The Internet’s regional registries, which dole out blocks of IPv4 and IPv6 address space to carriers, will announce on Monday that less than 5% of the world’s IPv4 address space remains unallocated.

Pv4 is the Internet’s main communications protocol. It uses 32-bit addresses and can support 4.3 billion devices connected directly to the Internet. IPv6, on the other hand, uses 128-bit addresses and supports a virtually unlimited number of devices – 2 to the 128th power.

Overall, more than 200 million IPv4 addresses have been allocated from the so-called free pool of available IPv4 addresses since January 2010, with most of the addresses being snapped up by Asian carriers.

Allocation of the remaining blocks of IPv4 addresses is “imminent,” according to Axel Pawlik, chairman of the Number Resource Organization, which represents the five regional registries.

“It is critical that all Internet stakeholders take definitive action now to ensure the timely adoption of IPv6,” Pawlik said in a statement.

The NRO warns that the last IPv4 address blocks will be allocated from the free pool to the regional registries in early 2011. Experts predict that the registries will hand out these addresses to network operators by the end of 2011, leading to full-fledged depletion of IPv4 addresses.

Once IPv4 addresses are depleted, ISPs must give their new customers IPv6 addresses or use carrier-grade network address translation to share a single IPv4 address among multiple customers.

Despite the looming depletion of IPv4 address space, carriers are sending only a trickle of IPv6 traffic across their backbone networks.

Arbor Networks said last week in a blog post that IPv6 traffic represents less than one-twentieth of 1% of Internet traffic as of October 2010. This data came from 110 ISPs that participate in Arbor’s ongoing Internet traffic measurement study.

Arbor found that most of the IPv6 traffic is via tunneling mechanisms — primarily 6to4 — rather than native IPv6 traffic.

This traffic data prompted Arbor Networks’ Chief Scientist Craig Labovitz to write that “at this rate, we have years to go before any widespread v6 adoption.”

Industry observers agree that the gap between the rate at which IPv4 addresses are being depleted and the rate of IPv6 adoption by carriers and enterprises appears to be widening.

“It comes down to the fact that people sitting at their computers or using their wireless devices are still being assigned IPv4 addresses and are looking at IPv4 content,” says Chris Davis, senior director of corporate marketing communications for NTT America, which has offered native IPv6 services in the United States since 2004. “Users have to be given IPv6 addresses so they can access IPv6 traffic…You need the content to be on v6 and you need the eyeballs on v6.”

Jason Livingood, executive director of Internet Systems at Comcast, says IPv6 traffic won’t rise until more Web sites such as You Tube and Face book start producing IPv6-based content. Comcast has an ongoing trial of IPv6 services that involves 7,000 commercial and resident customers and plans to offer commercial IPv6 services by 2012.

“We need content providers to step up and migrate to IPv6,” Livingood says. “You will still see low levels of IPv6 traffic until end sites are v6-enabled.”Some network operators are running into interoperability problems with their existing network gear when they try to deploy IPv6.

“It’s difficult to adopt v6 because it can be a challenge to implement it on all of your devices,” says Dave Seigel, vice president of IP Services Product Management at Global Crossing, which sells IPv6-based Internet access. “We’re working with a managed customer that got serious about doing IPv6. We found all kinds of features with [routing protocols] BGP and EIRDP that are not supported in IPv6. Now, they’ve gone back to their router vendor, which is taking a lackadaisical approach that’s slowing down our ability to migrate this customer. They’re trying to be native IPv6, but they are completely stalled.”

Source : PCworld.in

However, Net Ware has moved on from mainstream roles and Windows Servers are the most popular file server platform today. A lot of administrators go the Linux route for file servers, and some even use storage processors or the cloud for housing general purpose data. With all of these options, there are positives and negatives to each. Here are some thoughts for each platform–both for and against as a file server:

Windows Server: Windows is an “okay” file server, with its ease of integration into Active Directory being a big plus for the everyday administrator. The cost of a Windows license plus the client licenses can add up over time, however.

Linux Server: Interoperability with Windows systems is important, and this is easier for Linux today with options beyond the simple Samba server. Packages can be added on the server to make it more seamless, and of course work fine for other Linux systems. The cost of software acquisition would be lower than the Windows alternative.

SAN: The SAN can take on file server duty as well. This can be basic roles of simply running a CIFS engine on the storage processor, commonly done on NetApp storage systems. You can take that further and manage a content life cycle with a robust product like the Hitachi Content Platform. These solutions may cost more in terms of the hardware involved, but additional features such as replication and life cycle management can aid in getting a handle on content sprawl.

Cloud: Utilizing cloud storage as a file server is available in a number of means today. Today, solutions such as the Nirvanix Cloud NAS or Nasuni Filer can present a file server on the local network with unlimited back end storage on a public cloud. These solutions maintain a cache of what is accessed most frequently, and that is a good idea as file servers are notorious for holding tons of data that no one ever accesses. Costs for cloud storage can add up and there are security and encryption questions that make this jump take a little more planning.

The fact is that file servers are going to be here to stay, whether we like them or not. The question is what is the best way to provide file server content with today’s infrastructure options? Is a Windows file server still the way to go? Is a public cloud the best way up?

One solution is to buy a Flash drive that includes an encryption facility. However, these are often expensive. Also, in many cases, you need admin rights on the PC in order to run the application which decrypts the files and allows you to access them. Fine when you’re at your home PC, or in your office, but no so handy if you’re away from home in a hotel or an internet cafe.

Rohos Mini Drive is a great solution to the problem, and it’s totally free of charge. It runs on Windows XP and above, it’s only a 3 MB download, and you can create encrypted partitions of up to 2 GB (for larger partitions you’ll need to upgrade to the non-free version).

Using the program is easy. Download the installer and run it (you’ll need admin access, just this once). Then run the installed Mini Drive app, which will search for any connected USB Flash drives and allow you to create an encrypted partition on that drive. Choose the password you want, wait while the program does its stuff, and your new encrypted drive is ready to use, complete with its own drive letter. When you’re finished accessing it, right-click the Rohos icon in your system tray and choose to Disconnect the drive.

On your own PC, where you probably have admin access, you can connect and disconnect the drive whenever you wish, via the Rohos icon. On a “foreign” PC, where you’re not an administrator and where the Rohos software isn’t installed, just insert the Flash drive as normal and browse to the viewer application. Run it, enter the password, and you’ll have full read/write access to your encrypted files via the app’s built-in Explorer-type facility.

Rohos Mini Drive is a really handy utility to ensure that your private files remain confidential. Check it out.

That’s the good news. The bad news is that it’s going to be a while before we see Gigabit Wi-Fi. It’s not that the technology isn’t available to pull this kind of speed off. If anything the problem is that there are too many technologies that Wi-Fi chip vendors can use to deliver the 1Gbps (Gigabit per second) goods.

All-together, there are three proposed Gigabyte Wi-Fi standards. These are IEEE 802.11ac, 802.11ad and Wireless Gigabit aka WiGig.

First, there’s 802.11ac. This is the next step up for the old 802.11a Wi-Fi standard. This was, and still is, a 5GHz Wi-Fi standard with a speed range of 54Mbps (Megabits per second). Vendors were slow to get 802.11a equipment out the door. When 802.11g came along, which works in the 2.4GHz range, could produce the same speed, and was compatible with the older and slower 802.11b, 802.11a became something of an orphaned technology.

Now with 802.11ac, 802.11a is making a kind of comeback. This new standard will continue to work on the 5Ghz band, but it will provide larger channels for data throughput. Today, 802.11a uses 20 MHz-wide channels, 802.11ac will be using either 40 MHz or 80 MHz-wide or perhaps even 160 MHz channels to deliver data. 802.11ac may also make use of MU-MIMO (multiple user-multiple input, multiple outputs). In MU-MIMOs simultaneous streams will be transmitted to different users on the same channels.

Exactly how will it work? We don’t know yet. The standard is still far from set in stone. If all works out, 802.11ac devices will start showing up in late 2011 or early 2012 with speeds just touch 1Gbps.

That’s option number one, but wait, there’s more. 802.11ad and WiGig promises to deliver blazing hot 6Gbps speeds, but they’ll deliver it in the 60GHz range. The downside of this millimeter band Wi-Fi is that its range will be in feet rather than yards. 802.11ad and WiGig APs will be able to cover a room, but not much more.

802.11ad, is based on WiGig, but the two aren’t quite on the same page. I suspect eventually they’ll sync up with each other. The last thing anyone wants is a repeat of the long, slow slog to 802.11n standardization.

WiGig has the support of Wi-Fi powers Atheros, Broadcom, and Intel. It’s being designed specifically for streaming high-definition video. Its designers’ goal is for future Wi-Fi adapters to be able to support 802.11g’s 2.4 GHz for backwards compatibility and range, 802.11n and 802.11ac’s 5GHz for performance, and 802.11ad/WiGig’s 60GHz for short-range, HD video data transfers.

Last, but not least, there’s companies working on reaching Gigabit speeds within 802.11n. You see 802.11n supports up to 4 antennas. If you use 802.11n’s 5Ghz channels and four antennas you can, in theory, bond multiple channels together to reach 1Gbps. So far, no one’s selling four antenna 802.11n devices, but it’s only a matter of time.

Atheros is already shipping chipsets that can support up to three data streams at once. Atheros claims that devices using it new high-speed 802.11n chipsets can reach up to 450Mbps. Even before that, Marvell was shipping pre-standard 802.11n chipsets with three antenna support back in 2008. Smaller silicon foundries, such as Quantenna Communications, are already shipping 802.11n chipsets that can support four antennas.

Before you get too excited about seeing 1Gbps speeds in the next few months, you should keep in mind that the 802.11n bonding solutions are all, at this point, pretty much restricted to devices that all use the same chipsets. So, for example, even if you did get a Quantenna Full-11n AP (access point), it wouldn’t deliver 1Gbps speeds to your Apple MacBook Pro. Not only does the MacBook Pro have the wrong silicon inside, it doesn’t support that many antennas.

But, products are beginning to appear that come with higher-speed 802.11n built-in. For example, newer model Apple Airport Extreme uses a Marvell chipset to support three antennas.

So, one way or the other, you can expect to see faster Wi-Fi soon. In the short term, as enhanced 802.11n devices appear, you’ll need to look closely at device compatibility to get the maximum possible 802.11n speed. Down the road though, as 802.11ac, 802.11ad, and WiGig devices start shipping you can look forward to easy access to 1Gbps and faster wireless speeds.

Speaking as someone who’s always throwing serious amounts of data through the air in my home-office while wirelessly streaming HD video to my HDTV, I can’t wait to see these new technologies arrive.

Source : ZDNET

To illustrate how to quickly set up Squid as a caching proxy, Fedora 13 currently provides a very recent Squid 3.1.4 and is easy to install:

# yum install squid
Out-of-the-box, Squid will work as a web client proxy for the local host and local network. What you want to do is edit /etc/squid/squid.conf and look for the “localnet” entries, to comment out those networks that are not on your local network. For instance, if you use a 192.168 network at home, comment out the 10.0.0.0 and 172.16.0.0 lines:

#acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
#acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
Next, start the Squid service. If you have a firewall enabled on the system, be sure to allow TCP access to port 3128.

At this point, you can test by using a command line browser on the local system by doing:

$ http_proxy=”http://localhost:3128″ elinks http://foo.com/
And then look at the /var/log/squid/access.log file. If the browser did not complain about not being able to connect, and the log files show activity, then you have successfully set up Squid. The logs will look something like this:

1281203766.589 2626 ::1 TCP_MISS/200 18137 GET http://foo.com/ – DIRECT/1.1.1.1 text/html
1281203767.186 595 ::1 TCP_MISS/200 4867 GET http://foo.com/skins/common/
commonPrint.css? – DIRECT/1.1.1.1 text/css
If you were to execute the same browser command again, you would see the following:

1281204000.528 313 ::1 TCP_MISS/200 18137 GET http://foo.com/ – DIRECT/1.1.1.1 text/html
1281204000.591 60 ::1 TCP_REFRESH_UNMODIFIED/200 4873 GET http://foo.com/skins/common/
commonPrint.css? – DIRECT/1.1.1.1 text/css
This shows you the cache at work. The initial page is loaded again, but the CSS file is sent to the requesting browser using the cached copy. The next step is to try the same from another system that would also be using the cache (you can easily use the same command line browser command if available).

If you want to have a transparent proxy setup, so that no one will know the proxy is in use and cannot circumvent it, you can easily do so by adjusting iptables rules. If your firewall system is running Linux, this is easily accomplished. Note that if you do use a transparent proxy, you cannot use authentication on the proxy. If these aren’t important to you, setting up a transparent proxy is a fast and easy way to force everyone on the network to use it.

In /etc/squid/squid.conf you want to uncomment the “cache_dir” directive:

# Uncomment and adjust the following to add a disk cache directory.
cache_dir ufs /var/spool/squid 7000 16 256
and change

http_port 3128
to

http_port 3128 transparent
Once these changes have been made and Squid has been restarted, you also need to change the firewall rules for your network’s firewall or gateway system by redirecting all output HTTP traffic to the proxy. This can be tricky, depending on whether or not your Squid install is on the firewall system or if it’s a separate system in the local network. It also depends on your firewall’s software. The Squid wiki has a section on Interception (i.e. transparent proxies) and how to set them up with Cisco devices, Linux, FreeBSD, and OpenBSD.

That same wiki page also has other example configurations. Squid can be used for more than just web page caching, and there are examples there on how to use it for Instant Message filtering, using it as a reverse proxy to cache web page requests on a web server, how to set it up with various forms of authentication, etc.

Squid is very versatile and can do quite a lot. For large organizations, Squid offers a surprisingly easy way to save on bandwidth, as well as provides an easy way to force authentication to be required in order to obtain outbound access to traffic. For simple web caching, Squid is pretty much ready to run as-is, and the wiki offers a lot of examples and help if you need to consider something a little more complex.

Source : Techrepublic

1: Keep it simple
The first bit of advice is to keep things as simple as you can. Active Directory is designed to be flexible, and if offers numerous types of objects and components. But just because you can use something doesn’t mean you should. Keeping your Active Directory as simple as possible will help improve overall efficiency, and it will make the troubleshooting process easier whenever problems arise.

2: Use the appropriate site topology
Although there is definitely something to be said for simplicity, you shouldn’t shy away from creating more complex structures when it is appropriate. Larger networks will almost always require multiple Active Directory sites. The site topology should mirror your network topology. Portions of the network that are highly connected should fall within a single site. Site links should mirror WAN connections, with each physical facility that is separated by a WAN link encompassing a separate Active Directory site.

3: Use dedicated domain controllers
I have seen a lot of smaller organizations try to save a few bucks by configuring their domain controllers to pull double duty. For example, an organization might have a domain controller that also acts as a file server or as a mail server. Whenever possible, your domain controllers should run on dedicated servers (physical or virtual). Adding additional roles to a domain controller can affect the server’s performance, reduce security, and complicate the process of backing up or restoring the server.

4: Have at least two DNS servers
Another way that smaller organizations sometimes try to economize is by having only a single DNS server. The problem with this is that Active Directory is totally dependent upon the DNS services. If you have a single DNS server, and that DNS server fails, Active Directory will cease to function.

5: Avoid putting all your eggs in one basket (virtualization)
One of the main reasons organizations use multiple domain controllers is to provide a degree of fault tolerance in case one of the domain controllers fails. However, this redundancy is often circumvented by server virtualization. I often see organizations place all their virtualized domain controllers onto a single virtualization host server. So if that host server fails, all the domain controllers will go down with it. There is nothing wrong with virtualizing your domain controllers, but you should scatter the domain controllers across multiple host servers.

6: Don’t neglect the FSMO roles (backups)
Although Windows 2000 and every subsequent version of Windows Server have supported the multimaster domain controller model, some domain controllers are more important than others. Domain controllers that are hosting Flexible Single Master Operations (FSMO) roles are critical to Active Directory health. Active Directory is designed so that if a domain controller that is hosting FSMO roles fails, AD can continue to function–for a while. Eventually though, a FSMO domain controller failure can be very disruptive.

I have heard some IT pros say that you don’t have to back up every domain controller on the network because of the way Active Directory information is replicated between domain controllers. While there is some degree of truth in that statement, backing up FSMO role holders is critical.

I once had to assist with the recovery effort for an organization in which a domain controller had failed. Unfortunately, this domain controller held all of the FSMO roles and acted as the organization’s only global catalog server and as the only DNS server. To make matters worse, there was no backup of the domain controller. We ended up having to rebuild Active Directory from scratch. This is an extreme example, but it shows how important domain controller backups can be.

7: Plan your domain structure and stick to it
Most organizations start out with a carefully orchestrated Active Directory architecture. As time goes on, however, Active Directory can evolve in a rather haphazard manner. To avoid this, I recommend planning in advance for eventual Active Directory growth. You may not be able to predict exactly how Active Directory will grow, but you can at least put some governance in place to dictate the structure that will be used when it does.

8: Have a management plan in place before you start setting up servers
Just as you need to plan your Active Directory structure up front, you also need to have a good management plan in place. Who will administrator Active Directory? Will one person or team take care of the entire thing or will management responsibilities be divided according to domain or organizational unit? These types of management decisions must be made before you actually begin setting up domain controllers.

9: Try to avoid making major logistical changes
Active Directory is designed to be extremely flexible, and it is possible to perform a major restructuring of it without downtime or data loss. Even so, I would recommend that you avoid restructuring your Active Directory if possible. I have seen more than one situation in which the restructuring process resulted in some Active Directory objects being corrupted, especially when moving objects between domain controllers running differing versions of Windows Server.

10: Place at least one global catalog server in each site
Finally, if you are operating an Active Directory consisting of multiple sites, make sure that each one has its own global catalog server. Otherwise, Active Directory clients will have to traverse WAN links to look up information from a global catalog.

Consider this your wake up call — and you probably won’t need to hit snooze more than once.

Up until now, Clear wire’s nationwide WiMAX roll out focused on smaller and mid-tier cities. The company says it has deployed WiMAX in 52 markets, but many of those are neighboring markets in the same areas (see full map and list).

However, Clear wire is now preparing to launch its 4G WiMAX service in 12 major metros, including some of the epicenters of the technology world. On Monday, Clear wire stated that it will light up WiMAX in the following cities by the end of 2010:

* New York
* Los Angele’s
* San Francisco
* Miami
* Tampa
* Orlando
* Denver
* Nashville
* Minneapolis
* Cleveland
* Cincinnati
* Pittsburgh

In New York and Los Angele’s, Clear wire has made enough progress in several areas that it’s running a pre-launch promotion for customers in those areas to get WiMAX service for $35/month for the first two months (the standard price is $55).
Sanity check

These fall 2010 WiMAX roll outs are huge for Clear wire. They need to go smoothly, they need to offer substantial speed boosts over 3G in real world usage, and they obviously need to attract a lot of new customers. If those three things happen, then WiMAX could get a foothold in the U.S. market. If not, then it could get overrun by LTE, because Verizon is hot on Clear wire’s heels and preparing to start its 4G roll out this fall as well.

Verizon LTE is about a year behind Clear wire in its 4G build-out, but it’s closing fast. Clear wire has to nail it in the big metros — especially in New York and San Francisco where most of the tech press is — in order to start building momentum and wrestle power away from the traditional telecoms.

WiMAX’s day is finally about to arrive. Time to wake up and care about it again.

Source : Techrepublic

2. Implement restrictive removable media policy
The most foolproof way to protect yourself against malware that infects computers via removable storage media is to disallow all removable media usage. If no removable media can be used with your computers, no infected removable media will be used with your computers. Because this is not always an option, there are other alternatives, including limiting removable media to specific items that have been checked and approved, and to disallow using them anywhere else where they might pick up infections to bring back to the network.

3. Check all removable media on a secured system before use
If you have a computer that is set up to safely check for malware that could affect the rest of the systems you want to protect, it can help ensure the safety of your IT resources. You can set up a system with any AutoRun capabilities deactivated, and which preferably is not even subject to infection by the same malware that could affect the systems you want to protect. Unix-like OSes such as BSD Unix and Linux-based systems, serve well in this capacity when protecting an MS Windows network.

Keep the system segregated from any network resources so it cannot transmit any malware on tested media across the network, and with no unnecessary software running on it so there will be less opportunity for it to get infected as well. It is preferable to boot from read-only media or to re-image the boot drive between uses as well.

Run malware scans on the media and check out the contents of the media–including the autorun.inf file–while it is connected to the secured system. Combined with a restrictive removable media policy, a very effective level of protection can be achieved.

4. Choose to ban all removable media
Depending on how far you want to go, you could simply disconnect the data cables for various removable media reading devices and lock the case so they cannot be reconnected without a key; remove the devices entirely (and still lock the case); or even semi-permanently plug or destroy the interface used to plug in external devices, such as by filling sockets with epoxy or clipping the pins on a motherboard where the cable for a system case USB port is attached.

5. Implement the basics
Of course, educating your users and ensuring you have anti-malware scanning running on the systems you want to protect is one of the most important steps you can take, and can easily mean the difference between being safe and merely thinking you are safe

Figure A

You can copy this field by right-clicking it; you can then put the field into a command string to edit the GPO. The command string launches the Group Policy Editor directly to that object in the directory. The text below is an example command string to edit the GPO shown in Figure A in my private lab

gpedit.msc /gpobject”LDAP://CN={0523F1BD-B9F1-469A-87B8-D28E2345BADD},CN=Policies,CN=System,DC=rwvdev,DC=intra”

It’s a little tricky to determine where to put the GUID, so I’ve taken this text example and highlighted where it goes and the domain configuration. Figure B shows where these two pieces of information go in the command string:

Figure B

The green section is where the GUID is inserted, and the yellow section is where the domain information goes (in my case, the RWVDEV.INTRA domain is enumerated).

Then you can save the string as a shortcut or run it interactively to go directly into the editor for the GPO in question. The changes are made live and saved when closed as long as the permissions are in place. This can make frequent changes much easier for testing new configurations.

But let’s put the news in context. How does this new offering fit with Google’s business model? How will Google Voice fare with the public users and businesses? And will it kill Skype? Charles Glovin, principal analyst with Forrester Research, weighs in with five facts that you should remember about Google’s recent announcement.

1. Communications are increasingly integrated.

In the past, you’d likely log into your instant messaging application to IM your friends. If you wanted to call or text someone, you’d use your cell phone, and if you wanted to send an e-mail, you’d use your computer. Those silos are disappearing now, Glovin says.

“All of these are being integrated into one experience. The mechanics of communicating are less important-now it’s more focused on letting you have the communications you want in the mode that you want them.”

Rather than being revolutionary, Google’s integration of Voice with Gmail is a natural progression, Glovin says. Instead of using multiple means to communicate, you can place and receive phone calls, send text messages and e-mail your contacts, all from one central location — your Gmail account.

2. It’s a Convenience, Not a Game Changer.

What’s the driving reason for people to use the integrated Google Voice feature? Convenience, Glovin says. So don’t expect mobile users to give up their devices anytime soon.

“You need a lot of incentive to cause consumers to change their behavior,” he says. “People have cell phones with plans that have an abundance of minutes and special features, so it would take something drastic to make people change their ways.”

Instead, people will use Google Voice when it’s convenient, he says. For example, if you’re having a back-and-forth e-mail correspondence with someone, it might be easier to click a few buttons and speak to him through your computer to resolve your conversation quickly. The same goes for those times you leave your mobile phone on your coffee table-when you get to work, scroll through your Gmail contacts and place a call.

“I don’t see people using this too frequently,” Glovin says. “It’s just a convenience, not a game changer.”

3. As a business move, it’s all about advertising.

So what’s Google getting out of this new feature? “When it comes to their business model, there’s always one answer for Google — advertising,” he says.

Google Voice gives users the options to have their voicemails transcribed and sent to their Gmail accounts. The same is true with text messages-enable these features, and you can access your messages and search old ones through your Gmail account. This opens up the possibility that Google could crawl these messages-just like it does e-mail-and display targeted ads based on the text from your conversations.

4. Skype is here to stay.

Since Google announced Voice for Gmail, the Internet has been buzzing about how this will affect Skype. According to Glovin, he doesn’t expect Google’s move to severely impact the company.

“The impact on Skype wouldn’t be on Skype usage, it would be on the subset of people who use SkypeOut, which is a small portion of Skype’s base.” SkypeOut is the service that lets you make phone calls from your computer to anyone with a cell phone. The basic Skype service allows computer-to-computer calling.

5. It won’t soon be part of Enterprise Google Apps.

Don’t hold your breath waiting for this offering to become part of Google Apps for the enterprise, Glovin says. For a consumer, masking a change in a phone number is relatively simple, but for enterprises it’s more complicated.

“You have public branch exchanges and systems with all sorts of features — changing this in enterprises is a huge undertaking,” he says. “You need to support and supply a whole range of features that get integrated in many ways. I don’t think it’s an unreasonable assumption that it’ll come to Google Apps later down the road, but it’s a much bigger challenge right now.”