Remote Access

Agencies are looking anew at Web-based software applications.

Like martinis or avocado green, the old-fashioned can become trendy in the technology world, too. Witness the recent buzz about Web-based personal computer applications, whereby users access word processors or other office programs through the Internet. Companies selling Web applications let you buy access to their servers, which store your data and provide software functionality via a browser. To use them, your desktop computer needs nothing more than a good network connection, an operating system and a browser.

If the approach sounds somewhat familiar, it should. It's similar to the computing model in which dumb terminals were connected to a big remote mainframe that supplied all the data and functionality. It also conjures up repeated attempts to create alternatives to the personal computer. Oracle tried to launch a "network computer" twice in the 1990s, as recently as 1999. "The personal computer is a ridiculous device," Oracle Chief Executive Officer Larry Ellison once proclaimed.

But, under the rubric of "software as a service," applications run by a remote server are gaining new respect. Information technology consulting firm IDC of Framingham, Mass., predicts that worldwide spending on it will reach $10.7 billion by 2009, a compound annual growth rate of 21 percent. The Federal Aviation Administration is investigating switching to Web applications in lieu of a Microsoft Office 2007 upgrade, possibly in tandem with replacing its Microsoft XP operating system with Linux. Computer manufacturer Dell, popular in the federal government, recently announced it will soon sell preinstalled Linux on desktops, making a switch of operating systems more plausible-though as FAA Chief Information Officer David Bowen points out, Web applications are operating-system independent. The agency is considering all options, he adds.

Mainframes died for good reasons, and Web application companies say they're not exactly resurrecting that old model. They aren't necessarily out to kill applications run by local hard drives. In fact, many of them stress their compatibility with the Microsoft environment. Users of Zoho, a Web suite created by Pleasanton, Calif.-based AdventNet, can import files and download them back into the Microsoft format, says company technology evangelist Raju Vegesna. And they acknowledge that Web-based applications don't offer as many functions as local applications. "We're not trying to say every single application needs to be Web based," says Michael Lock, the head of Google Enterprise's North American sales. Google's own legal department won't leave Microsoft Word for Google applications because the company's Web word processor lacks a track change feature, Lock adds.

Google entered the Web application business in February when it started charging $50 a month per user account (no discounts for big enterprise buyers) for a suite of online applications that includes e-mail, spreadsheets and word processing along with 10 gigabytes of remote memory (it also offers a lesser, advertising-sponsored free version that comes with 2 GB of memory). Besides Google and Zoho, other Web applications include Glide, OpenOffice and Zimbra.

Web applications do make sense, its boosters say, when users have low functionality needs but high collaboration demands. Web storage allows multiuser collaboration in real time on documents that can be accessed by clicking on a link, they say. And unlike the old dumb terminals, Web applications are accessible by any machine with a Web connection; you could log on from a public kiosk or from work.

But just like mainframes, Web applications are only as good as the network connection and the data center that supports them. Google, for example, promises only 99.9 percent reliability, and lately has been delivering less than that to some customers.

On three occasions in March, Google Web applications went offline for significant amounts of time, as InfoWorld first reported. (A Google spokesman says the company is "absolutely focused on providing extremely high levels of availability for all users.") Some Web applications try to get around this problem by offering downloadable versions (thus increasing their similarity to

normal local applications) or by letting system architects place the data on the local area network's servers, so long as the Web application can synchronize with them. "If the user doesn't trust Zoho, that is fine," Vegesna says. Trust may be the Achilles' heel of Web applications that don't let users take at least some control of their data on a local area network level. With Google, for example, all the application data resides within Google data centers, which are spread out across the nation and contain (as of mid-2005) an estimated 150,000 to 170,000 individual servers. The estimate is by independent Google expert Stephen E. Arnold.

Federal security law requires agencies to secure systems, including remote commercial applications. The degree depends on the sensitivity of the data-"the interest we have got is not necessarily for the government's most secret applications," Google's Lock acknowledges-but it never quite disappears. Some concerns may be cultural, Lock adds; people have to get used to the idea of remote commercial data storage and, anyway, people shouldn't be networking secret information on the Internet in the first place. Still, were FAA to buy Google, it might require the company to build a separate data center for federal storage, says Bowen.

"I have concerns about security from whatever platform it's operating on," says Patrick Howard, chief information security officer of the Housing and Urban Development Department. Today's architecture of many individual computing units has drawbacks, too-laptops can be lost or stolen, security patches can take a while to reach every machine, users can do stupid things. In fact, from a security perspective, the old mainframe days were not bad, Howard says. "The more centralization," he adds, "the easier it is to secure the data."