports on my switch.

How to fill up a 10G line
If setting that policy up was easy, testing that it was actually working was a bit more complicated and called for using the powerful features of IP Performance Tester, a traffic generator system by Ixia. One of the problems I had to solve was how to create significant traffic on my 10G connections, which is where IP Performance Tester, luckily already installed in my test system, was called to action. This isn't the only test where I've used IP Performance Tester, and I've found it to be a valuable tool.

For my PFC test, the Ixia system was set to generate enough traffic to cause a level of congestion which would have translated, without PFC, into losing packets. The switch under test passed this test with aplomb and without losses, proving that not only FC but also Ethernet can be a reliable, lossless protocol.

Of the many test scripts I ran on the Nexus 5000 this was, without any doubt, the most significant. The switch offers many powerful features, including guaranteed rate of traffic, automatic bandwidth management, and automated traffic span.

However, PFC is what legitimates FCoE as a viable convergence protocol that can bridge the gap between application servers and storage, and it makes the Nexus 5000 a much-needed component in datacenter consolidation projects.

One last question remained still unanswered in my evaluation: The Nexus 5000 had proven to have the features needed to be the connection point between servers and storage in a unified environment, but did the machine have enough bandwidth and responsiveness for the job?

To answer those I moved the testing to a different setting where the Nexus 5020 was connected to 8 hosts running NetPipe.

NetPipe is a remarkable performance benchmark tool that works particularly well with switches because you can measure end-to-end (host-to-host) performance and record (in Excel-compatible format) how those results vary when using different data transfers sizes.

A summary of what you can do with NetPipe is shown in the figure here (screen image).

In essence you can set NetPipe to use one way or bidirectional data transfers and increase the data transfer size gradually within a range., recording the transfer rate in megabytes per second and the latency in microseconds..

I ran my tests with a data size range from 1 byte to 8,198 bytes, but for clarity I am not listing the whole range of results but only a few, following a power of two pattern.

Also to mimic a more realistic working condition, I ran the same tests first without any other traffic on the switch and then added one and two competing flows of traffic.

Finally, to have a better feeling of how much the switch impacts transfer rate and latency, I ran the same test back to back, in essence replacing the switch with a direct connection between the two hosts.

Click for larger view.

It’s interesting to note how the transfer rate increases gradually with higher data size reaching numbers very close to the theoretical capacity of 10G Ethernet.

Click for larger view.

The latency numbers, where lower is better, is obviously the most important proof of the switch responsiveness. Even if we consider the best results where the Nexus 5020 is in the path, the delta with the back-to back stays between 3 and 3.5 microseconds, which is essentially the latency added by the switch.

This number is not only very close to what Cisco suggests for the 5020 , but is probably the shortest latency that you can put between your applications and your data.

A step for network consolidation
When reviewing products such as the Nexus 5000 that bear the first implementation of an innovative technology is often difficult to maintain judgments about of the technology separated from that about the solution. Which is probably why, at the end of my evaluation, I tend to think of the Nexus 5020 and of FCoE as a whole -- which they are, because at the moment there is no other switch that let you implement the new protocol.

However, even if I break apart the two, each piece has merits of its own. I like the unified view that FCoE brings to network transport and I like the speed and feather-light impact that the Nexus 5020 brings to that union.

Obviously the Nexus 5000 is a first version product and however well rounded, it’s easy to predict that future versions will move up the bar even further. As for the technology, perhaps the greatest endorsement that FCoE received is that Brocade is planning to ship a Nexus 5000 rival solution, based on FCoE by year's end. Obviously the old “if you can’t beat them, join them” battle cry of competition is still alive and well in the storage world.

Microsoft NAP: NAC for the rest of us?

The universe of policy-based networking and systems management has evolved over the past few years, and the standards first created by the Trusted Computing Group, Cisco, and Microsoft have merged to create a generalized view of managing and enforcing policy. Although more capable and more polished solutions are available, Microsoft's Network Access Protection (NAP) will undoubtedly be the primary such technology in use in all-Windows environments, even with its limitations.

NAP comprises client and server subsystems with an enforcement architecture based on 802.1X, DHCP, or VPNs together with VLAN assignment within the network to isolate devices when appropriate. NAP services are provided in Windows Server 2008, with Windows Server 2008 R2 adding a few capabilities to the NAP support.

Client support is included in Windows Vista, Windows XP Service Pack 3 (SP3), and the Windows 7 Release Candidate. These client services provide posture gathering and reporting to Windows Server 2008 for enforcement and remediation decisions. The NAP components include the posture of the device in a way similar to Windows Security Center, with system update, anti-virus, firewall, and other security status reported back.

The NAP services then analyze the overall posture of each device, match that posture to the NAP policies in the Network Policy Server (NPS), and facilitate enforcement as outlined by those policies. NAP provides roughly the same access control services as third-party NAC solutions we've tested, but without many of the bells and whistles those solutions provide.

NAP in R2
Microsoft continues to develop new features for NAP and related security functions. A number of the improvements in Windows Server 2008 R2 make NAP deployment smoother: specifically the automated setup of the logging database, and multiple out-of-the-box configurations for the System Health Validator (SHV).

NAP requires the setup of multiple databases for administration and management of the overall system, one of which is the logging database. Prior to Windows Server 2008 R2, the logging database required extensive SQL-based configuration. This setup has been automated in R2, completely relieving the administrator of an onerous task.

Similarly, prior to R2, Windows Server 2008 provided only one SHV configuration, meaning that wholesale changes to the system health requirements had to be made universally. Now you can apply different policies based on a specific configuration of the SHV. For example, systems internal to your network may require that only the anti-virus component is current, while systems connected via VPN may require both anti-virus and antispyware be active.

In addition, when used with Windows 7, R2 provides a streamlined remote access facility, simplifying remote connectivity and securing Remote Workspace, Presentation Virtualization, and Remote Desktop Services Gateway sessions.

NAP in the lab
As for previous reviews (see "NAC smorgasbord: Four ways to police the nework" and "Sophos NAC is a good start"), we examined NAP's ability to handle typical scenarios, including guest access, rogue devices, and non-Windows devices. We also examined the enforcement methods available natively with NAP. We installed Windows Server 2008 as the network core and configured both Windows Vista and Windows XP SP3 devices on the network. Our network also included a Mac OS X client and a printer, though NAP does nothing with non-Windows devices. It only tests the posture, or "health status," of Windows systems.

While configuring NAP was straightforward, it was also complex, requiring a long list of supporting services to be installed and configured. Even my simple deployment required several hours to configure, due to the prerequisites for 802.1X on Windows Server 2008, including the RADIUS server, certificates, and the enforcement clients.

You use the Network Policy Server, a component of Windows Server 2008, to configure NAP policies. As with other NAC solutions, the policies use the client posture to determine the arguments for a policy decision. The policy then triggers enforcement in terms of network access granted. Enforcement of the client status is by 802.1X and VLAN assignment or by DHCP lease enforcement.

Policy configuration is simple due to its limited scope. For example, policies can only take into account device posture, without the per-port, time of day, and other fine-grained controls available in other systems. In short, NAP checks the status of anti-virus software, antispyware software, a firewall, and automatic updating.

Although the NAP platform is the same for both Windows XP and Windows Vista, Vista offers a few additional capabilities. Vista provides an administration console for local and Group Policy configuration, and the Windows System Health Agent (the built-in "client" piece of NAP) takes advantage of Windows Defender support in the Security Center. Plus, the underlying enforcement technologies include some advanced features, such as authenticated IP for IPSec and single-sign-on support for 802.1X.

Secure or obscure
Client devices are assigned to a VLAN based on their posture, so they may, for instance, be restricted to accessing remediation servers, the Internet, or other limited resources until they are corrected. VLAN assignment is a more secure approach than DHCP leases, but requires the complexity of an 802.1X implementation, which is often onerous for an entire organization.

DHCP enforcement is a mixed bag. By using IP address assignment to move devices around a network, you can expect safe devices to be compliant to your plan -- and rogues to find ways to apply static IP addressing to get around it. Many are likely to be tempted by the relative simplicity of DHCP-based enforcement, especially for smaller deployments, but it is simply the latest version of "security by obscurity," and therefore no security at all.

Given the sophistication and depth of knowledge exhibited by the malevolent organizations responsible for most malware being developed and deployed today, it should be no surprise that they are able to manipulate IP addresses in order to avoid the IP-assignment enforcement mechanism (not only used by NAP, but also other network access control solutions). True enforcement must leverage the network infrastructure, and therefore requires 802.1X for organizations using NAP. To add injury to insult, 802.1X has proven challenging to define and deploy, even with the aid of excellent companion software such as Cloudpath Networks' XpressConnect and Great Bay Software's Beacon (see "Accelerate your 802.1X rollout").

The NAP gap
Microsoft NAP is likely to be an integral part of your policy-based network, whether or not you deploy a pure NAP solution. Although the software is included with Windows Server 2008, Windows Vista, Windows 7, and Windows XP SP3, the costs of an implementation also include the deployment of 802.1X and VLAN assignment -- or an understanding and acceptance of the limitations of DHCP enforcement.

As is often the case, NAP misses one of the keys to creating a manageable environment, using logging instead of full-fledged reporting to provide information about the environment. Although the information is available, it is difficult to extract and to see anomalies as they occur.

If you are managing a 100 percent Windows environment, NAP could possibly provide the core of your policy-based administration. In the more likely event you're managing a heterogeneous environment with BlackBerrys, Macs, iPhones, printers, and other devices, there's a much higher probability -- due to the need of both additional features and much more robust reporting -- NAP will serve as an integral part of a more complete solution.

Google suffers another service outage

Google is dealing with another service outage Monday impacting users around the world. Monday's service outage, which began at approximately 8:30 a.m. EDT, appears to be impacting only Google's popular Google News service. As of this writing (9:44 a.m. EDT) it has not been fully resolved and when people try to access Google News they are met with a "503 Server Error" message and a "Please try again in 30 seconds. Others can access Google News, but the site is not displaying pages correctly or when links to other Google News categories are clicked on more Server Error messages are delivered.

The outage has been reported by users in California and Massachusetts and as far away as Sydney, Australia, India, and the United Kingdom. Twitter is also lighting up with users complaining of the outage.

There are no reported problems of Google News in some parts of the world such as Tel Aviv, Israel. Other Google services, such as Google.com, Gmail, and YouTube appear to be working fine. This latest hiccup by Google does in no way appear to be as severe or as a widespread as Google's service outage earlier this month. However this latest Google stumble tarnishes, yet again, the company's image as one of the most reliable Internet companies.

(stay tuned for an update)

Cisco unveils a grab bag of wireless LAN products

Cisco unveiled a grab bag of wireless LAN announcements at Interop Tuesday, including much of what you'd expect in the form of new hardware. But there's a somewhat surprising twist: The equipment vendor's wide-ranging emphasis on software applications.

The announcements include a new mesh access point, the high-end 5500 WLAN controller, a low-end version of its Mobility Services Engine, and a more flexible licensing model for its gear. There's also an improvement to its access point-based M-Drive code to in effect lock 802.11a clients into the 5GHz band. Cisco also extensively redesigned the GUI for its Wireless Control System, the application for managing its WLANs.

Slideshow: Products to be shown at Interop

There's also an updated version of Cisco's WebEx desktop and phone conferencing application client for the Apple iPhone. Cisco will add video support over Wi-Fi later this year. And three new software vendors -- ArcSight, NetScout and RSA -- are now supporting the Cisco API through the Mobility Services Engine to add new security and management features for WLAN administrators.

Another change makes it easier and faster for third-party device makers to use the Cisco Compatible Extensions (CCX) code to marry their products with a Cisco WLAN.

"Most of the news is just Wi-Fi related,” says Paul DeBeasi, senior analyst for wireless and mobility with Burton Group. "But the most interesting piece is what they're doing with applications. The Mobility Services Engine was a classic, big company 'what the heck are they announcing' announcement. It was a skeleton that they're now fleshing out.”

The MSE is collects a wide range of WLAN data from Cisco controllers and access points, and it hosts or connects with applications from Cisco and third-party vendors that can make use of the data. Cisco initially offered an application to calculate and map a radio's location, for example. ArcSight, NetScout, and RSA can now use MSE as a platform for respectively network and compliance event monitoring and analysis, network and application performance, and for security for users, data and applications.

"This is a new area for Cisco – integrating applications and making it easy for people to develop applications,” says DeBeasi. "It's not typically what they do.”

For a lot of users, the focus is still on the fundamental WLAN hardware. Fairfax County Public Schools in Virginia has been beta testing the new 5500 series controller. It deployed a single 5500 at one school to manage 166 Cisco access points, instead of having to deploy two of an older model, with unused capacity, says Neal Shelton, network engineering supervisor for the district. By using one controller, Shelton also was able to simplify managing hash keys for the access points.

FCPS bought the Wireless Control System application early in 2009, and Shelton says the redesigned GUI is "much more intuitive,” and gives Cisco high marks for management and administration reports that are simple to use and read.

Here's what's being announced:

• Aironet 1424SB outdoor mesh access point: two radios in the 802.11a 5 GHz band are for dedicated, backhaul sending and receiving to maximize throughput; the third radio supports client access. Price: $4,999.
• 5500 series wireless controller: With an 8Gbps backplane, and optimized for 802.11n networks, the high-end appliance supports from 12 to 250 access points, and thousands of clients. The new flexible licensing scheme lets enterprise customers start small, and add additional licenses to match client growth. List price ranges from $10,995 for a WLAN of as many as 12 access points to $93,995 as many as 250.
• OfficeExtend: Optional software, loaded on Cisco Aironet 1130 and 1140 access points that are linked to a WAN connection. OfficeExtend connects securely with a central 5500 controller and downloads and enforces a range of enterprise security and management policies for mobile workers and teleworkers. License is $75 per access point.
• Mobility Services Engine 3310: A lower-end model to the companion 3350 model, the new MSE is aimed at midsize businesses. It's an appliance that runs software programs to collect, store and manage data from wireless clients and Cisco access points and controllers. The MSE can use this data itself for jobs like rogue radio detection, and share it with either higher-end Cisco network applications or with third-party applications, such as wireless asset tracking, and RFID data management. Price: $6,995.
• WebEx Meeting Center version 1.2 for the iPhone: A free download from Apple's App Store; the new version lets the user schedule meetings and invite attendees to join even while the meeting is in progress.
• Cisco Compatible Extensions: CCX has been subdivided into four modular elements: the core foundation code, and three application "services" -- management, collaboration and context-aware. Device makes select the foundation along with only those services they want to incorporate on their silicon or device.
• Enhanced M-Drive: M-Drive is a bundle of radio management features, most recently including beamforming to boost performance of 802.11g and 11a wireless clients. The new feature is BandSelect, which is an access point code that "tricks" a device that supports 802.11a into using 11a in the less crowded 5GHz band instead of 11g in 2.4GHz.
• Cisco also recreated what it calls the Cisco Developer Network, a collection of online documentation, support and community features for software developers at third-party technology partners.

Finally, Cisco introduced several consulting services specializing in working with enterprise customers on migrating to 802.11n, on evaluating real-time wireless applications such as voice and video, and on new WLAN planning and design services.