By: Dana Gardner, Principal Analyst, Interarbor Solutions Posted: 12th January 2012 Copyright Interarbor Solutions © 2012

This BriefingsDirect thought leadership interview comes in conjunction with The Open Group Conference this month in San Francisco.

The conference will focus on how IT and enterprise architecture support enterprise transformation. Speakers in conference events will also explore the latest in service oriented architecture (SOA), cloud computing, and security.

We’re now joined by of the main speakers, Jeanne Ross, Director and Principal Research Scientist at the MIT Center for Information Systems Research. Jeanne studies how firms develop competitive advantage through the implementation and reuse of digitized platforms.

She is also the co-author of three books: IT Governance: How Top Performers Manage IT Decision Rights for Superior Results, Enterprise Architecture As Strategy: Creating a Foundation for Business Execution, and IT Savvy: What Top Executives Must Know to Go from Pain to Gain.

As a lead-in to her Open Group presentation on how adoption of enterprise architecture (EA) leads to greater efficiencies and better business agility, Ross explains how enterprise architects have helped lead the way to successful business transformations. The interview is moderated by Dana Gardner, Principal Analyst at Interarbor Solutions. [Disclosure: The Open Group is a sponsor of BriefingsDirect podcasts.]

Here are some excerpts:

Gardner: How you measure or determine that enterprise architects and their practices are intrinsic to successful business transformations?

Ross: That’s a great question. Today, there remains kind of a leap of faith in recognizing that companies that are well-architected will, in fact, perform better, partly because you can be well-architected and perform badly. Or if we look at companies that are very young and have no competitors, they can be very poorly architected and achieve quite remarkably in the marketplace.

But what we can ascribe to architecture is that when companies have competition, then they can establish any kind of performance target they want, whether it’s faster revenue growth or better profitability, and then architect themselves so they can achieve their goals. Then, we can monitor that.

We do have evidence in repeated case studies of companies that set goals, defined an architecture, started to build the capabilities associated with that architecture, and did indeed improve their performance. We have wonderful case study results that should be very reaffirming. I accept that they are not conclusive.

We also have statistical support in some of the work we've done that shows that high performers in our sample of 102 companies, in fact, had greater architecture maturity. They had deployed a number of practices associated with good architecture.

Gardner: Is there something that’s new about this, rather than just trying to reengineer something?

Ross: Yes, the thing we're learning about enterprise architecture is that there's a cultural shift that takes place in an organization, when it commits to doing business in a new way, and that cultural shift starts with abandoning a culture of heroes and accepting a culture of discipline.

Nobody wants to get rid of the heroes in their company. Heroes are people who see a problem and solve it. But we do want to get past heroes sub-optimizing. What companies traditionally did before they started thinking about what architecture would mean, is they relied on individuals to do what seemed best and that clearly can sub-optimize in an environment that increasingly is global and requires things like a single face to the customer.

What we're trying to do is adopt a culture of discipline, where there are certain things that people throughout an enterprise understand are the way things need to be done, so that we actually can operate as an enterprise, not as individuals all trying to do the best thing based on our own experience.

The fundamental difference of being an architected firm is that there is some underlying discipline. I'll caution you that what tends to happen is great architects really embrace the discipline. They love the discipline. They understand the discipline, and there is a reluctance to accept that that’s not the only thing we need in our organization. There are times when ad hoc behaviors enable us to be much more innovative and much more responsive and they are exactly what we need to be doing.

So there is a cultural shift that is critical to understanding what it is to be architected. That’s the difference between a successful firm that’s successful because it hasn’t gotten into a world of really tough competition or restrictions on spending and things like that and an organization that is trying to compete in a global economy.

Gardner: What then is the proper role of the architect?

Ross: The architect plays a really critical role in representing the need for this discipline, for some standards in the organization, and for understanding the importance of shared definitions for data. The architect should be able to create a very constructive tension in the organization, and that’s the tension between individuality, innovation, local responsiveness, and the need for enterprise thinking, standardization, and discipline.

Normally, in most companies, the architect’s role will be the enforcer of discipline, standardization and enterprise thinking. ...We want to be architected enough to be efficient, to be able to reuse those things we need to reuse, to be agile, but we don’t want to start embracing architecture for architecture’s sake or discipline for discipline’s sake.

We really just need architecture to pull out unnecessary cost and to enable desirable reusability. And the architect is typically going to be the person representing that enterprise view and helping everyone understand the benefits of understanding that enterprise view, so that everybody who can easily or more easily see the local view is constantly working with architects to balance those two requirements.

Gardner: Is this a particularly good time, from your vantage point, to undertake enterprise architecture?

Ross: It’s a great time for most companies. There will be exceptions that I'll talk about in a minute. One thing we learned early on in the research is that companies who were best at adopting architecture and implementing it effectively had cost pressures. What happens when you have cost pressures is that you're forced to make tough decisions.

If you have all the money in the world, you're not forced to make tough decisions. Architecture is all about making tough decisions, understanding your tradeoffs, and recognizing that you're going to get some things that you want and you are going to sacrifice others.

If you don't see that, if you just say, "We're going to solve that by spending more money," it becomes nearly impossible to become architected. This is why investment banks are invariably very badly architected, and most people in investment banks are very aware of that. It’s just very hard to do anything other than say, "If that’s important to us, let’s spend more money and let’s get it." One thing you can't get by spending more money is discipline, and architecture is very tightly related to discipline.

In a tough economy, when competition is increasingly global and marketplaces are shifting, this ability to make tough decisions is going to be essential. Opportunities to save costs are going to be really valued, and architecture invariably helps companies save money. The ability to reuse, and thus rapidly seize the next related business opportunity, is also going to be highly valued.

The thing you have to be careful of is that if you see your markets disappearing, if your product is outdated, or your whole industry is being redefined, as we have seen in things like media, you have to be ready to innovate. Architecture can restrict your innovative gene, by saying, "Wait, wait, wait. We want to slow down. We want to do things on our platform." That can be very dangerous, if you are really facing disruptive technology or market changes.

So you always have to have that eye out there that says, "When is what we built that’s stable actually constraining us too much? When is it preventing important innovation?" For a lot of architects, that’s going to be tough, because you start to love the architecture, the standards, and the discipline. You love what you've created, but if it isn’t right for the market you're facing, you have to be ready to let it go and go seize the next opportunity.

Gardner: Perhaps this environment is the best of all worlds, because we have that discipline on the costs which forces hard decisions, as you say. We also have a lot of these innovative IT trends that would almost force you to look at doing things differently. I'm thinking again of cloud, mobile, the big data issues, and even social-media types of effects.

Ross: Absolutely. We should all look at it that way and say, "What a wonderful world we live in." One of the companies that I find quite remarkable in their ability to, on the one hand, embrace discipline and architecture, and on the other hand, constantly innovate, is USAA. I'm sure I'll talk about them a little bit at the conference.

This is a company that just totally understands the importance of discipline around customer service. They're off the charts in their customer satisfaction.

They're a financial services institution. Most financial services institutions just drool over USAA’s customer satisfaction ratings, but they've done this by combining this idea of discipline around the customer. We have a single customer file. We have an enterprise view of that customer. We constantly standardize those practices and processes that will ensure that we understand the customer and we deliver the products and services they need. They have enormous discipline around these things.

Simultaneously, they have people working constantly around innovation. They were the first company to see the need for this deposit with your iPhone. Take a picture of your check and it’s automatically deposited into your account. They were nearly a year ahead of the next company that came up with that service.

The way they see it is that for any new technology that comes out, our customer will want to use it. We've got to be there the day after the technology comes out. They obviously haven't been able to achieve that, but that’s their goal. If they can make deals with R&D companies that are coming up with new technologies, they're going to make them, so that they can be ready with their product when the thing actually becomes commercial.

So it's certainly possible for a company to be both innovative and responsive to what’s going on in the technology world and disciplined and cost effective around customer service, order-to-cash, and those other underlying critical requirements in your organization. But it's not easy, and that's why USAA is quite remarkable. They've pulled it off and they are a lesson for many other companies.

Gardner: Is The Open Group a good forum for your message and your research, and if so, why?

Ross: The Open Group is great for me, because there is so much serious thinking in The Open Group about what architecture is, how it adds value, and how we do it well. For me to touch base with people in The Open Group is really valuable, and for me to touch base to share my research and hear the push back, the debate, or the value add is perfect, because these are people who are living it every day.

Gardner: Are there any other major themes that you'll be discussing at the conference coming up that you might want to share with us?

Ross: One thing we have observed in our cases that is more and more important to architects is that the companies are struggling more than we realized with using their platforms well.

I'm not sure that architects or people in IT always see this. You build something that’s phenomenally good and appropriate for the business and then you just assume, that if you give them a little training, they'll use it well.

That’s actually been a remarkable struggle for organizations. One of our research projects right now is called "Working Smarter on Your Digitized Platform." When we go out, we find there aren't very many companies that have come anywhere close to leveraging their platforms the way they might have imagined and certainly the way an architect would have imagined.

It's harder than we thought. It requires persistent coaching. It's not about training, but persistent coaching. It requires enormous clarity of what the organization is trying to do, and organizations change fast. Clarity is a lot harder to achieve than we think it ought to be.

The message for architects would be: here you are trying to get really good at being a great architect. To add value to your organization, you actually have to understand one more thing: how effectively are people in your company adopting the capabilities and leveraging them effectively? At some point, the value add of the architecture is diminished by the fact that people don't get it. They don’t understand what they should be able to do.

We're going to see architects spending a little more time understanding what their leadership is capable of and what capabilities they'll be able to leverage in the organization, as opposed to which on a rational basis seem like a really good idea.

Gardner: When you're an organization and you've decided that you do want to transform and take advantage of unique opportunities for either technical disruption or market discipline, how do you go about getting more structure, more of an architecture?

Ross: That's idiosyncratic to some extent, because in your dream world, what happens is that the CEO announces, "This is what we are going to be five years from now. This is how we are going to operate and I expect everyone to get on board." The vision is clear and the commitment is clear. Then the architects can just say, and most architects are totally capable of this, "Oh, well then, here are the capabilities we need to build. Let’s just go build them and then we'll live happily ever after."

The problem is that’s rarely the way you get to start. Invariably, the CEO is looking at the need for some acquisitions, some new markets, and all kinds of pressures. The last thing you're getting is some clarity around the vision of an operating model that would define your critical architectural capabilities.

What ends up happening instead is architects recognize key business leaders who understand the need for reused standardization, process discipline, whatever it is, and they're very pragmatic about it. They say, "What do you need here to develop an enterprise view of the customer, or what’s limiting your ability to move into the next market?"

And they have to pragmatically develop what the organization can use, as opposed to defining the organizational vision and then the big picture view of the enterprise architecture.

So in practice, it's a much more pragmatic process than what we would imagine when we, for example, write books on how to do enterprise architecture. The best architects are listening very hard to who is asking for what kind of capability. When they see real demand and real leadership around certain enterprise capabilities, they focus their attention on addressing those, in the context of what they realize will be a bigger picture over time.

They can already see the unfolding bigger picture, but there’s no management commitment yet. So they stick to the capabilities that they are confident the organization will use. That’s the way they get the momentum to build. That is more art than science and it really distinguishes the most successful architects.

Listen to the podcast. Find it on iTunes/iPod. Read a full transcript or download a copy.

By: Bob Tarzey, Service Director, Quocirca Posted: 20th December 2011 Copyright Quocirca © 2011

For IT users, the most important things are the applications that enable them to do their jobs and the devices they access those applications from. However, system administrators (sys-admins), responsible for ensuring end-user devices can link to the applications, know it takes a lot more in between. Resellers know this too; selling both the high and low profile equipment is their bread and butter. What resellers may not realise is the extent to which their customers fail to manage much of their equipment securely and effectively and the additional opportunity this represents.

A new Quocirca research report—Conquering the sys-admin challenge—underlines the extent of the problem. It looked at three broad areas: the management of privilege, the ability to automate sys-admins' tasks and ensuring compliance.

The over-granting of privilege is a common problem; sys-admins are often granted access to more equipment than is necessary and they often have access to data they have no need to see (Figure 1). This is a problem, not because sys-admins are innately malicious people (although a few have turned out to be) but because, just like anyone else, they can make mistakes.

Errors made when acting under privilege can have a serious impact on the availability of IT systems. For example, the failure to backup up a server properly (or at all) may mean data is lost and a project is put back by days or weeks; wrongly reconfiguring a network firewall may lead to remote users being locked out of systems they need to access; or spinning down the wrong disk volume for maintenance purposes may leave an email server out of action.

The new research shows that the average sys-admin's error rate is about 7%. One way to reduce error rates is better management of privilege. To achieve this it is necessary to have tools in place to manage the scope of privilege access, limiting the range of data and devices a sys-admin has access to and the time they have access for.

There is another way to reduce error rates—more automation of sys-admin. Many tasks are mundane and repetitive. A good example is data protection, most organisations regularly backup file servers and many have automated this. However, other devices need protecting too and it is less likely that the settings of firewalls, routers and load balancers are backed-up (Figure 2). This is important for ensuring a quick recovery in the case of failure and the task is an easy one to automate with the right tools. Other tasks can also be automated, including the gathering of data for audits.

This brings us full circle, because one area that auditors are keen to see IT departments have control of is the use of privilege. Some standards are specific about the management of privileged users. One of the controls in the IT service management standard (ITSM) ISO 270001 states, “the allocation and use of privileges shall be restricted and controlled”. The Payment Card Industries Data Security Standard (PCI DSS) recommends, “auditing all privileged user activity”.

Many organisations do not have the controls in place to make sure this required data is gathered. Indeed some admit to appalling practices, in particular the uncontrolled changes to sys-admin procedures immediately prior to audits, which then lapse following the audit. Over two thirds of respondents admitted this happened at least occasionally; for some it was a regular practice (Figure 3).

When it comes to helping customers with the management of privilege, the automation of sys-admins and ensuring compliance, resellers can take one of two approaches. They can either ensure the tools to do their job are available as part of their portfolio or they can use such tools themselves to provide managed services. Vendors that focus on the management and privilege and the automation of IT include Osirium (the sponsors of Quocirca latest report), CA, Cyber-Ark, Quest Software and Lieberman Software.

Quocirca’s new report is freely available to IT-Director readers via this link: http://www.quocirca.com/news/88

This article first appeared in the Computer Reseller News (CRN) UK print edition.

By: Bob Tarzey, Service Director, Quocirca Posted: 19th December 2011 Copyright Quocirca © 2011

Network and security devices age just like any other IT equipment. As the IT industry moves toward 100 gigabit/second Ethernet and 100 megabit/second broadband connections, many existing devices will no longer cope with traffic volumes. The need to replace routers, firewalls, load-balancers, content filtering devices etc. is an on-going process.

Some devices may be reusable by smaller organisations and have a second-hand value; others may just be fit for the dump; when the latter is the case they must be disposed of in line with environment regulations such as the UK Environment Agency’s waste electrical and electronic equipment (WEEE) directive.
 
Either way, such devices will end up in the hands of third-parties, and their eventual destination will not be guaranteed. These devices have all sorts of confidential data and settings stored on them, such as user details and network access settings. In the wrong hands these could be used to gain access to private networks, and anyway, the leaking of such data may constitute a data privacy breach. If is therefore necessary to ensure all such data is securely deleted before devices are disposed of.
 
It varies by industry, but a recent Quocirca research report shows that around 40% of all organisations said they were not confident all such data was safely removed prior to device deposal. Quocirca suspects that even those who claim to have done so have not actually shredded data but just “deleted” it, and a determined hacker may still be able to retrieve it. Only audited disk shredding or secure reformatting tools, carried out by screened staff, can ensure such devices are completely safe to dispose of.
 
To see the full research behind this and get a free copy of Quocirca’s report – “Conquering the sys-admin challenge” – click here http://www.osirium.com/alpha-files/wp

By: Dana Gardner, Principal Analyst, Interarbor Solutions Posted: 1st December 2011 Copyright Interarbor Solutions © 2011

Welcome to a special BriefingsDirect podcast series coming to you from the HP Discover 2011 Conference in Vienna. We’re exploring some major case studies from some of Europe’s leading enterprises.

Our next customer case study interview highlights how a shift from a technology emphasis to a business services delivery emphasis has created significant improvements for a large telecommunications provider, Vodafone. We'll see how a series of innovative solutions and an IT transformation approach to better support business benefits Vodafone, their internal users, and their global customers.

To learn more, we’re here with Shane Gaffney, Head of IT operations for Vodafone Ireland, based in Dublin. The interview is moderated by Dana Gardner, Principal Analyst at Interarbor Solutions. [Disclosure: HP is a sponsor of BriefingsDirect podcasts.]

Here are some excerpts:

Gaffney: Back in summer of 2010, when we looked at the business perception of the quality of service received from IT, the confidence was lower than we’d like in terms of predictable and optimal service quality being provided.

There was a lack of transparency. Business owners didn’t fully understand what quality was being received and they didn’t have simple meaningful language that they were receiving from IT operations in terms of understanding service quality: good, bad, or indifferent.

Within IT operations, as a function, we also had our own challenges. We were struggling to control our services. We were under the usual pressure that many of our counterparts face in terms of having to do more with less, and downward pressure on cost and headcount. We were growing a dynamic complex IT estate, plus customers are naturally becoming ever more discerning in terms of their expectations of IT.

So with that backdrop, we knew we needed to take some radical steps to really drive our business forward. Vodafone is Ireland’s leading telecommunications operator. We have in excess of 2.4 million subscribers, about 1,300 employees in a mixture of on-premise and cloud operations. I mentioned the complex and dynamic IT estate that we manage. To put a bit of color around that, we’ve got 230 applications, about 2,500 infrastructure nodes that we manage either directly or indirectly—with substantial growth in traffic, particularly the exponential growth in the telecom data market.

Gardner: What does this get for you if you do it right? What is it that you've been able to attain by shifting your emphasis to the business services level? What’s the payoff?

Gaffney: We've seen a 66 percent reduction in customer lost hours year on year from last summer to this. We’ve also seen a 75 percent reaction in mean time to repair or average service restoration time.

Another statistic I'd call out briefly is that, at the start of this process, we were identifying root cause for incidents that were occurring in about 40–50 percent of cases on average. We’re now tracking consistently between 90–100 percent in those cases and have thereby been able to better understand, through our capabilities and tools, what’s going on in the department and what’s causing issues. We consequently have a much better chance of avoiding repetition in those issues impacting customers.

At a customer satisfaction level, we’ve seen similar improvements that correlate with the improved operational key performance indicators (KPIs). From all angles, we’ve thankfully enjoyed very substantial improvements. If we look at this from a financial point of view, we’ve realized a return on investment (ROI) of 300 percent in year one and, looking solely at the cost to fix and the cost of failure in terms of not offering optimal service quality, we’ve been able to realize cost savings in the region of €1.2 million OPEX through this journey.

Gardner: Let me just dig into that ROI. That’s pretty amazing, 300 percent ROI in one year. And what was that investment in? Was that in products, services, consulting, how did you measure it?

Gaffney: Yes, the ROI is in terms of the expenditure that would have related primarily to our investment in the HP product portfolio over the last year as well as a smaller number of ancillary solutions.

The payback in terms of the benefits realized from a financial perspective that relate to the cost savings associated with having fewer issues and, in the event where we have issues, the ability to detect those faster and spend less labor investigating and resorting issues, because the tools, in effect, are doing a lot of that legwork and much of the intelligence is built in to that product portfolio.

[Another way] we measure success, is we try to take a 360 degree view of our service quality. So we have a comprehensive suite of KPIs at the technology layer. We also do likewise in terms of our service management and establishing KPIs and service level agreements (SLAs) at the service layer. We've then taken a look at what quality looks like in terms of customer experience and perception, seeking to correlate metrics between these perspectives.

As an example, we routinely and rigorously measure our customer net promoter score, which essentially assesses whether the customers, based on their experience, would recommend our products and services to others.

[Lastly, we also] build confidence within the team in terms of having a better handle on the quality of service that we’re offering. Having that commercial awareness really does drive the team forward. It means that we’re able to engage with our customers in a much more meaningful way to create genuine value-add, and move away from routine transactional activity, to helping our customers to innovate and drive business forward.

We’ve certainly enjoyed those type of benefits through our transformation journey by automating a lot of the more core routine and repeatable activity, facilitating focus on our relationship with our customers in terms of understanding their needs and helping them to evolve the business.

Gardner: How do you, at a philosophical level, bridge the continuum among and between technology and the other softer issues like culture to obtain these benefits?

Gaffney: The first thing we did was engage quite heavily with all of our business colleagues to define a service model. In essence what we were looking at there was having our business unit owners define what services were important to them at multiple levels down to the service transactions, and defining the attributes of each of those services that make them successful or not.

Once we had a very clear picture of what that looked like across all business functions, we used that as our starting point to be able to measure success through the customer eyes.

That's the focus and continues to be the core driver behind everything else we do in IT operations. We essentially looked to align our people, revamp our processes, and look at our end-to-end tool strategy, all based around that service model.

The service model has enforced a genuine service orientation and customer centricity that’s driven through all activities and behaviors, including the culture within the IT ops group in how we service customers. It’s really incorporating those commercial and business drivers at the heart of how we work.

Without having a consolidated or rationalized suite of tools, we found previously that it's very difficult to get control of our services through the various tiers. By introducing the HP Application Performance Management tools portfolio, there are a number of modules therein that have allowed us to achieve the various goals that we’ve set to achieve the desired control.

Essentially, the service model is defined at a helicopter view, which is really what’s important to our respective customers. And we’ve drilled down into a number of customer or service-oriented views of their services, as well as mapping in, distilling, and simplifying the underlying complexities and event volumes within our IT estate.

Gardner: I suppose this would be a good time to step back and take a look at what you actually do have in place. What specifically does that portfolio consist of for you there at Vodafone Ireland?

Gaffney: We have a number of modules in HP's APM portfolio that I'll talk about briefly. In terms of looking to get a much broader and richer understanding of our end-user experience which we lacked previously, we’ve deployed HP’s Business Process Monitors (BPMs) to effectively emulate the end-user experience from various locations nationwide. That provides us with a consistent measure and baseline of how users experience our services.

We’ve deployed HP Real User Monitoring (RUM), which gives us a comprehensive micro and macro view of the actual customer experience to complement those synthetic transactions that mimic user behavior. Those two views combined provide a rich cocktail for understanding at a service level what our customers are experiencing.

We then looked at events correlation. We were one of the first commercial customers to adopt HP’s BSM version 9.1 deployment, which gives us a single pane of glass into our full service portfolio and the related IT infrastructure.

Looking a little bit more closely at BSM, we've used HP’s Discovery and Dependency Mapping Advanced (DDMa) to build out our service model, i.e. effectively mapping our configuration items throughout the estate, back up to that top-down service view. DDMa effectively acts as an inventory tool that granularly links the estate to service. We’ve aligned the DDMa deployment with our service model which, as I mentioned earlier, is integral to our transformation journey.

Beyond that, we’ve looked at HP’s Operations Manager i (OMI) capability, which we use to correlate our application performance and our system events with our business services. This allows our operators to reduce a lot of the noisy events by distilling those high-volume events into unique actionable events. This allows operators to focus instead on services that may be impacted or need attention and, of course, our customers and our business.

We’ve gone farther and looked at ArcSight Logger, software which we’ve deployed to a single location that collects logged files throughout our estate. This allows us to quickly and easily search across all logged files for abnormalities that might be related to a particular issue.

By integrating ArcSight Logger with OMI—and I believe we’re one of the first HP customers to do this—we’ve enriched operator views with security information as well as the hardware, OS, and application layer events. That gives us a composite view of what’s happening with our services through multiple lenses, holistically across our technology landscape and products and services portfolio.

Additionally, we’ve used HP’s Operations Orchestration to automate many of our routine procedures and, picking up on the ROI, this has allowed us to free up operators’ time to focus on value-add and effectively to do more with less. That's been quite a powerful module for us, and we’ve further work to exploit that capability.

The last point to call out in terms of the HP portfolio is we’re one of the early trialists of HP’s Service Health Analyzer. A year ago, we were to a degree reactive in terms of how we provided service. At this point, we’re proactive in how we manage services.

Service Health Analyzer will allow us to move to the next level of our evolution, moving toward predictive service quality. I prefer to call the Service Health Analyzer our “crystal ball,” because that’s essentially what we’re looking at. It’s taking trends that are occurring with the services of transaction, and predicting what's likely to happen next and what may be in jeopardy of breaking down the line, so you can take early intervention and remedial action before there’s any material impact on customers.

We’re quite excited about seeing where we can go there. One of the sub-modules of Service Health Analyzer is Service Health Reporter, and that’s a tool that we expect to act as our primary capacity planning capability across a full IT estate going forward.

Throughout our implementation, partnership was a key ingredient to success. Vodafone had the business vision and appetite to evolve. HP provided the thought leadership and guidance. And, Perform IT, HP's partner, brought hands-on implementation and tuning expertise into the mix.

One of our core principles throughout this journey has been to offer full transparency to our customers in terms of the services they receive and enjoy from us. On one hand, we provide the BSM console to all of our customers to allow them to have a view of exactly what the IT teams see, but with a service orientation.

We’re actually going a step further and we’re building out a cloud-based service portal that takes a rich feed in from the full BSM portfolio, including the modules that I've called out earlier. It also takes feeds in from a remedy system, in order to get the view of core processes such as incident management, problem management, change management.

Bringing all of that information together gives customers a comprehensive view of the services they receive from IT operations. That's our aim -- to provide customers with everything they need at their fingertips.

It's essentially providing simple and meaningful information with customized views and dynamic drill-down capabilities, so customers can look at a very high level of how the services are performing, or really drill into the detail, should they so desire. The portal, we believe, is likely to act as a powerful business enabler. Ultimately, we believe there's opportunity to commercialize or productize this capability down the line.

Gardner: Any recommendations now that you've been through this yourself?

Gaffney: For customers embarking on this type of transformation initiative, first off, I would suggest: engage with your customers. Speak with your customers to deeply understand their services, and let them define what success looks like.

Look to promote quick wins and win-wins. Look at what works for the IT community and what works for the customer. Both are equally important. Buy-in is required, and people across those functions all need to understand what success looks like, and believe in it.

I would recommend taking a holistic approach from a couple of angles. Don’t just look at your people, technology, or processes, but look at those collectively, because they need to work in harmony to hit the service quality sweet spot. Holistically, it's important to prepare your strategy, but look top down from the customer view down into your IT estate and vice versa, mapping all configuration items back into those top level services.

Listen to the podcast. Find it on iTunes/iPod. Read a full transcript or download a copy.

By: Bob Tarzey, Service Director, Quocirca Posted: 21st October 2011 Copyright Quocirca © 2011

Quocirca saw an estimate recently that IT security managers can spend as much as 30% of their time preparing for and delivering audits. This is mundane and uninteresting work and if it can be automated – all the better. However, recent Quocirca research, sponsored by sys-admin tools vendor Osirium, shows that less than 20% of organisations fully automate the gathering of data for audits and less than 10% automate the remediation of audit gaps.

What’s more, over 70% admitted that in some cases system administrators (sys-admins) made informal, uncontrolled changes to sys-admin procedures immediately prior to audits in order to meet the audit requirements, which then lapse following the audit, with 8% saying this was a regular practice. Obviously, this is extremely bad practice; if auditors uncovered the fact the procedures had been temporarily changed to satisfy them, then the audit would surely be failed anyway?

Osirium has published the research and some suggestions for achieving better practices as the first of its Alpha Files, a series of short reports on sys-admin, privileged user management and auditing practices. Quocirca will be publishing a new free report later in 2011 that will detail and analyse in detail all the new research.

By: Peter Williams, Practice Leader - IT Infrastructure Mgmt., Bloor Research Posted: 8th September 2011 Copyright Bloor Research © 2011

It often takes a start-up VC company to spot and exploit a fundamental weakness when an IT infrastructure trend emerges. Suddenly everyone "got" the idea of enterprise virtualisation and data centre clouds, but a basic weakness was physical connectivity that could block the way to enterprise agility.

Now that virtual server and virtual storage environments are becoming commonplace, the goal of enterprise agility - to quickly and easily change the IT infrastructure to keep up with rapidly changing business needs - has become closer. But the 'spaghetti-cabling' between physical servers across the network to physical storage of different types - often with missing links that prohibit some connection paths - is a major barrier to making virtual changes.

Yet Xsigo came up with a solution back in 2007, a couple of years before the market realised it even had a problem; it has since taken this on. Its solution, loosely a "virtualised server fabric", is conceptually very simple: connect all the servers with very fast (40 Gb/s) links to its new VP780 I/O Director box, and connect all the network devices including all the storage to the other side of the box - and put some clever software inside to make all the needed virtual connections.

Then make it easy for the server manager to instruct the software to make or break these virtual connections using a visual drag-and-drop GUI, so changes are achieved within a few seconds without involving a specialist network manager. (The OS will recognise any change in 1-2 seconds and Xsigo's software manages all worldwide name and MAC addresses.)

Xsigo points out that, typically, only 5% of the bandwidth of the physical connections is used. So, for example, many virtual servers can, by this means, share one physical line to a storage module before a bottleneck occurs. As a result, connection consolidation is facilitated - to greatly reduce spaghetti-cabling complexity and costs. Currently the software handles up to 15 types of I/O, including 4 or 8Gb Fibre Channel (FC) and 1 or 10Gb Ethernet.

This "north-south" network connectivity simplification gives high granularity for better QoS. This is matched by inherent "east-west" server-to-server connectivity; if two virtual servers residing on different physical servers need to directly communicate, they can now do so via the fast 40Gb/s links (touching without passing through the I/O Director box).

This is such a very obvious solution (albeit much more complex than I have probably made it sound), that one might wonder why the likes of Cisco, HP, Brocade did not think of it. They and others are now busy working on their own functionality to better compete with Xsigo but, no surprise, an independent start-up tackled this basic problem first - and is reaping a revenue reward right now.

Meanwhile, enterprises can move a major step closer to the goal of full IT agility to match their business needs.

By: Dana Gardner, Principal Analyst, Interarbor Solutions Posted: 5th September 2011 Copyright Interarbor Solutions © 2011

We assembled a distinguished panel in conjunction with the recent Open Group Conference in Austin, Texas, to explore the impact, role and opportunity for business architecture.

We'll examine how the definition of business architect has matured, and we'll see why it’s so important for this new role to flourish in today’s dynamic business and IT landscapes. We'll also see how certification and training are helping to shape the business architecture leaders of tomorrow.

Here to help better understand the essential impact of business architecture on business success is Harry Hendrickx, the Chief Technology Officer, CME Industry Unit, HP Enterprise Services and a Certified Global Enterprise Architect; Dave van Gelder, Global Architect in the Financial Services Strategic Business Unit at Capgemini; Mieke Mahakena, Label Leader for Architecture in the Training Portfolio at Capgemini Academy and also a Certified Architect; Peter Haviland, head of Architecture Services in the Americas for Ernst & Young, and Kevin Daley, Chief Architect in the Technology and Innovation Group at IBM Global Business Services.

The discussion is moderated by Dana Gardner, Principal Analyst at Interarbor Solutions. [Disclosure: The Open Group, HP and Capgemini are sponsors of BriefingsDirect podcasts.]

Here are some excerpts:

Gardner: We see that CEOs around the world really are seeking fundamental change from IT. They recognize that we're at an inflection point. Why then is the role of business architect so important now?

Hendrickx: Over the past one or two decades, business-IT alignment has been number one on the CIO agenda, and apparently the organizations have increasing difficulty getting business-IT alignment resolved.

There are quite a few people pioneering in business-IT alignment, but apparently there was no urgency yet to recognize this role more specifically.

HP, in the past two years, interviewed CIOs worldwide, and they all indicated that they face quite large and complex transformation processes. They also recognize that business-IT alignment is one of key issues. We think that the business architect really can provide some resolution to get those processes in better shape and more successful.

Daley: At IBM, we have a CEO study and a CIO study that come out in alternating years. One of the things that started coming out loud and clear in 2010 was that managing complexity and building operating dexterity required a better understanding across the entire company.

We've started seeing a trend to move not just from business-IT alignment, but to business and IT convergence. There's an understanding more and more that information technology, and technology in general, is a core part of the business model now. There's an understanding that now we have a situation where business and IT aren’t so much aligned, because of the fact that IT is part of business.

Where we did interviews and surveys and then compiled them for thousands of CEOs, we came up with three key elements. Amongst those was managing and taking advantage of complexity while building operating dexterity. That’s the key theme.

One of the problems that we're seeing from the CEOs is having for decades separated IT as if it was its own business unit, instead of part of the true sense of the business. It's been an interpretive science. To manage that complexity they needed a means by which to start with the design of where they're going and have have a business strategy.

How do they take that strategy and transform it into technology and into information management? They needed an ability to have a framework in which to have that substantive discussion between the people who were responsible, such as the CIO who is responsible for technology and the operations and the COOs, who are really about the execution of the overall picture.

What we've seen from our CEOs is a need to start being more integrated. There have been market pressures that they having to respond to. The big economic downturn was a big change for everyone, and they are trying to address it.

They're looking at means that they can start integrating more globally. They can start to increase their cost variability and start becoming more agile in how they operate their business. To do that they need a means by which they can more effectively communicate.

So far, we've been seeing that business architecture is a perfect way to start driving an understanding. It's a place where both people who are used to seeing standard business models like revenue and capability are able to associate that to the different types of architectures and designs that we see coming out of the technology group.

It's giving them a common place to meet and jointly move forward with what they're trying to do in terms of managing the complexity, so they can be more agile and dexterous.

Gardner: What are the stakes here for business architecture and for organizations that can master this? How important is this now?

Haviland: It’s extremely important. What I see is that this is a discipline that’s just crying out for more people and more maturity. You almost need it to become pervasive throughout organizations now.

The most common story I encounter is simply that organizations spent a lot of time in the past creating their processes and then they spent a lot of time feeding technology solutions to those processes. In recent times, the pace of technology change has moved faster than that previous paradigm.

What you're looking at is at people saying, well, I am the business, there are all of these technology options out there. I cannot find a way forward and so how do I exploit those? That is where the business architecture profession is really being pushed to the front.

That said, there is a slight risk here that it may be considered too much in isolation. I mean, it is an architecture profession, it is a part of architecture, and the value of architecture is to provide that aligned view across the various domains that are important in terms of business, technology, information, security, and those types of elements.

When it comes back to what’s at stake for businesses that are investing in this particular area and for businesses that are trying to reconsider the way that they can operate themselves to support technology, they are moving ahead and they have competitive advantage. Businesses that aren’t doing that tend to be left behind, because the pace of change of technology is going to get faster.

Gardner: Does a business architect and architecture have to be at a high level to be successful? Where in the org chart do we typically see this role? Is it near the top? Does it matter?

van Gelder: It depends on the maturity of an organization. Within Capgemini nowadays, we talk about business technology. As Kevin said, business and technology are not separate. Technology is part of the total business.

When we started the Business Architecture Working Group in 2006, there was a lot of discussion about two words, business and architecture, and nobody knew exactly what we were talking about. Everybody had a different understanding of those words. In the last years what you have seen is that business architecture is looked at in a different way.

Currently in the Business Architecture Working Group, we see business architecture as something that brings the balance between all the other architectures in the company—that’s IT architecture, financial architecture, money, people architecture, and a lot of other architectures.

If business architecture is bringing the balance between the different aspects of a company, then business architecture is something that should be handled in the top of the organization, because balance should be created between all the different aspects in the organization.

Gardner: What then is the fundamental problem that the business architect needs to solve?

Mahakena: It's more like making sure that, whatever transformation you're going to implement, you align all those different aspects. As Dave told us, there are a number of aspects in an organization that might need to change, and you can have all those different architectures for those aspects. But, if every aspect goes its own way in changing, then they will never be aligned. Business architecture is meant to align all of those aspects to make sure that you have a balanced, consistent, and coherent set of operations at the end.

Gardner: It sounds as if we're in agreement that this is a high level function, but what is it that people might stumble upon, if they direct this in a wrong direction? What is business architecture not good at?

Haviland: Business architecture is similar to other forms of architecture, in that it tends to try to do many things all at once. The idea of enterprise alignment is definitely the right outcome, but there is enough complexity there to blow steam out of your head for many, many years to come.

Certainly, in our experience in implementing these types of functions in organizations, functions that constrain scope very well, also tend to communicate very well around what their status is, what their progress is against milestones, and what outcomes they've achieved, and they tend to articulate those outcomes in terms of real business value.

What business architecture is not very good at are broad-reaching types of goals that don’t have measurable outcomes.

Gardner: Anyone could stand up and call themselves a business architect, but what is The Open Group, in particular, doing about actually certifying and moving toward a standardization of some sort?

Hendrickx: The first question we get asked is, what's the difference between a business consultant and a business architect or a business analyst and a business architect? We also have enterprise architect and technology architects. Is there a reason for being for the business architect?

This is something we did a lot of research on at HP and we delineated the role of the business architect quite clearly from the business consulting and the business analyst aspect.

The business architect's role is distinct, because he combines the organizational strategy with the operations. He identifies the implications of this strategy, as well as that of the technology for the business operations. This is opposed to the business consultant, who is more outwardly looking to the commercial aspects of the organization and what that means for the structure. The business analyst is looking more at not the structure of the operation, but at the solution level.

When we look at the enterprise architect and the solution architect, the business architect focuses more on the complete implications of the strategy and technology trends on the operations, whereas the enterprise architect is more interested in the IT and the implications for the IT strategy and how IT should be deployed. The business architect is much more focused on the complete performance of the business operations.

So, the bottom line of these delineations of the past one-and-a-half years is that there is a reason for being for a business architect. It is a distinct role and it has a real solution for a problem.

Mahakena: What we've been doing in the Business Forum, after we decided that business architecture has its own reason for existence, we described the business architecture profession—what's the scope and what should be the outcome of business architecture. Now, we're working on the practice of business architecture by defining a framework, looking at methods, and defining approaches you can use to do business architecture.

Parallel to that, if you know what the profession is and what the practice is, you're able to create the business architecture certification, because those things help you define the required skills and experience a business architect needs. So, we are working on that in the Business Forum.

Daley: Let's look at business architecture from the concept that has existed, combining the thoughts of what Mieke and Harry have already talked about. When we work with clients, for those of us that are in consultancies, we see that there is normally something that’s similar to business architecture, but it's either a shadow organization inside a purely business unit that isn't technology focused, or it is things like the enterprise architects who are having to learn the business concepts around business architect anecdotally, so that they can be successful in their roles.

I'd suggest that we're seeing a need to make it more refined and more explicit, so that we're able to identify the people that fit for this. They have specific things, instead of having general things that we have today. For me, the certification helps provide that certainty as a hiring manager or as somebody who is looking to staff an organization.

It provides that kind of clarity of what they should be doing, giving them specific activities, specific things they do that create value for the company. It takes out of the behind the scenes action and pull something that's critical to success into the front with people who are specifically aligned and educated to do that.

Gardner: How does the globalization impact the importance of this role?

Haviland: Globalization is creating more and more complexity in the business models that organizations are trying to operate. Over the last couple of decades, with the science and engineering of IT, there has been enormous investment by companies to actually operate, maintain, and improve their IT in their current world.

In many cases, this IT work has outpaced the comparable business efforts inside those organizations, when they actually think about their business, their business models, and their business operating principles.

What we're actually seeing now is that the rigor, the engineering, and the effort that’s put into technical architecture and IT architecture is now being proposed on the business side, with many business management process improvement activities. These tend to be at quite a low level, however, when you compare them to business architecture initiatives at the enterprise level.

If those architecture initiatives are at the high levels that are needed, you start to consider the scope and challenges that come into play, when you start talking about globalization. So, with the increase in scope and the global way that people are operating across cultures, geographies, and languages, that requires this discipline, which does operate at that high level to start to organize the other areas, but perhaps at a lower level.

Hendrickx: There are two aspects that need to be paid more attention to with globalization and more complexity. First, the business architect is, or should be, equipped to look at the organization, not only within the boundaries of an organization, but also the ecosystem of organizations that will mold together and have to be connected to produce the value.

Since these are more formalized contracts or relationships with different organizations connected to each other, there is a dynamic that is hardly seen anymore, that is not transparent anymore. There clearly needs to be some more detailed insights and transparency for each organization, so that people understand what the impact of certain developments or events will be. This can't be done just by logic or just by watching carefully. This really needs some in-depth analysis for which the business architecture is built.

The second part of it is that due to the complexity, the decision making process has become more complex and there will be more stakeholders involved in the different areas of decision making. The business architect has a clear task and challenge as well. By absorbing the strategy, technology trends, and the different developments and focusing on the applications for operations, he has the opportunity to discuss with the different stakeholders. He has the opportunity to get those stakeholders either mobilized or focused on specific decisions: the deliverables you will provide.

Gardner: We certainly see a lot of important characteristics in this role: global, strategic high level, encompassing business understanding, as well as technology. Where do you go to find these kinds of people? Who tends to make a good business architect or is there no real pattern yet established as to who steps up to the plate to be able to manage this type of a job?

van Gelder: To all the complexity already mentioned, I'd want to add something else that we found in the Business Architecture Working Group, which is more research in the whole field. That's the problem of communication. How do people communicate with each other?

If you look in the IT world, most people come from an engineering background. It's hard enough to talk to each other and to be clear to each other about what's possible and how you should go or what you should go for. If you start talking to all those other areas in the business, then suddenly people have a completely other way of thinking. Sometimes they use the same words and don't understand each other.

It’s not easy to have these kinds of people that need very good communication skills next to all the complexity that you have to handle. On the other hand, you need an architect when it's complex. You don't need an architect when it's simple, because everybody can do it. But an architect is just a person. I say if I am a simple person, I can only handle simple things.

What you need are people who can structure. I can only work with things when I can structure it, when the complexity is fairly well-structured. I then have overview of all those complexities, and then I can start communicating with all the parties I have to communicate with.

At the moment, I don't see any real training or development of these kinds of people that you need. Most of them come with a lot of experience in a lot of fields, and because of that, they have the possibility to talk to all kinds of people and to bring the message.

Gardner: Mieke, at Capgemini Academy, you’ve obviously encouraged and encountered folks moving towards a business architect role. What are your thoughts on what it takes and where they tend to come from?

Mahakena: Let's have a look where they can come from. What you see is that this role of business architect can be a next step in one’s career. For example, a business analyst, who has been creating a lot of experience in all kinds of fields, and he could evolve to watch a business architect. This person needs to get away from the detail and move towards the strategy and a more holistic view.

Another example could be an enterprise architect who already has analytics skills and communication skills. But, enterprise architects are more or less focusing on IT, so they should move more towards the business part and towards strategy and operations.

One could be the business consultant who is now focusing on strategy, also should have those communication skills, and will be able to communicate with stakeholders in high positions in companies. Business consultants have a lot of industry knowledge. So they should need more knowledge about technology and perhaps improve their analytics skills and learn more to how to structure operations.

So, there are number of existing roles that already have a lot of skills required for business architecture. They just have to enhance skills and get new skills to do this new role.

Gardner: We talked about how this is important because of the internal organizational shifts and the need for transformation. We’ve seen how globalization makes this more important, but I’d like to also look a little bit at some of the trends and technology.

We’ve seen a great deal of emphasis on cloud computing, hybrid computing, the role of mobile devices, wirelessly connected devices, sensors, and fabric of information which, of course, leads to massive data, and they need to then analyze that data.

This is just a handful of some of the major technology trends. Kevin Daley, it seems to me that managing these trends and these new capabilities for organizations also undergirds and supports this need. So how do you see the technology impetus for encouraging the role of business architect?

Daley: I'm seeing from my work in the field that we’ve got all these things that are converging. Certainly, you've got all these enabling technologies and things that are emerging that are making it easier to do technology types of things and speeding them up. So, as they start maturing and as organizations start consuming them, what we’re seeing is that there’s a lack of alignment.

What this trend is really doing is making sure that you have something that is your controlling device that says what is the business relevancy? Are we measuring these peer-to-peer—measuring something such as massive data and information fabrics compared to something like cloud computing, where you are dispersing the ability to access that more readily. It creates a problem in that you have to make sure that people are aligned on what they're trying to accomplish.

We're seeing that the technologies that are emerging are actually enabling business architecture in a fashion. It provides that unified vision, that holism, that you can start looking at combinations of these technologies, instead of having to look at them as we’ve had to in the past of siloed elements of technologies that have their own implications.

We're using business architecture as a means to provide the information back to the business analyst who is going to look and help. You can provide the business implications, but then you have to analyze what that implication means and make decisions for how much of that you’re willing to accept within your organization.

In the notions around how I investigate risk, how I look at what is going to improve market, and what is the capacity of what I can do, there's a disconnect that business for which architecture is helping provide the filler for to get to the people that are doing these corporate strategies and corporate analysis at a level. That allows them to virtualize the concept of the technology, consume what it means and what that relates to for a business or in terms of its operation and strategy and the technology itself.

We’re seeing this become the means by which you can have that universal understanding that these are the implications, and that those implications can now be layered, so that you can look at them in combination instead of having to deal with each technology trend as if it's a standalone piece.

We're seeing this as a means by which to provide some clarity around what any adoption would be. When you adopt technology, it obviously has a level of maturity it has to reach, but it also has a level of complexity. It's being able to start taking advantage of more than just one technology trend at the same time and being able to realistically deliver that into their business model.

What I have been seeing is that the technologies are driving the need for business architecture, because they need that framework to make sure that they are talking apples to apples and that they are meaning the same thing, so that we get out of the interpretation that we have had in the past and get into something that’s very tactical and very tactile, and that you can structure and align in the same way, so you understand what the full ramifications are.

Listen to the podcast. Find it on iTunes/iPod. Read a full transcript or download a copy.

By: Simon Holloway, Practice Leader - Process Management & RFID, Bloor Research Posted: 26th July 2011 Copyright Bloor Research © 2011

A lot has been written over the years about the way processes work within organisations. However, when one really looks under the covers what we find is that every process is driven by an event. Once the event occurs, decisions are taken by an "Identity", that can be an actual person or an automated device that has knowledge about the way the business reacts to this particular type of event. This "decision" is a rule. Once the rule has analysed the data surrounding the event, it makes a decision about which process should be started.

Let me illustrate this thinking. I am currently responsible for the administration of grass hockey elite squads in my county and this moment in time is one of the busiest, as parents respond to the invitations to join the county training squads and pay their children's fees. My event is the arrival of post each day. First decision on hearing the post come through the door, is do I collect now or a bit later? Once I collect, I hit the next event of "sorting the post". I have basically a decision on what sort of post has arrived:

1. If it is hand written or has the words "Director of Coaching" or "JDC", then the letter is of immediate interest and goes into the right pile on my desk;
2. If it is a business letter such as bank or credit card company communication, then it goes onto a pile on top of my printer;
3. If it is addressed to another member of my family, it goes into a pile on the left side of my desk, which, at the end of sorting, I take out to the kitchen for distribution;
4. If it is a magazine then it goes into another pile to be taken into the lounge for reading later.

So I have now applied my sorting "rule", which results in 4 different processes being kicked off; all of which can occur simultaneously, or near enough! Let's follow the post that is affected by decision 1 above. My next event is to open the letters and skim read the contents. Now comes the next set of decisions (rules):

1. If the letter is concerned with the Summer Camps I am running it goes into a pile on the left side of my desk;
2. If the letter is concerned with registration for the County JDC, then I check to see if a cheque is attached or not:
   1. If there is a cheque it goes into a pile on the right of my desk;
   2. If there is no cheque, then I write "No Money received and the date" on the form and put it on a pile on top of my printer.

For those letters about Summer Camps, I now start the process of registering the form. This process involves opening the right spreadsheet at the right tab, checking if the player involved is registered on the County database or not, entering all the necessary details of the form and finally banking the cheque.

For those letters about the County JDC that have a cheque, I now start the process of completing the registration of the player on the database and, for the double entry book keeping, updating the entry on the fee registration tab of a spreadsheet. The form is then filed in the completed box file store. For those County JDC letter with no cheques, I check to see if there has been a request to pay electronically and if so mark the form 'electronic payment' for latter checking with my bank records. If there is no information, then I email the primary address and ask how payment will be made.

What you can see is a pattern of Event followed by Decision (Rule) followed by Process and so on until you reach the final event-the end of the process!

My events, decisions and process are analogous to those that many organisations deal with every day in terms of customer orders, complaints, claims.

But what if, when the event occurs, all that you know is what the final outcome has to be and nothing about how you get from the starting event to the end event-what people refer to a "dynamic case management?". Well, if you look at BPM tools that support this capability, they are actual driven by the same pattern of event - decision - process; the difference is that the decision is more complex and will, in all probability, involve collaborative working with more experienced colleagues and other parties involved.

What I am seeing therefore is that the future of management of process in an organisation is no longer about just the workflow that connects all the current components that have been identified from the application portfolio, but also the identification of the events that trigger each major process and the rules that control what happens. However in today's mobile world there is one other piece to the jigsaw that has to be taken into consideration and that is the "identity" that triggers the event and those that are involved. This is all about the location and the device used to trigger the device or that will be used to receive information to make decisions.

By: Peter Abrahams, Practice Leader - Accessibility and Usability, Bloor Research Posted: 8th July 2011 Copyright Bloor Research © 2011

The OneVoice for Accessible ICT Coalition announced a new web accessibility initiative at the recent e-access 11 conference.

Too many websites are not accessible and one of the reasons for this is that website owners do not know how to begin. The new initiative 'The First Seven Steps to Accessible Websites' is a response to the question posed by many website owners "My website was not designed with accessibility as a consideration, I would like to improve the situation, how should I start?"

It is being delivered as an on-line book, which I edited, and describes seven initial steps that can be implemented relatively easily and will provide real accessibility benefits and help to map out the subsequent steps on the journey.

Although it is primarily intended for newcomers to accessibility the steps should be of interest to people who are on the accessibility journey and may have missed some useful steps. Please have a look and leave comments here. OneVoice is looking for assistance in validating, improving and extending the content of the document.

At the conference an extra step was added: 'Take a basic education course about accessibility'. The course suggested was also announced at the conference and is the 'Digital Accessibility eLearning' course commissioned by the Equality and Human Rights Commission, AbilityNet and the BCS. This a level 1 accredited qualification (I will write about this further when it is available).

At the same conference Sandi Wassmer, who is a member of the UK Government e-accessibility forum, talked about the "Ten Principles of Inclusive Web Design", that she developed for the forum. These principles provide an excellent guide to the continuation of the journey after the initial steps.

E-access 11 was an excellent conference and much of the day's proceedings are now available on the website. I hope to see many more people at e-access 12  planning their continuing accessibility journey.

By: Dana Gardner, Principal Analyst, Interarbor Solutions Posted: 15th June 2011 Copyright Interarbor Solutions © 2011

HP has introduced advancements to its CloudSystem solutions with the means for cloud provider and enterprises to accomplish dual cloud bursting, one of the Holy Grails of hybrid computing.

The CloudSystem targets service providers by giving them the ability to allow their enterprise customers to extend their private cloud-based applications bursting capabilities to third-party public clouds too.

HP CloudSystem, announced in January and expanded in the spring with a partner program, is designed to enable enterprises and service providers to build and manage services across private, public and hybrid cloud environments. As a result, clients have a simplified yet integrated architecture that is easier to manage and can be scaled on demand, said HP. [Disclosure: HP is a sponsor of BriefingsDirect podcasts.]

In a demo on stage at Discover recently, HP's Dave Donatelli, executive vice president and general manager of Enterprise Servers, Storage and Networking for the Enterprise Business at HP, showed some unique features. The HP CloudSystem demo showed heterogeneous cloud bursting with drag and drop, on HP and 3rd party x86 boxes. Management and set-up ease seemed simple and automatic.

HP CloudSystem should appeal to both cloud providers and enterprises, because it forms a common means to get them both on cloud options spectrum. HP dual bursting works for public clouds that use HP CloudSystem or not, said HP.

HP CloudSystem dual bursting also seems to allow tiered bursting, data on private cloud, web tier on public clouds, just works, said HP. This seems quite new and impactful. And it's now available.

Based on HP Converged Infrastructure and HP Cloud Service Automation software, HP CloudSystem helps automate the application-to-infrastructure lifecycle and operations deployment flexibility, said HP. HP CloudSystem helps businesses package, provision and manage cloud services to users regardless of where those services are sourced, whether from CloudSystem’s “on-premises” resources or from external clouds.

Managing applications resources as elastic compute fabrics that span an enterprise's data centers and one or more public cloud partners offers huge benefits and advantages. Businesses that depend more on customer-facing applications, for example, can hone utilization rates and vastly reduce total cost of ownership while greatly reducing the risk that those applications and their data will not always be available, regardless of seasonal vagaries, unexpected spikes or any issues around business continuity.

"Capacity never runs out," said James Jackson, Vice President for Marketing Strategy, Enterprise Servers, Storage and Networking in HP Enterprise Business.

With CloudSystem, HP is providing the management, security and governance requirements for doing dual-burst hybrid computing, including hardware, software and support services. Automated management capabilities help ensure that performance, compliance and cost targets are met by allocating private and public cloud resources based on a client’s pre-defined business policies. As a result, clients can create and deliver new services in minutes, said HP.

HP expects to co-sell and co-market such hybrid services with telcos, VARs, SIs, and a wide range of new and emerging service providers. I expect many of these providers to customize their offerings, but based on an HP or other cloud stack vendor foundation.

Current approaches to cloud computing can create fragmentation and can only address a portion of the capabilities required for a complete cloud solution, aid HP. Over time more enterprise applications may be sourced directly to public clouds, but for the foreseeable future private clouds and hybrid models are expected to predominate.

HP CloudSystem is powered by HP BladeSystem with the Matrix Operating Environment and HP Cloud Service Automation. It is optimized for HP 3PAR Utility Storage, and protected by HP security solutions, including offerings from TippingPoint, ArcSight and Fortify. HP CloudSystem also supports third-party servers, storage and networking, as well as all major hypervisors, said HP.

HP said that its customers that have already invested in HP Converged Infrastructure technology can expand their current architectures to achieve private, public or complete hybrid cloud environments.

Furthermore, HP is offering HP Cloud Consulting Services and HP Education services for CloudSystem, including HP CloudStart, to fast track building a private cloud. HP CloudSystem Matrix Conversion Service helps transition current BladeSystem environments to CloudSystem, said HP.

HP Solution Support for CloudSystem simplifies problem prevention and diagnosis with end-to-end support for the entire environment. These services deliver solutions right-sized for the client’s environment, protect investments when transitioning from a virtual infrastructure to a private cloud solution and rapidly deploy CloudSystem in a hybrid, multisourced cloud environment.

HP also unveiled at Discover two new cloud security services, HP Cloud Services Vulnerability Scanning and HP Cloud Vulnerability Intelligence. Available now worldwide, these allow clud services providers to identify and remedy missing patches or network node vulnerabilities. The second service recommends remediation to infrastructure, as a service, and provides actionable advice to avoid vulnerabilities before they can manifest.

By: Dana Gardner, Principal Analyst, Interarbor Solutions Posted: 2nd June 2011 Copyright Interarbor Solutions © 2011

The IT cobbler's kids finally have their own shoes.

Some 20 years into enterprise resource planning (ERP), whereby IT made business performance metrics and business intelligence (BI) a science for driving the modern corporation, ERP and BI for IT is finally at hand.

HP today unveiled a new suite of software designed to measure and improve IT performance at a comprehensive level via an IT system of record approach. The HP IT Performance Suite gives CIOs the ability to optimize application development, infrastructure and operations management, security, information management, financial planning, and overall IT administration.

The suite and its views into operations via accurate metrics, rather than a jumble of spreadsheets, also sets up the era of grasping true IT costs at the business process level, and therefore begins empirical costs-benefits analysis to properly evaluate hybrid computing models. Knowing your current costs—in total and via discrete domains—allows executives to pick the degree to which SaaS, cloud and outsourcing form the best bet for their company.

Included with the suite is an IT Executive Scorecard that provides visibility in critical performance indicators at cascading levels of IT leadership. It's founded on the open IT data model with built-in capabilities to integrate data from multiple sources, including third parties to deliver a single holistic view of ongoing IT metrics. [Disclosure: HP is a sponsor of BriefingsDirect podcasts.]

HP has identified 150 standard, best-in-class key performance indicators (KPIs), 50 of which are included in the Executive Scorecard as a starting dashboard. KPIs are distributed in customizable dashboards that provide real-time, role-based performance insights to technology leadership, allowing alignment across common goals for an entire IT organization.

"With this we can leverage our human capital better," said Alexander Pasik, PhD, CIO at the IEEE, based in Piscataway, NJ. "The better automation you can apply to IT operations, the better. It frees us up to focus on the business drivers."

Lifecycle approach
The Performance Suite uses HP's lifecycle approach to software development and management and integrates industry standards such as TIL.

The first solution to be offered in the suite is the CIO Standard Edition, which includes the Executive Scorecard, along with financial planning and analysis, project and portfolio management (PPM), and asset manager modules. This edition automatically integrates data from the modules to provide more than 20 best-practice KPIs covering financial and project health, enabling the optimization of IT performance from a business investment point of view.

"Our use of IT is about driving the actual business," said Pasik, who is adopting elements of the suite and looks forward to putting the scorecard to use soon. "We need to measure IT overall. We will have legitimate metrics on internal operations."

The scorecard can be very powerful at this time in computing, said Piet Loubser, HP senior director of product marketing, because the true capital expenses versus operations expenses for IT can be accurately identified. This, in turn, allows for better planning, budgeting and transitioning to IT shared services and cloud models. Such insight also allows IT to report to the larger organization with authority on its costs and value.

Using the scorecard, said Loubser, IT executives can quickly answer with authority two hitherto vexing questions: Is IT on budget, and is IT on time?

What's especially intriguing for me is the advent of deeper BI for IT, whereby data warehouses of the vast store of IT data can be assembled and analyzed. There is a treasure trove of data and insights into how business operate inside of the IT complex.

Applying BI best practices, using pre-built data models, and developing ongoing reference metrics on business processes to the IT systems that increasingly reflect the business operations themselves portends great productivity and agility benefits. Furthermore, getting valid analysis on IT operations allows for far better planning on future data center needs, modernization efforts, applications lifecycle management, and comparing and contrasting for hybrid models adoption ... or not.

For more information, visit the suite's HP website, www.hp.com/go/itperform.

The announcement of the HP IT Performance Suite comes less than a week before HP's massive Discover conference in Las Vegas, where additional significant news is expected. I'll be doing a series of on-site podcasts from the conference on HP user case studies and on the implications and analysis of the news and trends. Look for them on this blog or BriefingsDirect partner site.

By: Dana Gardner, Principal Analyst, Interarbor Solutions Posted: 19th May 2011 Copyright Interarbor Solutions © 2011

The IT news headlines are full of incidents of major cloud instances brought down for days, and unfortunately often weeks, with some of the largest of these due to network issues in association with virtualization and storage sprawl. The price in the cloud era for such disruptions is very high and very public.

A big part of the solution to preventing such outages comes from comprehensive, automated, and increasingly integrated network management capabilities. The tasks before network managers have never been more daunting. There are far more devices, hybrid networks, hybrid compute resources, higher levels of virtualization, and there is a need to maintain security and compliance requirements throughout.

What’s more, the pressure to keep cost down and to seek lower cost alternatives for converged infrastructure remains a constant companion to business and IT architects, and therefore an ongoing network challenge.

Into this environment, HP this week delivered a wide-ranging update to its Network Management Center suite Version 9.1. The emphasis is on a comprehensive lifecycle approach to network management with deep data gathering, automated root cause analytics, and intelligent and proactive response features that enable consistently high performance and network reliability.

BriefingsDirect recently sat down with Ashish Kuthiala, Director of Product Marketing for HP Software’s Network Management Center, to dig into the new offerings and to better understand why previous fragmented approaches to network performance and stability just won’t hold up for most enterprises. The discussion is moderated by Dana Gardner, Principal Analyst at Interarbor Solutions.

Here are some excerpts:

Gardner: What it is about the new IT environment that is taxing the older ways of network management?

Kuthiala: When you're looking at the network today, it has become very complex and is increasingly becoming more complex. With new domains coming in, such as voice over IP (VoIP), webcasts, and video traffic, multiprotocol label switching (MPLS) services, unified communications, and cloud computing and virtualization, it just becomes a nightmare to manage your network for your business.

Then, you look at the volume of network devices coming online. Now, everyone wants to be in the instant-on enterprise mode. Everyone has to be connected. Everything has to be connected. Everyone expects immediate gratification and instant results. You have to respond to this opportunity continuously, and "any time, anywhere, any way" is the new tagline for anybody who is working.

Let’s look at the job of the director of network ops in a particular IT organization. Not only does he have to configure, manage, and standardize a network, he has to provision, he has to deliver, and he has to report on it. He has to do it very proactively and he has to do it very strategically at the lowest cost possible.

IT budgets are shrinking or remaining flat, whereas the demands on IT are really going up. It’s estimated that a customer can lose about $70,000 a minute during network outage, as I'm sure you’ve seen in the recent news. It's a big business inhibitor if the network goes down. It is what provides the experience to the end user for all the IT services that they experience.

Gardner: Why isn’t the previous mode of network management able to keep up?

Kuthiala: Today, if you were to look into a customer’s IT department managing a network environment, you would often see a war-room like approach to managing networks. ...They're very reactive. They have multiple tools, legacy approaches, and a lot of band-aids. The inability in tying together what used to be separate domains has become unacceptable.

If your shopping cart goes down doing the Christmas shopping season, and a customer tells you about it, that is just unacceptable.

The inability to cope up with the scale and complexity, the different teams hunched over their different monitors, is what I call the "swiveling chair syndrome." If there is a network outage, you have these 8 or 10 different operators looking at different aspects of the network. They are just swiveling in their chairs, talking to each other and looking for data that should really be on one screen for them to manage. The lack of scalability of such tools just adds to the problem.

Gardner: How does an automated approach work better?

Kuthiala: To manage your network today, you really need to understand how your network is constructed from the bottom up, how it ties together, how it changes over time, and how it self-organizes. You need to build that kind of intelligence into your root-cause analysis.

The design of the tools has to be built ground up, based on these decisions. That’s how you need to construct the tools. That’s how they need to be integrated. For an operator, all these need to build upon each other.

It has to be in the right context. It cannot be siloed. It is a nightmare to manage. The desired nirvana for a network team is to reduce the numerous point tools to manage various aspects of network management. It has to be proactive, not reactive.

You have compliance management diagnostics and change issues that you need to take human error out of, and you need to automate that. You want to reduce the manual effort, the errors and increase control over your environment. You want to reduce the mean time to repair network outages, and maintain cost optimization as your network grows.

Today for customers, “performance is the new fault." So just because a network device is up and running, and you can ping it, doesn't mean it is providing the quality of service it should to the end user. It’s really the performance that the network is being measured against.

It’s all about efficiency, how you reduce your errors, and increase your speed through automation.

... Customers are looking for a solution that's efficient, automated, and secure for them. When they manage a network, they should be able to do things like fault, performance, change, configuration, compliance, trending and reporting, and this ties into their business services.

So, HP looked at this problem. As you know, we've had a long history of about 20 years with the HP OpenView product in network management. As we acquired other companies such as Opsware, they bought in additional tools with them. We looked at the tools and the evolving landscape of the network management domain and about five years ago, embarked on a re-architecture plan for these products from the ground up.

The approach wasn’t to make these products just work together by putting in connectors, but we wanted them to be integrated from bottom up, from the data level itself, where the data would build upon each other.

Now, as we look at the Network Management Center (NMC), it is a complete portfolio of solutions and tools that lets you do network management in an integrated and automated way.

This really builds upon the HP Network Node Manager i (NNMi), the related special plug-ins that handle complex services such as multicast traffic, VoIP, etc., as well as the network automation piece of it which really helps customers automate and manage their change, compliance, and configuration of network devices that they need to do on an ongoing basis.

The five-year journey of re-architecting our NMC portfolio completes with the 9.1 release that we are talking about today.

So, the earlier 9.0 release introduced a number of features including better user interfaces, the ability to scale to large environments, and tying our products together into better functioning solutions. With 9.1, we are building on that.

We've strengthened the ability of our customers to manage cloud services. The most critical capability that a customer must have is to manage the network the same way that they have managed traditional networks, and it doesn’t matter if they have to go across the cloud or are looking at private or public clouds.

Gaining visibility into the network elements, whether they are local, off-premise or the health and quality of the cloud services that's being delivered, is the most important step. Can I reach my device? Is it healthy? Is it performing to the expected levels of business needs?

And, of course, configuration compliance management of these devices across the cloud is very important, and corrective actions and rollbacks are very important. Our tools are able to do that across different environments.

The 9.1 release is also focused on the managed service provider’s (MSP's) market needs. There is a big trend of IT outsourcing to MSPs, and one of the things that customers want to outsource is network management services. So this is a big, growing market, and our MSPs need platforms to manage their customers' network environments in a way that that maximizes their profit.

They need to scale and grow with their customer in expanding network environments, reduce their hardware spend and their training costs, as well as grow their revenues and create new lines of business, as their own customers move to new and complex services.

For example, a customer might go from traditional phones to IP telephones, and at that point, the MSP has to manage that aspect of their customer’s environment as well, and they don’t want at this point to buy a new tool.

This helps them manage multiple customers, departments or sites per single software instance, driving down their cost and giving them a flexible architecture.

The size of the customer's network might increase, and you don’t want to buy another server, another set of tools and deploy another set of operators to manage that.

We have introduced multi-tenancy capability and security groups that allow our customers to separate their data and views into secure partitions. This helps them manage multiple customers, departments or sites per single software instance, driving down their cost and giving them a flexible architecture.

We’ve also done a lot of work on the performance-based, time-based thresholds for better alerting. What this means is that the performance data is in the context of the network topology providing a unique point of your fault monitoring. It helps them with proactive notification of performance degradation, fix it proactively and guarantee service delivery levels.

We've also increased the number of months that the data is retained. It's up to 13 months now which allows you to do forecasting and trending capabilities. This is a sufficient data retention period for compliance requirements for real-time and historical data, and allows a very efficient analysis.

Our user interface (UI) has been enhanced based on the feedback we’ve gotten from customers. The common look and feel UI across all the products and our solution set ensures lower training cost—train once, leverage across all these tools.

The UIs show relevant contextual information on the nodes and incidents they're managing, giving them a lot of operational efficiency. The breadcrumb history and the easy navigation with right-click menus also allows the operators to get to the root cause more quickly, making them much more efficient and improving the time to resolution.

The analysis pane shows you a number of system components and help enables you to get key information including availability and performance graphs really quickly.

Gardner: In some of these high-profile outages that we've had recently, it seems that they were doing updates and that caused the cascading or spiraling effect and ultimately brought the network down. What is it about your suite and your comprehensive approach that could help ameliorate something like that?

Kuthiala: A network constantly needs updates, whether its configuration updates or being in compliance with a number of different policies—Sarbanes-Oxley (SOX) or the Health Insurance Portability and Accountability Act (HIPAA), and government regulations.

Typically, customers have a set of people who use multiple tools or manually log into a number of these devices and do these configuration changes manually. This is very dangerous. One, there is human error involved. Second, when something goes wrong, you don't know what has gone wrong, and you are scrambling to fix it. Think about doing this across 50,000, 60,000, 70,000 devices in your network.

Our network automation capabilities allow customers to automatically make these changes through our tools. As they implement these changes, it takes minutes and hours, versus days, to keep these devices configured to the latest and greatest configurations and in compliance.

Think about when you are on the 59,000th device that you are updating and you realize there is an error. This was not the right thing to do, and you need to roll back. If you're doing this manually, you're spending many hours fixing the error while your business is suffering during that time. Our automation capabilities help customers; with a few clicks of buttons they are able to automate all of this.

Today, customers might be looking at a number of incidents—10,000, to 15,000 incidents. For example, if somebody yanks a LAN cord out and puts it back in, what really has happened is the interface has gone down and come back up. And now that is flagged as an incident or an event that the operator has to pay attention to.

With our root cause analysis engine, and the ability to map the topology dynamically in a spiral discovery fashion, the network topology is always up-to-date. The root cause analysis engine helps figure out whether this is an incident that needs to be paid attention to or not, auto-resolving some of that.

The incidents that boil up to the operators are meaningful, and therefore are reduced in number to those that are actionable. We have had customers whose incidents have been reduced from 10,000–12,000 down to 400, and only about 100 of those have to be acted upon and escalated to the next level of management.

Automation really takes a lot of the work out of your hands and enables you to fix errors very proactively, and if there is a mistake, fix it right away with a few clicks.

... I'm talking very specifically about the configuration of network devices. The software that your network device comes with is the key differentiator in how they act, and the intelligence that they provide. So this has to be not only managed really well, but there are patches and upgrades, just as you have software patches and upgrades on your servers. These have to be managed. Sometimes, there are government regulations or company regulations that you want to propagate across these devices.

It's essential to understand what type of traffic is flowing on your network. This gives you the ability to optimize your network performance and network resiliency.

But tying to the business service management set of tools or the suite stems from the fact that, when you look at it from a business service availability aspect, it’s not just about the network. There are servers, there are applications, and they are all tied together. For example, if application business service is not working, do you know if it’s the server? Do you know if it’s the application? Do you know if it is the network?

Our Business Service Management offering ties in these aspects through our runtime service model. This ties your network, to your application, to your server and is able to give your business a look into how your business service is going to be affected by the failure of any one of these infrastructure elements.

Gardner: Now Network Management Center is a fairly significant set of different products, but most people already have something in place. So this is not a matter of starting greenfield. This is a matter of coexistence, migration, and transformation. How do you get started?

Kuthiala: Most customers today have in place something to monitor their networks, but a lot of customers have not automated their configuration, compliance, and diagnostic capabilities that we talked about.

We've seen a trend in our customer base where they buy smaller node packs to manage a small number of devices with our automation capabilities. Once they have put that in place, they start to see other efficiency use cases that they can achieve using our network automation capabilities.

We observe that these customers come back and buy more licenses for managing a greater number of network devices. So, that’s almost like a greenfield opportunity here.

But, when we look at most customers looking at managing their networks and doing performance and monitoring, for example, if they have an instance of our software, it’s an in-place upgrade. We offer a dual entitlement and run a parallel program that allows customers is to seamlessly set up another parallel environment and bring the network up there, start to manage it, and seamlessly shift.

We’ve had an instance of a customer in the EMEA region, where they were testing our latest software and running it in parallel to see how it was functionally different and what effect of productivity it would have on their operators. A couple of weeks went by and their senior management started getting escalations for network problems.

Once they have put that in place, they start to see other efficiency use cases that they can achieve using our network automation capabilities.

Now, when senior management turned to the network operations team and asked, "We have all these incidents showing up. What is going on? Is something wrong?"

Almost sheepishly, the network operator team had to acknowledge that they were testing the new platform and had completely forgotten about the old tool which they needed to shut down because the new platform ignored the incidents that were not meaningful. They had “accidentally” migrated to the new platform to managing the network much more efficiently.

A lot of our customers use this approach to migrate to the new platform, and of course, our approach is modular. Start with the core product and add the special plug-ins to manage your IP telephony MPLS or multicast capabilities.

To see the HP Automated Network Management (ANM) Solution in action, you can watch a short overview and the ANM 9.10 Video Demo. This recording will explain the NMC components that make up the ANM solution and walk you through a use case to demonstrate the automated capabilities of HP Automated Network Management 9.10.

We also have an hp.com page, which is www.hp.com/go/nmc for downloading trial software, reading whitepapers, customer case studies, product capabilities and features. That’s a good starting point. We also blog about customer experiences and the stories they share with us as well.

Listen to the podcast. Find it on iTunes/iPod. Read a transcript or download a copy.

By: Bob Tarzey, Service Director, Quocirca Posted: 17th May 2011 Copyright Quocirca © 2011

There's little doubt that employees want to use a growing range of devices to access data. Recent Quocirca research shows that while Windows-based desktop and notebook PCs still dominate, they are fast being supplemented by a diverse range of alternative form factors and operating systems.

In the new survey, which was sponsored by Trend Micro, 88 per cent of small and mid-sized businesses say at least some of their employees are using smartphones for business purposes and 43 per cent report at least one or more of their employees use tablet PCs.

These devices are not always owned by the business. Some 74 per cent of the firms questioned say some of the devices used belong to staff.

Respondents to the survey cite more efficient business processes as the biggest benefit of enabling access to data from mobile devices. However, whatever the benefits, such sharing creates security headaches for IT managers, especially as most of the sharing is over public networks.

Only if data can be shared safely will businesses have the confidence to embed mobile users and their chosen devices into business processes. That is the message of a recent Check Point-sponsored report by Quocirca called A value proposition for IT security, which is available for free download.

The report advocates putting in place a compliance-oriented architecture, or COA. The justification for any investment required to achieve a compliance-oriented architecture is as much about creating business value as it is about reducing business risk.

Discussions about IT security usually focus on reducing the risk posed by outsiders or malicious insiders. Mitigating these risks remains paramount but it is also important to make sure that a compliance-oriented architecture protects well-intentioned employees from themselves.

The most common way data leaks occur is through the accidental actions of employees. They need to share data but may accidentally share the wrong data with the wrong person by email or some other communication channel.

And of course they may, if it is not controlled in some way, store data on mobile devices that are subsequently lost or stolen. Theft, accidental loss and erroneous disclosure are by far the most common reasons for self-report data breaches, as data in the report shows.

The irony is that while data loss is a common problem, despite the many high-profile incidents—not least the recent problems at Sony—lost data is actually rarely compromised. The thief who steals an iPad is more likely to be interested in the resale value of the device than the data stored on it.

Yet that fact does not cut any ice with regulators. Good management of personally identifiable information is obligatory. Organisations must comply and be seen to comply.

A compliance-oriented architecture involves putting in place the ability to control the use of data, monitoring and controlling what is being sent by email and what is being copied where. It should also be used to control the printing of data, an often overlooked source of data leakage.

Data loss prevention, or DLP, tools are designed to track the movement of data and allow the enforcement of policies regarding its use, including the copying of data to mobile devices.

However, data loss prevention is not enough on its own for ensuring the safe use of data on mobile devices. One of two approaches to the use of data on mobile end points must be adopted. The first is to stop data ever being copied to them in the first place.

This approach involves only allowing access to sensitive data that is stored centrally, either through the use of virtual desktops—such as Citrix XenDesktop and Microsoft Remote Desktop Services—or via a secure file-sharing service, for example Trend Micro's recently announced Safe Sync for Business or portal services such as Microsoft SharePoint.

If it is accepted that sensitive data will end up on mobile devices then a second approach to end-point security must be taken, through the securing of the device itself. This approach involves encrypted storage. Deploying and managing encryption has a cost, especially with a growing diversity of operating systems, and while encryption might sound like the only foolproof way of protecting data, it is not the be-all and end-all.

Remember that the devices are increasingly personally owned and therefore there are limits to what IT departments can do with them. Furthermore, encryption only protects stored data and data in transit.

Employees must be able to decrypt data to use it, and then it becomes vulnerable again. Other points of vulnerability are if users select weak passwords or if strong policies result in passwords being written on a piece of paper that is held with the device.

There is no silver bullet for securing the use of data. It involves implementing a number of measures that add up to a compliance-oriented architecture. The range of measures required will depend on how a business approaches IT and its attitude to risk.

However, when broaching the subject of investing in technology to increase the security of data, it is essential to point out the value that any given investment will bring to a business as well as the risk it will mitigate.

This article first appeared in May 2011 on http://www.silicon.com

By: Dana Gardner, Principal Analyst, Interarbor Solutions Posted: 12th May 2011 Copyright Interarbor Solutions © 2011

As HP unveils it's new FlexNetwork Architecture (stories on ZDNet, InformationWeek and Network World), they seem to be making a bold statement about the future of corporate networks. And that is that changing requirements are inevitable, so why not build out a network that can support all the new cloud and mobile tricks you know about ... and the ones you don't?

Aside from the HP versus Cisco narrative that the press loves, there is a major need for a convergence on networks, but it's not just a convergence with the networks themselves, it's a convergence with the rest of the enterprise and the rest of the cloud and mobile requirements bubbling up fast. [Disclosure: HP is a sponsor of BriefingsDirect podcasts.]

A future-proof network is more about management and security than hardware and platforms. And it's also about ecosystems: HP is partnering extensively with Citrix, Microsoft and Riverbed. No one vendor can or should be the sole network IP supplier (just like there should no be one cloud provider).

What's more, the virtualization trend that begets the cloud trend that supports the mobile trend all require intelligent networks that have security ingrained -- not gained after the fact. As workers depend more on cloud and hybrid computing services, the network is the cloud.

When I hear people complain about the risks associated with cloud, I dare them to look closely at their own mission critical networks. Often what they find are existing, in-place risks that dwarf what they fear most about the cloud. The fears about security, reliability, control, data and privacy: These risks already live on their disjointed networks.

Those networks, incidentally, are the weak link between their nice, safe, controlled data centers on premises and all the people and partners that actually need to use them. The boundary is not the enterprise, it is the ways in which their networks can adapt.

Fear your old network first

So if you fear cloud, you should probably fear your current network, for all the same reasons.

And that's because in this day and age all large-scale IT for enterprises is supported by WANs and how they play with the global stew of network service providers. This is for apps, data, communications, VOIP, media, VPN, branch, mobile ... you name it.

My modern network needs to be comptaible and secure for data center, campus, branch and WAN activities. And I need to stream and move large objects more than ever. It doesn't make sense for the CFO to ask workers to use the cloud (because it saves data center resources) when the network can't support cloud workloads and requirements, does it?

Whether you have to revisit your network architecture because of performance, costs, compliance, security or just new payloads like mobile and media, you might as well do it right. The network really should not be the weak link in the enterprise. Not any more. Not for any longer.

You may also be interested in:

• HP's Instant-On Enterprise Initiative Takes Aim at Shifting Needs of Business and Government
• Hastening Trends Around Cloud, Mobile Push Application Transformation as Priority, says Research
• Well-Planned Data Center Transformation Effort Delivers IT Efficiency Paybacks, Green IT Boost for Valero Energy
• Data Center Transformation Includes More than New Systems; There's Also Secure Data Removal, Recycling, Server Disposal

By: Bob Tarzey, Service Director, Quocirca Posted: 27th April 2011 Copyright Quocirca © 2011

Quocirca has written a few times about end point management and security recently. There has also been comment on the upgrade of Microsoft’s Forefront security range and its end point management tools. A new Microsoft on-demand service warrants further comment in both areas.

Microsoft has released a “simple web-based administration console” for PCs called Intune. It is based on the Windows Update Manager code base and includes elements of Systems Center Configuration Manager (SCCM, Microsoft’s on-premise tool for PC management) and Forefront End Point Protection (FEP). The product has the flexibility to support devices both within and beyond the firewall.

Intune takes best practices from SCCM and requires System Centre agents on the target PCs. However, it does not provide all the functionality of SCCM; it cannot be used for operating system/application software distribution and power management and does not have full group policy support (these features may be added in time). Remote assistance, PC monitoring, alerts, updates, inventory management, security settings and malware protection are all supported.

When it comes to anti-malware you do not have to use FEP, but Microsoft recommend that you should not run two anti-virus engines at the same time. So you must either replace your existing product with FEP (which is included in the Intune subscription) or just keep your old one. A subscription also includes an upgrade to Windows 7 Enterprise for each PC covered, and that includes BitLocker full disk encryption, although Intune does not provide the capability to manage the enforcement of encryption.

If you have SCCM already, Microsoft advises to keep going with that. It sees Intune as a fast entry point for organisations that have no PC management place at present. The quoted US price is $11 per PC per month (around £7). So when compared to existing costs for buying and maintaining end point protection and encryption, the annual cost is approaching £90 per PC per year.

The caveat is of course that Intune works only for Microsoft PCs (running XP, Vista or Windows 7); it does not even cover Windows mobile devices. As businesses have to increasingly manage a diverse range of smartphones, PCs and tablets running a range of operating systems other than Windows, many will see this as limitation.

Microsoft muttered about support for iPhones and iPads in the SCCM roadmap, so perhaps this will end up in Intune at some point in future. However, those that want a comprehensive management tool that covers all end points both inside and outside the data centre that is available on-demand should look to other vendors such as Kaseya and NTR Global.

The freely available Quocirca reports review the use of end-point management:

• The Total MSP – using managed service providers for end-point management
• Remote IT management – the value of on-demand end-point management services.

By: Simon Holloway, Practice Leader - Process Management & RFID, Bloor Research Posted: 19th April 2011 Copyright Bloor Research © 2011

Some of you may remember an article I wrote about ABPD in February 2011 (Automating Business Process Discovery). In this article, I introduced a new company to me, StereoLOGIC. I met Sofia Passova, their president and founder recently when she was in London to learn more about the company and their product, Discovery Analyst.

Who are StereoLOGIC? The company was founded in 2008 by Dr. Sofia Passova, Stan Passov and Alex Ladizginsky. All three worked in Blueprint Systems (formerly Sofea Inc.), which specialised in requirements modelling, visualization and simulation. They are a single product company at present. StereoLOGIC offers StereoLOGIC Discovery Analyst. The current customer base is very USA based and includes the States of Arizona, Wyoming, Idaho and North Dakota, who are using it to modernise their Unemployment Tax and Benefit systems, as well as several North American Financial Institutions.

As a small company, StereoLOGIC work through a set of implementation partners; these include IAG Consulting and Sierra Systems. The company is actively looking for partners in Europe at the time of writing.

So what does Discovery Analyst do? The product extracts business processes from business applications in real time to create process models that can be used for visualization and comparison purposes to validate and extend the models and integrated seamlessly with other BPMN-enabled tools.

StereoLOGIC uses its patent-pending semantic recognition software to capture the screen images that are used by an organisation and associates these with process steps and decisions. The software also records what a user has pushed to get to a particular screen, which helps understand and map complex branching logic. An analyst using the tool can associate notes, multiple images, files or technical specs for business rules with process steps. The software assigns the appropriate name to each process step and records the data used on any screen, and associates this with the process step. The process model is produced in standard BPMN format.

Discovery Analyst is designed to capture process flow regardless of the underlying platform. This means as business processes flow from the consumer facing web system, to call centre-facing mid-range AS/400 systems to backend 3270 systems, it can capture the business understanding as it looks to the business as a single continuous set of activities.

Figure 1: StereoLOGIC Discovery Analyst screen shot (Source: StereoLOGIC)

Where organisations have multiple systems operating across different geographies or organisational units that do the same thing, Discovery Analyst can be used to capture both process models and the use functionality in the product to compare the different models.

Discovery Analyst has a dashboard to display performance information about all users and the processes they are working on the application. This allows analysts to spot performance issues, and understand what really happens when users are working with the system, rather than what is supposed to happen.

But why should you be interested in Automatic Process Discovery? Firstly, mapping out the current state of a system is a required part of many modernization initiatives. By radically reducing the amount of stakeholder time needed to conduct this as-is analysis, executives can reduce the total time needed from management stakeholders and internal subject experts—reducing the resource drain in larger initiatives. Secondly, the most challenging part of putting in new modelling tools is getting the model into the tool. This represents as much as 40% of the implementation cost of something like a business process management (BPM) initiative, or even higher in model-driven development. Discovery Analyst comes with an engine for exchanging models with other tools, using industry standard BPMN. Currently, StereoLOGIC also supports direct model export into Microsoft Word, iGrafx and IBM WebSphere Business Modeler for further improvement and transformation. StereoLOGIC also exports process performance metrics for each process activity and the entire process into MS Excel.  

ABPD is becoming an important aspect for organisations as they try to get a better understanding of the applications that run their businesses. StereoLOGIC have developed a tool that caters for the vast majority of requirements for the activities needed by analysts and business users. There are two areas that I can see for improvement. Firstly, there is a need to increase the number of interfaces to other major BPMS products. Secondly, I would like to see the ability to capture business rules from the applications and export them to BRMS products.

By: Dana Gardner, Principal Analyst, Interarbor Solutions Posted: 14th March 2011 Copyright Interarbor Solutions © 2011

Welcome to a podcast discussion on how new models for IT support services are required to provide a single point of accountability when multiple and increasingly complex software implementations are involved.

Nowadays, the focal point for IT operational success lies not so much in just choosing the software and services mixture, but also in the management and support of these systems and implementations and the SLAs as an ecosystem—and that ecosystem must be managed comprehensively with flexibility and for the long-term.

Long before cloud and hybrid computing models become a concern, the challenge before IT is how to straddle complexity and how to corral and manage—as a lifecycle—the vast software implementations already on-premises.

Of course, more of these workloads are supported these days by virtualized containers and often by a service-level commitment. IT needs to get a handle on supporting multiparty software and virtualized instances, along with the complex integrations and custom extensions across and between the applications.

Who are you going to call when things go wrong or when maintenance needs to affect one element of the stack without hosing the rest? How do you manage and broker at the service level agreement (SLA), or multiple SLA, level?

More than ever, finger pointing on who is accountable or responsible amid a diverse and fast-moving software environment cannot be allowed, not in an Instant-On Enterprise.

Not only does IT need a one-hand-to-shake value on comprehensive support more than ever, but IT departments may need to increasingly opt to outsource more of the routine operational tasks and software support to free up their IT knowledge resources and experts for transformation, security initiatives, and new business growth projects.

To learn how this can be better managed, we've tapped an executive from HP Software to examine an expanding set of new HP Premier Services designed to combine custom software support and consulting expertise to better deliver managed support outcomes across entire software implementations.

Here are some excerpts:

Eswaran: We're offering HP Premier Services across the entire portfolio for all solutions we put in front of customers. People may ask what's different. "Why are you able to do this today? The customer problem you are talking about sounds pretty native. Why haven’t you done this forever?"

If you look at a software organization, the segmentation between support and services is very discrete, whether inside the company or whether it is support working with services organization outside the company, and that’s the heart of the problem.

What we're doing here is a pretty big step. You hear about "services convergence" an awful lot in the industry. People think that’s the way to go. What they mean by services convergence is that all the services you need across the customer lifecycle merges to become one, and that’s what we are doing here.

We're merging what was customer support, which is a call center, and that’s why they can't take accountability for a solution. They are good at diagnostics, but they're not good at full-fledged solutions. They're merging that organization.

What that organization brings in is scale, infrastructure, and absolute global data center coverage. We're merging that with the Professional Services (PS) organization. When the rubber hits the road, PS is the organization, or the people, who deploy these solutions.

By merging those two, you get the best of both worlds, because you get scale, coverage, infrastructure, capability. And by virtue of a very, very extensive PS team within HP Software, we operate in 80 or 90 countries. We have coverage worldwide. That's how we're able to provide the service where we take accountability for this whole solution.

Converged IT support and professional services
What we're announcing and launching and what we're talking about is enhancing and elevating that support from just being a product to actually being the entire project and the solution for the customer. This is where, when we deploy a solution for a customer, which involves our technology, our software, for the most part, a service element to actually make it a reality, we will support the full solution.

That's the principal thing now that will allow us to not just talk about business outcomes when we go through the selling lifecycle, but it will also allow us to make those business outcomes a reality by taking full accountability for it. That is at the heart of what we are announcing—extending customer support from a product to the project, and from a product to the full solution.

If I walk through what HP Premier Services is, that probably will shed more light on it. As I explain HP Premier Services, there are two dimensions to it.

The first dimension is the three choice points, and the first of those is what has classically been customer support. We just call it Foundation, where customer support supports the product. You have a phone line you can call. That doesn't change. That's always been there.

The second menu item in the first dimension is what we term as Premier Response, and this menu item is where we actually take that support for the product and extend it to the full project and the full solution. This is new and this is the first level of the extension we are going to offer to the customer.

The third menu item takes it even further. We call it Premier Advisory. In addition to just supporting the product, which has always been there, or just extending it to support a solution and the project—both of those things are reactive—we can engage with the customer to be proactive about support.

That's proactive as in not just reacting to an issue, but preempting problems and preempting issues, based on our knowledge of all the customers and how they have deployed the solution. We can advise the customer, whether it's patches, whether it's upgrades, whether it's other issues we see, or whether it's a best practice they need to implement. We can get proactive, so we preempt issues. Those are the three choice points on the first dimension.

The second dimension is a different way to look at how we're extending Premier Services for the benefit of the customer. Again, the first choice point in the second dimension is called Premier Business. We have a named account manager who will work with the customer across the entire lifecycle. This is already there right now.

The second part of the second dimension is very new, and large enterprise customers will derive a lot of value from it. It's called Premier TeamExtend. Not only we will be do the first three choice points of foundation, support for the whole solution, and proactive support, we will extend and take control for the customer of the entire operation of that solution.

At that point, you almost mimic a software-as-a-service (SaaS) solution, but if there are reasons a customer wouldn't want to do SaaS and wouldn't want to do managed services, but want to host it on-site and have the full solution hosted in the customer premises, we will still deploy the solution, have them realize the full benefit of it, and run their solution and operate their solution.

Customer choice
We're not just giving them one thing, which they're pretty much forced to take, but if it's a very mature customer, with extensive capability on all the products and IT strategies that they're putting into place, they don’t need to go to TeamExtend. They can just maybe take a Foundation with just the first bit of HP Premier Services, which is Premier Response. That’s all they need to take.

Choice is a very big deal for us, so that customers can actually make the decision and we can recommend to them what they should be doing.

If there is an enterprise that is so focused on competitive differentiation in the marketplace and they don't want to worry about maintaining the solutions, then they could absolutely go to Premier TeamExtend, which offers them the best of all worlds.

By virtue of that, we make anything and everything to do with the back end—infrastructure, upgrades, and all of that—transparent to the customer. All they care about is the business outcome. If it's a solution we have deployed to cut outages by 3 percent and get service levels up-time up to 99.99 percent, that's what they get.

How we do it, the solutions involved, the service involved, and how we're managing it is completely transparent. The fundamental headline there is that it allows the customer to go back to 70 percent innovation and 30 percent maintenance, and completely flip the current ratio.

Impact of cloud solutions in the support mix
The reality is that cloud is still nebulous. Different companies have different interpretations of cloud. Customers are still a little nervous about going into the cloud, because we're still not completely sure about quality, security, and all of those things. So, this is the first or second step you take before you get comfortable to get to the cloud.

What we're able to do here is take complete control of that complexity and make it transparent to the customer—and in a way to quasi-deliver the same outcomes which a cloud can deliver. Cloud is a trend, and we're making sure that we actually address it before we get there.

A lot of these services are also things we're providing to the cloud service providers. So, in a way, we're making sure that people who offer that cloud service are able to leverage our services to make sure that they can offer the same outcomes back to the customer. So, it’s a full lifecycle.

In my view, and in HP Software’s view, this is a fairly groundbreaking solution. If I were to characterize everything we talked about in three words, the first would be simplify. The second would be proactive—how can we be proactive, versus reacting to issues. And, how can we, still under the construct of the first two, offer the customers choice.

We've been in limited launch mode since June of last year. We wanted to make sure that we engage with a limited set of customers, make sure this really works, work out all the logistics, before we actually do a full public general availability launch. So, it is effective immediately.

We can also offer the same service to all the outsourcing providers or cloud service providers we work with. If you feel you're bouncing around between different organizations, as you try to get control of your IT infrastructure, whether if you work with an external SI and you do not feel that there is enough in sync happening between support and an external SI and you feel frustrated about it, this falls right in the sweet spot.

If you feel that you need to start moving away from just projects to business outcome based solutions you need to deploy in your IT organization, this falls right in the sweet spot for it.

If you feel that you want to spend less of your time maintaining solutions and more of your time thinking about the core business your company is in and making sure that your innovation is able to capture a bigger market share and bigger business benefits for the company you work for, and you want some organization to take accountability for the operations and maintenance of the stack you have, this falls right in the sweet spot for it.

Smaller companies
The last thing, interestingly enough, is that we see uptake from even smaller and medium-sized companies, where they do not have enough people, and they do not want to worry about maintenance of the stack based on the capability or the experience of the people they have on these different solutions—whether it's operations, whether it's applications, whether it is security across the entire HP software stack. So, if you're on any of those four or five different use cases, this falls right in the sweet spot for all of them.

So, in summary, at the heart of it what we're trying to do is simplify the complexity of how a customer or an IT organization deals with the complexity of their stack.

The second thing is that an IT organization is always striving to flip the ratio of innovation and operations. As you look today, it is 70 percent operations and 30 percent innovation. If you get that single point of accountability, they can focus more on innovation and supporting the business needs, so that their company can take advantage of greater market share, versus operations and maintaining the stack they already have.

IT complexity is increasing by the day. Having multiple vendors accountable for different parts of the IT strategy and IT implementation is a huge problem. Because of the complexity of the solution and because multiple organizations are accountable for different discrete parts of the solution, the customer is left holding the bag on to figure out how to navigate the complexity of the software organization. How do you pinpoint exactly where the problem is and then engage the right party?

We actually start to engage with them in solving a business problem for them. We paint the ROI that we could get.

Find out more about the new HP Premier Services launch.

Listen to the podcast. Find it on iTunes/iPod. Read a full transcript or download a copy.

By: Bob Tarzey, Service Director, Quocirca Posted: 3rd March 2011 Copyright Quocirca © 2011

Two on-going and fundamental changes in the way IT is provisioned and used seem only likely to accelerate in 2011. First, there is the move towards cloud based infrastructure for processing and storing data (figure 1). Then there is the proliferation in the number and variety of user end points for accessing that data.

Both trends have many benefits for businesses, such as keeping costs down, better business continuity, more flexible working practices and more efficient business processes. However, there is a downside: it can be tough ensuring consistent management, security, compliance and access across all the devices where data may be.

Many businesses will struggle with this, but it represents an opportunity for managed service providers (MSPs) and VARs with the right offerings in place to sell additional services to existing customers, and win accounts from competitors that fail to rise to the challenge.

Discussions around business continuity plans often focus on high-profile disasters such as flooding, fire and power failure. However, data from Plan B, a disaster recovery specialist, suggest that the most common reason that users can no longer access applications is due to communications or equipment failure (figure 2).

When it comes to equipment failure, this is more likely to be the user end point than a server, and with user end points the problem is as likely to be accidental loss or damage as it is to be a malfunction (figure 3).

This problem is only going to get worse as business processes become reliant on user access from an increasing range of devices. This includes point-of-sale (PoS) devices, ATMs, ticket readers, video displays—all usually in remote locations—as well as all those easy-to-lose smartphones, tablets and laptops.

To manage this it is necessary to have management tools and services that enable a consistent security and compliance policy across both centralised and distributed IT infrastructure. In addition, it is necessary to ensure that services are in place, so when the inevitable happens and user end points are lost or broken, data is not compromised and replacements can quickly be re-provisioned.

One of the attractions of cloud based infrastructure, especially for SMBs, is that service providers take on the responsibility for ensuring availability; they can also gain economies of scale with suppliers and have the expertise available to ensure they can do this at a cost which is hard for businesses to achieve if their core value proposition lies elsewhere.

All these arguments also apply to user end point management.

However, the tool types required are different. All the end points need to be discovered, registered, and made known so valid end points are recognised when they request access to centralised resources. The sheer number of end points means that many repetitive tasks need to be automated, bearing in mind that the execution of such tasks may need to be asynchronous, depending on when the end point next comes on to the network.

There is no need to reinvent the wheel here. There are end point management tools vendors including Kaseya, NTR Global, Symantec/Altiris and IBM/BigFix that have the tools an aspiring MSP or VAR can use to expand its system management services to cover user end points.

Only those that do rise to this challenge can consider themselves to be providing a comprehensive service and be regarded as a total MSP.

Quocirca’s report The Total MSP is freely available at: http://www.quocirca.com/reports/546/the-total-msp

By: Simon Holloway, Practice Leader - Process Management & RFID, Bloor Research Posted: 10th February 2011 Copyright Bloor Research © 2011

As the realisation comes to the software market that the new generation of workers need user interfaces that fit with the lifestyle of Facebook, Twitter and mobile phones with apps, we are starting to see how various software companies are meeting these changes. For the BPMS market, Appian have always been one of the companies leading the way and with the release of Appian 6.5, which includes a new interface called Appian Tempo, they have produced a release that is geared towards the end user of BPMS-driven solutions in terms of a mobile and social interface with cloud capabilities.

Malcolm Ross, Appian’s Director of Product Management, told me “The release delivers a revolutionary way to extend process visibility and participation through native mobile device access, real-time collaboration, filtered and personalised views of key business events, integration to external systems, and the ability to take direct action in a familiar and intuitive social media interface.” So what does the new Appian interface deliver?

Mobility

Appian Tempo provides native client applications for the Apple iPad, iPod Touch and iPhone as well as RIM BlackBerry devices. Ross explained that mobile BPM allows employees to stay connected, allowing them to monitor, collaborate and take action on important business decisions regardless of where they are. It also extends BPM participation beyond pre-defined process participants to include all levels of the organisation. The iPhone and iPad applications are available for immediate download from the Apple App Store. The BlackBerry application is available now from the Appian Forum community site, and will be available shortly on the BlackBerry App World site. A native application for Google Android devices will be available shortly.

Figure 1: Appian Tempo user interface on BlackBerry, iPad and iPhone. (Source: Appian)

Social

There always seems to be a contradiction about incorporating social media into a business world. Social technologies are powerful communication and collaboration platforms, but they must be harnessed in a business context to have business value. Ross explained, “Appian utilises familiar social tools and interfaces to drive business collaboration across the enterprise through personalised, filtered views that allow easy collaboration with the ability to take action when needed.” Users can filter views by relevant application or process areas and subscribe to customised feeds to monitor the key events and information that is meaningful to them. As well, users can comment, pose questions and collaborate on business events through real-time message posts and ad hoc updates to targeted groups within and outside of pre-planned business processes. The last user capability is to “Take Action”; here a user can generate actions and complete tasks from inside the event feed or from a mobile device, using optimised web and mobile forms to capture data and route tasks.

Customer-Driven

Samir Gulati, Appian’s Vice President of Marketing, described how Appian 6.5, and in particular Appian Tempo, had been driven by their customers’ business needs. One example is Archstone, a leading apartment management company, headquartered in the USA. Archstone have a highly mobile and dispersed workforce which is supported by a system built on Appian. David Carpenter, Director of BPM, Archstone, stated that “Appian Tempo delivers a new level of value to our customer service associates through instant mobile access to our key enterprise processes and forms.”

Comment

I was very impressed with the demonstration of Appian 6.5 and the Appian Tempo interface. From an end user viewpoint it opens up the ability to make real-time decisions where and when they are needed by using collaborative technology. The product is definitely easy-to-use and intuitive. While all events and collaborations can be secured at a granular level, organisations that make use of the new Appian release will need to think about the security implications of the information that can be shared.

In addition to on-premise deployment, Appian has emerged as the BPM-in-the-cloud market leader. When you add the capabilities of Appian Tempo to those already in the Appian BPMS and Appian Anywhere, as well as Appian’s specific knowledge about industries such as government and financial services, you have a very compelling proposition.

By: Bob Tarzey, Service Director, Quocirca Posted: 4th February 2011 Copyright Quocirca © 2011

The rapid increase in the availability of on-demand IT infrastructure (infrastructure as a service/IaaS) gives IT departments the flexibility to cope with the ever-changing demands of the businesses they serve. In the future, the majority of larger businesses will be running hybrid IT platforms that rely on a mix of privately owned infrastructure plus that of service providers, while some small businesses will rely exclusively on on-demand IT services.

Even when it comes to the privately owned stuff, the increasing use of virtualisation means it should be easier to make more efficient use of resources through sharing than has been the case in the past. Quocirca has seen server utilisation rise from around 10% to 70% in some cases where systems have been virtualised. There will of course always be some applications that are allocated dedicated physical resources for reasons of performance and/or security.

Any given IT workload must be run in one of these three fundamental computing environments; dedicated physical, private virtualised and shared virtualised (that latter being part of the so-called “public cloud”).

However, the benefits of this flexibility to deploy computing workloads will only be fully realised if the right tools are in place to manage it. In fact, without such tools, costs could start to be driven back up. For example, if the resources of an IaaS provider are used to cope with peak demand and workloads are not de-provisioned as soon as the peak has past, unnecessary resources will be consumed and paid for.

A workload can be defined as a discrete computing task to which four basic resources can be allocated; processing power, storage, disk input/output (i/o) and network bandwidth. There are five workload types:

1. Desktop workloads provide users with their interface to IT
2. Application workloads run business applications, web servers etc.
3. Database workloads handle the storage and retrieval of data
4. Appliance workloads deal with certain network and security requirements and are either self-contained items of hardware or a virtual machine
5. Commodity workloads are utility tasks provided by third parties usually called up as web services

A series of linked workloads interact to drive business processes. Each workload type requires a different mix of resources and this can change with varying demand. For example, a retail web site may see peak demand in the run-up to festivities and require many times the compute power and network bandwidth it needs the rest of the time; a database that relies heavily on fast i/o may need to be run in a dedicated physical environment; virtualised desktop workloads may need plenty of storage allocated to ensure users can always save their work (thin provisioning allows such storage to be allocated, but not dedicated).

To ensure the right resources are allocated requires an understanding of the likely future requirements when the workload is provisioned, this is also the time to ensure appropriate security is in place and that the software used by the workload is fully licensed. Once workloads are deployed, it is necessary to measure their activity and monitor the environment they are running in, sometimes allocating more resources or perhaps moving the workload from one environment to another, ensuring, of course, security is maintained and that the workload always remains compliant (for example, making sure personal data is only processed and stored in permitted locations).

The intelligent management of workloads is fundamental to achieving best practice in the use of the hybrid public/private infrastructure that is here to stay. To manage workloads in such an environment requires either generic tools from vendors such as Novell, CA or BMC or virtualisation platform specific tools from VMware or Microsoft. Such products of course have a cost, but this is offset by more efficient use of resources, avoiding problems with security and compliance and providing the flexibility for IT departments to better serve the on-going IT requirements of the businesses they serve.

Quocirca’s report, Intelligent workload management, is freely available here.

By: Bob Tarzey, Service Director, Quocirca Posted: 31st January 2011 Copyright Quocirca © 2011

This year many businesses will have to face up to the growing challenge of managing and securing user end-points, namely PCs/laptops, netbooks, tablets/blades, smartphones and virtual desktops. That list says it all; a few years ago the challenge of user end-point management was largely about PCs running Microsoft Windows, most fixed, some mobile. Things are very different today and the above list will be extended; with the consumerisation of IT, home workers could soon be accessing SAP from their TVs (with the appropriate security checks, of course!).

Smartphones have been around for some time now, but initially for IT departments, this was confined to a few RIM BlackBerry and Windows Mobile devices issued to execs. Apple’s iPhone changed all that, and today many more employees have devices capable of accessing IT applications and want to do so. This is only going to increase as Google’s free and more open Android operating system makes handheld power even more accessible. Google is already ahead of Apple (by unit volume shipment) and Gartner predicts that it will catch up with the current market leader, Nokia’s Symbian, by 2014. Microsoft has not given up, but with HP/Palm and RIM contending too, there will be no one dominant vendor.

This problem extends beyond the smartphone. Two new form factors have emerged in the last few years that sit between the smartphone and the PC—the netbook and tablet (perhaps re-emerged would be a better term in the case of the latter). Initially things looked good for Microsoft; having headed off an early Linux challenge, it could extend the hegemony of Windows down into the netbook market. Again, Apple changed the game.

When Apple took its iOS operating system up to the tablet with the release of the iPad, it moved into the same space as the netbook. Others are following, including Google, HP/Palm, RIM and Microsoft. They will give Apple a run for its money as it seems prepared to sacrifice its early market lead in the tablet market, and its success in the smartphone market, to preserve the chic elegance it achieves with closely coupled hardware and software. Users like it, but maybe not enough to pay the premium, which is why Microsoft managed to push Apple to the margins of the PC market in the 1980s. This growing diversity of end-user device operating systems is a headache for IT departments when it comes to management tools. The range of vendors offering end-point management tools is as diverse as the end points themselves  This includes:

• The traditional IT management vendors including Symantec/Altiris, IBM Tivoli (which acquired BigFix in 2010), Microsoft with its System Centre (OK if you only use Microsoft including just Windows mobile phones), CA, HP, BMC, Quest and Dell/KACE.
• Specialist user end point management suppliers including Kaseya and NTR Global.
• Mobile device manufacturers that offer management tools for their own products, for example RIM.
• Mobile device management specialists including Sybase, Mformation (which has a partnership with HP), iPass, Antenna and tens of other smaller vendors.
• Security specialists such as McAfee, which acquired Trusted Digital, a mobile device management vendor, in May 2010 and has since integrated it with its existing end management tools and e-policy orchestrator (ePO) to create its Secure Connected management suite Symantec could also be listed here.

The whole end-point management market seems ripe for partnership, co-operation and, eventually, consolidation. It may be service providers rather than vendors that drive this, as end-user organisations turn to them to outsource the end-point management headache.

This could be IT managed service providers that already provide datacentre management services but could benefit their customers by adding user end-point management to their portfolio, as Quocirca outlines in its recent report, "The Total MSP", which can be down loaded for free here.  Equally, it could be telco service providers that extend their services from mobile phones to other end points that are often attached to their networks anyway.

It is not clear how the end-user device management will shape over the next few years, but the problem presented by the diversity of devices is something end-user organisations are already living with. Those that come up with solutions the quickest should find a ready market.

By: Dana Gardner, Principal Analyst, Interarbor Solutions Posted: 28th January 2011 Copyright Interarbor Solutions © 2011

Platform Computing on Tuesday released Platform ISF 2.1, which improves ease of use and automation for building and managing enterprise private clouds.

Platform's cloud management software helps enterprises transition from internal IT to more productive and efficient private cloud infrastructure services that support multi-tier applications.

New in Platform ISF 2.1 is a dynamic “single cloud pane” for cloud administration; expanded definitions for support of multi-tier application environments such as Hadoop, Jboss, Tomcat and WebSphere; and enhanced business policy-driven automation that spans across multiple data centers. [Disclosure: Platform Computing is a sponsor of BriefingsDirect podcasts.]

Enterprises looking to take advantage of the cloud do so for many reasons but one of the key ones is to enhance their agility in response to changing business dynamics.

By automating delivery of complex enterprise infrastructure and production applications across heterogeneous virtual, physical and public cloud resources, Platform ISF also helps reduce electricity and cooling requirements while freeing up capacity in data centers. The management layer provides improved monitoring, policy management, and workload management across multiple and heterogenous cloud and traditional IT stacks. By capturing corporate standards and business policies within the automation engine, companies can improve both compliance and security, said Platform Computing.

Via the single-pane administration capabilities, what Toronto-based Platform calls a "cloud cockpit," users can self-select approved services to support a wide variety of applications. Enhanced end-user portals are also new, including drag-and-drop portlet-based dashboards and customizable application instantiation pages.

What's more, the applications be can monitored from both private and public clouds, such as Amazon Web Services (AWS). The degree of management allows for future planning and capacity management, to help exploit hybrid computing benefits and cut the total overall costs of supporting applications.

Enhancing agility
“Enterprises looking to take advantage of the cloud do so for many reasons but one of the key ones is to enhance their agility in response to changing business dynamics,” said Cameron Haight, Research Vice President, Gartner, in a release. “This means that the technology used to manage cloud environments should be similarly agile and act to facilitate and not impede this industry movement. IT organizations should look for tools that can address the various cloud usage scenarios without demanding excessive investments in management infrastructure or staff support.”

Key capabilities in Platform ISF 2.1 include: self-service and chargeback, policy-based automated provisioning of applications, dynamic scaling of applications to meet service level agreements (SLAs) and unification of distributed and mixed-vendor resource pools for sharing. A unique “Active-Active” multiple data center supports higher availability and scalability by leveraging Oracle GoldenGate.

The goal is to manage the heterogeneous applications lifecycle, not just multiple cloud instances.

Ease of use benefits in the new release, which is available now, include account management and delegation based on applications or business processes. Such delegation can occur for such cloud-supported functions as platform as a service (PaaS), infrastructure as a service (IaaS), and hierarchical applications and their supporting components and services. Also included is self-service hierarchical account and resource management (including Active Directory for 10,000+ users) supporting an unlimited number of organizational tiers.

Business benefits include less downtime for applications, even as they are supported by hybrid resources, SLA-driven shared services, less need for specialized administrators, higher availability and creation of richer applications services catalogs. Use of Platform ISF 2.1 for private cloud activities clearly puts the users in a better position to use, exploit and manage public clouds, and to move quickly to the hybrid computing model. The goal is to manage the heterogeneous applications lifecycle, not just multiple cloud instances, said Jay Muelhoefer, VP Enterprise Marketing, Platform Computing.

A free 30-day trial of Platform ISF 2.1 can be downloaded at www.platform.com/privatecloud. Platform Computing is also hosting a webinar, “Building A Private Cloud Strategy – Best Practices” on Feb. 16. For more information about Platform ISF or the webinar, visit www.platform.com/privatecloud.

By: Philip Howard, Research Director - Data Management, Bloor Research Posted: 27th January 2011 Copyright Bloor Research © 2011

Data virtualisation is the latest technology to enjoy its moment in the hypelight and there has been some considerable debate within the blogosphere about what it actually is and what its relationship is to data federation, data integration and EII (enterprise information integration).

Rather than start from scratch I thought I would go back through my files and see what I had written about this in the past (if anything). I found the following definition of an EII platform (that is, what you need to support EII, which is, after all, about information rather than mere data). What I wrote, some three years ago, was that an EII platform needs to do four things:

1. “It virtualises your data – it makes all relevant data sources, including databases, application environments and other places where data may be sourced, appear as if they were in one place so that you can access that data as such.
2. “It abstracts your data – that is to say, it conforms your data so that it is in a consistent format regardless of any native structure and syntax that may be in use in the underlying data sources.
3. “It federates the data – it provides the connectivity that allows you to pull data together, from diverse, heterogeneous sources (which may contain either operational or historical data or both) so that it can be virtualised. It should also enable things like push-down optimisation so that query joins can be mastered in the optimal place.
4. “It presents the data in a consistent format to the front-end application (typically, but not always, a BI tool) either through relational views (via SQL) or by means of web/data services, or both.”

Actually, I didn’t quite write that: I have updated it somewhat but the gist is the same.

Clearly, data federation is not the same as data virtualisation. Moreover, federation is not necessary for virtualisation, depending on why you are doing the virtualisation. If you want to link a number of data marts together so that you can query across them then clearly the query optimisation capabilities of a federation engine will be necessary. On the other hand, if you want to create Mashups or other applications that have relatively lightweight access requirements, or you want to use virtualisation to support MDM-like capabilities, then such functions may not be necessary. Instead you can use data services. Data services may also be more appropriate in environments where less of the data is relational and more of it comes from a variety of unstructured sources or from the web. Indeed, there is a whole new discussion to be had about the distinctions between data virtualisation for unstructured data and structured data (or a combination of the two) but that’s a subject for another day.

The other question that arises is whether parts 1, 2 and 4 are all actually parts of the same thing. I think 2 and 4 probably are or, at least, the differences are so slight that there is no point in making a distinction.

Parts 1 and 2 are another issue. If data virtualisation is about having a virtual data source that does not necessarily mean that it is easy to work with. It is certainly easy to imagine a huge hybrid database that contains relational and non-relational data, pdf documents and a whole bunch of other things, but that would not necessarily mean that the data was all in a common format and, therefore, easy to work with. So, I think both 1 and 2 are required and are different. It is certainly true that it does not make much sense to implement data virtualisation without an abstraction layer but that doesn’t mean they are the same thing.

Finally, I haven’t talked about data integration at all. Well, the fact is that leading data integration products support data services so you should certainly be able to virtualise data sources even if you can’t federate them (they won’t typically have the sort of distributed query optimiser you would want from a data federation product). The question will be how easy it is to build the abstraction layer with a data integration tool. Of course, you can create all the transformations and mappings necessary for this purpose but what you would really like is something that automates a lot of this abstraction rather than requiring you to build it for yourself. It is in these two areas—federation and automated abstraction—that the pure players in the market, especially Composite Software and Denodo, have a significant advantage over the data integration vendors.

By: Dana Gardner, Principal Analyst, Interarbor Solutions Posted: 26th January 2011 Copyright Interarbor Solutions © 2011

HP today fully threw its hat into the public cloud-computing ring, joining the likes of Amazon Web Services (AWS) and IBM, to provide a full range of infrastructure as a service (IaaS) offerings hosted on HP data centers.

Targeting enterprises, independent software vendors (ISVs), service providers, and the global HP channel and partner ecosystem, the new HP Enterprise Cloud Services-Compute (ECS-Compute) bundles server, storage, network and security resources for consumption as pure services.

ECS-Compute is an HP-hosted compute fabric that's governed via policies for service, performance, security, and privacy requirements. The fabric is available next month via bursting with elasticity provisioning that rapidly adjusts infrastructure capacity, as enterprise demands shift and change, said HP. [Disclosure: HP is a sponsor of BriefingsDirect podcasts.]

HP CloudSystem, a new private-hybrid cloud enablement offering that automates private cloud provisioning, uses HP Cloud Service Automation (CSA) solutions and HP Converged Infrastructure physical assets so that enterprises, governments, and service providers can better build, manage, and consume hybrid cloud services, said HP.

This is a hybrid services delivery capability, and you can manage it all as a service.

HP CloudSystem supports a broad spectrum of applications while speeding and simplifying the buying, deployment and support of cloud environments, said HP. CloudSystem brings "cloud maps" to play so that more applications can be quick-start "ported" to a cloud or hybrid environment.

The ECS-Compute and CloudSystem announcements much more fully deepen HP's cloud strategy, building on earlier announcements around CSA and Cloud Assure offerings. HP, however, is coming to the public cloud space from a hosting and multi-tenancy heritage, in large part through its EDS acquisition. That, HP expects, will make its cloud models more appealing to large businesses, governments and applications providers. HP is also emphasizing the security and management capabilities of these offerings.

As a new public cloud provider, HP is competing more directly with IBM, Rackspace, AWS, and Microsoft, and very likely over time, with private and hybrid cloud products from EMC/VMware, Oracle, Cisco, Red Hat, TIBCO and Google. There will be more overlap with burgeoning software-as-a-service (SaaS) providers like Salesforce.com, as they seek to provide more cloud-based infrastructure services.

Yet even among that wide field, HP is seeking to differentiate itself with a strong emphasis on hybrid computing over assemblages or components of plain vanilla public cloud services. HP sees a governance path for computing resources and services from a variety of sources and models (including legacy IT) that add up to IT as a service as its long-term strategic value.

"This is a hybrid services delivery capability, and you can manage it all as a service," said Rebecca Lawson, director of cloud initiatives at HP. The services are designed to help organizations "grow and manage the applications," regardless of the applications' heritage, production model, or technology, said Lawson.

"We're now saying, 'welcome to our data center' ... but we're ecumenical and agnostic on platform and applications," she said.

Also part of the Jan. 25 news, HP Hybrid Delivery will help businesses and governments build, manage, and consume services using a combination of traditional, outsourced and cloud services best suited to them. It consists of HP Hybrid Delivery Strategy Service, to provide a structured understanding of the programs, projects, and main activities required to move to a hybrid delivery model; and HP Hybrid Delivery Workload Analysis Service, to analyze enterprise workloads to determine the best fits for hybrid environments.

Professional services
HP sees these as enabling a "journey" to cloud and hybrid computing, with a strong emphasis on the professional services component of learning how to efficiently leverage cloud models.

HP's vision for the cloud—part of its solution set for the demands of the "Instant-On Enterprise"—clearly emphasizes openness and neutrality when it comes to operating systems, platforms, middleware, virtual machines, cloud stacks, SaaS providers, and applications, said Lawson. HP will support all major workloads and platforms from its new cloud hosting services, and help to govern and manage across them via HP's hybrid computing and private cloud capabilities as well, said Lawson.

The achievement of the instant-on enterprise, said Sandeep Johri, vice president of strategy and industry solutions at HP, comes from an increasing ability to automate, orchestrate, secure and broker services—regardless of their origins: traditional IT, or public or private clouds.

In other words, hybrid computing (perhaps even more than cloud itself) will become a key enabling core competency for enterprises for the foreseeable future. HP is banking on that, expecting that the platform and lock-in wars will push customers to an alternative lower-risk partner that emphasizes inclusion and open standards over singular cloud stacks.

HP therefore has a rare opportunity to appeal to many organizations and governments that fear cloud lock-in, as well as the costs and complexity of following a SaaS or software platform vendor's isolated path to cloud, which may come from a heritage of on-premises platform or proprietary stack lock-in, rather than from a support of heterogeneity and of a heritage of a myriad of hosted services.

Whereas some vendors such as VMware, Oracle, Microsoft, Cisco, Red Hat and Citrix are cobbling together so-called integrated cloud stacks—and then building a set of hosting services that will most likely favor their stacks and installed bases, HP is working to focus at the higher abstraction of management and governance across many stacks and models. Hence the emphasis on hybrid capabilities. And, where some SaaS and business applications vendors are working to bring cloud infrastructure services and/or SaaS delivery to their applications, HP is working to help its users provide an open cloud home and/or hybrid support for all their applications, inclusive of those hosted anywhere.

HP's cloud strategy, then, closely follows (for now) its on-premises data center infrastructure strategy, with many options on software and stack, and an emphasis on overall and holistic management and cost-efficiency.

Less complex path
Some analysts, I've heard recently, say that HP is coming late to public cloud. But, coming from a hosting and single- and multi-tenancy applications support services heritage may very well mean that HP already has a lot of cloud and hosted services DNA, and that the transition from global hosting for Fortune 500 enterprises to a full cloud offerings is a less tortured and complex path than those from other vendors, such as traditional on-premises OS, platform, middleware, and infrastructure license providers, as well as SaaS-to-cloud providers.

HP may be able to effectively position itself as more IT transformation-capable and mission-critical support-ready—and stack-neutral and applications-inclusive—to provide a spectrum of hybrid cloud services at global scale with enterprise-calibre response, security and reliability. And because HP does not have a proprietary middleware stack of its own to protect, it can support the requirements of more of its customers across more global regions.

Enterprise mature from the get-go, not late to the cloud-hype party, might be a better way to describe HP's timing on cloud sourcing and support services. The value HP seems to be eyeing comes from agility and total costs reduction for IT—not on a technology, license or skills lock-in basis.

By allowing a large spectrum of applications support—and the ability to pick and choose (and change) the sourcing for the applications over time—the risk of lock-in, and for unwillingly paying high IT prices, goes down. Hybrid, says HP, offers the best long-term IT value and overall cost-efficiencies. Hybrid, says HP, can save 30–40 percent of the cost of traditional IT, though not offering too many specifics on how long such savings would take.

"You can now run mission-critical applications with the economics of cloud," said Patrick Harr, vice president of cloud strategy and solutions at HP. "It's a hybrid world."

HP is also thinking hybrid when it comes to go-to-market strategies. It expects to appeal to ISVs, resellers, and system integrators/outsourcers with the newest cloud offerings. By being hybrid-focused and open and agnostic to underlying platforms, more channel partners will look to HP with less strategic angst and the potential for later direct competition as they might with an Oracle or Microsoft.

I can easily see where a choice of tool/framework and openness too in terms of workload and operations environments joined to a coordinated, managed services and hybrid hosting spectrum would be very appealing.

And, HP is putting a lot of consulting and professional services around the hybrid push, including HP Cloud Discovery Workshops that help enterprises develop a holistic cloud strategy, with a focus on cloud economics, applications and cloud security.

HP ECS-Compute will be available in the US and EMEA countries in February, and in Asia-Pacific countries in June.

“To create an Instant-On Enterprise, organizations need to close the gap between what customers and citizens expect and what the enterprise can deliver,” said Ann Livermore, executive vice president, HP Enterprise Business. “With HP’s cloud solutions, clients can determine the right service delivery models to deliver the right results, in the right time frame, at the right price.”

These new offerings will not be a last chapter in HP's cloud and IT transformation drive. Looking back to last month's ALM 11 announcements, and HP's long heritage of SaaS test and dev services, one can easily envision a more end-to-end applications lifecycle and hybrid cloud operations capabilities set. Think of it as a coordinated, hybrid services approach to applications definition, build, test, deploy and brokering—all as an open managed lifecycle.

That means joining PaaS and hybrid computing on an automated and managed continuum, for ISVs, service providers, governments and enterprises. I can easily see where a choice of tool/framework and openness too in terms of workload and operations environments joined to a coordinated, managed services and hybrid hosting spectrum would be very appealing.

Such a flexible cloud support horizon—from cradle to grave of applications and data—could really impact the total cost of IT downward, while reducing complexity, and allowing businesses to focus on their core processes, innovation and customer value, rather than on an ongoing litany of never-ceasing IT headaches.

By: Natalie Newman, Senior Analyst, Bloor Research Posted: 25th January 2011 Copyright Bloor Research © 2011

I am not referring to Cloud Computing but rather the cloud of confusion prevailing over geographic information amongst the general public. The confusion over this type of information; the confusion over the many terms used for information that can be linked to the earth's surface; and the confusion over maps.

Watching a TV program the other evening called, ‘The Beauty of Maps' highlighted the subjectivity of maps. The map maker has cartographic licence to create a map display which projects his interpretation of the subject; whether it is to visualise the topography correctly and read the labels easily, or to project an image that might not be true. This program described William Morgan's 1682 Map of London. He created a map of a city after it was destroyed by The Great Fire. His map illustrated the city he envisaged London would become. St Paul's Cathedral was well illustrated on the map even though it was totally destroyed and had yet to be rebuilt. Maps project what the creator intends.

There is a book written by Allan and Barbara Pease called ‘Why men don't listen and women can't read maps'.The theory goes that "due to their different roles in evolution, men had to hunt and stalk their prey, so became skilled at navigation, while women foraged for food and so became good at spotting fruits and nuts close by" [The Telegraph website]. I am not sure that explains it and, if one can generalise quite so simply, women should then be the bigger enthusiast about SatNavs. Maybe the ‘don't listen' bit prevents men from asking for or listening to directions :)

Returning to the subject—there is a great lack of understanding amongst laymen about location and geographic information systems (GIS)—as my previous article described the need to increase aWhereness. Location information—or whatever we want to call it—is simply the position on the earth's surface to the accuracy that is possible, and/or the accuracy that is required.

Initially Google Maps and Google Earth provided much needed publicity for geographic information. Google Maps, or similar, is used by most people I know to find their destination and obtain directions to reach it. Google Earth stirred an interest in places we might not visit but can view. So much good has emanated from those two applications to raise the profile of location.

The downside is that there is still not enough understanding or appreciation of the implications of geographic information and the systems. The associated costs are now even harder to sell as ‘Google is free'.

The Google application, Latitude, enables a mobile phone user to allow certain people to view their current location. I assume that these locations include both the longitude and latitude measurement; just the distance from the equator would not really help anyone.

Another term to increase the confusion, or is Google taking latitude with Latitude?

In addition, according to the latest Apollo survey table measuring the media coverage per technology company, Google came 1st in Europe and in USA, and 3rd in UK!  With that much media exposure, we should not underestimate the influence of Google!

We will have to tell a convincing story about the necessary investment to add location to your business systems. We will have to ensure that the longitude accompanies the latitude and makes good sense.

That means we, geographic professionals will have to work that much harder to tell—and sell—our story.

By: Dana Gardner, Principal Analyst, Interarbor Solutions Posted: 13th January 2011 Copyright Interarbor Solutions © 2011

The role and importance of private cloud infrastructure models has now emerged as a stepping-stone to much needed new general operational models for IT.

Even a lot of the early interest in cloud computing was as much about a wish to escape the complex and wasteful ways of the old than as an outright embrace of something well understood and new. Cloud computing may then well prove a catalyst to needed general IT transformation.

This cloud effect should force even the largest enterprises to remake themselves into business service factories. It's a change that mimics the maturation of other important aspects of business over the decades. Modernizing IT—via Internet-enabled sourcing that better supports business processes—comes in the same vein that industrial engineering, lean manufacturing, efficiency measurement, just-in-time inventory, and various maturity models revolutionized bricks and mortar businesses.

So the burning question now is how to attain IT transformation from current moves to leverage and exploit cloud computing? What are the practical steps that can help an organization begin now? How can enterprises learn to adopt new services support and sourcing models that work for them in the short- and long-terms?

By recognizing the transformative role of private cloud infrastructures, IT leaders can identify and justify improved dynamic workloads and agile middleware that swiftly advance the process of IT maturity and efficiency.

To discuss how modern workload assembly in the private cloud provides a big step in the right direction for IT’s future, BriefingsDirect joined Paul Fremantle, the UK-based Chief Technology Officer and co-founder of WSO2, and Paul O’Connor, Chief Technology Officer at ANATAS International in Sydney, Australia. The discussion is moderated by Dana Gardner, Principal Analyst at Interarbor Solutions. [Disclosure: WSO2 is a sponsor of BriefingsDirect podcasts.]

Here are some excerpts:

O'Connor: It’s unfortunate, but it’s fair to say that all of the past initiatives that we tried in large, complex enterprises have been a failure. In some cases, we’ve actually made things worse.

Large enterprises, at the same time, still have to focus on efficiency, agility, and delivery to their end users, so as to achieve market competitiveness. We still have that maniacal focus on delivery and efficiency, and now some new thinking has come in.

We serve the Asia-Pacific region and have focused for a number of years on next-gen architecture—technical architecture, enterprise architecture and service oriented architecture (SOA). In the last couple of years, we’ve been focusing as well on cloud, and on how these things come together to give us a shot at being more efficient in large complex enterprises.

Specifically, we [as an industry now] have cloud or the everything-as-a-service operating model coupled with a series of other trends in the industry that are being bolted together for a final assault on meaningful efficiency. You hit the nail on the head when you mentioned industrial engineering, because industrial engineering is the organizing principle for weaving all of these facets together.

When we focus on industrial engineering, we already have an established pattern. The techniques are now lean manufacturing, process improvement and measurement of efficiency, just-in-time inventory, maturity models. Ultimately, large enterprises are now approaching the problem effectively including cloud, including moving to new operating models. They're really focusing on building out that factory.

Fremantle: We've discovered that you cannot just build an IT system or an IT infrastructure, put your feet up, sit back, and say, "Well, that will do the business," because the business has learned that IT itself is transformative and you have to be pushing the boundaries in order to compete in the modern world.

Effectively, it’s no longer good enough to just put in a new system in every 5 or 10 years and sit back and run it. People are constantly pushing to create new value to build new processes, to find better ways of using what they have, linking it together, composing it, and doing new things.

So the speed of delivery and the agility of organizations have become absolutely key to their competitiveness and, fundamentally, to their stock price. A huge move in agility came first with web, with portals, and with SOA. People discovered that, rather than writing things from scratch, they could reuse, they could reconfigure, and they could attach things together in new ways to build function. As they did that, the speed of development and the speed of creating these new processes has skyrocketed.

I'm a firm believer that the real success in cloud is going to come from designing systems that are inherently built to run in the cloud, whether that's about scale, elasticity, security, or things like multi-tenancy and self-service.

The first and most important thing is to use middleware and models that are designed around federated security. This is just a simple thing. If you look back at middleware, for example message queuing products from 10 years ago, there was no inherent security in them.

If you look at the SOA stack and the SOAP models or even REST models, there are inherent security models such as WS-Trust, WS-SecureConversation, or in the REST model things like SAML2, OAuth and OpenID. These models allow you to build highly secure systems.

But, however much I think it's possible to build secure cloud systems, the reality is that today 90 percent of my customers are not willing or interested in hosting things in a public cloud. It’s driving a huge demand for private cloud. That’s going to change, as people gain confidence and as they start to protect and rebuild their systems with federated security in mind from day one, but that's going to take some time.

Those concepts of building things that run in the cloud and making the software inherently cloud aware, comes back to what Paul O'Connor was talking about with regard to having the right architecture for the future and for the cloud.

O'Connor: When we say better architecture, I think what we are talking about is the facets of architecture that are about process, that are about that how you actually design and build and deliver. At the end of the day, architecture is about change, and it must be agile. I can architect a fantastic Sydney Opera House, but if I can't organize the construction materials to show up in a structured way, then I can’t construct it. Effectively, we’ve embraced that concept now in large enterprises.

Specifically, in IT, we find coming into play around this concept a lot of the same capabilities that we’ve already developed, some of which Paul alluded to, plus things like policy-based, model-driven configuration and governance, management and monitoring and asset metadata, asset lifecycle management types of things relative to services and the underlying assets that are needed to actually provision and manage them.

We're seeing those brought to bear against the difficult problems of how might I create a very agile architecture that requires an order of magnitude less people to deliver and manage.

It helps with problems like this: How can I keep configured a thousand end-points in my enterprise, some of which might be everything from existing servers and web farms all the way up to instances of lean middleware like WSO2 that I might spin up in the cloud to process large workloads and all of the data associated with it?

Also, you're not allowed to do anything in large enterprises architecturally without getting past security. When I say get past security, I'm talking about the people who have magnifying glasses on your architectural content documents. It's important enough to say again what Paul brought out about location not being the way to secure your customer data anymore.

The motivation for a new security model is not just in terms of movement all the way to the other end of the agility rainbow, where in a public cloud you’re mashing up some of your data with everybody else's, potentially, and concerned about it going astray.

It’s really about that internal factory configuration and design that says, even internally in large enterprises, I can't rely on having zones of network security that I pin my security architecture to. I have to do it at the message level. I have to use some of the standards and the technologies that we've seen evolved over the past five, six, seven years that Paul Fremantle was referencing to really come to bear to keep me secure.

Once I do that, then it's not that far of a leap to conceive of an environment where those same security structures, technologies, and processes can be used in a more hybrid architecture, where maybe it's not just secure internal private cloud, but maybe it's virtual private cloud running outside of the enterprise.

That brings in other facets that we really have to sort out. They have to do with how we source that capacity, even if it's virtual private cloud or even if it's tenanted. We have to work on our zone security model that talks about what's allowed to be where. We have to profile our data and understand how our data relates to workloads.

As Paul mentioned, we have to focus on federated identity and trust, so identity as a service. We have to assemble the way that processing environments, be they internal or external, get their identities, so that they can enforce security. PKI, and, this is a big one, we have to get our certificates and private keys into the right spot.

Once we build all those foundations for this, we then have to focus on policy-driven governance of how workloads are assembled with respect to all of those different security facets and all of the other facets, including quality of service, capacity, cost, and everything else. But, ultimately yes, we can solve this and we will solve this over the next few years. All this makes for good, effective security architecture in general. It's just a matter of helping people, through forums like this, to think about it in a slightly different way.

Fremantle: I believe that the world has slightly gone backward, and that isn't actually that surprising. When people move forward into such a big jump as to move from a fixed infrastructure to a cloud infrastructure, sometimes it's kind of easy to move back in another area. I think what's happened to some extent is that, as people have moved forward into cloud infrastructure, they have tended to build very straightforward monolithic applications.

The way that they have done that is to focus on, "I'm going to take something standalone and simple that I can cloud-enable and that's going to be my first cloud project." What's happened is that people have avoided the complexity of saying,"What I really need to be doing is building composite applications with federated identity, with business process management (BPM), ESB flows, and so forth."

And that's not that surprising, when they're taking on something new. But, very rapidly, people are going to realize that a cloud app on its own is just as isolated as an enterprise app that can't talk to anything.

The result is that people are going to need to move up the stack. At the moment, everyone is very focused on virtual machines (VMs) and IaaS. That doesn't help you with all the things that Paul O'Connor has been talking about with architecture, scalability, and building systems that are going to really be transformative and change the way you do things.

From my perspective, the way that you do that is that you stop focusing on VMs and you try and move up a layer, and start thinking about PaaS instead of IaaS.

You try to build things that use inherent cloud capabilities offered by a platform that give you scalability, federated security, identity, billing, all the things that you are going to need in that cloud environment that you don't want to have to write and build yourself. You want a platform to provide that. That's really where the world is going to have to move in order to take the full advantage of cloud—PaaS.

O'Connor: I totally agree with everything Paul Fremantle just said. PaaS is the name of the game. If you go to 10 large enterprises, you're going to find them by and large focusing on IaaS. That's fine. It's a much lower barrier of entry relative to where most shops are currently in terms of virtualization.

But, when you get up into delivering new value, you're really creating that factory. Just to draw an analogy, you don't go to an auto factory, where the workers are meant to be programming robots. They build cars. Same thing with business service delivery in IT—it's really important to plug your reference model and your reference architectures for cloud into that factory approach.

You want your PaaS to be a one-stop-shop for business service production and that means from the very beginning to the very end. You have to tenant and support your customers all along the way. So it really takes the vertical stack, which is the way we currently think about cloud in terms of IaaS, and fans it out horizontally, so that we have a place to plug different customers in the enterprise into that.

And what we find is, just as in any good factory or any good process design, we really focus on what it is those customers need and when. For example, just to take one of many things that's typically broken in large enterprises, testing and test environments. Sometimes it takes weeks in a large organization to get test environments. We see customers who literally forgo key parts of testing and really sort of do a big bang test approach at the end, because it is so difficult to get environment and to manage the configuration of those environments.

One of the ways we can fix that is by organizing that part of the PaaS story and wrap around some of the attendant next-generation configuration management capabilities that go along with that. That would include things like service test virtualization, agile operations, asset metadata management, some of the application lifecycle management (ALM) stuff, and focus on systemically killing the biggest impedances in the order of most pain in the enterprise. You can do that without worrying about, or going anywhere near, public cloud to go do data processing.

So that's the here and now, and I'd say that that's also supportive of a longer term, grand unified field theory of cloud, which is about consuming IT entirely as a service. To do that, we have to get our house in order in the same way and focus on organizing and re-organizing in terms of transformation in the enterprise to support first the internal customers, followed by using the same presets and tenets to focus on getting outside of the organization in a very structured way.

But eventually moving workloads out of the organization and focusing on direct interaction with the business, I think we will see larger appetites by the business for more applications and a need to put them into a place where they are more easily managed, and eventually—it may take 20 years—but I think you'll see organizations move to turn off their internal IT departments and focus on business, focus on being an insurance company, a bank, or a logistics company. But, we start in the here and now with PaaS.

Next is workload assembly. What I mean by that is that we need a profile of what it is we do in terms of work. If I plug a job into the wall that is my next-gen IT architecture, what is it actually doing and how will I know? The types of things vary. It varies widely between phases of my development cycle.

Obviously, if I do load and performance testing, I've got a large workload. If I do production, I’ve got a large workload. If I move to big data, and I am starting to do massively scalar analytics because the business realizes that you go after such an application, thanks to where IT is taking the enterprise, then that's a whole other ball of wax again.

What I have to do is understand those workloads. I have to understand them in terms of the data that they operate on, especially in terms of its confidentiality. I have to understand what requirements I need to assemble in terms of the workload processing.

If I have identify show up, or private key, I have to do integration, or I have to wire into different systems and data sources, all of that has to be understood and assembled with that workload. I have to characterize workload in a very specific way, because ultimately I want to use something like WSO2 Stratos to assemble what that workload needs to run. Once I can assemble it, then it becomes even easier for me to work my way through the dev, test, stage, release, operate cycle.

Fremantle: What we have done is build our Carbon middleware on OSGi. About two years ago, we started thinking how we're going to make that really effective in a cloud environment. We came up with this concept of cloud-native software. We were lucky, because, having modularized Carbon, we had also kernelized it. We put everything around a single kernel. So, we were able to make that kernel operate in a cloud environment.

That’s the engineering viewpoint, but from the architecture viewpoint, what we're providing to architects like Paul O’Connor is a complete platform that gives you what you need to build out all of the great things that he has been talking about.

That starts with some very simple things, like identity as a service, so that there is a consistent multi-tenant concept of identity, authorization, and entitlement available wherever you are in the private cloud, or the public cloud, or hybrid.

The next thing, which we think absolutely vital, is governance monitoring, metering, and billing—all available as a service—so that you can see what's happening in this cloud. You can monitor and meter it, you can allocate cost to the right people, whether that’s a public bill or an internal report within a private cloud.

Then, we're saying that as you build out this cloud, you need the right infrastructure to be able to build these assemblies and to be able to scale. You need to have a cloud native app server that can be deployed in the cloud and elastically scale up and down. You need to have an ESB as a service that can be used to link together different cloud applications, whether they're public cloud, private cloud, or a combination of the two.

And, you need to have things like business process in the cloud, portal in the cloud, and so on, to pull these things together. Of course, on the way, you're going to need things like queues or databases. So, what we're doing with Stratos is pulling together the combination of those components that you need to have a good architecture, and making them available as a service, whether it's in a private cloud or a public cloud.

That is absolutely vital. It's about providing people with the right building blocks. If you look at what the IaaS providers are doing, they're providing people with VMs as the building blocks.

Twenty years ago, if someone asked me to build an app, I would have started with the machine and the OS and I would start writing code. But, in the last 20 years we've moved up the stack. If someone asked me to build an app now, I would start with an app server, a message queuing infrastructure, an ESB, a business process server, and a portal. All these components help me be much more effective and much quicker. In a cloud, those are the cloud components that you need to have lying around ready to assemble, and that to me is the answer.

Listen to the podcast. Find it on iTunes/iPod. Read a full transcript or download a copy.

By: Martino Corbelli, Director of Marketing, Star Posted: 12th January 2011 Copyright Star © 2011

For many businesses, the traditional role of the CIO is to help drive the company’s business strategy forward through the appropriate application of technology to automate processes, reduce costs and open up access to new markets and opportunities. There are many challenges facing IT leaders ranging from mobile working to security and data protection. Unfortunately, most of the people working in the IT department today are primarily occupied with maintaining and updating existing systems, or working hard just to ‘keep the lights on’, so to speak. If they are not doing routine work of this nature then they are typically fire-fighting as entropy sets in to existing systems and processes making them fail as they become outdated.

This means that most people working in IT are working reactively and it’s no surprise they are finding it difficult to do more with an ever-decreasing IT budget. The result for most IT departments is that they are now being challenged by their business leaders who do not believe that IT is serving them sufficiently to help meet their corporate goals. Having recently conducted a survey of 360 senior IT managers across every sector of UK enterprise, we discovered that 60% of managers cite administration and trouble shooting as the main time consumers within their jobs. Now is the time to begin to challenge this poor application of important resources and ensure that the role the IT department plays is securing business success by accelerating the execution of business objectives. So the big question for CIOs and their IT people is how do you move from being seen as the maintenance team to a key strategic enabler?

Why IT matters
Despite the fact that IT can be harnessed to provide an important driving force for any organisation, 44% of IT managers feel that they are not consulted on business issues because senior managers see them as the maintenance engineers. This is because they are often locked into the hardware and software upgrade and maintenance cycle, an area proving to be increasingly challenging with dwindling budgets. This cycle is holding them and their business leaders back from realising their potential.

This is not helped by the fact that many managers still feel that IT vendors do not really understand small and medium sized companies in the UK, nor have a workable business model to match their needs. Historically, the mid-market has been neglected by the larger vendors, mainly because it was seen as more desirable to focus on large enterprises. There has been a recent shift in attention but it’s not nearly enough. 11% of respondents in the survey said they are already using managed services that are hosted by a third party and this is providing them with the platform they need to get more of the existing IT resources they already have and freeing them up from the undesirable day-to-day tasks to focus more on activity that adds value to the business. This is the strategic and innovative focus that 53% of IT Managers believe their role should be about.

Blending IT with cloud computing services
For some businesses, managed services delivered via a cloud computing platform are the only way they can afford to deliver new services to their staff. However, many businesses are unsure how to link hosted services and integrate them with existing systems and 38% of IT managers in UK SMEs are challenged by the ‘perceived’ loss of control.

Business leaders want their IT to be better, faster and cheaper, and technology needs to provide the platform that delivers business agility, aiding organisations to focus their existing people and resources where they need them most. To do this they must align IT resources to the business strategy, not just the pursuit of keeping the lights on so existing systems don’t fail. This is an opportunity for everyone concerned, although it is often preferred to be seen as the exact opposite. As time and money becomes more stretched the warped view that cloud computing is a threat to IT department is now beginning to be understood.

In smaller businesses, IT departments do not always have expert and specialist skills or the budget to take on new solutions and support them. Cutting costs is still the big issue for many UK SMEs and to do this many are now turning to cloud computing services that provide easy access to enterprise-grade solutions with no hardware or software to buy. The services are easy to use and pay for, at a low and predictable monthly per user fee. It’s a great way to cut out the drain of capital from the business. One of the key benefits of cloud computing is the on-demand aspect, meaning that businesses only pay for the services they consume. This means the expenditure is seen to be accounted for as an operation expense, which is usually much more desirable.

These services are appealing because they can be delivered securely to any employee, wherever they are and at anytime. Deploying the right technologies to the business without having to recruit more IT people is a great advantage.

Seeking operational excellence
Every CEO and CFO wants and expects excellence from the IT investments that they sign off. At the very least they want to ensure that any operational and financial risks are mitigated. What is often taken for granted is how difficult it is to run IT systems with the required power and cooling, not to mention the right level of security to ensure the environment is kept safe and enough resiliency and back up systems to ensure business continuity. What many of them are now realising is that their data and applications are much safer and better provisioned when they are hosted in a professionally run third party data centre and wrapped around with a solid Service Level Agreement. This is in stark contrast to when their business critical systems are hastily cobbled together from their own facilities that simply can’t compete with the level of investment and sophistication on offer from a managed service provider.

As more business leaders push their IT departments down this route the role of the CIO is now becoming one of managing relationships rather than managing technology and getting lost in the detail. This is an exciting proposition as cloud computing is freeing up IT professionals to think more strategically and offload the donkey work to someone who can do it better, faster and cheaper, allowing them to focus on the key aspects that differentiate the business from its competitors. This is the real role of the Chief Information (or ‘Innovation’) Officer.

Download a free copy of The Cloud Computing Guide from: www.star.co.uk/cloud

By: Peter Abrahams, Practice Leader - Accessibility and Usability, Bloor Research Posted: 11th January 2011 Copyright Bloor Research © 2011

In December 2010 the British standards Institute (BSi) published "Web accessibility - Code of practice (BS 8878:2010)" http://shop.bsigroup.com/en/ProductDetail/?pid=000000000030180388; this document is based on, and replaces, "PAS 78: Guide to good practices in commissioning accessible websites". It extends, updates and improves on its predecessor and is therefore essential reading for anyone intending to create or update a web product.

This new document, like its predecessor, concentrates on the processes, procedures and practices required to create an accessible web product; it does not discuss coding or technical issues but does provide references to relevant standards, guidelines and practices; so there is no conflict between this standard and the guidelines produced by the W3C Web Accessibility Initiative (WAI).

Jonathan Hassell, from the BBC, who lead the development of the standard says "Most web product managers know accessibility is important, but need a guide to the decisions they make during product development which can impact disabled and elderly users of the types of multi-platform, interaction-rich products they are creating. BS8878 is that guide, and encompasses the best advice and experience from many experts from all round the world on how to make products that include these people.".

Firstly it describes the policies and structures that an organisation needs to have in place to support accessibility.

Secondly it describes a series of steps required to create an accessible web product. The steps are summarised in the document as follows:

• Research and understand the requirements for the web product;
• Make strategic choices based on that research;
• Decide whether to create or procure the web product in-house or contract out externally;
• Produce the web product;
• Evaluate the web product;
• Launch the new product;
• Post-launch maintenance.

The document describes the specific accessibility issues that should be considered at each step. At first sight this may look like a lot of new work but in reality nearly all of the steps are considered good practice for any web product development.

This is followed by an introduction to the existing guidelines for developing accessible web products as well as discussion of accessibility of non-browser interfaces and special consideration when developing for older users.

Finally there is a detailed section on "Assuring Accessibility throughout the web product's lifecycle", which identifies and discusses the various methods of accessibility validation.

Graeme Whippy, of Lloyds Banking Group, one of the authors of the standard, said "Lloyds Banking Group is committed to best practice in accessibility and sees significant business benefits in making our websites as accessible as possible".

The standard is about 90 pages long and the second half is made up of fifteen extremely useful annexes. These cover areas such as definitions, laws, standards, responsibilities, challenges, examples of web accessibility policies and statements, guides to testing and a comprehensive bibliography.

I have read the standard and found the information in it clear, concise, insightful and pragmatic. It is laid out in such a way that it can be read in small chunks as required by different audiences and steps of a project. It provides all the parties involved in the creation of web products the information they need to understand the issues, decide how to proceed towards an accessible product and, importantly, how to deal with real world conflicts between ultimate accessibility and other market forces.

It provides a single source for accessibility best practice and information on the law and standards regarding accessibility.

The only criticism I have is that it does not discuss in sufficient detail the importance of ensuring that new content added to the web product after launch is accessible. It hints and implies that this is essential but does not highlight the issue.

Having seen the document, Gail Bradbrook of Fix the Web, an organisation set up to help people with disabilities report web accessibility issues and get them fixed, said "if every web product used the standard then we would not be needed and could close down; unfortunately that is not the case yet and we are very busy and need more volunteers (see http://www.fixtheweb.net )."

To ensure the maximum benefit is obtained from the standard there is a need for a community to be built up around the standard that can add to and refine the standard based on new experiences, technologies and opportunities and I expect some organisation will step up provide the platform for this community.

The standard is an essential purchase for anyone creating web products, as it provides:

• Pre-digested research into accessibility and best practice;
• A roadmap showing how to ensure accessibility is built into web products;
• A template for recording the decisions made about accessibility which will help to show good intentions if complaints are made.

Its cost should be recouped within a few days of starting any significant web product development and it will continue paying dividends throughout the whole life-cycle. It should be used by all commissioners and developers of web products.

By: Bob Tarzey, Service Director, Quocirca Posted: 7th January 2011 Copyright Quocirca © 2011

While most pundits seem to view the likelihood of a double dip recession as low, few expect 2011 to be an easy year as the austerity measures to correct the overspending of a decade-long boom start to bite. This is a challenge for all businesses in all sectors, but if the Economist’s views, outlined in its The World in 2011, are to be believed, the IT industry faces better prospects than many others. In its outlook rating for a wide range of industries, only IT and entertainment fall on the “sunny” side of “fair”.
 
The Economist predicts that overall growth in global IT spending will be about 4.6 per cent, taking it to $1.5 trillion. So plenty of new and old money on the table, it is just a case of having the right proposition in place. Much of the growth is expected to be driven by sales of new user end points. Australia, it is predicted, will join Canada, Hong Kong, Japan and Sweden in having more PCs than people and, while the number of PCs per head in emerging markets is way below this figure, the rate of growth is expected to be strong.
 
In the more mature markets growth in user end point sales will be boosted by the uptake of tablet devices. The Economist reports UBS figures for Apple iPad sales of 28 million in 2011, representing 70 per cent market share, although new products from HP, Samsung and RIM will keep Apple on its toes. In the smartphone market that is already happening—separate figures from Gartner, published by Information Age in Oct 2010, show that Apple iOS already trails Google Android, which it predicts will catch up with Nokia Symbian by 2014, with iOS market share dropping slightly.
 
All this growth in the number and diversity of user end points signals opportunity elsewhere. While a fair chunk of it will come from direct business investment, much of it will come from consumers. However, the growing acceptance of consumerisation of IT in the workplace means the boundaries are no longer clear and there is a need to manage access to a business’s IT resources from both corporate and privately owned devices. Either way, managing end points is a headache many will consider best outsourced.
 
Herein lays an opportunity for managed service providers. To date many have been predominantly focused on managing datacentre IT infrastructure. This requirement is not going to disappear, but many businesses will find the proposition of a single provider for both datacentre and end point management attractive, enabling a coherent security, compliance and licencing regime to be established across the total IT estate. Quocirca’s free report, The Total MSP, outlines one way MSPs can get to the head of the IT spending queue in 2011 by adding end point management services to their portfolio.

By: Dana Gardner, Principal Analyst, Interarbor Solutions Posted: 7th January 2011 Copyright Interarbor Solutions © 2011

Welcome to a special BriefingsDirect podcast series in conjunction with the recent HP SoftwareUniverse 2010 Conference in Barcelona.

At the conference we explored some major enterprise software and solutions, trends and innovations making news across HP’s ecosystem of customers, partners, and developers.

Now, this customer case-study from the conference focuses on McKesson and how their business has benefited from advanced application lifecycle management (ALM). To learn more about McKesson's innovative use of ALM and its early experience with HP's new ALM 11 release, I interviewed Todd Eaton, Director of ALM Tools and Services at McKesson. [Disclosure: HP is a sponsor of BriefingsDirect podcasts.]

Here are some excerpts:

Eaton: In our business at McKesson, we have various groups that develop software, not only for internal use, but also external use by our customers and software that we sell. We have various groups within McKesson that use the centralized tools, and the ALM tools are pretty much their lifeblood. As they go through the process to develop the software, they rely heavily on our centralized tools to help them make better software faster.

The ALM suite that HP came out with is definitely giving us a bigger view. We've got QA managers that are in the development groups for multiple products, and as they test their software and go through that whole process, they're able to see holistically across their product lines with this.

We've set up projects with the same templates. With that, they have some cohesion and they can see how their different applications are going in an apples-to-apples comparison, instead of like the old days, when they had to manually adjust the data to try to figure out what their world was all about.

Better status
When HP came up with ALM 11, they took Quality Center and Performance Center and brought them together. That's the very first thing, because it was difficult for us and for the QA managers to see all of the testing activities. With ALM, they're able to see all of it and better gauge where they are in the process. So, they can give their management or their teams a better status of where we are in the testing process and where we are in the delivery process.

The other really cool thing that we found was the Sprinter function. We haven't used it as much within McKesson, because we have very specific testing procedures and processes. Sprinter is used more as you're doing ad hoc testing. It will record that so you can go back and repeat those.

How we see that being used is by extending that to our customers. When our customers are installing our products and are doing their exploratory testing, which is what they normally do, we can give them a mechanism to record what they are doing. Then, we can go back and repeat that. Those are a couple of pretty powerful things in the new release that we plan to leverage.

When we're meeting at various conferences and such, there's a common theme that we hear. One is workflow. That's a big piece. ALM goes a long way to be able to conquer the various workflows. Within an organization, there will be various workflows being done, but you're still able to bring up those measurements, like another point that you are bringing up, and have a fairly decent comparison.

With the various workflows in the past, there used to be a real disparate way of looking at how software is being developed. But with ALM 11, they're starting to bring that together more.

The other piece of it is the communication, and having the testers communicate directly to those development groups. There is a bit of "defect ping-pong," if you will, where QA will find a defect and development will say that it's not a defect. It will go back and forth, until they get an agreement on it.

ALM is starting to close that gap. We're able to push out the use of ALM to the development groups, and so they can see that. They use a lot of the functions within ALM 11 in their development process. So, they can find those defects earlier, verify that those are defects, and there is less of that communication disconnect between the groups.

We have several groups within our organization that use agile development practices. What we're finding is that the way they're doing work can integrate with ALM 11. The testing groups still want to have an area where they can put their test cases, do their test labs, run through their automation, and see that holistic approach, but they need it within the other agile tools that are out there.

It's integrating well with it so far, and we're finding that it lends itself to that story of how those things are being done, even in the agile development process.

Company profile
McKesson is a Fortune 15 company. It is the largest health-care services company in the U.S. We have quite a few R&D organizations and it spans across our two major divisions, McKesson Distribution and McKesson Technology solutions.

In our quality center, we have about 200 projects with a couple of thousand registered users. We're averaging probably about 500 concurrent users every minute of the day, following-the-sun, as we develop. We have development teams, not only in the U.S, but nearshore and offshore as well.

We're a fairly large organization, very mature in our development processes. In some groups, we have new development, legacy, maintenance, and such. So, we span the gamut on all the different types of development that you could find.

That's what we strive for. In my group, we provide the centralized R&D tools. ALM 11 is just one of the various tools that we use, and we always look for tools that will fit multiple development processes.

We also make sure that it covers the various technology stacks. You could have Microsoft, Java, Flex, Google Web Toolkit, that type of thing, and they have to fit that. You also talked about maturity and the various maturity models, be it CMMI, ITIL, or when you start getting into our world, we have to take into consideration FDA.

When we look at tools, we look at those three and at deployment. Is this going to be internally used, is this going to be hosted and used through an external customer, or are we going to package this up and send it out for sale?

We need tools that span across those four different types, four different levels, that they can adapt into each one of them. If I'm a Microsoft shop that’s doing Agile for an internal developed software, and I am CMMI, that's one. But, I may have a group right next door that's waterfall developing on Java and is more ITIL based, and it gets deployed to a hosted environment.

They have to adapt to all that, and we needed to have tools that do that, and ALM 11 fits that bill.

ALM 11 had a good foundation. The test cases, the test set, the automated testing, whether functional or performance, the source of truth for that is in the ALM 11 product suite. And, it's fairly well-known and recognized throughout the company. So, that is a good point. You have to have a source of truth for certain aspects of your development cycle.

Partner tools
There are partner tools that go along with ALM 11 that help us meet various regulations. Something that we're always mindful of, as we develop software, is not only watching out for the benefit of our customers and for our shareholders, but also we understand the regulations. New ones are coming out practically every day, it seems. We try to keep that in mind, and the ALM 11 tool is able to adapt to that fairly easily.

When I talk to other groups about ALM 11 and what they should be watching out for, I tell them to have an idea of how your world is. Whether you're a real small shop, or a large organization like us, there are characteristics that you have to understand. How I identify those different stacks of things that they need to watch out for; they need to keep in mind their organization’s pieces that they have to adapt to. As long as they understand that, they should be able to adapt the tool to their processes and to their stacks.

Most of the time, when I see people struggling, it's because they couldn’t easily identify, "This is what we are, and this is what we are dealing with." They usually make midstream corrections that are pretty painful.

Something that we've done at McKesson that appears to work out real well is devote a team to managing the ALM tools themselves. When I deal with various R&D vice presidents and directors, and testing managers and directors as well, the thing that they always come back to is that they have a job to do. And one of the things they don't want to have to deal with is trying to manage a tool.

They've got things that they want to accomplish and that they're driven by: performance reviews, revenue, and that type of thing. So, they look to us to be able to offload that, and to have a team to do that.

McKesson, as I said, is fairly large; thousands of developers and testers throughout the company. So, it makes sense to have a fairly robust team like us managing those tools. But, even in a smaller shop, having a group that does that—that manages the tools—can offload that responsibility from the groups that need to concentrate on creating code and products.

Listen to the podcast. Find it on iTunes/iPod. Read a full transcript or download a copy.