Thanks for visiting. Please comment on posts and leave your thoughts.
Providing a National Broadband Network within a country is seen by many governments as a way to help their population and country compete with other countries. I have been involved in three NBN projects; Australia, Singapore and New Zealand. I don't claim to be an expert in all three projects (which are ongoing) but I though I would share some observations and comparisons between the three projects.
Where Australia and Singapore have both opted to build a new network with (potentially) new companies running it, New Zealand has taken a different path. The Kiwis have decided to split the incumbent (and formerly monopoly) Telecom New Zealand into three semi-separated 'companies' Retail, Wholesale and Chorus (the network), but only for the 'regulated products' which for the New Zealand government is 'broadband'. They all still report to a single TNZ CEO. I have not seen any direction in terms of Fibre to the Home or Fibre to the Node, just defined the product as 'broadband'. The really strange thing with this split is that the three business units will continue to operate as they did in the past for other non-regulated products such as voice.
As an aside, the Kiwi government not regulating voice seems an odd decision to me - especially when you compare it to countries like Australia and the USA where the government has mandated that the Telcos provide equivalent voice services to the entire population. Sure, New Zealand is a much smaller country, but it is not without it's own geographic challenges in providing services to all kiwis, yet
A key part of the separation is that these three business units are obliged to provide the same level of service to external companies as they provide to Telecom and it's other business units. For example if Vodafone wants to sell a Telecom Wholesale product, then Telecom Wholesale MUST treat Vodafone identically to the way they treat Telecom Retail. Likewise Chorus must do the same for it's customers which would include ISPs as well as potentially other local Telcos (Vodafone, Telstra Clear and 2Degrees). This equivalency of input seems to me to be an attempt to get to a similar place to Singapore (more on that later). Telecom NZ have already spent tens of million of NZ$ to this point and they don't have a lot to show for it yet. It seems to me like the Government is trying to get to a NBN state of play by using Telecom's current network and perhaps adding to that as needed. For the kiwi population, that's not anything flash like fibre to the home, but more like Fibre to the node and then have a DSL last mile connection. That will obviously limit the sorts of services that could be delivered over that network. When other countries are talking about speeds in excess of 100Mbps to the home, New Zealand will be limited to DSL speeds until the network is extended to a full FTTH deployment (not planned at the moment as far as I am aware)
Singapore, rather than split up an existing telco (like Singtel or Starhub) have gone to tender for the three layers - Network, Wholesale and Retail. The government (Singapore Ltd) has decided that should only be one network and run by one company (Nucleus Connect - providing Fibre to the Home), that there would be a maximum of three wholesale companies and as many retail companies as the market will support. A big difference to New Zealand is that the Singapore government wants the wholesalers to offer a range of value added services - that they refer to as 'sit forward' services to engage the population rather than 'sit back' services that do not engage the population base. Retail companies would be free to pick and choose wholesale products for different wholesalers to provide differentiation of services.
Singapore, New Zealand and Australia are vastly different countries - Singapore is only 700km2 in size, Australia is a continent in it's own right and new Zealand is at the smaller end of in between. This is naturally going to have a dramatic effect on each Government's approach to a NBN. Singapore's highly structured approach is typical of the way Singapore does things. Australia's approach is less controlled - due to the nature of the political environment in Australia rather than it's size and New Zealand's approach seems somewhat half-hearted by comparison. I am not sure why the NZ government has not elected to build a new network independent of Telecom NZ's current network.
In Australia on the other hand, the government have set up the Communications Alliance to manage the NBN and subcontract to the likes of Telstra, Optus and others. The interesting thing with that approach (other than the false start that has already cost the Australian Taxpayers AU$30 million) and the thing that sets it apart from Singapore is that the approach doesn't seem to have any focus on the value added services (unlike Singapore's approach) - it's all about the network, even the wholesaler plan for Australia is talking about layer 2 protocols (See The Communications Alliance Wiki. All of the documents I have seen from Communications Alliance are all about the network - all very low level stuff.
Of course, these three countries are not the only countries that are going through a NBN project. For example the Philippines had a shot at one a few years ago - the bid was won by ZTE, but then a huge scandal caused the project to be abandoned. It came back a while later as the Government Broadband Network (GBN) but that doesn't really help the average Filipino. It's interesting to see how these projects develop around the world...
Interesting - looks like RIM dodged a bullet in the UAE.
Here is the URL for this news: www.google.com/hostednews/afp/article/ALeqM5iMtJnqeRckjmlWVOoB1KWqtYmbLw?docId=CNG.aec298041bd87d0d6ae2ef88e13bcbcd.6a1
The threatened ban was narrowly averted and the ban in India looks as if it will avoid a ban after all. I wonder if RIM installed (r promised to) a Network Operations Centre in the UAE (which is what I saw a a possible way of appeasing the authorities) or if they have come up wit some other way to give the UAE authorities access to the encrypted traffic.
In the meantime, India has hinted (per my previous post) that they will be going after private VPN traffic in addition to the Blackberry traffic. We'll see where that ends up soon I guess.
Andrew_Larmour 0300000243 Tags:  telco telecom mobile_portal bharti andrew_larmour app_store airtel 4,337 Views
In just five months, Bharti Airtel's App store has had over 13 Million downloads. What a terrific example of a Telco App Store in action and (presumably) making money for the Telco. This article came across my screen this afternoon and given my previous posts about Bharti's App Store and carriers wanting to get into them (something I've seen all over Asia) to try and arrest some of the revenue bleeding to Apple (and to a lesser extent Google, Nokia and RIM) through single brand (phone) app stores.
http://www.telecompaper.com/news/printarticle.aspx?cid=742043 - Thursday 24 June 2010 | 03:29 AM CET, Telecompaper
The article is really brief, barely a footnote, but it does lay out some interesting facts:
Technorati Tags: app_store, bharti, airtel, telco, mobile_portal, andrew_larmour,
Airtel's App Central on a PC
I am sitting here in Singapore and reading today's Straits Times, keeping up with the affairs in the region and around the world where on page 3 (the most important page in a newspaper after the front page) is an article about the leaked/lost next generation iPhone that Gizmodo reportedly paid US$5000 dollars for (other online reports that I've read have suggested other amounts such as US$350. I'm not sure who is right). The article occupied almost half of page 3.. for the next gen iPhone... that seems excessive to me for a non-specialist publication, but I guess it is reflective of the general hype that exists around Apple products. The previous hype was around the next gen MacBooks with faster processors and prior to that the iPad. I've read articles suggesting that the iPad will revolutionise newspapers and home computing and telcos. I'm not so sure. While I think a lot of iPad will be sold worldwide (once it is released outside of the USA), but I also think a lot of those devices will get a lot of use through a honeymoon period and then sit idle until they are eventually disposed of. I am so sick of the hype around all these Apple products. There are some things that Apple do really well (UI and Design) and some they do really poorly (Business use support, locking in users). I respect them, but I do not like them.
It reminds me of a great parody that The Onion did a while ago:
Apple Introduces Revolutionary New Laptop With No Keyboard
Andrew_Larmour 0300000243 Tags:  google arpu larmour telecom nokia app_store iphone andrew nexus telco apple handango palm ovi pixi 7,817 Views
App Stores Background
I know lots of people are saying that Apple invented the Application Store (App Store) for their iPhone/iTouch range of devices, but they would be wrong. App stores have been around for years - I have been a customer of Handango since before I joined IBM's Pervasive Computing team and that team has been gone for over three years now. Handango are an Internet based app store that have supported multiple handheld PDA and phone platforms. Others that I've used in the past include Tucows, although Tucows is more than just mobile applications - they also cover Win32, Linux, Mac etc as well. The big things that Apple did differently from Handango and their Internet brethren was:
Of course, Apples' device competitors are trying to catch the same wave that Apple have been riding and deploy their own application store equivalents. We've seen efforts from Google, Nokia, Palm and Research In Motion (RIM - makers of the Blackberry) and interestingly, all have been somewhat successful. Successful at attracting developers which is key to then attracting users. Here are the their app stores:
Personally I am not a fan of Apple's restrictive market practices and much prefer the more open ecosystem that surrounds the Symbian and Windows mobile platforms. I have in the past written applications for Palm Garnet (nee PalmOS), Symbian and Windows Mobile for use within a corporate environment. Something that is not possible with Apples licensing policies and forcing developers to upload apps to the App Store so that Apple can approve them and then include them in the App Store catalogue. If I only want to write an application for my customer, I cannot deploy it directly to the customer's iPhones unless they have been jailbroken - the only alternative is for Apple to look at and approve the application then sign it. While the others also have the concept of signed and certified applications, you can install unsigned or un-certified applications on the other major platforms if you want (except for Android which appears to be going down a similar if less restrictive path to Apple).
Telcos and App Stores
In the past year as Telcos all around the world have watched Apple's App Store take off and seen their interaction with the iPhone subscribers being reduced to the supplier of the pipe to the Internet - way down from the high value position that most carriers aspire to in order to improve ARPU. I've seen requests form many Telcos in that time for Application Store or Widget Store capability. The telos - understandably - want to raise their profile in the eyes of the subscriber and their worth in the value proposition. I have seen request for proposal documents from telcos in China, Taiwan, Vietnam, USA and queries from telcos in Thailand, Philippines, Singapore, Japan and other countries. App/Widget Stores are certainly one of the topics of the moment for Telcos.
The key differentiators that a Telco has that separates it from Apple's App Store are:
In fact, IBM has won and has (partially at this stage) implemented an app store in Vietnam. Because of the Telecom environment in Vietnam, this App Store is not actually within a telco, but is instead an external company*. The app store was implement with a combination of WebSphere Portal (to provide the user interface) and WebSphere Commerce (to provide the catalog and sales part of the App Store and WebSphere Message Broker for Integration requirements. I was involved from the very initial stages of that project.
The company intends to launch a Mobile Commerce and Advertising Platform (MCAP), which is a multi-channel platform enabling its members to do small value electronic transactions (or m-commerce and e-commerce. Some of their use cases include
I don't often get involved in WebSphere Commerce projects (it tends to be a very specialized field) we do have a number of Telcos who are using WebSphere Commerce, not necessarily in App Stores, but based on the experience in Vietnam, it would not be a big leap to add that capability to their existing deployments.
The usage of WebSphere Portal provides a easy and extensible user interface primarily targeted at the PC, and with the addition of the Mobile Portal Accelerator (nee WebSphere Everyplace Mobile Portal Enable) to the existing Portal, that user interface can be extended to over 10,000 separate devices providing subscribers with an optimized experience for their device.
Where does this leave those Telcos who haven't made the leap to their own app store? In my opinion, they still have time to catch the wave, and certainly if they want to avoid the Apple effect and being reduces to a bit pipe provider, then they need to do something to add value in the eyes of the subscriber. Apple's model doesn't help them with that, but perhaps the other device specific app stores wont be so carrier unfriendly. I will see what I can find out on this issue and report back in another post.
Buy for now
* Once that customer has agreed to be a formal reference, I will share additional details in a future post.
If you want some background reading on App Stores, here are a couple of articles I would suggest:
Andrew_Larmour 0300000243 3,358 Views
Here is the URL for this bookmark: www.bbc.co.uk/news/world-south-asia-15071086?utm_source=twitterfeed
A link to this blog entry popped up in my LinkedIn feed today which in turn linked to a Developerworks article - Combine business process management and blockchain which steps you though a use case and allows you to build your own basic BPM & Blockchain demo. Complex processes could save and get data to/from Blockchain ensuring that every process in any organisation (within the same company and across company boundaries) are using the most up to date data.
I thought it would be appropriate to paste in a link given my previous post on Blockchain in Telcos. As I think about this topic more, I can see a few more use cases in Telecom. I'll explore them in subsequent posts, but for now, I think it's important that we be pragmatic about this. Re-engineering processes to make good use of blockchain is non-trivial and therefore will have a cost associated with it. Will the advantages in transparency and resilience be worth the cost of making the changes? Speaking about resilience, don't forget the damage that a failure can cause. British Airways IT system failure (which I believe is outsourced but I cannot be sure) was down for the better part of three days - failures like that have the potential to bring down a business. We don't know yet what will happen to BA in the long term, but you certainly don't want the same sort of failure happing ing to your business.
AndrewLarmour 060000KEBS Tags:  bss xdr operations telco telecom blockchain fraud oss assurance cdr billing 1,804 Views
If you like me are hearing 'Blockchain this, blockchain that', it almost seems like blockchain will solve world peace, global hunger and feed your pets for you! We're obviously at the 'peak of inflated expectations' of the Gartner hype cycle.
I saw a tweet yesterday from an ex-colleague at IBM yesterday that spoke about using blockchain to combat fraud in a Telco. While I can see that as a possible use case, I was thinking about other opportunities for blockchain.
Perhaps I need to explain blockchain briefly so that those that don't understand it can also understand the Telecom use cases for blockchain. Wikipedia defines it like this:
"A blockchain... is a distributed database that maintains a continuously growing list of records, called blocks, secured from tampering and revision. Each block contains a timestamp and a link to a previous block. By design, blockchains are inherently resistant to modification of the data — once recorded, the data in a block cannot be altered retroactively. Through the use of a peer-to-peer network and a distributed timestamping server, a blockchain database is managed autonomously. Blockchains are "an open, distributed ledger that can record transactions between two parties efficiently and in a verifiable and permanent way. The ledger itself can also be programmed to trigger transactions automatically."
So, it's an immutable record of changes to something. I was thinking about that yesterday and there were a number of use cases in Telecom that I could think of that could use blockchain. I'm not suggesting that they should use blockchain or that it's needed, just that they could. These are the Use cases I came up with:
I don't for a second think that all of these can be justified in terms of cost/benefit analysis, but I could see blockchain being used in these scenarios.
Do you have any ideas? Please leave a comment below.
I realise I missed the usual business case that blockchain is used for - a financial ledger. Obviously storing a CSP's financial data in a blockchain would work (and make sense) as it would in ANY other enterprise. I really wanted to illustrate the CSP specific use cases for blockchain.
Andrew_Larmour 0300000243 Tags:  bpm larmour andrew_larmour frameworx tmf businessagility telco telecom soa 4,787 Views
Why TMF Frameworx?
The TeleManagement Forum (TMF) have defined a set of four frameworks collectively known as Frameworx. The key frameworks that will deliver business value to the CSP are the Information Framework(SID) and the Process Framework (eTOM). Both of these can deliver increased business agility - which will reduce time to market and lower IT costs. In particular if a CSP is undertaking with the multiple major IT projects in the near term, TMF Frameworx alignment will ease the pain associated with those major projects.
Without a Services Oriented Architecture (SOA), such as many CSP's have currently, there is no common integration layer, no common way to perform format transformations with that multiple systems can communicate correctly. A typical illustration of this point to point integration might look like the Illustration to the right:
Each of the orange ovals represents a transformation of information so that the two systems can understand each other - each of which must be developed and maintained independently. These transformations will typically be built with a range of different technologies and method, thus increasing the IT costs of integrating, maintaining such transformations, not to mention maintaining competency within the IT organisation.
A basic SOA environment introduces the concept of an Enterprise Service Bus which provides a common way to integrate systems together and a common way of building transformation of information model used by multiple systems. The Illustration below shows this basic Services Oriented Architecture - note that we still have the same number of transformations to build and maintain, but now they can be built using a common method, tools and skills.
If we now introduce a standard information model such as the SID from the TeleManagement Forum, we can reduce the number of transformation that need to be built and maintained to one per system as shown in the Illustration below. Ensuring that all the traffic across the ESB is SID aligned means that as the CSP changes systems (such as CRM or Billing) the effort required to integrate the new system into the environment is dramatically reduced. That will enable the introduction of new systems faster than could otherwise been achieved. It will also reduce the ongoing IT maintenance costs.
As I'm sure you're aware, most end to end business processes need to orchestrate multiple systems. If we take the next step and insulate those end to end business processes from the functions that are specific to the various end point systems using a standard Process Framework such as eTOM, then business process can be independent of systems such as CRM, Billing, Provisioning etc. That means that if those systems change in the future (as many CSPs are looking to do) the end to end business processes will not need to change - in fact the process will not even be aware that the end system has changed.
When changing (say) the CRM system, you will need to remap the eTOM business services to the specific native services and rebuild a single integration and a single transformation to/from the standard data model (SID). This is a significant reduction in effort required to introduce new systems into the CSP's environment. Additionally, if the CSP decide to take a phased approach to the migration of the CRM systems (as opposed to a big bang) the eTOM aligned business processes can dynamically select which of the two CRM systems should be used for this particular process instance.
What that means for the CSP.
Putting in place a robust integration and process orchestration environment that is aligned to TMF Frameworx should be the CSP's first priority; this will not only allow the subsequent major projects integration and migration efforts to be minimised, it will also reduce the time to market for new processes and product that the CSP might offer into the market.
Telekom Slovenia is a perfect example of this. When the Slovenian government forced Mobitel (Slovenia) and Telekom Slovenia to merge, having the alignment with the SID and eTOM within Mobitel allowed the merged organisation to meet the governments deadlines for the specific target KPIs:
When a CSP is undertaking multiple concurrent major IT replacement projects, there are a number of recommendations that IBM would make based on past observations with other CSPs that have also undertaken significant and multiple system replacement projects:
I was going to use this post to talk about the Idea Factory for Telecom, but I noticed this press release this morning about SK Telecom (South Korea) use of Cloud computing and I though I would share what have seen with Cloud computing in Telcos. The press release follows:
ARMONK, N.Y. - 16 Dec 2009: IBM (NYSE: IBM) today announced that it has successfully built Korea's first cloud computing environment for a private sector company, SK Telecom, the largest telecommunications company in Korea with over 24 million customers. The cloud environment provides developers with the necessary software and hardware to develop applications that will allow SK Telecom to offer up to 20 new services to their customers by the end of 2009, such as sports news feeds and a photo service.
I can't claim to have been closely involved with this deal at SK Telecom, but we have spoken to other Telcos in ASEAN about using Cloud Computing in a similar way. Where telcos have a developer ecosystem, Cloud could be deployed in a private could environment for their developers to deploy their test applications within that private cloud. We proposed using the WebSphere Cloudburst appliance to allow developers to self manage and deploy the virtual servers for their applications. The diagram below illustrates what I am talking about:
I guess this could be where I tie in the Idea Factory for Telecom after all. The Idea Factory would be used to support the whole developer ecosystem, while the Cloudburst appliance would be used to support the advanced developers who want to be able to deploy their Java applications within the cloud.
In my view, this is a somewhat obvious use for Cloud within a Telco and SK Telecom's deployment of Cloud in this manner is proof of that point. The somewhat less obvious use of Cloud within a Telcos is the use of Cloud infrastructure for their core SDP and OSS/BSS infrastructure. I could not imagine a Telco being willing to deploy such core systems in a public cloud, but there is a possibility of deploying it in a private cloud.
The team at Bharti Airtel are working to move the SDP infrastructure there to a Cloud environment - giving them the flexibility to rapidly scale up and down to suite different changing market forces. The other BIG thing that moving to a cloud will change is where the SDP components are deployed. Once the SDP components such as WebSphere Process Server, Telecom Web Services Server, WebSphere Services Registry and Repository and the other components are in a private cloud, it becomes very easy to move to a hosted private cloud or even a public cloud. If we think for a moment about the SDP running in a hosted cloud environment, then it is not a huge leap to host another Telco's SDP in the same hosted cloud. Now we have a hosted environment in which potentially many telcos have their Service Delivery Platform running.
This diagram illustrates the various SDP deployment options including the Cloud options. What is happening at Bharti is a move from a traditional OutSourcing model to a private cloud, then on to potentially a single client hosted private cloud and then eventually to a multi client cloud option. See that I need below.
What do you think? Can you think of any other cloud scenarios in a telco?
Taking into account the comments from the internal version of this blog, I have modified the developer ecosystem a bit - using IBM Cloudburst instead of WebSphere Cloudburst would certainly give a Telco a much greater developer platform choice. I've left the view above because that is what we proposed to the ASEAN telco, but in retrospect, the IBM Cloudburst option would have better suited their needs - although IBM Cloudburst has a significant price premium associated with it that WebSphere Cloudburst does not. That said, in a cloud environment (customer hosted private, IBM hosted private, multi or single tenanted) for a Service Delivery platform, using IBM Cloudburst would seem to be to be the right way to go.
This post is an update to my earlier post which is now sadly mostly incorrect because IBM's web site has been completely restructured and none of the links I provided previously are valid any more.
I know this isn't strictly related to my normal Industries, but it is applicable for anyone who want's to chat with IBMers, so I thought it was valuable enough to share. For a number of years now, my email signature has included a link for non-IBMers to contact me via Sametime. If you're an IBMer reading this, you might consider linking to this post in your email signature yo allow your customers and partners to chat with you via Sametime.
Here is a step by step guide to setting it up so that you can chat with IBMers over Sametime/IBM Instant Messaging.
There are a few things you'll need for this to work:
Once you have your client installed, you'll want to set up a server community for the IBM IM Gateway. The details you need are:
See these screen dumps for reference...
Once you login with your IBMid, you'll be presented with the ST client and no one in your buddylist. Sending instant messages to yourself isn't very interesting and really what you want to do anyway is to chat with IBMers so lest add an IBMer to your buddylist so that you can chat with them...
You will need to know their Internet email address as you have to manually type it in. You will not be able to serach for them. Select the "Add external person by email address' radio button, then type in their email address and name, asign a group if you want to group your contacts.If you don't know they're email address, you can search here to find it.
Once you click on 'add' a popup will appear telling you that the IBMer will need to approve you to be able to see their status and chat with them through the IM Gateway.
NB. In the buddylist - the au1.ibm.com is my internal Sametime community id (which is the same as my email address) and the optusnet.com.au email address is my ibm.com id.
Once you've added your IBM contacts, you're up and running and the interface should look something like this (below):
A chat session between my two IDs (my IBMid and my internal id) looks like this in both the standalone client (used for my external IBMid and the embedded client in my IBM Notes client - on Linux)
You might notice that all the rich text, file, image functions are greyed out - that's because they are not supported by the external IBM gateway so you'll be restricted to plain text in your chats...
This capability is not well known among IBMers, but I have spoken with a number of partners, exIBMers and my wife via this facility in the past.
Hopefully, this post will spread the word a bit more....
Andrew_Larmour 0300000243 Tags:  ibm larmour communicate chat sametime andrew 6 Comments 18,832 Views
[UPDATE : Unfortunately most of this post is now out of date. I have revised the information and posted in a new post Connecting with IBMers through Sametime/Instant Messaging (v2) - please refer to that post to connect to IBM's internal Sametime / Instant Messaging environment. ]
I know this isn't strictly related to my normal Industries, but it is applicable for any DW member, so I thought it was valuable enough to share and might even prove useful in dealing with IBMers. For a number of years now, my email signature has included a link for non-IBMers to contact me via Sametime. That link is connects to https://www.ibm.com/collaboration/instantmessaging
In my normal Sametime client, my external id comes in as alarmour @ optusnet.com.au.ibm.ext (my ibm.com id prepended to "ibm.ext") - I can add this external id to my buddylist so that I can see when my external self is logged on. In fact, I can add the external community to my standard sametime setup and log in from there as well. If you know the name of the IBMer that you want to add to your buddylist, but don't know their email address, you can get that from the ibm.com web site through this employee search facility.
I am not sure what is going on with the status of my ibm.com id not showing up as online (on the screen dump above) - I do see when my wife is logged on and some others that regularly log in too (although they are using a more modern client rather than the old 3.1 java client). After a while, it did correct itself through.
What I did for my wife was to download the free trail version of the Sametime client (from DW!), then use the config information from the jave client so that Samtime started automatically when her PC starts - thaqt way, she can chat with me regardless of the Sametime client I am using to connect to messaging.ibm.com (I often use the mobile client which does not support multiple communities). Such a setup also means that she does not need to go to ibm.com in a browser to chat with me - the client is just sitting minimised in the systray on her PC.
Hopefully, this post will spread the word a bit more....
Update: The version of the Sametime Web Client has been updated and the launch URL has changed - I have corrected it above and added a new screen capture of the new client:
<a '="" data-cke-saved-href="https://www.ibm.com/developerworks/mydeveloperworks/blogs/IndustryBPTSE/resource/BLOGS_UPLOADED_IMAGES/Sametime-external.png " href="https://www.ibm.com/developerworks/mydeveloperworks/blogs/IndustryBPTSE/resource/BLOGS_UPLOADED_IMAGES/Sametime-external.png " target="_blank">
Andrew_Larmour 0300000243 Tags:  larmour blog activity ie bookmarks post andrew firefox 4,812 Views
Would you like to be able to create bookmarks, blog posts and activity entries with a simple button in your browser? It's easy and works in Firefox and Internet Explorer (possibly others, but I have not tested them). Al you need to do is to create a new bookmark in your bookmarks bar.
Create a new bookmark and paste in the following in the "Location" field of the bookmark:
When you click on the bookmark, it will pop up a window allowing you to fill in the details (see below)
I've met with Celcom (a Telco in Malaysia) a few times this year, they have a funny sign in the lift well of every floor... So much for all the IBM sales staff that were with me!
Apologies for the quality of the photo - I only had my phone camera with me at the time.
Andrew_Larmour 0300000243 Tags:  rim uae india telecom larmour encryption blackberry telco andrew andrew_larmour banned 10,919 Views
I know I have been lax in posting recently. I've had a lot of work on and I am sorry for not getting to the blog.
That said, over the past few weeks, I have been watching what seems to be a snowballing issue of governments spying on their citizens in the name of protection from terrorism. First cab off the rank was India a couple of years ago asking Research In Motion (RIM) for access to the data stream for Indian Blackberry users, then asking for the encryption keys. That went quiet until recently (1Jul10), the Indian Government again asked RIM for access to the Blackberry traffic and gave RIM 15 days to comply (See this post in Indian govt gives RIM, Skype 15 days notice, warns Google - Telecompaper). That has passed and the Indian government yesterday gave RIM a new deadline of 31Aug10 (See Indian govt gives 31 August deadline for BlackBerry solution - Telecompaper). In parallel, a number of other nations have asked their CSPs or RIM for access to the data sent via Blackberry devices.
First, was the United Arab Emirates (UAE) who will put a ban on Blackberry devices in place which will force the local Communications Service Providers (CSPs) to halt the service from 11Oct10. RIM are meeting with the UAE government, but who knows where that will lead with the Canadian government stepping in to defend it's Golden Hair Child - RIM. Following the UAE ban, Saudi Arabia, Lebanon and more recently Indonesia have all said they will also consider a ban on RIM devices. As an interesting aside, I read an article a week ago (See UAE cellular carrier rolls out spyware as a 3G "update") that suggested that the UAE government sent all Etisalat Blackberry subscribers an email advising them to update their devices with a 'special update' - it turns out that the update was just a Trojan which in fact delivered a spyware application to the Blackberry devices to allow the government to monitor all the traffic! (wow!)
Much of the hubbub seems to be around the use of Blackberry Messenger, an Instant Messaging function similar to Lotus Sametime Mobile, but hosted by RIM themselves which allows all Blackberry users (even on different networks and telcos) to chat to each other via their devices.
I guess at this stage, it might be helpful to describe how RIM's service works. From a historical point of view, RIM were a pager company. Pagers need a Network Operations Centre (NOC) to act as a single point from which to send all the messages out to the pagers. That's where all the RIM contact centre staff sat and answered phones, typed messages into their internal systems and sent the messages out to the subscribers. RIM had the brilliant idea to make their pagers two way so that the person being paged could respond initially with just an acknowledgement that they had read the message, and then later with full text messages. That's the point at which the pagers gained QWERTY keyboards. From there, RIM made the leap in functionality to support emails as well as pager messages, after all, they had a full keyboard now, a well established NOC based delivery system and a return path via the NOC for messages sent from the device. The only thing that remained was a link into an enterprise email system. That's where the Blackberry Enterprise Server (BES) comes in. The BES sites inside the Enterprise network and connects to the Lotus Domino or MS Exchange servers and acts as a connection to the NOC in Canada (the home of RIM and the location of the RIm NOC). The connection from the device to the NOC is encrypted and from the NOC to the BES is encrypted. Because of that encryption, there is no way for a government such as India, UAE, Indonesia, Saudi Arabia or other to intercept the traffic over either of the links (to or from the NOC)
Last time I spoke to someone at RIM about this topology, they told me that RIM did not support putting the BES in the DMZ (where I would have put it) - since then, this situation may have changed.
Blackberry messenger traffic doesn't get to the BES, but instead it goes from the device up to the NOC and then back to the second Blackberry which means that non-enterprise subscribers also have access to the messenger service and this appears to be the crux of what the various governments are concerned about. Anybody, including a terrorist could buy a Blackberry phone and have access to the encrypted Blackberry messenger service without needing to connect up their device to a BES which explains why they don't seem to be chasing after the other VPN vendors (including IBM with Lotus Mobile Connect) to get access to the encrypted traffic between the device and the enterprise VPN server. Importantly, other VPN vendors typically don't have a NOC in the mix (apart from the USA based Good who have a very similar model to RIM). I guess the governments don't see the threat from the enterprise customers, but rather the individuals who buy Blackberry devices.
To illustrate how a VPN like Lotus Mobile Connect differs from the Blackberry topology above, have a look at the diagram below:
Lotus Mobile Connect topology
If we extend that thought a little more, a terrorist cell could set them selves up as a pseudo enterprise by deploying a traditional VPN solution in conjunction with an enterprise type instant messaging server and therefore avoid the ban on Blackberries. the VPN server and IM server could even be located in another country which would avoid the possibility of the government easily getting a court order to intercept traffic within the enterprise environment (on the other end of the VPN). It will be interesting to see if those governments try to extend the reach of their prying to this type of IM strategy...