These days it is frequently only a matter of time before IT markets that are born and mature in the enterprise space spread downwards to find new pickings among SMEs. One such case could soon be domain name management.

This technology has been used by big companies for years, but as ever, SMEs will need convincing of the business benefits.

Nevertheless, there is money to be made if you get involved with the right vendors, because the SME sector is predicted to be a potential mass market for domain name system (DNS) management.

Of course, this has been said about a lot of technologies, only half of which seem to have taken off. So let's examine the case for selling this one.

It can be a nightmare keeping up with the growth of the internet, as most people involved in the business will testify. Still, you would expect the people driving the growth of online business to be ahead of the game.

But apparently this is not so. A study conducted by a vendor in this market, a company called Men and Mice, claims to show that 65 per cent of all dotcom domains are wrongly configured.

If those figures are to be believed, then most companies using the internet have got some pretty disastrous management schemes. The root of the problem is that managing domains is a nightmare. It is a fiddly task involving the editing of Bind 9 files.

These have a complicated, fussy syntax that means that if you type one comma out of place, you can mess up the whole configuration.

Just to make things worse, you don't even find out about the problem until all your new changes to network configuration have found their way out to all the devices on a network. At which point it crashes.

The complexity multiplies with every internet-related device that goes on the network. These days everything relates to the internet, so it isn't just web servers and email servers that have to be constantly configured.

Every mobile phone handset will soon have an IP address. When companies start rolling out IP telephony, then a system crash could paralyse both their IT and phone systems.

Meanwhile, the task of managing domains is so complicated that most IT managers don't trust anyone else to do it. Domains are prime targets for hackers and those who mount denial-of-service (DoS) attacks.

Consequently, many IT managers are tied up for as much as two days a week wrestling with this fiddly admin task.

Domain management systems automate a lot of the tasks. This makes it harder to make input errors, and easier to use default configurations. It also makes setting up a system a lot quicker.

You would think then, that there would be a big market for any systems that could automate this tiresome task. Yet there isn't, in the UK at least.

"There's a massive market for DNS in the US, but it hasn't taken off here yet," says Mike Clark, chief executive of ApplianSys.

"But since we started in the UK, we've had a couple of offers from venture capitalists in the US who are convinced there's a lot of money to be made in the UK in the next few years."

Another market driver could prove to be Microsoft's well-documented problems with DoS attacks. In January 2001 its DNS servers became overloaded and all of its online properties, including MSN and Hotmail, were unreachable.

This should have helped raise awareness of the vulnerability of DNS servers.

The problem is, as Clark points out, people soon forget. The Sans Institute, the body that informs the world about security problems, says the Berkeley Internet Name Domain (Bind) is one of the greatest weaknesses of DNS implementation.

"In minutes, intruders compromise systems to attack hundreds of remote systems abroad, resulting in many additional successful compromises.

"This illustrates the chaos that can result from a single vulnerability in the software for ubiquitous internet services, such as DNS," a spokesman for the Sans Institute warned as far back as June 2001.

There are other market drivers, as well as fears over hacking. With the growth in web services, the increasing adoption of IP telephony and the DNS's role in IPv6, the importance of DNS management will continue to rise. According to IDC, the numbers of DNS entries will double every year for the next five years.

The Microsoft and other public DNS failures temporarily brought the issue into the consciousness of senior decision-makers. Sadly, now the dust has settled and the weaknesses in Bind patched, DNS management has gone back to being the domain of the technologists, which could prove a costly mistake.

Clark points out that domain management systems are not entirely new. Barclays Bank bought Nixu's NameSurfer software from the service provider BT Ignite more than seven years ago, to run its domain at its computing headquarters in Greenford.

The difference is that these days ApplianSys has bundled the software onto a hardware device, which it claims makes it easier to sell and install the system. Mind you, as Nixu's worldwide manager, Juha Holkolla, points out, the Barclays deal illustrates how well rewarded this sector can be.

"A consultant advised Barclays and BT Ignite to put his recommendations into action. But that consultant still makes six months' money every year on that single deal. There's a lot of consultancy work out there for people who can get involved in domain management," says Holkolla.

According to Clark, there is a fairly compelling business case for using domain management systems. Anyone who spends more than eight hours a week managing domains will make their money back in 22 months if they buy a domain management system.

Whereas many of the management systems on the market are software-only, companies such as ApplianSys, BorderWare and F5 Networks have put the software onto an appliance, with the intention of making installation a matter of 'plug and play'.

All of these vendors are looking for resellers, and typically want to recruit systems integrators or security experts who want to offer DNS management as part of a portfolio of services.

So who are the typical customers? Clark says the targets are medium-sized enterprises and ISPs. The corporate market has largely gone, but the SME sector is about to become a mass market. This is because the products are becoming easier to deploy as vendors adapt them for less sophisticated challenges.

Meanwhile, ISPs such as Telewest and Kingston have experienced problems managing domain names. Telewest is losing customers for its Blueyonder internet service because subscribers have questioned its performance. Domain management has been mooted as a cause of the problem.

Nominate Nominum?
Don't bother pitching for the Telewest business, however, because it recently awarded a contract to another vendor, Nominum, to address its domain problems.

"A lot of broadband users started using peer-to-peer sites such as Kazaa to download music or videostreams. That caught a lot of ISPs out," says Richard Kirk, Nominum's vice president for EMEA.

"This constant downloading puts a big strain on a network and is hard to police. The cure for the ISP is to have a very fast and very efficient DNS server."

The one challenge resellers might have when they get involved is in getting people to pay for it. As mentioned above, you will need to sell DNS management as part of an overall service, as no one so far has ever asked specifically for their domain name to be managed better.

Another problem is that the domain name problem has not been perceived to be a big deal, until now.

"It's not exactly on the list of the top five issues facing IT directors," says Kirk. "Worse than that, most people are used to getting the software free, embedded in their operating system.

"The software they get is pretty useless, mind you, but this stops people treating the problem with the same level of seriousness."

Nominum, it should be pointed out, deals directly with clients, as well as using partners such as Dimension Data and Schlumberger SEMA. So resellers obviously are not a priority.

So how do you sell this system? The obvious answer is to talk costs. A firm with 100 DNS servers may have 40,000 DNS records. The annual cost of this cumbersome activity is about £500,000, once human costs, maintenance charges and IT expenditure are calculated together.

This will be a tough sale, because the company still feels it cannot reduce this expenditure because its entire business relies on the provision of effective internet services.

The buyers at the average SMEs are going to be tough to convince on this issue, if the reaction CRN got from one IT manager is anything to judge by.

"Anyone phoning me trying to sell DNS management is wasting their time. Bloody IT salesmen are all time wasters," retorts Peter Beckley, IT manager at insurance company Kerry London.

"Now, if they were selling me a machine to manage IT salesmen, that would be a different story."

Take it easy
The best idea for the channel is to simplify the sale as much as possible, which means using a cut-down, simplified plug-and-play box that is pre-configured, advises analyst IDC.

"With the challenges organisations face in the arena of DNS management, the server appliance offers the best and most realistic option for centralising DNS management in-house," says Vernon Turner, vice president of IDC's commercial systems and servers research programme.

"The server appliance approach is the simplest, lowest-risk and smallest-cost option for companies of all sizes. The appliance servers' ease of use, manageability, and better price/performance offerings are very attractive selling points."

BorderWare is another US vendor coming to the UK market and looking for UK partners. It may have to liven up the sales message a bit, though.

"BorderWare is campaigning aggressively to expand its market and reseller channels," comments Maggie Docherty, channel manager at BorderWare.

Resellers who are exploiting this market are thin on the ground, which may be a good sign, but CRN identified Edinburgh-based DNS as a pioneer in this field. Managing director Graeme Cox testified that this is a good market to get into.

"We've supplied management solutions for many organisations, including high-street banks, leading UK cable-tels, the public sector and others," he says.

"The market has been well-understood and products have been built for it for more than five years now. But the upsurge in sales was then squelched by the advent of [Microsoft's] Active Directory, as enterprises were nervous about putting anything else in control."

Outside of enterprises though, this will not be an issue. As ever, a product that has been established and proved in the enterprise sector is being repackaged for SMEs.

But the barrier to entry to this market is the indifference of SME buyers. It will take great skill to ensure that the profit margins for this technology are not overshadowed by the amount of effort needed to make the sale.

Excelling worldwide
Logistics company Exel is now effectively a worldwide e-business, because its business is co-ordinated over the web. Its management was fed up with the domain name system (DNS) service from its ISP, so it decided to manage it in-house. This would save a lot of money, too.

There would be another unexpected advantage, explains Geoff Hall, Exel's IT infrastructure manager: everything moved at a much faster pace.

"Dependency on the ISP for DNS management wasn't just a major cost; there was a performance issue too. We had to email DNS changes to them, then wait up to 48 hours for the changes to be applied," Hall says.

Outsourcing to a third party is also something of a risk. Coincidentally, as Exel was reviewing its ISP's performance, it experienced a DNS failure as a result of the ISP's mistakes.

"Our emails weren't getting through, and we were unable to do anything about it, other than make irate calls to our ISP," Hall adds.

It took 48 hours for the ISP to identify and resolve the problems, during which time Exel's email was massively delayed.

Even so, Hall was loath to take on the job himself. After all, Exel comprises 12 global companies, 50 web 'zones' and more than 1,000 unique records. You wouldn't want that network crashing on you.

So what goes through an IT director's mind when making a decision like this? The first priority was security. Microsoft's DNS platform was swiftly rejected as being too vulnerable to hackers.

IT buyers will reject anything that involves text editing of plain Bind configuration files, if they think like Hall, as this is too risky and costly - especially if no one in-house has Bind experience. And who wants to hire a Bind specialist?

Even they can make mistakes too, since domain addresses are entered in reverse of convention. IT directors will search the market looking for three criteria, according to Hall.

"Enhanced security, increased reliability and ease-of-use. The biggest selling point for many companies is that they'll be able to make DNS changes instantly," he says.

Hall and his colleagues decided on an ApplianSys box, the DNSBOX300, which is basically Nixu's NameSurfer software bundled onto a plug-and-play appliance (which is the company's rationale for products).

Resellers might be interested in the reason why it was attractive. "We knew that with no moving parts, the potential for device failure was very low, ensuring a low total cost of ownership," Hall explains.

DNS fact file

• Paul Mockapetris at the University of Southern California created the original DNS architecture back in 1984.

• 90 per cent of Bind users are still using plain Bind. (Source: IDC)

• 68 per cent of public DNS servers in Fortune.

• 500 companies are misconfigured. (Source: GIGA Group)

• 83 per cent of public DNS servers are running software with known security vulnerabilities. (Source: GIGA)

• Many firms do not know how many DNS and Dynamic Host Configuration Protocol servers are on their networks. (Source: GIGA)

• Most companies use Excel spreadsheets to keep track of names and IP addresses, and cannot answer queries in less than a week.

CONTACTS
ApplianSys (01932) 227 982
www.appliansys.com

BorderWare Technologies (07973) 181 721
www.borderware.com

DNS (0870) 085 8555
www.dns.co.uk

F5 Networks (01784) 497 210
www.f5.com

Nixu (0358) 9478 1011
www.nixu.com

Nominum (07703) 649 313
www.nominum.com3