Transcription of interview with Robert D. Bressler
Who do you report to and what are your duties?
Eric Schmidt, Sun chief technology officer is trying to increase the number of people with expertise in various disciplines to help propel Sun into next generation. All companies get tired with their technology when you get the same guys doing it. You want to bring in fresh blood to get new ideas flowing, bring in fresh viewpoints, get new partnerships, and so on.
I serve as chief technologist for the networking business units at both SunSoft and SMCC, trying to steer product strategy, but as with all people on the strategy side, I spend as much as my time with customers as I do Sun people.
The restrictions are very complicated and require you to read them five or six times to understand them. There are two keys that are important. One is used in establishing the connection and used to encrypt other keys. That's a longer key. The other is used in the session for encrypting each packet. That needs to be shorter otherwise your CPU falls over. The biggest roadblock to date has been on the first key. Within the domestic version we use 1,024-bit keys.
The government has recently relaxed the restrictions and said if you use 512-bit keys you can export the product. There are other restrictions involving who owns the certificate, who owns the escrowed keys -- it's complicated. It's the customer's responsibility (for key escrow). If in a given country the requirements are that the government owns the key escrow, the customer needs to fulfill the requirements, rather than have Sun be in the middle of it. There are a lot of exemptions to this. If you are a banking institution you're exempt -- the financial community is where a lot of these products are going.
It's difficult for a company like Sun that deals in the global marketplace not to have global products. It's confusing to have restrictions on this sort of this where I can sell it to you and not to you. When you have restrictions like this the sales force tends to ignore the product. The other driving force is a lot of the security products are sold by references. We have a lot of products that we sell into multinational companies that buy them as US products, and then reference them into overseas subsidiaries, but can't do anything with (SunScreen). It was a roadblock to not have a global product. The market is so confused and is still emerging, so it doesn't account for huge unit volumes for anybody.
If you go to the least common denominator, what do you give up? Recently people are learning how to tunnel through a a protocol -- and once you tunnel through a legitimate protocol the firewall loses some of its capabilities. The concern is that you can build a common interoperable firewall, the trouble is that security needs change on an almost month-by-month basis. You can't have a standards committee in series with these changes.
The recent press about the abilities to do transportable executables using Java applets, is in effect tunneling through protocols. We're learning more about this and increasing the security of their products to deal with it. It does not appear to be stopping tunneling, just changing it. You can't license someone's technology. You have to build a core expertise to deal with it in time with the hackers out there.
The same thing is happening in VLANs. VLANs started off as a broadcast phenomena where everyone used IPX, which is a broadcast problem. But when you got to IP-based protocols, broadcast is not an issue. But they want to use VLANs for security, instead of "fire ridges" (the old name for this stuff). VLANs and security are starting to merge.
Joe is middleware. The problem is that if you running Java applets you now have a tier-1 level program running on your desktop. Then you've got these big enterprise applications that are either written in CORBA or CORBA-compliant interfaces and there's not a convenient way to get from one to the other. Joe is designed to run on the server and provide the interface from the applet or the HTML page to one of these CORBA-compliment applications. It enables dynamic content (on Web pages). Work hand-in-glove with Neo and other CORBA-compliant applications. Middleware must be a universal connection.
Java is two things: An object-oriented language like C++ only simpler. Bill Joy calls it "C plus plus minus minus." We joke that for C++ programmers there's a bunch of stuff you need to forget with Java. For C programmers Java is a much smaller step. We've written a lot of Java-based server applications at Sun, enough to know there's a big people-performance difference with Java. There's a chronic shortage of trained programmers. C++ was supposed to help that. It was supposed to, but it didn't.
The thought now is that the applet architecture rather than the language which is the big jump forward. If you are building MIS applications, you can build them by stringing them together applets with a scripting language or a macro language that MIS professionals and not computer scientists can code. That's why (SunSoft's developers tools) are not just for developing applications but for tracking them and gluing them together.
Java is also the virtual machine.
With object-oriented programming, the theory was you didn't have to be quite a good a programmer. But with C++ the opposite is true.
I have an observation and then I'll give you Bressler's theory of Internet bandwidth.
Over the past decade, the power on your desktop has gone up by about two orders of magnitude -- from about 1 MIPS to 100 MIPS. In that whole time, network bandwidth has stayed flat. It was 10 megabit shared Ethernet then and it's 10 megabit shared Ethernet now. Some argue that since it's full up bandwidth has gone down. Programmers who do what they do best, avoid using network bandwidth. They make all kinds of compromises. If you use desktop video conferences, it's pretty awful. The reason is, to not use up network bandwidth they use compression algorithms that use little network bandwidth but add a lot of delay. There's a pretty sharp knee in the curve of video teleconferencing that says if the delay is more than 150 or 200 milliseconds, it's terrible.
All of a sudden, in the space of a year, we get switched 10 megabit Ethernet, we get Fast Ethernet, ATM, and we're talking about gigabit Ethernet.
My prediction is that in the next five years we'll see three orders of magnitude improvement. While programmers will fill the vacuum, it will take a little time for them to do that. We are in for a time where the programmers are going to reexamine the design decisions they made. We are playing with ShowMe, or video conferencing software, we changed the compression algorithm to H261 which you scale up to a megabit, and ran it at a megabit over a switched Ethernet link. Boy, was that nice to use! No delay that you could perceive at all. It made a huge difference.
The cost to buy a switched 10 megabit network as compared to a shared 10 megabit network is the same in new installations. For upgrades it's really cheap. The guys at 3Com and Bay tell me all of their sales now are for switched. 3Com has announced that its Fast Ethernet ports will cost the same as its 10 megabit ports, which we like because the Ultra desktops have 10/100 megabit ports on the motherboard.
I've switched my workstation in my office to a switched-10 network. Programs now load 10 times as fast. It's quite remarkable.
One of the things you start doing is thinking, "If I have higher network bandwidth, I'll run RAID on my server with stripped disks so that I can fill-up the 100 megabit pipe when loading a file." That is sweet. It just pops right in there. People are impatient. That's the major driver here. You show them a couple of things, and you can never go back.
We believe switched-10 is the new baseline. There are classes of applications like desktop video teleconferencing that are leaf-to-leaf not client-to-server and use different paths through the switch, so you really do get fast bandwidth. I always asked our customers to diagram what their network will look like. I've stopped doing that and put it on a slide because they all look the same. It's all switched Ethernet inside and ATM or something else for company-to-company.
Here's my theory on Internet bandwidth. First an observation: There's not enough. You talk to the ISPs and NAPs and they say, "Every time the load goes up we buy another T1 line." The reason they do that is a T1 is an economical unit to buy bandwidth. True, it increases the aggregate bandwidth but does not increase the point-to-point bandwidth. I want point-to-point bandwidth. I've been talking to the long-distance carriers asking them why they don't sell Internet bandwidth. I get two answers that make some sense.
One is technical. "Internet is IP. That's datagrams. We have no clue how to charge for datagrams. We charge for phone calls. If it looks like a phone call we know how to charge for it. If it doesn't look like a phone call we don't know how to charge for it."
The second is not based on technology at all. They don't want to be a pipe vendor, they want to sell services. They don't want to sell to the ISP, they want to sell to the user.
Here's my theory -- Internet toll roads. But first some background. RSVP is the Internet quality of service protocol du jour being implemented by all of the router vendors. One of the things it allows you to do is set up a quality of service IP flow, which is really just a circuit. You spend some time up-front finding if a circuit is available that meets your needs, and gives you a circuit ID. It's a circuit. It's got set-up. It's got tear-down. And you know who it is.
Just like you can drive from New York to Washington D.C. for free on the surface streets, no one does that because it takes two days. But no one does that. Everyone uses toll roads. They get on as quickly as they can, drive at 65 miles per hour, pay the tolls, and get off at the last possible exit. With quality of service, you can do the same thing. Imagine if I have a browser, I can go to my preferences and choose the connections for IP flows, and the possible carriers I can use. Now, the browser goes to the very first router it gets to on the Internet, and says, "Oh, this is a quality of service call, billable to AT&T, and I have an AT&T circuit here."
I believe that quality of service (or class of service as this is sometimes called) will be the enabling technology to allow the carriers to sell bandwidth to the Internet. And I can't wait.
This notion of going to an appliance -- something optimized for to do one thing well (internally, we call them toasters because if you wanted to make a lot of toast you wouldn't upgrade to a 220-volt toaster, you buy more toasters) -- we are not worried that people will have a fixed amount of disk and change servers, they are going to keep adding capacity. They win because they are buying better price-performance, and we win because we sell more boxes. It's a more efficient way of using this switched ability.
If you have problems with this magazine, contact firstname.lastname@example.org
Last updated: 1 April 1996
If you have technical problems with this magazine, contact email@example.com