IT-Analysis.com

Informatica's stretch goal

rss@it-analysis.com (Dana Gardner, Interarbor Solutions) — Mon, 27 Feb 2012 07:00:00 +0100

By: Dana Gardner, Principal Analyst, Interarbor Solutions
Posted: 27th February 2012
Copyright Interarbor Solutions © 2012

Informatica is within a year or two of becoming a $1 billion company, and the CEO’s stretch goal is to get to $3b.

Informatica has been on a decent tear. It’s had a string of roughly 30 consecutive growth quarters, growth over the last 6 years averaging 20%, and 2011 revenues nearing $800 million. Abbasi took charge back in 2004, lifting Informatica out of its midlife crisis by ditching an abortive foray into analytic applications, instead expanding from the company’s data transformation roots to data integration.

Getting the company to its current level came largely through a series of acquisitions that then expanded the category of data integration itself. While master data management (MDM) has been the headliner, other recent acquisitions have targeted information lifecycle management (ILM), complex event processing (CEP), low latency messaging (ultra messaging), along with filling gaps in its B2B and data quality offerings. While some of those pieces were obvious additions, others, such as ultra messaging or event processing, were not.

CEO Sohaib Abbassi is talking about a stretch goal of $3 billion revenue. The obvious chunk is to deepen the company’s share of existing customer wallets. We’re not at liberty to say how much, but Informatica had a significant number of 6-figure deals. Getting more $1m+ deals will help, but on their own won’t triple revenue.

So how to get to $3 billion?
Obviously, two strategies: deepen the existing business while taking the original formula to expand the footprint of what’s data integration.

First, the existing business. Of the current portfolio, MDM is likely best primed to allow Informatica to more deeply penetrate the installed base. Most of its data integration clients haven’t yet done MDM, and it is not a trivial investment. And for MDM clients who may have started with a customer or product domain, there are always more domains to tackle. During Q&A, Abbasi listed MDM has having as much potential addressable market as the traditional ETL and data quality segments.

The addition of SAP and Oracle veteran Dennis Moore to the Informatica MDM team points to the classic tightrope for any middleware vendor that claims it’s not in the applications game – build more “solutions” or jumpstart templates to confront the same generic barrier that packaged applications software was designed to surmount: provide customers an alternative to raw toolsets or custom programming. For MDM, think industry-specific “solutions” like counter-party risk, or horizontal patterns like social media profiles. If you’re Informatica, don’t think analytic applications.

That’s part of a perennial debate (or rant) on whether middleware is the new enterprise application: you implement for a specific business purpose as opposed to technology project, such as application or data integration, and you implement with a product that offers patterns of varying granularity as a starting point.

Informatica MDM product marketing director Ravi Shankar argues it’s not an application because applications have specific data models and logic that become their own de factor silos, whereas MDM solutions reuse the same core metadata engine for different domains (e.g., customer, product, operational process). Our contention? If it solves a business problem and it’s more than a raw programming toolkit, it’s a de facto application. If anybody else cares about this debate, raise your hand.

MDM is typically a very dry subject but demo’ing a social MDM straw man showing a commerce application integrated into Facebook perked Twitter debate among analysts in the room. The operable notion is that such a use of MDM could update the customer’s (some might say, victim’s) profile by the associations that they make in social networks. An existing Informatica higher educational client that shall remain anonymous actually used MDM to mine LinkedIn to prove that its grads got jobs.

This prompts the question, just because you can do it, should you? When a merchant knows just a bit too much about you—and your friends (who may not have necessarily opted in)—that more than borders on creepy. Informatica’s Facebook MDM integration was quite effective; as a pattern for social business, well, we’ll see.

Staking new ground
So what about staking new ground? When questioned, Abbasi stated that Informatica had barely scratched the surface with productizing around several megatrend areas that it sees impacting its market: cloud, social media, mobile, and big data. More specifically:

Cloud continues to be a growing chunk of the business. Informatica doesn’t have all of its tooling up in the cloud, but it’s getting there. Consumption of services from the Informatica Cloud continues to grow at a 100–150% annual run rate. Most of the 1,500 cloud customers are new to Informatica. Among recent introductions are a wizard-driven Contact Validation service that verifies and corrects postal addresses from over 240 countries and territories. A new rapid connectivity framework further eases the ability of third parties to OEM Informatica Cloud services.
Social media – there were no individual product announcements here per se, just that Informatica’s tools must increasingly parse data coming from social feeds. That covers MDM, data profiling and data quality. Much of it leverages HParser, the new Hadoop data parsing tool released late last year.
Mobile – for now this is mostly a matter of making Informatica tools and apps (we’ll use the term) consumable on small devices. On the back end, there are opportunities for optimizing, virtualizing and replicating data on demand to the edges of highly distributed networks. Aside from newly-announced features such as iPhone and Android support of monitoring the Informatica cloud, for now Informatica is making a statement of product direction.
Big Data – Informatica, like other major BI and database vendors, have discovered big data with a vengeance over the past year. The ability to extract from Hadoop is nothing special—other vendors have that—but Informatica took a step ahead with release of HParser last fall. In general there’s growing opportunity for tooling in a variety of areas touching Hadoop, with Informatica’s data integration focus being one of them.

We expect to see extension of Informatica’s core tools to not only parse or extract from Hadoop but, increasingly, work natively inside HDFS on the assumption that customers are not simply using it as a staging platform anymore. We also see opportunities in refinements to HParser providing templates or other shortcuts for deciphering sensory data. ILM, for instance, is another obvious one.

While Facebook et al might not archive or deprecate their Hadoop data, mere mortal enterprises will have to bite the bullet. Data quality in Hadoop in many cases may not demand the same degree of vigilance as SQL data warehouses, creating demand for lighter weight data profiling and cleansing tooling. And for other real-time web-centric use cases, alternatives stores like MongoDB, Couchbase, and Cassandra may become new Informatica data platform targets.

What, no exit talk?
Abbasi commented at the end of the company’s annual IT analyst meeting that this was the first time in recent memory that none of the analysts asked who would buy Informatica when. Buttonholing him after the session, we got his take which, very loosely translated to Survivor terms, Informatica has avoided getting voted off the island.

At this point, Informatica’s main rivals—Oracle and IBM—have bulked up their data integration offerings to the point where an Informatica acquisition would no longer be gap filling; it would simply be a strategy of taking out a competitor—and with Informatica’s growth, an expensive one at that.

One could then point to dark horses like EMC, TIBCO, Teradata, or SAP (for obvious reasons we’ve omitted HP). A case might be made for EMC—or SAP if it remains serious in raising its profile as database player—but we believe both have bigger fish to fry. Never say never. But otherwise, the common thread is that data integration will not differentiate these players and therefore it is not strategic to their growth plans.

This guest post comes courtesy of Tony Baer's OnStrategies blog. Tony is senior analyst at Ovum.

The big issue to address in 2012 - facing up to consumerisation

rss@it-analysis.com (Bob Tarzey, Quocirca) — Mon, 27 Feb 2012 07:00:00 +0100

By: Bob Tarzey, Service Director, Quocirca
Posted: 27th February 2012
Copyright Quocirca © 2012

At a conference on the consumerisation of IT that Quocirca attended late in 2011, one delegate stated that their organisation “would not be adopting it”. The point had clearly been missed; the issue is that consumerisation is about what employees choose to do with consumer technology, be it the use of social media or personal computing devices. In the letter case, the choice is not about whether employees bring smartphones and tablets in into the work place, but about the controls to put around them.

The issues involved are wide and varied, from the security of the corporate network and data to the control of how software is used on devices and mobile operator bills are paid. No one should be in any doubt that when the average employee is carrying a more attractive way of accessing IT in their pocket, handbag or briefcase than their employer provides on their desktop, that addressing the use of employee owned devices is one of the big issues for IT departments in 2012.

That said, 2012 is also likely to be good year for an agreement to be reached between employers and employees on what is acceptable. The argument was often heard a few years ago that employers would have to cave into employee demands because restrictive working practices would not be attractive. However, as the age of austerity deepens and a return to recession looms, any reasonable job should be attractive, especially to the aspiring young who are most adept with the devices driving consumerisation and are most likely to be job hunting. 2012 should be a good time for employers to be setting out the ground rules and embedding them in employment contracts.

This article outlines the issues IT departments need to consider with regard to the use of employee owned devices; the technological, security and commercial issues involved and the longer term benefits that may be achieved with the right controls in place. The issues fall into two broad categories; protecting the business, its network and data and then managing the devices and the access to/payment for network resources.

NAC – controlling access to the corporate network
First get the workplace itself under control and what devices are allowed on to your internal network. Rogue devices are not welcome and any unknown device is a potential rogue. However, it should be made easy for employees to access the business network when in the workplace and they should be encouraged to do so, rather than leaving them to run up mobile bills, which the business might ultimately pay.

Network access control (NAC) tools, which identify devices, their users and certify their fitness for network access, have been around for several years. However, a resurgence of interest has been seen by specialist suppliers like ForeScout and Bradford Networks as well as the networking giants.

NAC is generally enforced via a dedicated appliance or modified router that identifies known devices and questions unknown ones—usually referred to as managed and unmanaged. With managed devices checks are made every time they come back on to the network; is the device’s security up to date? Does the device identity match the usual user identity for the given device? Do the geographic location and time of use make sense?

By definition, unmanaged devices have not been seen before so NAC technology cannot rely on installed agents and therefore need to be able to operate agentless. The status of unmanaged devices can be checked and granted access in certain circumstances. For example, is this is a known user using a new device and, if so, what policy should be applied? Is it a guest device that should be granted limited network access for a restricted period of time? Is it a rogue that should be blocked?

Protecting corporate and regulated data
Data on mobile devices is a risk. This may be because the device has been compromised in some way but more likely because it is stolen or user-mislaid. Any business must see protecting its corporate data as a key requirement of managing consumerisation.

One approach is, as is increasingly mandated for laptops, that the devices should be encrypted. This is all well and good, but the cost of licencing encryption software and managing the keys could spiral out of control. Furthermore, there is the problem of software licencing and what degree of control can be taken over a user’s device; it is not really acceptable to encrypt the employee's own data so selective encryption is required, further complicating things. Many are now concluding that the only way to support consumerisation is to treat smartphones and tablets purely as access devices and to restrict the way corporate IT is enabled. There are three basic approaches:

Provide access to applications that allow data to be viewed and updated, but not copied. For example, just because you allow employees to read email remotely does not mean their content should necessarily be copied to a device. There is increasing talk of “corporate app stores”.
Provide a virtual desktop environment for the user. Again, data is not actually stored on the device, it is simply an access tool to a virtual desktop that is available anywhere the user can get online. For example, Citrix provides mobile support via its Receiver product.
Provide the ability to view data in central data stores, for example Microsoft SharePoint or services specifically designed to support mobility like Trend Micro SafeSync and only allow downloading of data with a low security classification.

Keeping malware at bay
Writers of generic malware typically target the most popular software to maximise the chances of finding a way on to as many devices as possible. For this reason, Microsoft Windows and popular programs that run on it, such as Office and IE, have historically, and still are, the most common targets. However, in 2011 the total number of smartphones on the planet overtook the number of PCs, and the operating system and applications run on them are different. The Economist’s Beyond the PC report (Oct 2011) shows the amount of malware targeted at mobile devices to be increasing. The Android operating system is particularly vulnerable; it is now the most widely installed mobile operating system and more open than Apple’s iOS.

However, malware is not the only problem. Another incipient threat with mobile devices is the user’s desire to download consumer apps from app stores. Why bother to go to the effort of distributing malware if users can be duped into finding it for them themselves? The threats around the Google Apps Marketplace are considered to be the greatest, again because of its openness. Apple is restrictive about what gets in to its App Store, but some users chose to 'jail-break' from the Apple eco-system and download unqualified apps. However this is something that can be checked for by NAC systems before allowing network access.

Whatever the source of malware, from the point of view of managing consumerisation, businesses have two choices:

Insist their users have anti-malware installed; indeed this can be a check and pre-condition of NAC. However, it is not really practical for occasional users. The traditional anti-malware vendors are adapting their products for mobile operating systems and some new specialists have emerged.
Assume any mobile device may be compromised and take measures to insulate their business's IT systems from any harm. Given some of the other complexities involved with supporting consumerisation, many will conclude this to be the most practical approach.

Software licencing
Mandating the use of on-device software such as anti-malware and encryption leads to software licencing issues. If the software is corporate-issued, what rights are there to install it on personally owned devices? What control is there over licences when an employee leaves the organisation? The same applies to any application software that is installed on employee owned devices. This underlines the benefit of treating smartphones and tablets purely as access devices. However, that is not an end to the software licencing issues.

Some vendors, in particular Microsoft, licence their software based on the number of clients (Microsoft call these Client Access Licences/CALs). If a virtual desktop provides access to such software then its use needs to be audited and licenced to ensure compliance. If VDI is used it will also need licencing, although these vendors should be a little more friendly to the concept of consumerisation as this it has become one of their target use cases.

Mobile device management, airtime contracts and mobile billing
IT end-point management vendors such as Dell/KACE, Kaseya and Symantec Altiris have focussed on traditional PCs. Mobile devices introduce all sorts of new issues. This has led to the rise of vendors specifically focussed on mobile device management (MDM), for example Good Technology and MobileIron. However, from the business requirements point of view, the management needs have been converging for some time; there is a need for unified PC and smartphone support. Some IT management vendors are staring to develop or acquire MDM capabilities; others are partnering with the MDM specialists.

MDM tools enable the management of software and licences installed and security features such as device wiping and disablement. Another key issue is airtime contracts and billing. When it was still practical for businesses to issue mobile phones to employees who needed them they could achieve economies of scale through having all contracts with a single airtime service provider.

However, with consumerisation each employee may have their own contract. This is may not seem to be a problem if they pay the bill themselves, but what happens if they try and expense all or part of it? Perhaps employers should allow users to bring their own devices but provide them with a contract and pay the bill? But, what happens about personal usage and the possible tax implications? What happens when the employee goes overseas and inadvertently runs up a huge roaming bill because corporate email is being pushed to their device? Telecoms expenses management (TEM) is a complex issue and can only be addressed with MDM tools that manage contracts, billing and specific mobile device configuration issues.

It is likely that a distinction will need to be made between different job roles. Perhaps senior management will be issued with all expenses paid, company supplied BlackBerrys, whilst sales staff are given an allowance buy their own Android device for which the company will provide a contract and pay the bill. Other employees may be simply told that the bill is their own responsibility whilst they are provided with a corporate approved app to view emails.

Conclusion/key takeaways
In summary:

Use NAC tools, corporate apps stores and/or virtual desktops to protect your corporate network and data whilst enabling controlled access.
Private networks need to be able to identify unmanaged devices and make decisions about access but make genuine guests feel welcome.
Deploy MDM tools to manage the devices themselves, their software, security and airtime contracts/billing.

Consumerisation cannot be ignored; it is a fact of life all business must face up to. Enable it and, ultimately, your business will benefit with a more motivated and flexible work force using devices they have chosen for themselves because of the productivity they enable.

For more in-depth coverage of some of the issues covered in this article, information is available in the following freely available Quocirca reports:

Carrying the can - consumerisation and enterprise mobility (June 2011)
http://www.quocirca.com/reports/605/carrying-the-can--consumerisation-and-enterprise-mobility
The data sharing paradox (Sept 2011)
http://www.quocirca.com/reports/620/the-data-sharing-paradox

This article first appeared in Global ETM: http://www.globaletm.com/page/2012q1

Safe authentication for remote sys-admin tasks

rss@it-analysis.com (Bob Tarzey, Quocirca) — Fri, 24 Feb 2012 17:00:00 +0100

By: Bob Tarzey, Service Director, Quocirca
Posted: 24th February 2012
Copyright Quocirca © 2012

Not all systems administration (sys-admin) is done by people. Some applications need administrator access to communicate and make changes.

Furthermore, remote management tasks are often carried out using pre-set procedures in sys-admin tools, for example the backup of branch office devices.

For this to work, privileged login details are often embedded in the applications or tools that require them. Should the wrong individual get access to these credentials, they may be able use them for malicious purposes.

To make things worse, when such details are embedded they rarely get changed because it burdensome to do so and consequently the credentials may remain valid for long after they have been compromised.

This risk is exacerbated by the fact that such privileged login details are often not just stored but also often transmitted as the clear text.

In recent Quocirca research around 50 per cent of organisations admitted that sys-admin login details we regularly transmitted in clear text, although it varied widely by industry.

This need not be the case.

First, applications and tools needing privileged access right should be administered and monitored in the same way as "human" privileged users (for example, they should not use group access privileges).

Furthermore, the assigned login details need not be transmitted in clear text. Passwords can easily be masked, or better still the whole transmission required to carry out a remote admin task can be encrypted.

To see the full research behind this and get a free copy of Quocirca's report go to http://www.osirium.com/alpha-files/wp

Outside-in, business-savvy: OpenText's BPS aspiration

rss@it-analysis.com (Neil Ward-Dutton, MWD Advisors) — Fri, 24 Feb 2012 15:44:46 +0100

By: Neil Ward-Dutton, Research Director, MWD Advisors
Posted: 24th February 2012
This work is licensed under a Creative Commons License

When OpenText made acquisitions of Metastorm and Global360 within 6 months of each other last year, I blogged:

In the medium term … I hope OpenText will communicate a credible plan that supports existing customers of Metastorm and Global 360 while showing they can also craft a vision for how something bigger and better can be delivered by pooling knowledge and resources.

The period after an acquisition is always a tough one, as customers and prospects look for direction and answers; anyone making an investment decision is understandably cautious. When there are two acquisitions on the table then things get even more challenging! I’ve had quite a few conversations with prospective investors in BPM technology who’ve expressed uncertainty (at least partly because other vendors have sown seeds of doubt – and that’s completely to be expected).

I’ve been keen to get an update from OpenText’s newly formed Business Process Solutions (BPS) business unit for some time, and a couple of weeks ago I got to spend some time with VP of International Marketing and Alliances, Bhavesh Vaghela. Here’s some of what I learned.

OpenText’s new CEO, Mark Barrenechea, has stated that his aim is to grow OpenText into a $2bn company by revenue (though a timescale was purposefully not given). Key to the growth plan, though, is extending the company’s footprint from ECM into business process management (in its broadest sense). The new BPS division – formed from the Metastorm and Global 360 acquisitions – is responsible for making this push.

The Strategy and vision for BPS is oriented around the “outside in” approach to business improvement – which focuses first on customer experience, and uses that to structure, prioritise and shape the ways that an organisation delivers services to its market. The aim is for BPS to organise itself around three propositions:

Enterprise Case Management – using case management and unstructured process management approaches and technologies to deliver highly tailorable and personalised services across multiple channels and venues, for those areas of work which need to be optimised for flexibility (think front-office capabilities around customer service, sales, and so on – where there’s potential advantage in blending core work co-ordination systems with real-time analytics, marketing automation, decision management and other disciplines).
Enterprise Service Management – using core BPM technologies to industrialise the delivery of back-office administrative processes within a ‘business service’ framework, for those areas of work which are a cost of doing business and which should be optimised for cost (think some IT service delivery pieces, HR services like leave requests and employee onboarding, and so on).
Modelling and Visualisation – using analysis techniques and technologies to discover and design portfolios of business capabilities, and set the stage for business transformation projects that then lead to interest in the ECM and ESM propositions above.

Further to this, OpenText is committed to making engineering investments in the three “tech trends du jour”: social, mobile and cloud; to be fair, though, given the outside-in starting point for its strategy, these make sense – and from a cloud perspective BPS can build on the experiences gained by Metastorm in building M3 and testing it on the Azure Platform.

At this high level, I have to say that the BPS strategy and vision looks pretty smart: OpenText seems to have found a way of framing the main capabilities of its Global360 and Metastorm acquisitions that creates a coherent whole that’s also keyed into a set of goals and challenges that many large organisations are wrestling with currently.

Of course, the big question now is all about execution. A sound strategy and vision are necessary, but ultimately not sufficient, for success. Can OpenText’s BPS business:

extend, re-package, integrate and re-position its current portfolio of technologies so they all fit into the broad strategy and vision?
bring existing customers with it and not alienate or confuse them?
educate its salesforce about how all this works, and its value to customers?
integrate BPS technologies with other OpenText technologies in ways that add value without creating overweight and underpowered / confusing products?
(there are probably more).

It remains to be seen! I’ll be continuing to watch with interest and report as I hear more.

How AppWave newly modernizes PCs via App Store convenience

rss@it-analysis.com (Dana Gardner, Interarbor Solutions) — Fri, 24 Feb 2012 07:00:00 +0100

By: Dana Gardner, Principal Analyst, Interarbor Solutions
Posted: 24th February 2012
Copyright Interarbor Solutions © 2012

There's a huge productivity gap between modern software and the ageing manner in which most enterprises still distribute and manage applications on personal computers.

At a time when business models and whole industries are being upended by improved use of software, IT providers inside of enterprises are still painstakingly provisioning and maintaining PC applications in much the same way they did in the 1990s.

Furthermore, with using these older models, most enterprises don’t even know what PC apps they have in use on their networks and across thousands of computers. That means they're also lacking that visibility into how, or even if, these apps are being used, and they may even be paying for licenses that they don’t need to.

To examine the ongoing problems around archaic PC apps management and how new models—taking a page from the popular app store model—can rapidly boost the management of PC applications, BriefingsDirect recently interviewed the President and CEO of Embarcadero Technologies, Wayne Williams. Wayne has more than 15 years of experience in founding and leading companies. He was appointed CEO of Embarcadero Technologies in 2007 and he is a former COO, Senior Vice President of Products and CTO at Embarcadero.

The interview was conducted by Dana Gardner, Principal Analyst at Interarbor Solutions. [Disclosure: Embarcadero Technologies is a sponsor of BriefingsDirect podcasts.]

Here are some excerpts:

Gardner: It’s kind of ironic that, on one hand, we have software taking over in a larger sense how businesses are run and how industries are being innovative. This has been highlighted recently by Marc Andreessen in some of his writings. At the same time, the corporate PC, also driven by software, is still sort of stodgy and moribund, at least in the perception of how it’s being used productively.

How is it that software is advancing generally, but PC software remains, in a sense, unchanged?

Williams: I've been asking myself that question for many years. I've spent most of my life in software, and I'm embarrassed to say that the industry has really done a poor job at making software available to the users, which is the fundamental issue.

Microsoft Windows is clearly the dominant PC platform, but it has fundamental design flaws, which sowed the seeds for the availability problem.

But that’s only a small part of the story. Software vendors are so focused on building the next great application and on features and functions in that application that they've lost sight of what really matters, which is making sure that the application that you build gets used, gets in the hands of the users, and that they get their work done.

When I look at the PC industry and where it has come, the applications themselves have improved dramatically. I can’t imagine being as productive as I am without Microsoft Outlook, for example, for email and calendaring. And Adobe Photoshop. I don’t think you can find a photo anywhere that has not been edited with Photoshop. It’s incredibly powerful.

But unfortunately, a lot of the gains that really could be made have been wasted, because it’s very, very tough to get an application from a vendor into a user's hands.

Gardner: What do you think the real root problem is here?

Williams: The root problem is that software should move at the speed of light, yet it moves at the speed of a glacier.

Let me give you an example. In a mid- to large-sized company, if an employee is looking for a special pen for a new project, they can go to a catalog, take out a pen, and they can usually have it the next day, and that’s a physical good.

Software is virtual. So it could and should move at the speed of light, but for many of our large customers it takes quarters to get software into the user’s hand.

There's a whole host of problems that emanate from the root problem. You have an environment which is high-friction. It reminds me really of a state of manufacturing before the Industrial Revolution, where you had processes that were slow, expensive, unpredictable, and error-prone. That’s how PC software has operated over the last 20-plus years.

When you have an environment that is so high-friction, users will go around it. So you have this process with the PC, where IT tries to get more control and locks down the environment more, and the business users that need to get the work done find ways to get it done.

... You can take a fairly simple device like a smartphone from Apple or an Android device and find and run applications literally in seconds. Yet you have this sophisticated PC environment with hundreds of billions of dollars worth of software sold every year, powerful hardware and processing power, but it's like pulling teeth for a user to get the applications she or he needs.

Gardner: Wayne, you and I have been around long enough to know that the way to instigate change in an enterprise environment is not necessarily to attempt wholesale radical shifts. You need to work with what's in place and recognize that investments have been made and that those investments are going to continue to be leveraged.

Williams: As far as what's good and what can be retained, there's a great footprint of hardware out there, PC hardware. A massive investment has been made.

It's the same with software. There are tons of software, both licensed and built internally. And the internal part is really important. What I see from our big customers is that for every commercial app that they license they will have 10 that are built internally. And while there is very little visibility into how commercial licenses are used, there is some, but it's little. And there's zero visibility into who’s using internally built software, for the most part.

There have been massive investments made in software, and unfortunately, a lot of the productivity that could have been realized hasn’t been. But the good news is that it can be.

When I look at the opportunities, it's really two constituents, which you described. You talked about the user for a second and then you talked about the investment and what can be reused, and that’s really management, typically IT management, which is centralized. Embarcadero's AppWave is about bringing these two stakeholders together.

If you look at mobile software, the friction between the user and the app is removed, and the results are fantastic. For us, that was a great proof point, because we started on AppWave before anybody had heard of the Apple App Store.

For PCs, the problem is much more difficult and it's much larger. Mobile software is about a $10 billion industry, and PC is somewhere around $300 billion. So the opportunity for productivity gains and overall results is much, much bigger, and the problem is much more difficult. Now, with AppWave the mobile experience—find, run, rate, review—comes to the PC. So the agile enterprise has tools to support it.

Gardner: How do we bring these together? How do we bring the app store experience to IT? How do we enable them to bring that to their own constituents, their own users?

Williams: The key is the system. With the enterprise app store we bring two constituents together: users and management.

You mentioned a few things that are core principles. For users, there are really three principles that drive everything that we do. One of them is self-service, the next is socialization, and the third is instant gratification.

As a user, when I have a problem to solve and I'm looking for an app to help me solve it, I want to be able to find it myself, quickly. I want to understand what my peers are saying about that app. When I decide I want to try it, I click a button and run it. Everything we do goes through one of those filters. It’s about the user experience.

From a management perspective, for IT they need centralized control and visibility into real usage. So those are two principles that really drive everything we do with AppWave from a management perspective.

People talk about the consumerization of IT now, and initiatives like "bring your own device." The key for IT is to put an environment in place that draws users in and gives them what they're looking for, but you can still maintain overall control and have real visibility into who is using software and when.

Gardner: Describe for us what AppWave is, what it does, and how it came to be?

Williams: AppWave is an enterprise app store for PCs that provides self-service. Users can very easily type in a search term and get a result. The result is a set of applications. Then they can click and run those applications, read ratings and reviews from their peers, and they can be assured that when they do run those applications, they're not going to disrupt anything else that they have on their PC.

... If you look at Windows, it's designed around the concept of sharing and sort of a utopian view, where applications could all share parts, and typically those are called DLLs in Windows. Unfortunately, the end result of that is conflict.

When a user wants to try a new application, that application is installed and will typically conflict with other applications that were previously installed. The problem gets worse when you get into new versions.

In the PC market, most vendors update their software multiple times a year. For example, we put out new release of every major product once a year and then we will have point releases typically quarterly. You have an awful lot of change, and every time there is a change, you stand to break other things that are already installed on your computer.

That was one of the things we had to tackle, and we did with AppWave. That folds into instant gratification. If I'm a user who has an existing version of a particular application, and I need either the older version or the newer version, I should be able to click a button and be productive. I should be using it in seconds.

Gardner: How did you solve these issues inherent with PC software availability?

Williams: Years and years of engineering, but at the heart of it, we removed the dependencies that applications would have with other applications and with the environment in general. Each of these applications is able to stand on its own, which means you can have multiple versions of a particular app and move between them painlessly with no concerns.

I think that’s important for just about any knowledge worker. I've seen company after company—and ours is no different—afraid to move, for example, to the newest version of Office, because they're not sure if documents from the old version are going to work properly. Problems like that are gone, because you can easily move from version to version with the click of a button.

This is particularly important in R&D, where a tremendous amount of time is spent retooling to go from one configuration of applications for a particular system.

Prior to having AppWave, developers had multiple PCs, one for working on the new release that’s going to come out this year and then one for going back and fixing bugs on last year’s release.

Gardner: What do you get if you do this properly? How impactful is the shift when you go from say a traditional distribution to an AppWave and an app store distribution model?

Williams: I can give you a few examples. It's been amazing for us certainly. We drink our own champagne. We've made incredible gains, with the biggest gains being in two areas.

One is in R&D, where teams generally produce a daily build of most of the products. Those apps, when they come off the build machine, are now immediately available to all of R&D. It's particularly important for QA, because the downtime that you would have retooling and getting a new app is gone. It’s literally seconds. So we've seen some great gains internally with R&D.

We've also seen it with sales. We've got roughly 20 products. We put out a minor release once a quarter and majors once a year. So if you just looked at the explosion of that set of apps that a salesperson would have to have on their PC, just in two years, it’s 160. That historically has been a problem. It’s just a productivity drain and it’s error prone. Now that problem is gone.

A large financial services company had a nine-month rollout cycle for of a new version of a PC app. They had a really pressing business need to get this done before the holidays, their biggest season. It was impossible using their current methods for PC software distribution. With AppWave, users were upgraded to the right version of software in minutes.

The thing that they loved about that whole experience wasn't really the metrics. Certainly they put together their ROIs and they were impressive, but what that really did for them was that it allowed them to move quickly, to solve the business need in a time that would really make a difference.

Gardner: We're seeing tremendous uptake in mobile devices and tablets. We're seeing people who want to be able to combine their roles as consumers and individuals at home with what they do at work.

Is there something about AppWave and what we've been talking about that can be brought into the mobile and even cloud spheres?

Williams: Absolutely. Our view is that, at the end of the day, it's all about getting the right app in the hands of the users as quickly as possible and that should happen on all relevant platforms. So certainly mobile tablets, Android tablets, and iOS, iPads, are very cool and powerful devices that we are certainly going to support.

The important thing to remember is about getting the app to the user, regardless of what device they're using. So whether it's a tablet, a PC, or it's their own PC, as opposed to the company PC, they should still have access to all the apps that matter, with all the same kind of principles we've talked about, instant gratification, very easy to find. Those are all things that we're covering in AppWave.

Our initial focus was all about solving the PC problem, because in my view that’s the big problem. That’s where so much productivity has been locked away. We've solved that for the PC now and we certainly will support other popular platforms as they emerge.

Listen to the podcast. Find it on iTunes/iPod. Read a full transcript or download a copy.

Another ABPD move from QPR Software

rss@it-analysis.com (Simon Holloway, Bloor Research) — Fri, 24 Feb 2012 07:00:00 +0100

By: Simon Holloway, Practice Leader - Process Management & RFID, Bloor Research
Posted: 24th February 2012
Copyright Bloor Research © 2012

QPR Software announced on February 23rd the launch its Automated Business Process Discovery solution for Salesforce.com. Using data logged by Salesforce.com. QPR ProcessAnalyzer provides a view of the actual sales process. The solution provides up-to-date information about typical sales paths and displays process performance metrics. With increased insight, companies are able to manage their sales processes better and increase sales.

Sami TÃ¤htinen, Vice President of Products and Technology at QPR Software, said "Companies put a lot of effort into coaching and managing their sales force, but up until now there has been few ways to directly and objectively assess the sales process. With QPR ProcessAnalyzer for Salesforce.com, companies have for the first time complete insight into their sales efforts"

By 'reverse-engineering' data logged by Salesforce.com, QPR ProcessAnalyzer is able to re-create the sales processes the way it is actually used by the real business users. The analysis includes paths, process flowcharts and process variations. They come spiced with durations, transition times and other process performance metrics. Results are easily compared and benchmarked using background variables such as sales team, product, point in time, and customer.

With this information, companies are able to answer sales management questions such as:

In which stages of the sales process do we face challenges?
What cause & effect chains typically exist for lost & won deals?
What are the real durations between different stages of the sales process?
What are the real closing probabilities for different opportunities in different stages?

This is the second ABPD solution that QPR have launched; the first being for SAP (see QPR Software add SAP specific version to ProcessAnalyzer). QPR are really forging ahead in the ABPD market by building solutions based on their ProcessAnalyzer product related to major application packages. This latest is interesting because it deals with an application that is in the cloud rather than in-house. My belief is that QPR are taking this market full-on and have identified a way that is vital to many organisation that need to revitalise their current processes embedded in their application portfolio.

QPR Software announce good sales figures for 2011

rss@it-analysis.com (Simon Holloway, Bloor Research) — Fri, 24 Feb 2012 07:00:00 +0100

By: Simon Holloway, Practice Leader - Process Management & RFID, Bloor Research
Posted: 24th February 2012
Copyright Bloor Research © 2012

QPR Software announced on February 16th their unaudited accounts for 2011. The highlights are:

Net sales showing 8.7% growth of 2010
Operating profit growth of 0.4% over 2010
Operating profit margin of 10.0% of consolidated sales
Net sales growth for the final quarter of October - December 2011 of 15.4%

Net sales and operating profit showed a positive development towards the end of the year. Quarterly net sales were highest in the fourth quarter which led operating margin to reach 12.1%. Despite the growth in net sales, the company's operating profit was on the same level as last year, which was mainly due to increase in personnel costs and outlays in development of the new software product, QPR ProcessAnalyzer.

Net sales in Finland grew 29.5% in 2011 due to good development in software sales and professional service business, as well as consolidation of Nobultec Ltd into QPR Software Group as of 1 August 2011. The growth in operating profit in Business Operations Finland was also strong. The majority of new software sales in Finland were subscription sales.

The Group's international net sales in 2011 decreased 5.9%, which was mainly due to a decrease in software license sales. This, in turn, was partly influenced by gradual initiation of subscription based software sales in QPR's international sales channel. This has a negative impact on revenue recognition from the new contracts, but on the other hand will provide a steady increase in net sales in the future.

QPR Software estimates the consolidated net sales for 2012 to show significantly faster growth than in the previous year (growth in year 2011: 8.7%) and operating profit to remain on the same level as in the previous year, or to improve slightly. The company expects significant growth especially in software subscription net sales, SAP consulting, process analysis business and enterprise architecture services sales.

In 2012, QPR aims to place significant investments in the development of its new software product, QPR ProcessAnalyzer, and related services. QPR aims at strong international software sales growth and significant market share in this new category.

Market forecasts published in the beginning of 2012 estimate that the value of global software sales will increase approximately 6% and global professional services sales will increase approximately 3% in 2012 compared to 2011.

The company estimates that software subscription net sales, SAP consulting net sales, process analysis net sales and enterprise architecture service net sales to grow significantly from the previous year.

In 2012, QPR aims to place significant investments in the development of its new software product QPR ProcessAnalyzer and related services. This will, in short term, have a negative impact on profitability. The company believes that these outlays are well justified, since the QPR ProcessAnalyzer business, launched in February 2011, has started well and the leading market analysts are forecasting strong demand growth for process analysis products and services. QPR aims at strong international software sales growth and significant market share in this new category.

The company also aims to recruit new channel partners especially for its QPR ProcessAnalyzer and QPR EnterpriseArchitect software products and to develop replicable solutions for its present channel partners.

This is a very positive report from a software company based in Europe, considering the double dip recession that the continent has and is going through. The outlook for 2012 shows that QPR have identified a niche market which is currently unexploited by many of the large BPMS vendors and, with a year of experience in the field, are setting out to exploit that advantage. At the same time, for their international sales they will be reliant on how well their partners are able to step up to take advantage of the ABPD market. It will be interesting to watch and see, but I applaud the plan.

Enterprise architecture and enterprise transformation: Related but distinct concepts

rss@it-analysis.com (Dana Gardner, Interarbor Solutions) — Thu, 23 Feb 2012 07:00:00 +0100

By: Dana Gardner, Principal Analyst, Interarbor Solutions
Posted: 23rd February 2012
Copyright Interarbor Solutions © 2012

For some, if you want enterprise transformation, you really need the organizing benefits of enterprise architecture (EA) to succeed.

For others, the elevation of enterprise architecture as an essential ingredient to enterprise transformation improperly conflates the role of enterprise architecture, and waters down enterprise architecture while risking its powerful contribution.

So how should we view these important roles and functions? How high into the enterprise transformation firmament should enterprise architecture rise? And will rising too high, in effect, melt its wings and cause it to crash back to earth and perhaps become irrelevant?

Or is enterprise transformation nowadays significantly dependent upon enterprise architecture and, therefore, we should make enterprise architecture a critical aspect for any business moving forward?

We posed these and other questions to a panel of business and EA experts at last month's Open Group Conference in San Francisco to deeply examine the fascinating relationship between enterprise architecture (EA) and enterprise transformation. [Disclosure: The Open Group is a sponsor of BriefingsDirect podcasts.]

The panel: Len Fehskens, Vice President of Skills and Capabilities at The Open Group; Madhav Naidu, Lead Enterprise Architect at Ciena Corp.; Bill Rouse, Professor in the School of Industrial and Systems Engineering and the College of Computing, as well as Executive Director of the Tennenbaum Institute, all at the Georgia Institute of Technology, and Jeanne Ross, Director and Principal Research Scientist at the MIT Center for Information Systems Research.

The discussion was moderated by Dana Gardner, Principal Analyst at Interarbor Solutions. [Disclosure: The Open Group and HP are sponsors of BriefingsDirect podcasts.]

Here are some excerpts:

Gardner: Why is enterprise transformation not significantly dependent upon enterprise architecture, and why would it be a disservice to bring enterprise architecture into the same category?

Fehskens: My biggest concern is the identification of enterprise architecture with enterprise transformation.

First of all, these two disciplines have different names, and there's a reason for that. Architecture is a means to transformation, but it is not the same as transformation. Architecture enables transformation, but by itself is not enough to effect successful transformation. There are a whole bunch of other things that you have to do.

My second concern is that right now, the discipline of enterprise architecture is sort of undergoing—I wouldn’t call it an identity crisis—but certainly, it's the case that we still really haven't come to a widespread, universally shared understanding of what enterprise architecture really means.

My position is that they're two separate disciplines. Enterprise architecture is a valuable contributor to enterprise transformation, but the fact of the matter is that people have been transforming enterprises reasonably successfully for a long time without using enterprise architecture. So it's not necessary, but it certainly helps... There are other things that you need to be able to do besides developing architectures in order to successfully transform an enterprise.

Gardner: As a practitioner of enterprise architecture at Ciena Corp., are you finding that your role, the value that you’re bringing to your company as an enterprise architect, is transformative? Do you think that there's really a confluence between these different disciplines at this time?

Naidu: Transformation itself is more like a wedding and EA is more like a wedding planner. I know we have seen many weddings without a wedding planner, but it makes it easier if you have a wedding planner, because they have gone through certain steps (as part of their experience). They walk us through those processes, those methods, and those approaches. It makes it easier.

I agree with what Len said. Enterprise transformation is different. It's a huge task and it is the actual end. Enterprise architecture is a profession that can help lead the transformation successfully.

Almost everybody in the enterprise is engaged in [transformation] one way or another. The enterprise architect plays more like a facilitator role. They are bringing the folks together, aligning them with the transformation, the vision of it, and then driving the transformation and building the capabilities. Those are the roles I will look at EA handling, but definitely, these two are two different aspects.

Gardner: Is there something about the state of affairs right now that makes enterprise architecture specifically important or particularly important for enterprise transformation?

Naidu: We know many organizations that have successfully transformed without really calling a function EA and without really using help from a team called EA. But indirectly they are using the same processes, methods, and best practices. They may not be calling those things out, but they are using the best practices.

Rouse: There are two distinctions I’d like to draw. First of all, in the many transformation experiences we've studied, you can simplistically say there are three key issues: people, organizations, and technology, and the technology is the easy part. The people and organizations are the hard part.

The other thing is I think you’re talking about is the enterprise IT architecture. If I draw an enterprise architecture, I actually map out organizations and relationships among organizations and work and how it gets done by people and view that as the architecture of the enterprise.

Sometimes, we think of an enterprise quite broadly, like the architecture of the healthcare enterprise is not synonymous with information technology (IT). In fact, if you were to magically overnight have a wonderful IT architecture throughout our healthcare system in United States, it would be quite helpful but we would still have a problem with our system because the incentives aren’t right. The whole incentive system is messed up.

So I do think that the enterprise IT architecture is an important enabler, a crucial enabler, to many aspects of enterprise transformation. But I don’t see them as close at all in terms of thinking of them as synonymous.

Gardner: Len Fehskens, are we actually talking about IT architecture or enterprise architecture and what's the key difference?

Fehskens: Well, again that’s this part of the problem, and there's a big debate going on within the enterprise architecture community whether enterprise architecture is really about IT, in which case it probably ought to be called enterprise IT architecture or whether it’s about the enterprise as a whole.

For example, when you look at the commitment of resources to the IT function in most organizations, depending on how you count, whether you count by headcount or dollars invested or whatever, the numbers typically run about 5–10 percent. So there's 90 percent of most organizations that is not about IT, and in the true enterprise transformation, that other 90 percent has to transform itself as well.

So part of it is just glib naming of the discipline. Certainly, what most people mean when they say enterprise architecture and what is actually practiced under the rubric of enterprise architecture is mostly about IT. That is, the implementation of the architecture, the effects of the architecture occurs primarily in the IT domain.

Gardner: But, Len, don't TOGAF at The Open Group and ArchiMate really step far beyond IT? Isn’t that sort of the trend?

Fehskens: It certainly is a trend, but I think we've still got a long way to go. Just look at the language that’s used in the architecture development method (ADM) for TOGAF, for example, and the model of an enterprise architecture. There's business, information, application, and technology.

Well, three of those concepts are very much related to IT and only one of them is really about business. And mostly, the business part is about that part of the business that IT can provide support for. Yes, we do know organizations that are using TOGAF to do architecture outside of the IT realm, but the way it's described, the way it was originally intended, is largely focused on IT.

What is going on is generally not called architecture. It's called organizational design or management or it goes under a whole bunch of other stuff. And it's not referred to as enterprise architecture, but there is a lot of that stuff happening. As I said earlier, it is essential to making enterprise transformation successful.

My personal opinion is that virtually all forms of design involve doing some architectural thinking. Whether you call it that or not, architecture is a particular aspect of the design process, and people do it without recognizing it, and therefore are probably not doing it explicitly.

But Bill made a really important observation, which is that it can't be solely about IT. There's lots of other stuff in the enterprise that needs to transform.

Ross: Go back to the challenge we have here of enterprise architecture being buried in the IT unit. Enterprise architecture is an enterprise effort, initiative, and impact. Because enterprise architecture is so often buried in IT, IT people are trying to do things and accomplish things that cannot be done within IT.

We've got to continue to push that enterprise architecture is about designing the way this company will do its business, and that it's far beyond the scope of IT alone. I take it back to the transformation discussion. What we find is that when a company really understands enterprise architecture and embraces it, it will go through a transformation, because it's not used to thinking that way and it's not used to acting that way.

If management says we're going to start using IT strategically, we're going to start designing ourselves so that we have disciplined business processes and that we use data well. The company is embracing enterprise architecture and that will lead to a transformation.

Gardner: You said that someday CIOs are going to report to the enterprise architects, and that’s the way it ought to be. Does that get closer to this notion that IT can't do this alone, that a different level of thinking across disciplines and functions needs to occur?

Ross: I certainly think so. Look at companies that have really embraced and gotten benefits from enterprise architecture like Procter & Gamble, Tetra Pak, and Maersk. At P&G’s, IT is reporting to the CIO but he is also the President of Shared Services. At Maersk and Tetra Pak, it's the Head of Global Business Processes.

Once we get CIOs either in charge with more of a business role and they are in charge of process, and of the technology, or are reporting to a COO or head of business process, head of business transformation, or head of shared services, then we know what it is we’re architecting, and the whole organization is designed so that architecture is a critical element.

I don’t think that title-wise, this is ever going to happen. I don’t think we’re ever going to see a CIO report to chief enterprise architect. But in practice, what we’re seeing is more CIOs reporting to someone who is, in fact, in charge of designing the architecture of the organization.

By that, I mean business processes and its use of data. When we get there, first of all, we will transform to get to that point and secondly, we’ll really start seeing some benefits and real strategic impact of enterprise architecture.

Gardner: There's some cynicism and skepticism around architecture, and yet, what we’re hearing is it's not in name only. It is important, and it's increasingly important, even at higher and higher abstractions in the organization. How then do you evangelize or propel architectural thinking into companies? How do you get the thinking around an architectural approach more deeply engrained in these companies?

Fehskens: Dana, I think that’s the $64,000 question. The fundamental way to get architectural thinking accepted is to demonstrate value. I mean to show that it really brings something to the party. That’s part of my concern about the conflation of enterprise transformation with enterprise architecture and making even bigger promises that probably can't be kept.

The reason that in organizations who’ve tried enterprise architecture and decided that it didn’t taste good, it was because the effort didn’t actually deliver any value.

The way to get architectural thinking integrated into an organization is to use it in places where it can deliver obvious, readily apparent value in the short-term and then grow out from that nucleus. Trying to bite off more than you can chew only results in you choking. That's the big problem we’ve had historically.

It’s about making promises that you can actually keep. Once you've done that, and done that consistently and repeatedly, then people will say that there's really something to this. There's some reason why these guys are actually delivering on a big promise.

Rouse: We ran a study recently about what competencies you need to transform an organization based on a series of successful case studies and we did a survey with hundreds of top executives in the industry.

The number one and two things you need are the top leader has to have a vision of where you’re going and they have to be committed to making that happen. Without those two things, it seldom happens at all. From that perspective, I'd argue that the CIO probably already does report to the chief architect. Bill Gates and Steve Jobs architected Microsoft and Apple. Carnegie and Rockefeller architected the steel and oil industries.

If you look at the business histories of people with these very successful companies, often they had a really keen architectural sense of what the pieces were and how they needed to fit together. So if we’re going to really be in the transformation business with TOGAF and stuff, we need to be talking to the CEO, not the CIO.

Ross: I totally agree. The industries and companies that you cited, Bill, instinctively did what every company is going to need to do in the digital economy, which is think about corporate strategy not just in terms of what products do we offer, what markets are we in, what companies do we acquire, and what things do we sell up.

At the highest level, we have to get our arms around it. Success is dependent on understanding how we are fundamentally going to operate. A lot of CEOs have deferred that responsibility to others and when that mandate is not clear, it gets very murky.

What does happen in a lot of companies, because CEOs have a lot of things to pay attention to, is that once they have stated the very high-level vision, they absolutely can put a head of business process or a head of shared services or a COO type in charge of providing the clarification, providing the day-to-day oversight, establishing the relationships in the organizations so everybody really understands how this vision is going to work. I totally agree that this goes nowhere if the CEO isn’t at least responsible for a very high-level vision.

Gardner: So if what I think I'm hearing is correct, how you do things is just as important as what you do. Because we’re in such a dynamic environment, when it comes to supply chains and communications and the way in which technology influences more and more aspects of business, it needs to be architected, rather than be left to a fiat or a linear or older organizational functioning.

So Bill Rouse, the COO, the chief operating officer, wouldn’t this person be perhaps more aligned with enterprise architecture in the way that we’re discussing?

Rouse: Let's start with the basic data. We can't find a single instance of a major enterprise transformation in a major company happening successfully without total commitment of top leadership. Organizations just don’t spontaneously transform on their own.

A lot of the ideas and a lot of the insights can come from elsewhere in the organization, but, given that the CEO is totally committed to making this happen, certainly the COO can play a crucial role in how it's then pursued, and the COO of course will be keenly aware of a whole notion of processes and the need to understand processes.

One of the companies I work very closely with tried to merge three companies by putting in ERP. After $300 million, they walked away from the investment, because they realized they had no idea of what the processes were. So the COO is a critical function here.

Just to go back to original point, you want total commitment by the CEO. You can't just launch the visionary message and walk away. At the same time, you need people who are actually dealing with the business processes to do a lot of the work.

Gardner: What the is the proper relationship between enterprise architecture and enterprise transformation?

Ross: I'd say the relationship between enterprise architecture and enterprise transformation is two-way. If an organization feels the need for a transformation—in other words, if it feels it needs to do something—it will absolutely need enterprise architecture as one of the tools for accomplishing that.

It will provide the clarity the organization needs in a time of mass change. People need to know where they're headed, and that is true in how they do their processes, how they design their data, and then how they implement IT.

It works just as well in reverse. If a company hasn't had a clear vision of how they want to operate, then they might introduce architecture to provide some of that discipline and clarity and it will inevitably lead to a transformation. When you go from just doing what every individual thought was best or every business unit thought was best to an enterprise vision of how a company will operate, you're imposing a transformation. So I think we are going to see these two hand-in-hand.

Rouse: I think enterprise transformation often involves a significant fundamental change of the enterprise architecture, broadly defined, which can then be enabled by the enterprise IT architecture.

Naidu: Like I mentioned in the beginning, one is end, another one is means. I look at the enterprise transformation as an end and enterprise architecture providing the kind of means. In one way it's like reaching the destination using some kind of transportation mechanism. That’s how I look at the difference between EA and ET.

Fehskens: One of the fundamental principles of architecture is taking advantage of reuse when it's appropriate. So I'm just going to reuse what everybody just said. I can't say it better. Enterprise architecture is a powerful tool for effecting enterprise transformation.

Jeanne is right. It's a symmetric or bidirectional back-and-forth kind of relationship.

Listen to the podcast. Find it on iTunes/iPod. Read a full transcript or download a copy.

Amazon's SWF: workflow, the cloud, and the nature of applications

rss@it-analysis.com (Neil Ward-Dutton, MWD Advisors) — Wed, 22 Feb 2012 21:32:46 +0100

By: Neil Ward-Dutton, Research Director, MWD Advisors
Posted: 22nd February 2012
This work is licensed under a Creative Commons License

Earlier today Amazon announced the launch of its Simple Workflow service (SWF) in beta. The announcement (and the attendant – and detailed – blog) explain that:

Amazon Simple Workflow coordinates the flow of synchronous or asynchronous tasks (logical application steps) so that you can focus on your business and your application instead of having to worry about the infrastructure.

So: has Amazon introduced a technology that will be useful to organisations looking to implement BPM projects in the cloud? And: how does this fit into the other offerings that are currently available?

To be clear – Amazon’s SWF is a programming framework which will help developers to handle stateful and potentially long-running workflows without having to write loads of tedious custom infrastructure code; and that means that for lots and lots of application developers building SaaS and PaaS propositions, it’s something that is definitely worth exploring.

From what I can tell from an initial pass, SWF can be used not only to assist with programming workflow behaviours that are ‘internal’ to applications that will be hosted on Amazon’s AWS platform; but also used to coordinate execution of tasks and applications that are distributed across multiple cloud platforms and also across a cloud/on-premise boundary. And that means that SWF could be pretty useful for companies building application services on AWS that need to manage long-running state, and also for companies looking to build cloud-based integration platforms and channels where the primary purpose is to coordinate systems from a central cloud-hosted logical point. Again from first sight, SWF appears to be not a million miles away from what Microsoft provides with its instantiation of the Windows Workflow Foundation within the Azure Platform – and that’s unlikely to be a complete coincidence.

But SWF is *not* a BPM tool or platform in any significant sense, just like a combustion engine is not a car. You can’t use SWF to manage processes through their lifecycles, and you have to code tasks and flows by hand using programming languages rather than through abstract models. But in theory – because there’s some simple runtime instrumentation available, as well as support for things like external signalling (enabling unexpected events to alter flow behaviour at runtime) - you could build a moderately sophisticated BPM toolset based on SWF as the core of the runtime platform.

For me, the announcement of SWF is significant not really because it will quickly help organisations get their business processes under management, become more effective and agile and so on, but because it’s yet another signifier that:

There’s a growing understanding in the general application software developer community that co-ordination of work is something that needs to be supported explicitly; it’s not enough to build another generation of systems of record; and
Cloud-based application services are a mainstream consideration, and the things that the majority of industry cares about (not innovators and early adopters) – how do I get this to co-ordinate with other things I have, how do I get data in and out of it, and so on – are rising up cloud platform providers’ agendas quickly.

I’ll be looking for SWF customers to talk to over the coming months to see how much real ‘business process’ work gets done, and how much is integration pipeline work; and also trying to dig into some of the potential technical and commercial limitations that arise in practice.

I’m interested to know what you think, too – is SWF interesting? (For that matter, is Microsoft’s Workflow Framework on Azure interesting?).

Question restated - What is the problem that social networking is there to solve?

rss@it-analysis.com (Roger Whitehead, Office Futures) — Wed, 22 Feb 2012 11:37:49 +0100

By: Roger Whitehead, Director, Office Futures
Posted: 22nd February 2012
Copyright Office Futures © 2012

Responses elsewhere suggest I wasn't specific enough originally. These questions apply to the enterprise social networking system that your organisation has or is intending to create.

Has anybody asked what the problem is?
Have you asked?
Has anyone asked you?
What do you think the problem is?
Do you think there is one?

Why are you / they doing it, then?

Interact with HP experts on latest cloud-enablement strategies

rss@it-analysis.com (Dana Gardner, Interarbor Solutions) — Wed, 22 Feb 2012 07:00:00 +0100

By: Dana Gardner, Principal Analyst, Interarbor Solutions
Posted: 22nd February 2012
Copyright Interarbor Solutions © 2012

Cloud computing trends are now driving the need for a different approach to data center transformation. The disruptions caused by the slack economy, data explosion and Big Data analysis, mobile computing, and social interactions are having a profound effect. Enterprises sense a need to move quickly in pursuit of their business goals.

This need to react quickly is also prompting the business side of the organization to exploit cloud computing - with or without IT’s consent. Forrester Research reports that business groups are adopting cloud 2.5 times faster than the typical organization's IT groups.

This, says Forrester, creates "supplier sprawl" as procurement of cloud services by the business groups remains separate and beyond control of IT. And that means a mess for CIOs who will need to measure and integrate those services at some time into a managed hybrid computing data center environment.

Cloud, in effect, is forcing a hastened and perhaps messy focus on what has already been under way: Services-oriented architecture, business services management, and an increased emphasis on process efficiency, and business-IT alignment.

Live discussion
To find out more on keeping the move to cloud models organized and rational, I'll be moderating a live deep-dive discussion on Feb 29, with a group of HP experts to explore how to cloud-enable and transform data centers. [Disclosure: HP is a sponsor of BriefingsDirect podcasts.]

In this free discussion (registration required), you'll hear latest recommendations for how to create the roadmap and inculcate the culture and organization required to support the coming future state of hybrid services delivery.

First in the hour-long multi-media presentation and questions and answers session, comes the latest from one of HP's top cloud experts, Chris Coggrave, Global Director of Data Centre Transformation and Cloud Services at HP. You'll hear about the challenges and the payoffs of making these data center transitions well. Tellingly, much of what needs to be done is not strictly of a technical nature. Now is the time for making preparations for the new management, organization and processes required to support a service-oriented approach and successful cloud development.

After Chris's chat, viewers will be invited to participate in the interactive question-and-answer session with actual HP cloud-enablement experts. Moreover, both questions and answers will be automatically translated into 13 major languages to demonstrate how service and support services know no boundaries, time zones or language barriers.

Process mining - creating passive management systems?

rss@it-analysis.com (Neil Ward-Dutton, MWD Advisors) — Tue, 21 Feb 2012 16:31:14 +0100

By: Neil Ward-Dutton, Research Director, MWD Advisors
Posted: 21st February 2012
This work is licensed under a Creative Commons License

Although it’s not a formal part of the BPM research programme I set out in advance at the end of last year, in the past few weeks I’ve been drawn into looking in some detail at the emerging process mining space.

Process mining has been an active academic research space for some years (and eminent BPM research leader Prof Wil van der Aalst leads a team at TU/e which has been instrumental in launching commercial projects as well as advancing research in the area).

The Process Mining manifesto, published late last year, is a really good overview of the area and call to action – and one thing it makes clear is that the scope of process mining technology is much broader than process discovery (which is the area that most commentary has focused on so far, with much discussion conflating the two concepts).

According to the manifesto, there are three applications of process mining – discovery, conformance checking and enhancement:

Discovery is about taking event logs and analysing them to produce models of work.
Conformance is about comparing existing models of work with evidence from event logs to discover any operational 'gaps' between prescribed or recommended practices and actual work in the field.
Enhancement is about using data from event logs to enrich the information provided by static models – perhaps by overlaying performance information, for example; or even using historical event information to predict the performance of work currently in progress and suggest ways to optimise it 'on the fly'.

What's particularly interesting to me, based on my reading of the manifesto at least, is that the authors (or at least some of them) appear to propose that process mining in its broadest context provides the foundation for a different kind of process management system from the kind many people are familiar with today – one that’s 'passive' rather than 'active'.

This 'passive system' is not like today’s BPMSs, which manage processes and the execution of work using those processes through a core co-ordinating application that orchestrates the flow of work between people and systems.

Rather, through ongoing and continuous mining of event logs 'in the background', not directly connected to the systems that people use to get work done, such a system would work by detecting the shadows that work casts onto existing IT systems; tracking those shadows in the context of models (discovered or purposely created); and then using that analysis to drive a) management insights into opportunities for improvement and b) operational insights into optimal execution of work.

As the manifesto itself points out, the engineering and research foundations are already in place to make a system like this possible today. Such a system would have the potential to deliver many of the benefits that today’s BPM projects can deliver, but without interposing a new application layer that risks disrupting relationships that people have with their existing working habits and IT systems.

Still, though, I think it’s going to take a few years before such systems gain significant mainstream traction in industry. Why? Because a lot of the practical detail of implementing such a system in industry would require new tools to be built, and the big vendor money is currently being poured into ongoing marketing and improvement of today’s generation of BPMSs; and there are no vendors of any significant size that could release such a platform in the near future without confusing the hell out of its prospect and customer base.

I think we will see systems like this start to be deployed in the coming years, particularly in scenarios where 'unstructured' knowledge work is at the heart of the business domain under consideration – but that doesn’t mean process mining is a dead-end: far from it.

I really think we’ll see a lot of real-world deployment of process mining’s discovery application, and quite soon (in the coming months). Why? Because in this context, process mining techniques and technologies help to address an immediate pain point that an established community of industry practitioners have. Specifically, how to quickly discern the actual state of work in a given area of a business to provide a reliable foundation for analysis of improvement opportunities.

I’ll be looking a little more at this 'discovery' aspect of process mining in a forthcoming post. In the meantime, I’d love to get your thoughts on this larger question – it’s still an emerging area and I know I am a long way from having all the answers!

What is the problem that social networking is there to solve?

rss@it-analysis.com (Roger Whitehead, Office Futures) — Tue, 21 Feb 2012 12:28:35 +0100

By: Roger Whitehead, Director, Office Futures
Posted: 21st February 2012
Copyright Office Futures © 2012

Has anybody asked?
Have you asked?
Has anyone asked you?
What do you think the problem is?
Do you think there is one?

Why are you / they doing it, then?

Confidence builds in Nimble's break-through technology

rss@it-analysis.com (Peter Williams, Bloor Research) — Tue, 21 Feb 2012 07:00:00 +0100

By: Peter Williams, Practice Leader - IT Infrastructure Mgmt., Bloor Research
Posted: 21st February 2012
Copyright Bloor Research © 2012

Nimble has proven to be an appropriate name for this 2008 storage start-up that must already be annoying companies such as EMC and Dell in the mid-range. Despite these recessionary times, Nimble has posted record growth and revenue and now claims to be the fastest growing computer storage company in history.

Last October, when I was introduced to Nimble Storage, the company's technological innovation impressed me enough that I suggested it would be a game changer for the storage mid-market. So, last month, when I met with Nimble Storage CEO Suresh Vasudevan, we talked less about the technology than about how far the company had come and whether it could fulfil what I saw as major potential in the coming months and years.

I will skip regurgitating how its patented Cache Accelerated Sequential Layout (CASL) architecture works (as you can read the previous article). The one exception is to mention that a then-missing element, scale-out connectivity, is now in beta - which means the ability to group multiple arrays without hardware changes is almost here. This is needed to enable expansion with more flexibility for growing mid-sized businesses pushing into the larger enterprise bracket.

Let me instead give you what I think are reasonably jaw-dropping statistics: Q4 2011 growth was 500% over the same quarter in 2010 and 80% more than the previous quarter - which translates to Nimble adding 100 new customers - spread across verticals including medical, retail, government, financial and legal. Vasudevan told me that Service Providers (SPs) were using Nimble for disaster recovery (DR) services, while Citrix XenServer certification had boosted desktop VDI deployments, which particularly benefited from Nimble's variable length IOPs capabilities. A high percentage of these sales were in EMC environments, he said.

So it is no surprise that its most recent round of VC funding was over-subscribed. This helped fund expansion into new offices in Vancouver and Toronto (Canada), London, Amsterdam and Hamburg, with employee numbers rising from 38 to 150 in a year. Expressed another way, the number of US sales teams went from three to 19 in a year - and Vasudevan told me that the three new sales teams in Europe could likewise expand to 19 in 2012.

Nimble Storage sells entirely through channel partners. So sales partly reflect resellers' positive experience with Nimble, finding the solution simple to buy, install and use - and especially because it automates continuous optimisation of the system even as workloads change; for Nimble Storage, one could read "agile storage" for use by an agile company. According to Vasudevan, Nimble meets resellers' ideal criteria: sales velocity to close deals, growth independence, a good margin profile and ease of doing business including the training aspect. Other things that have rapidly changed include moving beyond a VMware VCenter plug-in to certification for VMware.

The company's challenges include getting its name better known, potential for FUD from competitors, continuing to execute as well as it has done so far as its meteoric growth carries on - and the standard question for VC start-ups: "How do we know you will be around in five years?"

If Nimble does not over-stretch itself, I dare say some of the largest storage vendors will be sniffing around for a possible takeover - maybe more so when it moves to IPO in perhaps three years. In the meantime, Nimble's growth statistics are adding credibility to my apparently over-the-top assessment of a few months ago.

So I will simply reiterate what I said then: prove for yourself whether I am painting a fair picture; mid-market companies should give Nimble and its architecture a close look.

MicroStrategy

rss@it-analysis.com (David Norris, Bloor Research) — Tue, 21 Feb 2012 07:00:00 +0100

By: David Norris, Practice Leader - Analytics, Bloor Research
Posted: 21st February 2012
Copyright Bloor Research © 2012

I have been a long time admirer of the technology that MicroStrategy offer. I have not always been an outright admirer of them as a company to do business with. Whilst the technology has always been amongst the best available - comprehensive, integrated functional, performant and capable - it has come at a price that is at the top end. That does not mean it has not offered good value for money, it is, after all, a true enterprise level solution. But added to the price was a perception that you almost had to qualify to be considered good enough to be a customer of theirs!. So they did not always come across as the easiest to do business with. When you are considering paying top dollar, that has made several companies I have dealt with drop them from consideration even when they should have been on the list. However, things are always changing and I love the technology so I was very happy to meet with them. They continue to have a market-leading offering, and I am now happy to let you know they give the impression of really wanting to work with partners and customers; they are very much more open than before.

MicroStrategy have built their technical reputation on a stack that has been built in-house, rather than assembled from bought-in modules with just a common GUI stitched on top. They have offered a full suite from reports, dashboards and scorecards, OLAP analysis, advanced analytics, to alerts and messaging. To that list they are now adding the essential elements of mobility and big data support, not just in making things available on Hadoop clusters but, more importantly, to the vast majority of us by extending into Social Media analysis, most specifically with interfaces to Facebook. This is vital, as the F-commerce market is fast emerging as the most vital market available at present. Whilst ecommerce is bogged down with permissions and how to separate the wheat from the chaff, the F-Commerce market is self selecting. By subscribing to a Facebook page the users are already telling you "we are interested and have a propensity to buy - just get me the right product, at the right price, at the right time!"

Mobility is another vital element. The iPad seems to be an essential tool for every manager, and they expect to have the information they demand, at their finger tips, rapidly, reliably and accessibly. MicroStategy have a mobile solution that supports not just the Apple family, but also those from RIM ad Android, and they certainly provide functional, fast and usable access to data, so that is a big tick in the box.

Social Media analysis is one that will grow and transform our ideas about CRM. Today CRM is just a cheap way to get customer queries addressed, and a crude way to try to cross and up sell. I believe that, through the use of mobility, especially location based data, and social media to provide real individualised insight, we have a way to return to the original concept of CRM. This means transforming the relationship between consumer and provider to one based on mutual benefit and which provides the consumer with benefit from timely and contextually appropriate content. It also offers the provider greatly enhanced loyalty and profitability. Again I would have to say that the MicroStrategy solution has to be commended, as a simple, elegant, functional response that addresses the crux of what is required.

There is much talk today about Agile BI, which I take to mean affordable, ubiquitous, adaptable, and highly intuitive BI. This has led to the rapid rise of line of thought and visual solutions; the most commonly cited being the likes of Qlikview, Tableau and Spotfire. These are all solutions that I have a great deal of time for, but I do recognise that, at present, they are really departmental rather than enterprise level solutions. I wonder how much they will cost once they have to cope with the demands of an enterprise-wide semantic layer to integrate heterogeneous data to enable their solutions to offer what they do beyond a homogenous departmental environment. So I would still want to look at a solution that offers Enterprise-level robustness if I were after an Enterprise solution. Again, MicroStrategy have a solution in Visual Insight and, although it might appear expensive when compared on a single seat basis as an enterprise solution, it offers all that can be asked of a line of thought discovery tool. It has the capability and robustness that is yet to be proven with the current market favourites and, as such, it offers a value for money solution without hidden costs.

On the issue of price, MicroStrategy will never be available at a rock bottom give away price. It is an enterprise level solution and is priced as such, so it's comparable with the likes of Oracle, IBM, SAP, SAS etc. Now, however, they are offering a means of hosting that offers transparent pricing, assured service levels, and avoidance of all unexpected costs, through the adoption of cloud-based solutions. I would have to say that if I were in the market I would have to include MicroStrategy as a serious contender.

So, to sum up, I have been convinced that when it comes to technology that offers enterprise level functionality, performance, reliability and resilience, MicroStrategy is competing with the best; and now I can add to that they come across as good people to do business with.

BPMS Solution Frameworks at PNMSOFT

rss@it-analysis.com (Simon Holloway, Bloor Research) — Mon, 20 Feb 2012 07:00:00 +0100

By: Simon Holloway, Practice Leader - Process Management & RFID, Bloor Research
Posted: 20th February 2012
Copyright Bloor Research © 2012

At the end of last year I visited PNMSOFT in their offices in Watford as part of the Market Update Review I was carrying out. PNMSOFT is an interesting BPMS vendor as they are UK based, although the software is developed in Israel and, in addition, they are a Microsoft Platform vendor.

PNMSOFT were founded in 1996 and the product SEQUENCE was initially released in 2000. The current version is 6.4, but Bloor understands that a new release is due in early 2012. They are a gold ISV partner of Microsoft, as well as being a member of the Microsoft Business Process Alliance. The company has in recent years won partner of the year awards. I asked James Luxford, Global Head of Product marketing for PNMSOFT, what PNMSOFT were seeing, "We are starting to see more and more organisations thinking of moving to a Microsoft platform due to a lower cost of ownership". I asked how they saw Microsoft in the Business Process Management market. Luxford replied that with no real product coming from Microsoft itself, PNMSOFT were seeing a number of leads coming from Microsoft county sales. He also felt that there was a product versus service contention internally in some counties.

SEQUENCE is a web-based BPMS. Its development environment provides is easy-to-use for a business analyst to design forms, tasks, messages, system integration, and flow connections. As one would expect, there is a heavy integration and use of Microsoft software. Version 6 of the product was completely rewritten to work on .NET 3.5. SEQUENCE processes are, by default, initiated, run, managed and monitored from within a Microsoft SharePoint site. For MIS requirements, SEQUENCE supports integration with Microsoft SQL Server Reporting Services to enable managers to analyse performance and determine trends relating to KPIs and SLAs. In addition to integrating with Microsoft Office, SharePoint, and Dynamics products, it can be integrated with a wide range of external systems through industry-standard protocols such as Web Services, WCF and it also enables connection to commonly used enterprise applications such as SAP and Oracle.

Two new additions to SEQUENCE are support for mobile platforms and cloud support. For mobile runtime, PNMSOFT have introduced SEQUENCETO GO. This is a mobile portal that allows a business user to view and update details from a mobile phone. PNMSOFT are offering 2 different cloud solutions:

SEQUENCEIN THE CLOUD - a Business Process Management (BPM) suite delivering enterprise capabilities.
SEQUENCEFRAMEWORKS IN THE CLOUD - provides a selection of horizontal and vertical frameworks that enable customers to deliver benefits in specific areas within shorter timescales using existing content and building blocks.

It's that word "Frameworks" that makes me sit up. Why is that? Well what I see in the Process Automation market is that the 2 different approaches of packaged Software, such as ERP and the DIY approach of building processes outside your applications using BPMS software, are moving closer together.

In the last Bloor Market Update, I talked about the concepts of framework applications being delivered by BPMS vendors as a way that could reduce implementation time and exploit the skill of their own and their partners' consultants in particular industries. Well, this is what has happened and PNMSOFT are one of the vendors who have done this.

PNMSOFT have put together a series of vertical frameworks for different industries varying from Manufacturing, Defence, Financial Services and Travel. They have also produced a series of horizontal frameworks covering HR, Compliance, Customer Service, Purchasing, Outsourcing and Sales/Marketing. Now these are staring to be offered over the cloud. PNMSOFT let me know that a number of large SIs are very interested in developing further frameworks based on SEQUENCE.

In today's business driven world where time, agility and flexibility are very important, BPMS frameworks make a lot of sense for many organisations. It is gratifying to see that non-US based BPMS vendor is delivering such solutions.

ITIL 2011 Update

rss@it-analysis.com (David Norfolk, Bloor Research) — Mon, 20 Feb 2012 07:00:00 +0100

By: David Norfolk, Practice Leader - Development, Bloor Research
Posted: 20th February 2012
Copyright Bloor Research © 2012

If Service Management is important to you then the ITIL 2011 update is something at the top of your agenda. If it isn't, then I'm sorry, you're missing a trick. How can delivering a business outcome to the business not be important to anyone who expects the business to pay their wages? If you want more information, check out the BCS CMSG (Configuration Management Specialist Group) or buy the book Shirley Lacy and I wrote on Configuration Management; CM is one of the foundations of ITIL. Delivering business outcomes to the business is important and ITIL is a repository of "best practices" for doing so.

So, I was at a free BCS CMSG meeting to discuss the implications of the 2011 update on Service Transition, listening to Shirley Lacy (author of the 2007 Service Transition book and Project Mentor for the 2011 Update) and Stuart Rance (author of the 2011 edition of ITIL Service Transition and co-author of the ITIL V3 Glossary; his blog is here) - at the BCS offices in London, with networking and wine and food afterwards.

First, the good news. The 2011 Review found no treason to change the core contents of ITIL Transition (although, to be fair, that was in the spec. for the update) but it found plenty of opportunities to remove inconsistencies, clarify things, add structure and add better examples. The information content was good already, now it's more accessible.

In detail (but this isn't an exhaustive list, probably every page has some changes):

The contents of the books (and the contents pages) have been made consistent across all the volumes. In some cases, information has been duplicated (Chapter 2 is the same in every volume, for example), so you can read each book as a standalone guide - a useful innovation when the complete set costs so much!
The update has added more examples and focusses more on the people aspects of transition - roles and skills. There's an emphasis on the "configuration management process owner" as opposed to the "configuration manager", a job title some organisations won't have, for example.
Risk management (seen as a bit of a weakness in the 2007 edition) has been consolidated into an appendix which now appears in every volume. It was there already, but sometimes it was a bit hard to find and focus on.
Text in the diagrams (titles in flow diagrams, for example) has been made to exactly reference headings in the text - a welcome removal of a source of confusion in the past.
The treatment of Critical Success Factors (CSF) and Key Performance Indicators (KPI) has been rationalised - there's now a list of KPIs for each CSF.
The relationship of the Service Knowledge Management System (SKMS) to the Configuration Management System (CMS) inside it; and the relationship of Configuration Management Record (CMR) metadata to the Configuration Items (CIs) they describe (and which may be digital assets such as SLAs stored in the SKMS or physical things such as servers, which can't be) has been rationalised a bit. Although I'm not sure that the full implications of this will be entirely clear to everyone, even yet.

The bad news? Well this really isn't going to affect anyone much in the near future, but ITIL grew out of the need to manage large, monolithic, in-house IT systems. It does this very well and its service management focus means that it copes well with SOA and so on too.

But in the next generation of the "universe of things", where business outcomes are delivered from conglomerations of services, mostly neither owned nor managed by the organisation delivering the outcomes to customers, then detailed ITIL practices may start to look less relevant.

I'm convinced that the logical kernel of ITIL will still be useful, but the implementation baggage which surrounds this, and which makes it so useful in practice today, may be less useful when services all come from a Cloud (whatever that means). If there ever is an ITIL V4, I hope it separates out the ITIL kernel more completely from the physical implementation details.

To be fair, ITIL probably already does this to a reasonable extent, with its service lifecycle model and process improvement focus, although this may not be obvious to everyone. Nevertheless, the Universe of Things may need different "best practices" and I'm not entirely convinced that ITIL will be able to simply evolve in order to cope - and this won't fit well with its current emphasis on backwards compatibility.

Still, the bottom line for the ITIL 2011 update, today, is that it is just an evolution, which makes ITIL more consistent and easier to read and use. It will make the job of both ITIL evangelists and the people trying to use it easier and I can't see any reason not to welcome it.

Taking the pulse of BPM in the cloud

rss@it-analysis.com (Neil Ward-Dutton, MWD Advisors) — Fri, 17 Feb 2012 15:46:45 +0100

By: Neil Ward-Dutton, Research Director, MWD Advisors
Posted: 17th February 2012
This work is licensed under a Creative Commons License

‘BPM in the cloud’ is one of the key themes of our 2012 BPM industry research programme, and as a part of that we’ve just published a short online survey that’s designed to help us quickly take the pulse of what’s going on in this area.

From my conversations with some of the principal providers of cloud-based BPM technology (we’ve already published cloud-focused profiles of Appian, IBM and Pegasystems and more are on their way) it’s clear that businesses are starting to take cloud deployment seriously as an option – not only for early-stage trials, proofs-of-concept and so on but also, increasingly, for operational process application deployment.

To add another perspective we’re really keen to get some solid data from practitioners out there in the field. Are you exploring use of BPM technology in the cloud – and if so what are you hoping to gain? Are you already using the technology – and if so what have you found? Did you think about it, but decide to hold off for some reason? Whatever your stance – we’d really love you to take this survey.

Anyone who completes the survey can request a free copy of the analysis report, which we’ll publish in April 2012.

Thanks very much in advance for taking part – I think the results will be pretty interesting!

Xerox and McAfee: A joint force to integrate security into the print world

rss@it-analysis.com (Louella Fernandes, Quocirca) — Fri, 17 Feb 2012 07:00:00 +0100

By: Louella Fernandes, Principal Analyst, Quocirca
Posted: 17th February 2012
Copyright Quocirca © 2012

Despite a continued reliance on printing, many businesses overlook print security in their overall approach to data protection. This may be set to change with the recent announcement that Xerox will be incorporating McAfee whitelisting technology into its multi-function printers (MFPs). This will enhance the hardware and software security capabilities that Xerox already offers to provide more secure printing, scanning, faxing and copying.

Quocirca welcomes the move; print security certainly needs to move higher up the IT security agenda. Although MFPs are an intrinsic part of the IT infrastructure, many organisations remain oblivious of the security risks they pose. These devices have the capability to scan, print, copy and email, operating as sophisticated document processing hubs with network connectivity, hard disk drives and embedded software. As such, printers and MFPs are more than peripheral in today’s IT environment.

Without the appropriate controls, it is easy for confidential data to fall into the wrong hands – whether unintentionally or maliciously. Yet, a recent Quocirca study, amongst 125 European and US enterprises, revealed that only 15% were concerned with data loss via a printer or MFP. Given the legal and financial ramifications of a data leak, as well as potential brand damage, businesses need to wake up to the print security threat.

There are a variety of measures that can be taken to mitigate the risks. A layered approach is required depending on the security posture of a given organisation. Devices can be protected through enabling features such as hard-disk encryption or overwrite, unused network ports can be disabled and user security can be applied through PIN only printing. Yet, Quocirca research shows low levels of adoption of these features. Whether this is complacency, a genuine lack of awareness or the complexity of implementation, it indicates that businesses are failing to protect themselves against an obvious threat.

The McAfee and Xerox partnership is a step in the right direction. By embedding McAfee software into its MFPs, Xerox customers will gain the benefits of whitelisting, a method that allows only approved files to run, which is more secure than traditional blacklisting, where the user has to be aware of the threat and continually update the list of malware (viruses, spyware etc.) in order to block it. Additionally, the solution provides an audit trail to track and investigate the time and origin of security events, and take action on them. The McAfee technology will be included in selected product releases over the next year. It will be available “out of the box,” meaning no special software uploads or Xerox service-driven upgrades are required post-installation. Xerox plans to roll-out the technology in new products as they are introduced.

Print security is a minefield for many businesses, particularly as standard security features vary widely between manufacturers, and even within a manufacturer’s own product range. The security threat landscape continues to encompass a wider set of threats – whether these are insider or external – and printers are far from immune. Quocirca believes that Xerox and McAfee’s proactive approach will raise print security higher up the overall IT security agenda.

Architecture and change: The proper end is fitness for purpose

rss@it-analysis.com (Dana Gardner, Interarbor Solutions) — Thu, 16 Feb 2012 07:00:00 +0100

By: Dana Gardner, Principal Analyst, Interarbor Solutions
Posted: 16th February 2012
Copyright Interarbor Solutions © 2012

The enterprise transformation theme of The Open Group’s recent San Francisco conference reminded me of the common assertion that architecture is about change, and the implication that enterprise architecture is thus about enterprise transformation.

We have to be careful that we don’t make change an end in itself. We have to remember that change is a means to the end of getting something we want that is different from what we have. In the enterprise context, that something has been labeled in different ways. One is “alignment,” specifically “business/IT alignment.” Some have concluded that alignment isn’t quite the right idea, and it’s really “integration” we are pursuing. Others have suggested that “coherency” is a better characterization of what we want.

I think all of these are still just means to an end, and that end is fitness for purpose. The pragmatist in me says I don’t really care if all the parts of a system are “aligned” or “integrated” or “coherent,” as long as that system is fit for purpose, i.e., does what it’s supposed to do. [Disclosure: The Open Group is a sponsor of BriefingsDirect podcasts.]

I’m sure some will argue that alignment and integration and coherency ensure that a system is “optimal” or “efficient,” but doing the wrong thing optimally or efficiently isn’t what we want systems to do. It’s easy to imagine a system that is aligned, integrated and coherent but still not fit for purpose, and it’s just as easy to imagine a system that is not aligned, not integrated and not coherent but that is fit for purpose.

Of course, we can insist that alignment, integration and coherency be with respect to a system’s purpose, but if that’s the case, why don’t we say so directly? Why use words that strongly suggest internal properties of the system, rather than its relationship to an external purpose?

Value is in implementation
Whatever we call it, continuous pursuit of something is ultimately the continuous failure to achieve it. It isn’t the chase that matters, it’s the catch. While I am sympathetic to the idea that there is intrinsic value in “doing architecture,” the real value is in the resulting architecture and its implementation. Until we actually implement the architecture, we can only answer the question, “Are we there yet?” with, “No, not yet.”

Let me be clear that I’m not arguing, or even assuming, that things don’t change and we don’t need to cope with change. Of course they do, and of course we do. But we should take a cue from rock climbers—the ones who don’t fall generally follow the principle “only move one limb at a time, from a secure position.”

What stakeholders mean by fitness for purpose must be periodically revisited and revised. It’s fashionable to say “Enterprise architecture is a journey, not a destination,” and this is reflected in definitions of enterprise architecture that refer to it as a “continuous process.” However, the fact is that journey has to pass through specific waypoints. There may be no final destination, but there is always a next destination.

Finally, we should not forget that while the pursuit of fitness for purpose may require that some things change; it may also require that some things not change. We risk losing this insight if we conclude that the primary purpose of architecture is to enable change. The primary purpose of architecture is to ensure fitness for purpose.

For a fuller treatment of the connection between architecture and fitness for purpose, see my presentations to The Open Group Conferences in Boston, July 2010, “What ‘Architecture’ in ‘Enterprise Architecture’ Ought to Mean,” and Amsterdam, October 2010, “Deriving Execution from Strategy: Architecture and the Enterprise.” Please note that you need your Open Group site password to download these files.

This guest post comes courtesy of Leonard Fehskens, Vice President of Skills and Capabilities at The Open Group.

Time to tighten up on sys-admins? Ten tips for safer IT management

rss@it-analysis.com (Bob Tarzey, Quocirca) — Wed, 15 Feb 2012 07:00:00 +0100

By: Bob Tarzey, Service Director, Quocirca
Posted: 15th February 2012
Copyright Quocirca © 2012

Systems administrators are human and make mistakes...

IT systems don't run themselves – at least not all the time. At some point the intervention of system administrators – sys-admins – is required.

The very nature of a sys-admin's job requires that that he or she is granted a higher, privileged level of access to IT infrastructure than that granted to normal users.

When the actions taken by sys-admins are other than those expected of them, there can be far-reaching consequences. In the worst case, a sys-admin may abuse their privilege for malicious reasons, for example to steal data or set backdoor access to IT systems for themselves or others.

Sys-admins are also good targets for identity theft through techniques such as spear phishing, a privilege ID being more useful to hackers than a normal one. However, the most common problem is simply that sys-admins are human. They make mistakes.

Privileged user management tools help address a number of issues that a recent Quocirca report showed were rife among UK businesses. So here are Quocirca's top 10 tips for better and safer systems administration.

Tip 1: Know your privileged users

Certain regulations and standards make strong statements about the use of privilege. One of the controls in the IT service management (ITSM) standard ISO 27001 states that "the allocation and use of privileges shall be restricted and controlled". The Payment Card Industries Data Security Standard (PCI-DSS) recommends "auditing all privileged user activity".

In other words, the use of group admin accounts is a strict no-no. Such accounts should be blocked and all privileged user access should be via identities that are clearly associated with individuals.

Tip 2: Make sure legacy privileged accounts are closed

This measure includes the default accounts provided with systems and application software, which with the right tools can be searched for and closed, and the accounts of sys-admins who have now left your organisation. The best way to deal with the second point is to provide only short-term access for specific tasks in the first place.

Tip 3: Minimise sys-admins errors

Quocirca's research suggests that the average error rate of sys-admins runs at about 6%. Errors can waste time - for example, applying patches to the wrong device - be a security risk in cases such as changing the rules of the wrong firewall, or cause disaster - say, wiping the wrong disk volume.

Sys-admin tools that guide users to the right device in the first place and double-check their actions can help avoid errors, as can the automation of certain mundane tasks.

Tip 4: Limit sys-admins' access to devices

Another way to avoid errors is to grant sys-admins privilege access to devices that need maintenance for limited periods of time. Rather than providing wide-ranging and ongoing access, grant it only to a single device or small subset of devices and only for the period of time deemed reasonable to get the job done.

Tip 5: Encrypt sys-admin login details

Many sys-admin tasks involved maintaining remote devices, which requires the sys-admin login details and the instructions for the given task to be transmitted, sometimes embedded in scripts. It has been common for this to be done in clear text, especially when using services like Telnet. This approach provides easy pickings for hackers, so all such transmissions should be encrypted.

Tip 6: Back up all IT devices

The failure of IT devices is inevitable. What is important is that they can be recovered and up and running again as soon as possible. Most organisations are diligent about the backup of servers. They are less rigorous about the backup of network and security devices, the failure of which can be just as damaging to IT access.

Such devices should be backed up regularly and at least every time their configuration is changed. The backups should be stored securely, to prevent them being stolen and used to clone the original device. Automating such backups is the best approach.

Tip 7: Limit sys-admin access to data

To carry out their jobs, sys-admins need access to systems data, not business data. All too often, their wide-ranging privileges have given them access to both. This approach is unnecessary. To protect the data and sys-admins from the accusation of abusing their position of trust, the scope of their access should be limited.

It can be done with the right tools. Cloud service providers have to observe this distinction, managing their own infrastructure while respecting the confidentiality of their client's data.

Tip 8: Safe disposal of old devices

All IT devices carry potentially useful data to hackers. Firewalls, load-balancers, content filters all contain various network-access settings and user details along with system log files.

All devices have an end of life, so before disposal it should be ensured that all such data is safely deleted or the hard disks involved destroyed.

Tip 9: Be ready for the auditors

Auditors take a particular interest in the actions of privileged users for many of the reasons already outlined. As well as being able to associate a given sys-admin with his or her actions, a full audit trail for the admin history of a given device should be kept.

Maintaining this trail is only possible if access to the device is controlled and the tools that provide access keep a record with the necessary level of detail.

Tip 10: Free sys-admins from drudgery

Part of the reason why sys-admins make mistakes is that many of the tasks they have to carry out are mundane and repetitive. Automating as many of their tasks as possible and having the tools and procedures in place to allow safe delegation to junior and temporary staff can relieve some of the drudgery.

It leaves sys-admins free to focus on more productive tasks that increase the value IT provides to their organisation rather than just fighting to keep the lights on.

Want to see the full research? Quocirca's report “Conquering the sys-admin challenge” is freely available here.

This article first appeared in Jan 2012 on http://www.silicon.com

An operational approach to managing Big Data

rss@it-analysis.com (David Norfolk, Bloor Research) — Wed, 15 Feb 2012 07:00:00 +0100

By: David Norfolk, Practice Leader - Development, Bloor Research
Posted: 15th February 2012
Copyright Bloor Research © 2012

Some time ago, I expressed concern about whether current IT approaches could cope with the need of the emerging "universe of things" - machines and sensors in machines, all generating vast amounts of data all of the time.

Now, RTI, one of the companies I mentioned in that blog, has announced its new product suite, RTI Connext, a family of products designed to connect real-time applications across an enterprise. Connext Micro is for embedded systems in small devices; Connext DDS is for full-function applications using the OMG DDS data-centric architecture standard; Connext Messaging is for general purpose real-time applications and also supports JMS (Java Messaging Service); and Connext Integrator provides adapters to conventional SOA-based and discrete IT applications. The whole is held together with the RTI DataBus.

In essence, these products can marry real-time "operational systems" approaches, using data-driven and event-processing techniques and are used to manage jet engines in planes during flight and operational warships, to conventional business information processing systems.

This could become extremely important if, as I anticipate, we are approaching a bigger "inflection point" crisis in data volumes than some people are contemplating. There are lots of clever ways to make existing technology more efficient, in order to deliver near-real-time results from the anticipated growth of data in today's IT systems. But what if, tomorrow, entirely new systems emerge and add to what already looks like exponential information growth?

We can just about cope with, say, RFID systems generating data for human-scale processing. But what if every machine out there produces data for interpretation by other machines (the Semantic Web is probably relevant here, but it seems to me that this is more concerned with meaning and ontologies than real-time performance); which, in turn, generate more data as a result of these interactions; which have, in turn, to be analysed so as to support strategic human-level decision-making? Which then feeds back data into the system that machines interpret as instructions, generating more data as they respond and change their state... "Data in motion" is starting to be as important as data in databases.

We will probably need new architectures for this - but we will probably still want to reuse human-scale technologies where appropriate. The neat thing about RTI Connext, I think, is that it supports hybrid solutions, so you can introduce new approaches as and when they are necessary, not in an anticipatory "rip and replace" effort which will probably destroy your business in the short term...

So, Connext is worth looking at, I think, together with other innovative approaches to handling really Big Data, such as Pervasive's DataRush accelerator. I've seen a Siemens case study around real time management of wind farms which uses the RTI approach because conventional technologies simply can't cope today; but, for most of us, we should be thinking of the implications of data-centric, event-driven, publish-and-subscribe approaches to handling Big Data on our future business automation strategies.

Are you ready for IBM Watson?

rss@it-analysis.com (Dr Fern Halper, Hurwitz and Associates) — Tue, 14 Feb 2012 14:02:57 +0100

This week marks the one year anniversary of the IBM Watson computer system succeeding at Jeopardy!. Since then, IBM has gotten a lot of interest in Watson. Companies want one of those.

But what exactly is Watson and what makes it unique? What does it mean to have a Watson? And, how is commercial Watson different from Jeopardy Watson?

What is Watson and why is it unique?

Watson is a new class of analytic solution

Watson is a set of technologies that processes and analyzes massive amounts of both structured and unstructured data in a unique way. One statistic given at the recent IOD conference is that Watson can process and analyze information from 200 million books in three seconds. While Watson is very advanced it uses technologies that are commercially available with some “secret sauce” technologies that IBM Research has either enhanced or developed. It combines software technologies from big data, content and predictive analytics, and industry specific software to make it work.

Watson includes several core pieces of technology that make it unique

So what is this secret sauce? Watson understands natural language, generates and evaluates hypotheses, and adapts and learns.

First, Watson uses Natural Language Processing (NLP). NLP is a very broad and complex field, which has developed over the last ten to twenty years. The goals of NLP are to derive meaning from text. NLP generally makes use of linguistic concepts such as grammatical structures and parts of speech. It breaks apart sentences and extracts information such as entities, concepts, and relationships. IBM is using a set of annotators to extract information like symptoms, age, location, and so on.

So, NLP by itself is not new, however, Watson is processing vast amounts of this unstructured data quickly, using an architecture designed for this.

Second, Watson works by generating hypotheses which are potential answers to a question. It is trained by feeding question and answer (Q/A) data into the system. In other words, it is shown representative questions and learns from the supplied answers. This is called evidence based learning. The goal is to generate a model that can produce a confidence score (think logistic regression with a bunch of attributes). Watson would start with a generic statistical model and then look at the first Q/A and use that to tweak coefficients. As it gains more evidence it continues to tweak the coefficients until it can “say” confidence is high. Training Watson is key since what is really happening is that the trainers are building statistical models that are scored. At the end of the training, Watson has a system that has feature vectors and models so that eventually it can use the model to probabilistically score the answers. The key here is something that Jeopardy! did not showcase – which is that it is not deterministic (i.e. using rules). Watson is probabilistic and that makes it dynamic.

When Watson generates a hypothesis it then scores the hypothesis based on the evidence. Its goal is to get the right answer for the right reason. (So, theoretically, if there are 5 symptoms that must be positive for a certain disease and 4 that must be negative and Watson only has 4 of the 9 pieces of information, it could ask for more.) The hypothesis with the highest score is presented. By the end the analysis, Watson is confident when it knows the answer and when it doesn’t know the answer.

Here’s an example. Suppose you go in to see your doctor because you are not feeling well. Specifically, you might have heart palpitations, fatigue, hair loss, and muscle weakness. You decide to go see a doctor to determine if there is something wrong with your thyroid or if it is something else. If your doctor has access to a Watson system then he could use it to help advise him regarding your diagnosis. In this case, Watson would already have ingested and curated all of the information in books and journals associated with thyroid disease. It also has the diagnosis and related information from other patients from this hospital and other doctors in the practice from the electronic medical records of prior cases that it has in its data banks. Based on the first set of symptoms you might report it would generate a hypothesis along with probabilities associated with the hypothesis (i.e. 60% hyperthyroidism, 40% anxiety, etc.). It might then ask for more information. As it is fed this information, i.e. example patient history, Watson would continue to refine its hypothesis along with the probability of the hypothesis being correct. After it is given all of the information and it iterates through it and presents the diagnosis with the highest confidence level, the physician would use this information to help assist him in making the diagnosis and developing a treatment plan. If Watson doesn’t know the answer, it will state that it has does not have an answer or doesn’t have enough information to provide an answer.

IBM likens the process of training a Watson to teaching a child how to learn. A child can read a book to learn. However, he can also learn by a teacher asking questions and reinforcing the answers about that text.

Can I buy a Watson?

Watson will be offered in the cloud in an “as a service” model. Since Watson is in its own class, let’s call this Watson as a Service (WaaS). Since Watson’s knowledge is essentially built in tiers, the idea is that IBM will provide the basic core knowledge in a particular WaaS solution space, say all of the corpus about a particular subject – like diabetes – and then different users could build on this.

For example, in September IBM announced an agreement to create the first commercial applications of Watson with WellPoint – a health benefits company. Under the agreement, WellPoint will develop and launch Watson-based solutions to help improve patient care. IBM will develop the base Watson healthcare technology on which WellPoint’s solution will run. Last month, Cedars-Sinai signed on with WellPoint to help develop an oncology solution using Watson. Cedars-Sinai’s oncology experts will help develop recommendations on appropriate clinical content for the WellPoint health care solutions. They will assist in the evaluation and testing of these tools. In fact, these oncologists will “enter hypothetical patient scenarios, evaluate the proposed treatment options generated by IBM Watson, and provide guidance on how to improve the content and utility of the treatment options provided to the physicians.” Wow.

Moving forward, picture potentially large numbers of core knowledge bases that are trained and available for particular companies to build upon. This would be available in a public cloud model and potentially a private one as well, but with IBM involvement. This might include Watsons for law or financial planning or even politics (just kidding) – any area where there is a huge corpus of information that people need to wrap their arms around in order to make better decisions.

IBM is now working with its partners to figure out what the user interface for these Watsons- as a Service might look like. Will Watson ask the questions? Can end-users, say doctors, put in their own information and Watson will use it? This remains to be seen.

Ready for Watson?

In the meantime, IBM recently rolled out its “Ready for Watson.” The idea is that a move to Watson might not be a linear progression. It depends on the business problem that companies are looking to solve. So IBM has tagged certain of its products as “ready” to be incorporated into a Watson solution. IBM Content and Predictive Analytics for Healthcare is one example of this. It combines IBM’s content analytics and predictive analytics solutions that are components of Watson. Therefore, if a company used this solution it could migrate it to a Watson-as a Service deployment down the road.

So happy anniversary IBM Watson! You have many people excited and some people a little bit scared. For myself, I am excited to see where Watson is on its first anniversary and am looking forward to see what progress it has made on its second anniversary.

HP's Gen8 servers attack data center woes head on

rss@it-analysis.com (Dana Gardner, Interarbor Solutions) — Tue, 14 Feb 2012 07:00:00 +0100

HP today took direct aim at the ever-increasing costs of data centers and managing an explosion of data by announcing a new generation of automated and efficient hardware. The new generation of ProLiant servers includes better internal management, powerful automation features, and improved energy conservation.

The ProLiant Gen8 servers are part HP's Converged Infrastructure strategy, and represent the first step in the company's Project Voyager, a two-year, $300-million effort to redefine the economics of the data cente r. At the heart of the new generation of servers is ProActive Insight architecture, which includes integrated lifecycle automation, dynamic workload acceleration, automated energy optimization, and proactive service and support. [Disclosure: HP is a sponsor of BriefingsDirect podcasts.]

Data has become a differentiator in business, and with an ever-expanding growth in storage needs, enterprises are feeling the pinch in personnel costs, energy, and facilities. Supporting data as a lifecycle may be IT's fastest growing cost worldwide.

Analysts now predict a 45 percent annual increase in storage over the next three years, and the current annual costs associated with storage are estimated at $157 billion. In addition, server administration and operations cost three times the price of servers, while the cost of facilities to accommodate the data center is even higher.

“The skyrocketing cost of operations in the data center is unsustainable, and enterprises are looking to HP to help solve this problem,” said Mark Potter, senior vice president and general manager, Industry standard Servers and Software, HP. “We are delivering innovative intelligence technologies that enable servers to virtually take care of themselves, allowing data center staff to devote more time to business innovation.”

Integrated lifecycle management

Incorporating three major innovations, Integrated Lifecycle Automation simplifies common tasks to keep systems running at peak performance, with an estimated 93 percent less downtime during updates than with previous generations, said HP. These innovations include:

Intelligent Provisioning, which enables organizations to get systems online three times faster with a fully integrated server and operating system configuration tool.
Active Health system, which allows administrators to collect troubleshooting information five times faster by continuously monitoring more than 1,600 system parameters and securely logging all configuration changes.
Smart Update, a system maintenance tool that systematically updates servers and blade infrastructures at the scale of the data center.

Dynamic workload acceleration

The demand for data-intensive and transactional workloads such as data warehousing, real-time analytics, and virtualized environments is expanding dramatically. These workloads bring unpredictability to the data center requiring a fundamental change in the way compute and storage services integrate.

HP's Gen8 servers aim to reduce and in some cases eliminate bottlenecks by converging compute and storage services through three innovations:

Solid-state optimization, delivering what HP says is a 500 percent improved storage performance using SSDs that reduces costs and downtime over previous generations, and promises two times more storage per server.
Real-time data protection, adding multiple embedded data protection technologies such as Advanced Data Mirroring, which HP says is 1,000 times safer than traditional two-drive mirroring in previous generations, while improving read performance.
Intelligent performance analytics that continuously optimize system performance and efficiency in real time, with the ability to analyze a variety of workload-specific data points.

Automated energy optimization

Ensuring that data center capacity will meet growing workload requirements is critical. However, constraints on physical space, rising power demands, and limits on available cooling are adversely affecting data center capacity. In many organizations IT managers are struggling to get what they need from existing resources without inadvertently causing downtime.

The Gen8 servers enable data center and IT managers to identify the physical location of each server in the rack, row and data center. This insight, combined with a sea of intelligent sensors embedded into each server, allows users to reduce power requirements, reclaim as much as 10 percent more usable power per circuit and eliminate manual configuration and tracking errors that can increase downtime.

Three new features automate energy optimization in the data center so users can:

Optimize workload placement with Location Discovery Services and eliminate labor-intensive and error-prone tracking of IT assets
Reduce energy use and increase power capacity with Thermal Discovery Services, which improve airflow efficiency by as much as 25 percent with an intelligent server rack meaning that enterprises can realize an estimated energy saving of $2,750 per 10kW rack
Increase system uptime with Power Discovery Services, which automatically track power usage per rack and server, eliminating errors and manual record keeping to reduce unplanned data center outages

Partner program

HP says the new servers will also be a boon to participants in the Partner Program, because partners can expand their service portfolio, increase partner touchpoints, enhance remote technical capabilities, and create consultative opportunities over the life of the customer’s solution.

Further, by eliminating manual processes and the potential of human error, HP and channel partners can reduce outages, while focusing IT resources on strategic tasks. Specifically, partners can:

Deploy servers seven times faster over competing servers with automation and elimination of software downloads and CD installations.
Reduce downtime by automating processes for updates, application provisioning, patch management, and other maintenance tasks.
Improve issue resolution with a 95 percent "first-time fix" rate and 40 percent reduction in problem resolution through Insight Online, Active Health, and Insight Remote Support, which automatically pinpoint, diagnose and often proactively fix issues.

ProLiant Gen8 servers are available to early-adopter clients today. General availability begins in March and continues throughout 2012. This includes ProLiant ML tower servers for remote and branch offices and versatile ProLiant DLrack-mount servers that deliver a balance of efficiency and performance. Also included are ProLiant BL blade servers for cloud-ready Converged Infrastructure and ProLiant SL scalable system servers built for web, cloud and massively scaled environments.

You may also be interested in:

NewSQL pioneer Clustrix delivers free software-only kit to demo shard-less MySQL scaling

rss@it-analysis.com (Dana Gardner, Interarbor Solutions) — Mon, 13 Feb 2012 07:00:00 +0100

There's a lot to like about MySQL databases if you're a start-up, until success comes knocking a bit too fast.

When big data demand soars then MySQL can sour on making the transactions needed on time. Sharding the application and data resources has been about the only answer, other than to painfully and expensively cut and run to another data base like NoSQL.

This was the problem facing Massive Media when its social networking site Twoo rapidly grew to four million users in six months. By using the Clustrix distributed relational database system, Massive Media gained high scale-out transactional performance and automated fault tolerance, said Clustrix.

And that has now made Twoo the poster child for Clustrix, a San Francisco start-up funded by Sequoia and USVP and its co-founder, Paul Mikesell, also co-founded Isilon, which was sold to EMC for $2.25 billion.

Recognizing the huge uptake in MySQL -- while also understanding the database's limits -- promoted Clustrix to find a NewSQL alternative, first via a hardware appliance play, and now this week broadening to a software-only environment too that simulates the hardware components of the Clustrix database appliance.

On Tuesday, Clustrix announced the availability of the free Clustrix Development Kit, allowing users to try out the NewSQL system that it's backers say scales to an "unlimited number of users, transactions or data."

New class of database

Clustrix fits into the new class of hybrid SQL-NoSQL database solutions that combine the advantage of being compatible with many SQL applications and providing the scalability of NoSQL ones. Other such solutions include Database.com with ODBC/JDBC drivers, NuoDB, Xeround, and VoltDB, according to InfoQ.

"We are seeing increased interest in NewSQL database technologies that enable users to scale their databases without having to resort to complex manual sharding," said Matt Aslett, research manager, data management and analytics at 451 Research, in a release. "Clustrix's combination of an SSD-based appliance and MySQL compatibility is a compelling alternative for enterprises struggling to manage with sharding MySQL."

Clustrix uniquely offers a hardware solution that provides for linear scalability by simply adding hardware appliance nodes to the database cluster as demand mounts. The appliances sport a 4- or 8-cores processor, 24-48GB RAM, and 448-896GB SSD, and the entire cluster is seen and managed as one database, according to InfoQ. Pricing starts at about $100,000.

Eliminating the need for database sharding, which Clustrix CEO Robin Purohit calls "a toxic event," is huge because of the manual work required of developers (three times the code), the complexity due to not being able to do transactions across shards, and difficulty doing joins and innovations across the sharded data. You might recall that Purohit was an executive at HP Software before he joined Clustrix last October.

The value of the hybrid SQL-NoSQL database solutions reminds me of where server virtualization was a few years ago. A very good thing can quickly become a bad thing when sprawl and complexity undercut the benefits.

If Clustrix and its brethren can allow MySQL values to grow unencumbered via NewSQL then it will be of interest to more than start-ups. Enterprises building new applications for cloud, mobile, and high-transactions-intense big data uses may well be seduced to the NewSQL way as well. And there will be a lot of skilled developers and DBAs at their disposal who know MySQL well.

You may also be interested in:

RSA Cybercrime Trends Report 2012

rss@it-analysis.com (Nigel Stanley, Bloor Research) — Mon, 13 Feb 2012 07:00:00 +0100

RSA has recently published their 2012 cybercrime trends report. They calculate that every minute, 232 computers are infected by malware, despite on going education and awareness campaigns. Unfortunately the "incompetent and non-malicious" user will always be our weak link.

The report is available here (unfortunately behind a registration firewall).

Nigel Stanley at Mobile World Congress Security Forum

rss@it-analysis.com (Nigel Stanley, Bloor Research) — Mon, 13 Feb 2012 07:00:00 +0100

I will be attending Mobile World Congress in Barcelona at the end of this month (February 2012). In particular I will be speaking at the security forum on a subject close to my heart...

An increasing number of companies are opening corporate networks and data to consumer mobile devices, as employees demand to bring their own smartphones and tablets to work. However, consumer mobile technology is generally not as secure and manageable as required by the enterprise.

Too many companies make the mistake of trying to stop the influx of consumer IT. What new mobile platforms will your organisation contend with? What built-in security models do they provide? What vulnerabilities are they exposed to? How rigorous is the scrutiny of the official application markets? Is the corporate data stored in these devices safe?

Details of the panel are here.

If you are going to MWC then come along and say hello at 1330hrs Wednesday 29th February, Mobile Security Forum,Â Hall 7, Auditorium C.

Five tips enterprise architects can learn from the Winchester Mystery House

rss@it-analysis.com (Dana Gardner, Interarbor Solutions) — Fri, 10 Feb 2012 07:00:00 +0100

This guest post comes courtesy of E.G. Nadhan of HP Enterprise Services.

By E.G.Nadhan, HP Enterprise Services

Not far from where The Open Group Conference was held in San Francisco this week is the Wincheste r Mystery House, once the personal residence of Sarah Winchester, widow of the gun magnate William Wirt Winchester. It took 38 years to build this house. Extensions and modifications were primarily based on a localized requirement du jour. Today, the house has several functional abnormalities that have no practical explanation.

To build a house right, you need a blueprint that details what is to be built, where, why and how based on the home owner's requirements (including cost). As the story goes, Sarah Winchester's priorities were different. However, if we don't follow this systematic approach as enterprise architects, we are likely to land up with some Winchester IT houses as well.

Or, have we already? Enterprises are always tempted to address the immediate problem at hand with surprisingly short timelines. Frequent implementations of sporadic, tactical additions evolve to a Winchester Architecture. Right or wrong, Sarah Winchester did this by choice. If enterprises of today land up with such architectures, it can only by chance and not by choice.

Choice not chance

So, here are my tips to architect by choice rather than chance:

Establish your principles: Fundamental architectural principles must be in place that serve as a rock solid foundation upon which architectures are based. These principles are based on generic, common-sense tenets that are refined to apply specifically to your enterprise.
Install solid governance: The appropriate level of architectural governance must be in place with the participation from the stakeholders concerned. This governance must be exercised, keeping these architectural principles in context.
Ensure business alignment: After establishing the architectural vision, Enterprise Architecture must lead in with a clear definition of the over-arching business architecture which defines the manner in which the other architectural layers are realized. Aligning business to IT is one of the primary responsibilities of an enterprise architect.
Plan for continuous evaluation: Enterprise Architecture is never really done. There are constant triggers (internal and external) for implementing improvements and extensions. Consumer behavior, market trends and technological evolution can trigger aftershocks within the foundational concepts that the architecture is based upon.
Standardize: All that said, enterprises must be agile in order to react to such demands. A standardized and modularized approach is key. Standardization can be implemented in various shapes and forms. It could be the Architectural Development Method (TOGAF), the reference architecture for a Service Oriented Approach or the manner in which infrastructure services are provisioned across SOA and Cloud solutions.

Thus, it is interesting that The Open Group conference was miles away from the Winchester House. By choice, I would expect enterprise architects to go to The Open Group Conference. By chance, if you do happen by the Winchester House and are able to relate it to your Enterprise Architecture, please follow the tips above to architect by choice, and not by chance.

If you have instances where you have seen the Winchester pattern, do let me know by commenting here or following me on Twitter @NadhanAtHP.

This blog post was originally posted on HP’s Transforming IT Blog.

This guest post comes courtesy of E.G. Nadhan of HP Enterprise Services.

You may also be interested in:

Open Group security gurus dissect the cloud: Higher or lower risk?

rss@it-analysis.com (Dana Gardner, Interarbor Solutions) — Thu, 09 Feb 2012 07:00:00 +0100

For some, any move to the cloud—at least the public cloud—means a higher risk for security.

For others, relying more on a public cloud provider means better security. There’s more of a concentrated and comprehensive focus on security best practices that are perhaps better implemented and monitored centrally in the major public clouds.

And so which is it? Is cloud a positive or negative when it comes to cyber security? And what of hybrid models that combine public and private cloud activities, how is security impacted in those cases?

We posed these and other questions to a panel of security experts at last week's Open Group Conference in San Francisco to deeply examine how cloud and security come together—for better or worse.

The panel: Jim Hietala, Vice President of Security for The Open Group; Stuart Boardman, Senior Business Consultant at KPN, where he co-leads the Enterprise Architecture Practice as well as the Cloud Computing Solutions Group; Dave Gilmour, an Associate at Metaplexity Associates and a Director at PreterLex Ltd., and Mary Ann Mezzapelle, Strategist for Enterprise Services and Chief Technologist for Security Services at HP.

The discussion was moderated by Dana Gardner, Principal Analyst at Interarbor Solutions. [Disclosure: The Open Group and HP are sponsors of BriefingsDirect podcasts.]

Here are some excerpts:

Gardner: Is this notion of going outside the firewall fundamentally a good or bad thing when it comes to security?

Hietala: It can be either. Talking to security people in large companies, frequently what I hear is that with adoption of some of those services, their policy is either let’s try and block that until we get a grip on how to do it right, or let’s establish a policy that says we just don’t use certain kinds of cloud services. Data I see says that that’s really a failed strategy. Adoption is happening whether they embrace it or not.

The real issue is how you do that in a planned, strategic way, as opposed to letting services like Dropbox and other kinds of cloud collaboration services just happen. So it’s really about getting some forethought around how do we do this the right way, picking the right services that meet your security objectives, and going from there.

Gardner: Is cloud computing good or bad for security purposes?

Boardman: It’s simply a fact, and it’s something that we need to learn to live with.

What I've noticed through my own work is a lot of enterprise security policies were written before we had cloud, but when we had private web applications that you might call cloud these days, and the policies tend to be directed toward staff’s private use of the cloud.

Then you run into problems, because you read something in policy—and if you interpret that as meaning cloud, it means you can’t do it. And if you say it’s not cloud, then you haven’t got any policy about it at all. Enterprises need to sit down and think, "What would it mean to us to make use of cloud services and to ask as well, what are we likely to do with cloud services?"

Gardner: Dave, is there an added impetus for cloud providers to be somewhat more secure than enterprises?

Gilmour: It depends on the enterprise that they're actually supplying to. If you're in a heavily regulated industry, you have a different view of what levels of security you need and want, and therefore what you're going to impose contractually on your cloud supplier. That means that the different cloud suppliers are going to have to attack different industries with different levels of security arrangements.

The problem there is that the penalty regimes are always going to say, "Well, if the security lapses, you're going to get off with two months of not paying" or something like that. That kind of attitude isn't going to go in this kind of security.

What I don’t understand is exactly how secure cloud provision is going to be enabled and governed under tight regimes like that.

Gardner: Jim, we've seen in the public sector that governments are recognizing that cloud models could be a benefit to them. They can reduce redundancy. They can control and standardize. They're putting in place some definitions, implementation standards, and so forth. Is the vanguard of correct cloud computing with security in mind being managed by governments at this point?

Hietala: I'd say that they're at the forefront. Some of these shared government services, where they stand up cloud and make it available to lots of different departments in a government, have the ability to do what they want from a security standpoint, not relying on a public provider, and get it right from their perspective and meet their requirements. They then take that consistent service out to lots of departments that may not have had the resources to get IT security right, when they were doing it themselves. So I think you can make a case for that.

Gardner: Stuart, being involved with standards activities yourself, does moving to the cloud provide a better environment for managing, maintaining, instilling, and improving on standards than enterprise by enterprise by enterprise? As I say, we're looking at a larger pool and therefore that strikes me as possibly being a better place to invoke and manage standards.

Boardman: Dana, that's a really good point, and I do agree. Also, in the security field, we have an advantage in the sense that there are quite a lot of standards out there to deal with interoperability, exchange of policy, exchange of credentials, which we can use. If we adopt those, then we've got a much better chance of getting those standards used widely in the cloud world than in an individual enterprise, with an individual supplier, where it’s not negotiation, but "you use my API, and it looks like this."

Having said that, there are a lot of well-known cloud providers who do not currently support those standards and they need a strong commercial reason to do it. So it’s going to be a question of the balance. Will we get enough specific weight of people who are using it to force the others to come on board? And I have no idea what the answer to that is.

Gardner: We've also seen that cooperation is an important aspect of security, knowing what’s going on on other people's networks, being able to share information about what the threats are, remediation, working to move quickly and comprehensively when there are security issues across different networks.

Is that a case, Dave, where having a cloud environment is a benefit? That is to say more sharing about what’s happening across networks for many companies that are clients or customers of a cloud provider rather than perhaps spotty sharing when it comes to company by company?

Gilmour: There is something to be said for that, Dana. Part of the issue, though, is that companies are individually responsible for their data. They're individually responsible to a regulator or to their clients for their data. The question then becomes that as soon as you start to share a certain aspect of the security, you're de facto sharing the weaknesses as well as the strengths.

So it’s a two-edged sword. One of the problems we have is that until we mature a little bit more, we won’t be able to actually see which side is the sharpest.

Gardner: So our premise that cloud is good and bad for security is holding up, but I'm wondering whether the same things that make you a risk in a private setting—poor adhesion to standards, no good governance, too many technologies that are not being measured and controlled, not instilling good behavior in your employees and then enforcing that—wouldn’t this be the same either way? Is it really cloud or not cloud, or is it good security practices or not good security practices? Mary Ann?

Mezzapelle: You're right. It’s a little bit of that "garbage in, garbage out," if you don’t have the basic things in place in your enterprise, which means the policies, the governance cycle, the audit, and the tracking, because it doesn’t matter if you don’t measure it and track it, and if there is no business accountability.

David said it—each individual company is responsible for its own security, but I would say that it’s the business owner that’s responsible for the security, because they're the ones that ultimately have to answer that question for themselves in their own business environment: "Is it enough for what I have to get done? Is the agility more important than the flexibility in getting to some systems or the accessibility for other people, as it is with some of the ubiquitous computing?"

So you're right. If it’s an ugly situation within your enterprise, it’s going to get worse when you do outsourcing, out-tasking, or anything else you want to call within the cloud environment. One of the things that we say is that organizations not only need to know their technology, but they have to get better at relationship management, understanding who their partners are, and being able to negotiate and manage that effectively through a series of relationships, not just transactions.

Gardner: If data and sharing data is so important, it strikes me that cloud component is going to be part of that, especially if we're dealing with business processes across organizations, doing joins, comparing and contrasting data, crunching it and sharing it, making data actually part of the business, a revenue generation activity, all seems prominent and likely.

So to you, Stuart, what is the issue now with data in the cloud? Is it good, bad, or just the same double-edged sword, and it just depends how you manage and do it?

Boardman: Dana, I don’t know whether we really want to be putting our data in the cloud, so much as putting the access to our data into the cloud. There are all kinds of issues you're going to run up against, as soon as you start putting your source information out into the cloud, not the least privacy and that kind of thing.

What you can do is simply say, "What information do I have that might be interesting to people? If it’s a private cloud in a large organization elsewhere in the organization, how can I make that available to share?" Or maybe it's really going out into public. What a government, for example, can be thinking about is making information services available, not just what you go and get from them that they already published. But “this is the information," a bunch of APIs if you like. I prefer to call them data services, and to make those available.

So, if you do it properly, you have a layer of security in front of your data. You're not letting people come in and do joins across all your tables. You're providing information. That does require you then to engage your users in what is it that they want and what they want to do. Maybe there are people out there who want to take a bit of your information and a bit of somebody else’s and mash it together, provide added value. That’s great. Let’s go for that and not try and answer every possible question in advance.

Gardner: Dave, do you agree with that, or do you think that there is a place in the cloud for some data?

Gilmour: There's definitely a place in the cloud for some data. I get the impression that there is going to drive out of this something like the insurance industry, where you'll have a secondary cloud. You'll have secondary providers who will provide to the front-end providers. They might do things like archiving and that sort of thing.

Now, if you have that situation where your contractual relationship is two steps away, then you have to be very confident and certain of your cloud partner, and it has to actually therefore encompass a very strong level of governance.

The other issue you have is that you've got then the intersection of your governance requirements with that of the cloud provider’s governance requirements. Therefore you have to have a really strongly—and I hate to use the word—architected set of interfaces, so that you can understand how that governance is actually going to operate.

Gardner: Wouldn’t data perhaps be safer in a cloud than if they have a poorly managed network?

Mezzapelle: There is data in the cloud and there will continue to be data in the cloud, whether you want it there or not. The best organizations are going to start understanding that they can’t control it that way and that perimeter-like approach that we've been talking about getting away from for the last five or seven years.

So what we want to talk about is data-centric security, where you understand, based on role or context, who is going to access the information and for what reason. I think there is a better opportunity for services like storage, whether it’s for archiving or for near term use.

There are also other services that you don’t want to have to pay for 12 months out of the year, but that you might need independently. For instance, when you're running a marketing campaign, you already share your data with some of your marketing partners. Or if you're doing your payroll, you're sharing that data through some of the national providers.

So there already is a lot of data in a lot of different places, whether you want cloud or not, but the context is, it’s not in your perimeter, under your direct control, all of the time. The better you get at managing it wherever it is specific to the context, the better off you will be.

Hietala: It’s a slippery slope [when it comes to customer data]. That’s the most dangerous data to stick out in a cloud service, if you ask me. If it's personally identifiable information, then you get the privacy concerns that Stuart talked about. So to the extent you're looking at putting that kind of data in a cloud, looking at the cloud service and trying to determine if we can apply some encryption, apply the sensible security controls to ensure that if that data gets loose, you're not ending up in the headlines of The Wall Street Journal.

Gardner: Dave, you said there will be different levels on a regulatory basis for security. Wouldn’t that also play with data? Wouldn't there be different types of data and therefore a spectrum of security and availability to that data?

Gilmour: You're right. If we come back to Facebook as an example, Facebook is data that, even if it's data about our known customers, it's stuff that they have put out there with their will. The data that they give us, they have given to us for a purpose, and it is not for us then to distribute that data or make it available elsewhere. The fact that it may be the same data is not relevant to the discussion.

That’s where I think we are going to end up with not just one layer or two layers. We're going to end up with a sort of a three-dimensional solution space. We're going to work out exactly which chunk we're going to handle in which way. There will be significant areas where these things crossover.

The other thing we shouldn’t forget is that data includes our software, and that’s something that people forget. Software nowadays is out in the cloud, under current ways of running things, and you don't even always know where it's executing. So if you don’t know where your software is executing, how do you know where your data is?

It's going to have to be just handled one way or another, and I think it's going to be one of these things where it's going to be shades of gray, because it cannot be black and white. The question is going to be, what's the threshold shade of gray that's acceptable.

Gardner: Mary Ann, to this notion of the different layers of security for different types of data, is there anything happening in the market that you're aware of that’s already moving in that direction?

Mezzapelle: The experience that I have is mostly in some of the business frameworks for particular industries, like healthcare and what it takes to comply with the HIPAA regulation, or in the financial services industry, or in consumer products where you have to comply with the PCI regulations.

There has continued to be an issue around information lifecycle management, which is categorizing your data. Within a company, you might have had a document that you coded private, confidential, top secret, or whatever. So you might have had three or four levels for a document.

You've already talked about how complex it's going to be as you move into trying to understand, not only for that data, that the name Mary Ann Mezzapelle, happens to be in five or six different business systems over a 100 instances around the world.

That's the importance of something like an enterprise architecture that can help you understand that you're not just talking about the technology components, but the information, what they mean, and how they are prioritized or critical to the business, which sometimes comes up in a business continuity plan from a system point of view. That's where I've advised clients on where they might start looking to how they connect the business criticality with a piece of information.

One last thing. Those regulations don't necessarily mean that you're secure. It makes for good basic health, but that doesn't mean that it's ultimately protected.You have to do a risk assessment based on your own environment and the bad actors that you expect and the priorities based on that.

Boardman: I just wanted to pick up here, because Mary Ann spoke about enterprise architecture. One of my bugbears—and I call myself an enterprise architect—is that, we have a terrible habit of leaving security to the end. We don't architect security into our enterprise architecture. It's a techie thing, and we'll fix that at the back. There are also people in the security world who are techies and they think that they will do it that way as well.

I don’t know how long ago it was published, but there was an activity to look at bringing the SABSA Methodology from security together with TOGAF. There was a white paper published a few weeks ago.

The Open Group has been doing some really good work on bringing security right in to the process of EA.

Hietala: In the next version of TOGAF, which has already started, there will be a whole emphasis on making sure that security is better represented in some of the TOGAF guidance. That's ongoing work here at The Open Group.

Gardner: As I listen, it sounds as if the in the cloud or out of the cloud security continuum is perhaps the wrong way to look at it. If you have a lifecycle approach to services and to data, then you'll have a way in which you can approach data uses for certain instances, certain requirements, and that would then apply to a variety of different private cloud, public cloud, hybrid cloud.

Is that where we need to go, perhaps have more of this lifecycle approach to services and data that would accommodate any number of different scenarios in terms of hosting access and availability? The cloud seems inevitable. So what we really need to focus on are the services and the data.

Boardman: That’s part of it. That needs to be tied in with the risk-based approach. So if we have done that, we can then pick up on that information and we can look at a concrete situation, what have we got here, what do we want to do with it. We can then compare that information. We can assess our risk based on what we have done around the lifecycle. We can understand specifically what we might be thinking about putting where and come up with a sensible risk approach.

You may come to the conclusion in some cases that the risk is too high and the mitigation too expensive. In others, you may say, no, because we understand our information and we understand the risk situation, we can live with that, it's fine.

Gardner: It sounds as if we are coming at this as an underwriter for an insurance company. Is that the way to look at it?

Gilmour: That’s eminently sensible. You have the mortality tables, you have the current risk, and you just work the two together and work out what's the premium. That's probably a very good paradigm to give us guidance actually as to how we should approach intellectually the problem.

Mezzapelle: One of the problems is that we don’t have those actuarial tables yet. That's a little bit of an issue for a lot of people when they talk about, "I've got $100 to spend on security. Where am I going to spend it this year? Am I going to spend it on firewalls? Am I going to spend it on information lifecycle management assessment? What am I going to spend it on?" That’s some of the research that we have been doing at HP is to try to get that into something that’s more of a statistic.

So, when you have a particular project that does a certain kind of security implementation, you can see what the business return on it is and how it actually lowers risk. We found that it’s better to spend your money on getting a better system to patch your systems than it is to do some other kind of content filtering or something like that.

Gardner: Perhaps what we need is the equivalent of an Underwriters Laboratories (UL) for permeable organizational IT assets, where the security stamp of approval comes in high or low. Then, you could get you insurance insight—maybe something for The Open Group to look into. Any thoughts about how standards and a consortium approach would come into that?

Hietala: I don’t know about the UL for all security things. That sounds like a risky proposition.

Gardner: It could be fairly popular and remunerative.

Hietala: It could.

Mezzapelle: An unending job.

Hietala: I will say we have one active project in the Security Forum that is looking at trying to allow organizations to measure and understand risk dependencies that they inherit from other organizations.

So if I'm outsourcing a function to XYZ corporation, being able to measure what risk am I inheriting from them by virtue of them doing some IT processing for me, could be a cloud provider or it could be somebody doing a business process for me, whatever. So there's work going on there.

I heard just last week about a NSF funded project here in the U.S. to do the same sort of thing, to look at trying to measure risk in a predictable way. So there are things going on out there.

Gardner: We have to wrap up, I'm afraid, but Stuart, it seems as if currently it’s the larger public cloud provider, something of Amazon and Google and among others that might be playing the role of all of these entities we are talking about. They are their own self-insurer. They are their own underwriter. They are their own risk assessor, like a UL. Do you think that's going to continue to be the case?

Boardman: No, I think that as cloud adoption increases, you will have a greater weight of consumer organizations who will need to do that themselves. You look at the question that it’s not just responsibility, but it's also accountability. At the end of the day, you're always accountable for the data that you hold. It doesn’t matter where you put it and how many other parties they subcontract that out to.

So there's a need to have that, and as the adoption increases, there's less fear and more, "Let’s do something about it." Then, I think the weight will change.

Plus, of course, there are other parties coming into this world, the world that Amazon has created. I'd imagine that HP is probably one of them as well, but all the big names in IT are moving in here, and I suspect that also for those companies there's a differentiator in knowing how to do this properly in their history of enterprise involvement.

So yeah, I think it will change. That's no offense to Amazon, etc. I just think that the balance is going to change.

Gilmour: Yes. I think that's how it has to go. The question that then arises is, who is going to police the policeman and how is that going to happen? Every company is going to be using the cloud. Even the cloud suppliers are using the cloud. So how is it going to work? It’s one of these never-decreasing circles.

Mezzapelle: At this point, I think it’s going to be more evolution than revolution, but I'm also one of the people who've been in that part of the business—IT services—for the last 20 years and have seen it morph in a little bit different way.

Stuart is right that there's going to be a convergence of the consumer-driven, cloud-based model, which Amazon and Google represent, with an enterprise approach that corporations like HP are representing. It’s somewhere in the middle where we can bring the service level commitments, the options for security, the options for other things that make it more reliable and risk-averse for large corporations to take advantage of it.

Listen to the podcast. Find it on iTunes/iPod. Read a full transcript or download a copy.

HP provides more picks and shovels to cloud miners

rss@it-analysis.com (Dana Gardner, Interarbor Solutions) — Wed, 08 Feb 2012 07:00:00 +0100

In two separate recent announcements, HP has affirmed its goal of being the neutral supplier of choice for all things cloud.

Last week, HP delivered HP Discovery and Dependency Mapping Advanced (DDMA) Content Pack 10, bringing with the ability to better manage cloud instances across the enterprise-public cloud continuum, including deep discovery of virtualized workloads' performance inside of Amazon and VMware vCloud clouds.

Then this week, HP on Tuesday further thrust its global market-leading LoadRunner performance testing suite—via partners—into development clouds, known as platform as a service (PaaS) providers. This is clearly aimed at the fast-growing mobile development and greenfield SMB development spaces.

Interestingly, neither the cloud operations efficiency benefits of the updated DDMA nor the HP LoadRunner-in-the-Cloud offering will be initially offered inside of any HP public clouds. These formerly enterprise-targeted development and operations tools are being extended to more private and public cloud uses—but via cloud ecosystems, partners and channels. [Disclosure: HP is a sponsor of BriefingsDirect podcasts.]

Picks and shovels
While HP is not taking the arrival of its own public cloud offerings off the table—indeed they have committed to them in the past—they seem to be happy for now to develop the picks and shovels and provide them to the miners and the current mine owners.

The strategy lessens the potential for conflict that other cloud providers such as Microsoft, Google, Amazon, Salesforce.com and VMware can face (no mention yet of Microsoft Azure). And it makes HP more amenable as a supplier to those public clouds, which may be of interest to them, given both HP's technologies and their vast and global installed base of enterprise customers.

Digging more deeply into the news items, the DDMA Content Pack 10 brings a critical part of the HP IT Performance Suite to more types of cloud uses, as well as back into more kinds of mainframes, particularly for the IBM iSeries servers. Reaching more deeply into legacy workloads and across various cloud and hybrid models allows for more automation of those apps and runtimes, and fosters far better change management when those loads need to be adjusted to accommodate varying demands.

HP is also enabling any IP-pingable device to be discovered, mapped, and managed via the various online deployments. The overall benefit is more a lifecycle approach to management of apps and devices across legacy and hybrid environments, and to gain a single view as a business service of all the parts that support the apps and processes regardless of their locations.

Discovery capabilities have also been added for HP ServiceGuard, Glassfish open-source server and VMware Datastore. In addition, integration has also been enhanced to include CiscoWorks LAN Management Solution (LMS), Aperture VISTA, NNMi, Application Signature and Service-Now. Functionality has also been added to the integration of Troux. Finally, Content Pack 10 provides new features such as support for SAP JCo3, Oracle VM Server for SPARC, UCMDB to XML export and a BMC Atrium pull adapter.

Three partners
On the LoadRunner news today, HP has worked so far with three partners that will take the LoadRunner on demand services out to their specific customers and on their public clouds of their choices. The initial partners are: Orasi Software Inc., Genilogix and J9 Technologies. These partners will set the pricing, but the performance testing services are delivered on a pay as you go basis.

"This is unique. It's the easiest, lowest-cost way to bring LoadRunner capabilities to the cloud," said Matt Morgan, senior director, Product and Solution Marketing, Software, HP.

Incidentally, the testing phase of the cloud PaaS proposition is essential for quick devops and RAD benefits. It further allows any investments that enterprises have made in Loadrunner to be extended via the cloud providers to developers working on new mobile projects, or for them to control and view testing results when using third-party developers.

By straddling the cloud-enterprise ecosystem HP may be able to bring more value to the channel partners and end users—especially SMBs—then trying to build the whole cloud first and putting in services later. It's the ecosystem of services, after all, not the location of them, that matters most.