By: Dana Gardner, Principal Analyst, Interarbor Solutions Posted: 14th May 2013 Copyright Interarbor Solutions © 2013

Often lost amid the talk of cloud deployment models and hybrid hosting efficiencies is the actual task of properly deploying enterprise applications. Deploying applications touches so many aspects of IT systems and business processes, and requires ongoing updates and management, that only the enterprise IT staffs can really do the job.

So if cloud is a way of doing an end-run around IT—yet IT is integral to proper applications deployment and care—how exactly do these disparate propositions co-exist?

Not too well, it turns out, especially as the pace that apps development and deployment—and the skyrocketing need to bring more mobile apps into production—complicates the already tough task of overall applications management.

HP Software today announced four products that aim to tackle this thorny reality—that traditional apps deployment was already broken, and that the new requirements make automation and comprehensive management an inescapable necessity. [Disclosure: HP is a sponsor of BriefingDirect podcasts.]

HP is also banking on the role it can play as a neutral party to better orchestrate the apps lifecycle because—unlike most other large enterprise software vendors—it doesn't have a legacy applications, operating system, hypervisor, database and/or middleware heritage (and cash cows) to favor and protect. That means supporting heterogeneity in total is the imperative, not the exception, for HP.

The next generation of HP's datacenter automation, orchestration, and cloud management software scales in terms of volume, supports all the installed enterprise kit, and allows for unprecedented simplicity, so that IT can get control before its too late, said Manoj Raisinghani, Senior Director of Worldwide Product Marketing for Cloud Automation Software and SaaS at HP Software.

It's not enough to solve parts of the enterprise IT complexity problem, said Raisinghani. The management of the server deployment and management has an impact on the database and middleware management, which then need to be orchestrated as a whole, which then needs to apply to the cloud services deployment options. So, server, data, middleware, cloud and orchestration all need to be part of the management solution for the scale, simplicity and automation to be impactful and practical, he said.

And that's why HP has bundled these four major products under a common release, with a common version number: 10.

Key to cloud
"Server automation is key to the cloud path," said Raisinghani. He said the announcements were a "10" on a scale of 1 to 10 for HP Software.

Managing complex distributed systems and heterogeneous environments is so time-consuming and complex—hindering business agility and innovation—that IT has relied on systems integrators, and is now being tempted to hand over more process orchestration to the cloud providers. But the trends around mobility, big data and software-as-a-service (SaaS) services mean that IT need to be more in control, not less. And IT needs the means to deploy the answer themselves, and rely on the software orchestration they control to move the workloads and date to where the model works best, said Raisinghani.

Therefore, whether it's routine data center maintenance to the delivery of extended enterprise business processes, automation and cloud management software reduces automating repetitive, manual and time-consuming operations, and makes the entire approach more secure and more easily tracked for intrusions, according to HP.

Even deploying the HP Server Automation (SA) 10 product itself is being streamlined via a virtual appliance, said Raisinghani. IT users can do it themselves, he said. Thanks to the virtual appliance model, the suite is "customer installable," said Raisinghani.

HP Database and Middleware Automation (DMA) 10 further automates manual database management tasks. HP Cloud Service Automation 3.2 provides service life cycle automation and IT assets management capabilities to scale to cloud services safely. HP Operations Orchestration (OO) 10 automates up to 15,000 simultaneous operations to track all of the above products, processes, and services.

HP SA 10, the life cycle management platform, enables IT to manage more than 100,000 physical and virtual servers from a single pane of glass, as well as improves operational economics by reducing the administrator-to-server ratio by up to 60 percent, said Raisinghani.

This HP Software approach has been long in the making—from the acquisition of Mercury and Opsware, to the business service management emphasis to the early recognition that hybrid cloud was the long-term IT model.

And while the total management approach—supporting all the major OSes, hypervisors, RDBs, apps, and clouds—makes HP a services management Switzerland, there are some advantages too for HP. By focusing on the automation and orchestration, they are building a default capability to the HP public cloud for those organizations seeing an integrated advantage over the more manual efforts require for other public clouds such as Amazon Web Services, said Raisinghani.

"You can go agile, to where the applications can be best deployed," said Raisinghani. "But this is seamless to the user. It just gets deployed. IT can automate how the services are prepackaged and cloud-burst."

Up and running
And HP is determined to make the HP public cloud the best way to get those services up and running, although the customer will have choice on which cloud or clouds to target, said Raisinghani. "The user gets choice—but the default is the HP Cloud," he said. "HP on HP is going to work better. We'll be making them an offer that's very attractive."

So think about it. Would you as a vendor rather be in a race to the bottom on hypervisor price? On public cloud price? On database price? On storage price? Or would you rather be building a market at being best at enabling the automation, speed and security of the workloads and processes that IT needs to navigate the new IT landscape?

Management, orchestration and automation may well be the killer apps of the cloud era. Management, orchestration and automation from apps and data cradle to grave is the sticky value that locks-in based on productivity, not technology. HP has clearly got its eyes on this prize, and the latest releases this week are a major salvo in the cloud enablement as a function of IT—not outside of IT. Because, like it or not, enterprise IT is the ultimate cloud broker to win over.

In other cloud applications automation news, ServiceNow on Monday announced its ServiceNow App Creator, designed to enabling "citizen developers" to rapidly create enterprise and mobile applications on the ServiceNow Service Automation Platform.

Originally targeting the ITSM function, ServiceNow is broadening the use of its tools and platform for apps outside the IT management domain, but with IT as the driver as to what platforms the developers will use. The App Creator technology itself is now included in the platform.

"This arms IT to provide developers with a rich RAD platform and puts those apps on a single platform in a single place," said Arne Josefsberg, CTO at ServiceNow.

Leveraging a forms-based workflow on making and deploying apps and process flows, App Creator ensures "best practice" development of custom applications without requiring coding or technology expertise, said Josefsberg.

Applications that the enterprise builds on the platform are then separately licensed on a per user basis. The ServiceNow App Creator is available today to all current ServiceNow customers.

By: Dana Gardner, Principal Analyst, Interarbor Solutions Posted: 13th May 2013 Copyright Interarbor Solutions © 2013

The next BriefingsDirect IT leadership discussion focuses on how leading Australian IT services provider Thomas Duryea Consulting made a successful journey to cloud computing as a business.

We'll learn why a cloud-of-clouds approach is providing new types of IT services to Thomas Duryea’s many Asia-Pacific region customers.

The first part of our series addressed the rationale and business opportunity for TD's cloud-services portfolio, which is built on VMware software.

The latest discussion continues a three-part series on how Thomas Duryea, or TD, designed, built and commercialized an adaptive cloud infrastructure. This second installment focuses on how a variety of risks associated with cloud adoption and cloud use have been identified and managed by actual users of cloud services.

Learn more about how adopters of cloud computing have effectively reduced the risks of implementing cloud models from Adam Beavis, General Manager of Cloud Services at Thomas Duryea in Melbourne, Australia. The interview is conducted by Dana Gardner, Principal Analyst at Interarbor Solutions. [Disclosure: VMware is a sponsor of BriefingsDirect podcasts.]

Here are some excerpts:

Gardner: Adam, we've been talking about cloud computing for years now, and I think it's pretty well established that we can do cloud computing quite well technically. The question that many organizations keep coming back with is whether they should do cloud computing. If there are certain risks, how do they know what risks are important? How do they get through that? What are you in learning so far at TD about risk and how your customers face that?

Beavis: People are becoming more comfortable with the cloud concept as we see cloud becoming more mainstream, but we're seeing two sides to the risks. One is the technical risks, how the applications actually run in the cloud.

What we're also seeing—more at a business level—are concerns like privacy, security, and maintaining service levels. We're seeing that pop up more and more, where the technical validation of the solution gets signed off from the technical team, but then the concerns begin to move up to board level.

We're seeing intense interest in the availability of the data. How do they control that, now that it's been handed off to a service provider? We're starting to see some of those risks coming more and more from the business side.

Gardner: I've categorized some of these risks over the past few years, and I've put them into four basic buckets. One is the legal side, where there are licenses and service-level agreements (SLAs), issues of ownership, and permissions.

The second would be longevity. That is to say, will the service provider be there for the long term? Will they be a fly-by-the-seat-of-the-pants organization? Are they are going to get bought and maybe merged into something else? Those concerns.

The third bucket I put them in is complexity, and that has to do with the actual software, the technology, and the infrastructure. Is it mature? If it's open source, is there a risk for forking? Is there a risk about who owns that software and is that stable?

And then last, the long-term concern, which always comes back, is portability. You mentioned that about the data and the applications. We're thinking now, as we move toward more software-defined data centers, that portability would become less of an issue, but it's still top of mind for many of the people I speak with.

So let's go through these, Adam. Let's start with that legal concern. Do you have any organizations that you can reflect on and say, here is how they did it, here is how they have figured out how to manage these licenses and control of the IP risks?

Beavis: The legal one is interesting. As a case study, there's a not-for-profit organization for which we were doing some initial assessment work, where we validated the technical risk and evaluated how we were going to access the data once the information was in a cloud. We went through that process, and that went fine, but obviously it then went up to the legal team.

One of the big things that the legal team was concerned about was what the service level agreeement was going to be, and how they could capture that in a contract. Obviously, we have standard SLAs, and being a smaller provider, we're flexible with some of those service levels to meet their needs.

But the one that they really started to get concerned about was data availability… if something were to go wrong with the organization. It probably jumps into longevity a little bit there. What if something went wrong and the organization vanished overnight? What would happen with their data?

That's where we see legal teams getting involved and starting to put in things like the escrow clause, similar to what we had with software as a service (SaaS) for a long time. We're starting to see organizations' legal firms focus on doing these, and not just for SaaS—but infrastructure as a service (IaaS) as well. It provides a way for user organizations to access their data if provider organizations like TD were to go down.

So that's one that we're seeing at the legal level. Around the terms and conditions, once again being a small service provider, we have a little more flexibility in what we can provide to the organizations on those.

Once our legal team sits down and agrees on what they're looking for and what we can do for them, we're able to make changes. With larger organizations, where SLAs are often set in stone, there's no flexibility about making modifications to those contracts to suit the customer.

Gardner: Tell us about your organization, how big you are, and who your customers are, and then we'll get back into some of these risks issues and how they have been managed.

Beavis: Traditionally, we came from a system-integrator background, based on the east coast of Australia—Melbourne and Sydney. The organization has been around for 12 years and had a huge amount of success in that infrastructure services arena, initially with VMware.

Other companies heavily expanded into the enterprise information systems area. We still have a large focus on infrastructure, and more recently, cloud. We've had a lot of success with the cloud, mainly because we can combine that with a managed services.

We go to market with cloud. It's not just a platform where people come and dump data or an application. A lot of the customers that come into our cloud have some sort of managed service on top of that, and that's where we're starting to have a lot of success.

As we spoke about in part one, our customers drove us to start building a cloud platform. They can see the benefits of cloud, but they also wanted to ensure that for the cloud they were moving to, they had an organization that could support them beyond the infrastructure.

That might be looking after their operating systems, looking after some of their applications such as Citrix, etc. that we specialize in, looking after their Microsoft Exchange servers, once they move it to the cloud and then attaching those applications. That's where we are. That's the cloud at the moment.

Gardner: Is there something about the platform and industry-standard decisions that you've made that helps your customers feel more comfortable? Do they see less risk because, even though your organization is one organization, the infrastructure is broader and there's some stability about that that comes to the table?

Beavis: Definitely. Partnering with VMware was one of our core decisions, because their platform everywhere is end-to-end standard VMware. It really gives us an advantage when addressing that risk if organizations ask what happens if our company doesn't run or they're not happy with the service.

The great thing is that within our environment—and it's one part of VMware’s vision—you can then pick up those applications, and move them to another VMware cloud provider. Thank heaven, we haven't had that happen, and we intend it not to happen. But, for organizations to understand that, if something were to go wrong, they can move that to another service provider without having to re-architect those applications or make any major changes. This is one area where we're well getting around that longevity risk discussion.

Gardner: Is there a confluence between portability and what organizations are doing with disaster recovery (DR)? Maybe they're mirroring data and/or infrastructure and applications for purposes of business continuity and then are able to say, "This reduces our risk, because not only do we have better DR and business continuity benefits, but we’re also setting the stage for us to be able to move this where we want, when we want."

They can create a hybrid model, where they can pick and choose on-premises, versus a variety of other cloud providers, and even decide on those geographic or compliance issues as to where they actually physically place the data. That's a big question, but the issue is business continuity, as part of this movement toward a lower risk, how does that pan out?

Beavis: That's actually one of the biggest movements that we’re seeing at the moment. Organizations, when they refresh their infrastructure, don’t see the the value refreshing DR on-premise. Let the first step cloud be "let's move the DR out to the cloud, and replicate from on-premises out into our cloud."

Then, as you said, we have the advantage to start to do things like IaaS testing, understanding how those applications are going to work in the cloud, tweak them, get the performance right, and do that with little risk to the business. Obviously, the production machine will continue to run on-premises, while we're testing snapshots.

It's a good way to put a live snapshot of that environment, and how it’s going to perform in the cloud, how your users are going to access it, bandwidth, and all that type of stuff that you need to do before starting to run up. DR is still the number one use case that we’re seeing people move to the cloud.

Gardner: As we go through each of these risks, and I hear you relating how your customers and TD, your own organization, have reacted to them, it seems to me that, as we move toward this software-defined data center, where we can move from the physical hardware and the physical facilities, and move things around in functional blocks, this really solves a lot of these risk issues.

You can manage your legal, your SLAs, and your licenses better when you know that you can pick and choose the location. That longevity issue is solved, when you know you can move the entire block, even if it's under escrow, or whatever. Complexity and fear about forking or immaturity of the infrastructure itself can be mitigated, when you know that you can pick and choose, and that it's highly portable.

It's a round-about way of getting to the point of this whole notion of software-defined data center. Is that really at heart a risk reduction, a future direction, that will mitigate a lot of these issues that are holding people back from adopting cloud more aggressively?

Beavis: From a service provider's perspective it certainly does. The single-pane management window that you can do now, where you can control everything from your network—the compute and the storage—certainly reduces risk, rather than needing several tools to do that.

And the other area where the venders are starting to work together is the integration of things like backup and, as we spoke about earlier, DR. Tools are now sitting natively within that VMware stack around the software-defined data center, written to the vSphere API, as we're trying to retrofit products to achieve file-level backups within a virtual data center, within vCloud. Pretty much every day, you wake up there's a new tool that's now supported within that.

From a service provider's perspective it's really reducing the risk and time to market for the new offerings, but from a customer's perspective it's really getting in that experience that they used to. On-premise over a TD cloud, from their perspective, makes it a lot easier for them to start to adopt and consume the cloud.

Gardner: I suppose this is a good segue into this notion of how to make your data, applications, and the configuration metadata portable across different organizations, based on some kind of a standard or definition. How does that work? What are the ways in which organizations are asking for and getting risk reduction around this concept of portability?

Beavis: Once again, it's about having a common way that the data can move across. The basics come into that hybrid-cloud model initially, like how people are getting things out. One of the things that we see more and more is that it's not as simple as people moving legacy applications and things up to the cloud.

To reduce that risk, we're doing a cloud-readiness assessment, where we come in and assess what the organization has, what their environment looks like, and what's happening within the environment, running things like the vCenter Operations tools from VMware to right-size those environments to be ready for the cloud.

Gardner: Now the flip-side of that would be that some of your customers who have been dabbling in cloud infrastructure, perhaps open-source frameworks of some kind, or maybe they have been integrating their own components of open-source available software, licensed software. What have you found when it comes to their sense of risk, and how does that compare to what we just described in terms of having stability and longevity?

Beavis: Especially in Australia, we probably have 85 percent to 90 percent of organizations with some sort of VMware in their data center. They no doubt seem to be more comfortable gravitating to some providers that are running familiar platforms, with teams familiar with VMware. They're more comfortable that we, as a service provider, are running a platform that they're used to.

We'll probably talk about the hybrid cloud a bit later on, but that ability for them to still maintain control in a familiar environment, while running some applications across in the TD cloud, is something that is becoming quite welcoming within organizations. So there's no doubt that choosing a common platform that they're used to working on is giving them confidence to start to move to the cloud.

Listen to the podcast. Find it on iTunes. Read a full transcript or download a copy.

By: Dana Gardner, Principal Analyst, Interarbor Solutions Posted: 10th May 2013 Copyright Interarbor Solutions © 2013

Ariba, an SAP Company, and Discover Financial Services today unveiled Ariba Pay. The new service, to be offered by Ariba, is expected to transform B2B payments by eliminating paper transactions, providing better visibility into cash flow, and producing rich remittance information that improves reconciliation processes for buyers and sellers.

The cloud-based service. announced at the Ariba LIVE conference, will combine the applications and insights embedded in the Ariba Network and deliver them through a trusted and secure global payments infrastructure to streamline and enhance settlement and reconciliation of business commerce. The service is expected to be generally available in 2014. [Disclosure: Ariba is a sponsor of BriefingsDirect podcasts.]

“It’s the classic joke: The check is in the mail. But few companies find it funny,” said Kevin Costello, president, Ariba. “Buyers are drowning in paper, and sellers have no idea when—or how much—they will be paid. AribaPay will effectively eliminate these issues.”

AribaPay will provide a way for buyers to create purchase orders, receive invoices, and send payments, while sellers receive more-detailed remittance information in a fast, secure, electronic environment.

Improving commerce
"Ariba and Discover are seizing the opportunity to digitize a share of the estimated $30 trillion in B2B payments that are still mostly made with paper checks,” said Roger Hochschild, president and chief operating officer for Discover. “Discover is broadening its network capabilities and infrastructure and choosing diverse business partners like Ariba to move beyond facilitating payments to enabling and improving business commerce.”

For buyers and sellers connected to the Ariba Network, AribaPay will deliver data that shows what payments represent at the invoice and line-item level, fueling faster, more accurate reconciliation on both sides.

Other benefits include:

• Lower processing cost
• Richer remittance advice
• Reduced fraud risk
• Elimination of paper checks and invoices
• Fewer payments lost to escheatment
• Ability to track and trace transactions
• Faster reconciliation and dispute resolution

To learn more about AribaPay and the benefits it is expected to deliver, visit: www.aribapay.com

By: David Norfolk, Practice Leader - Development, Bloor Research Posted: 1st May 2013 Copyright Bloor Research © 2013

I've just had a hands-on demo of Huddle (which describes itself as an "enterprise content collaboration platform") with Jonathan Howell (its CTO) and James Pipe (one of its product managers, focused on mobile and desktop). As I've said before, there are limitations to this, as I'm not working on a real collaboration issue at my workplace, but I have used Huddle before (at the BCS) and I do think its redesigned interface is "cool" and supportive. Huddle's promise to provide its users with "just enough" information to let them get their work done seems a reasonable, and achievable, objective.

Huddle provides cross-platform support, which is good. Somebody can make an update on their desktop and the updated content appears on peoples' iPads and iPhones in real time. The permissions and so on needed to make this work seem reasonably flexible and sufficiently powerful - this is an important aspect of collaboration software. People must be able to collaborate on sensitive information and control who sees what - without obtrusive controls that disincentivise collaboration. Huddle seems to do a reasonable job but this is an area in which any purchaser of collaboration software needs to do its own due diligence; with his own staff, collaborating on tasks they are familiar with.

This is where Huddle's "start small and grow success" approach is good (it isn't unique to Huddle, but that doesn't make it any less worthwhile). The conventional approach to implementing collaboration software, often adopted by vendors of licensed software and driven by the IT group, is to install as many licenses as you can afford (often promoted by bulk discounts) and then look for problems to solve with them. Often a lot of these licenses remain as shelfware. In contrast, Huddle's subscription model means that there's an incentive to only buy as much Huddle as you need and get rid of any subscriptions no-one is using. That's a good start, although an organisation can still choose to mess up a subscription model. However, Huddle (according to Chris Boorman, CMO) is adopting an incremental marketing approach - it encourages a customer to install Huddle for a small group with a real need for collaboration and then supplies experienced mentors to help the initial group make this a success. It aims at 'skills transfer' to its customer and to educate 'champions' amongst its initial customers. It then hopes that its initial deployment will grow, with more subscriptions, as the early adopters demonstrate success. If that is what really happens in practice, it should overcome any prejudices about collaboration shelfware.

Another risk-reduction feature of Huddle is its security certifications - if you understand what these mean and don't see them just as a check-box delivering mindless comfort. Huddle has achieved ISO 27001 certification (part of a range of ISO 27000 standards), which does not guarantee security but does provide a framework for a company to implement security around Huddle and gives all stakeholders a common, defined, vocabulary for discussing security issues. Of course, if you understand certification, you'll now be asking about the scope of assessment and when Huddle was last assessed - there's a starting point for this here.

Moreover, Huddle is Pan Government Accredited (PGA) at Impact Level 2 (IL2), which means "based on good commercial standards, centred around a suitably scoped ISO27001 certification", and claims that it is used by 80 per cent of central UK government departments, including the Cabinet Office, Ministry of Justice, Defra and Department for Business Innovation and Skills. This does not mean that "the government says Huddle is totally secure" or anything like that; but it does give users confidence that it is secure enough to accommodate serious work - although you'd want to do more due diligence (especially around physical access on your premises) if you were using it for, say, personal data or anything else where security is critical.

I'm also impressed that Huddle has what it says is a usable and well-documented RESTful API ("this time around, we got our developers to write the documentation first and then produce the API, so we have confidence in the documentation", says Howell). This should allow customers to integrate Huddle collaboration with other software-supported processes - a useful success factor and will allow a Huddle community to develop, sharing third party Huddle utilities and customisations. Huddle is more likely to succeed as part of a larger community including third parties - better a small slice of a large pie than all of a small pie, perhaps. There isn't a formal AppStore for Huddle yet - but who knows?

I think that Huddle sees its main opportunity as failing or less-than-popular SharePoint installations - and it seems to address many of the issues that SharePoint customers report, including the shelfware issue. Nevertheless, SharePoint is a moving target and Microsoft has a history of reinventing its products without necessarily changing their name. I wonder what Microsoft collaboration around Office365 will look like in 2014? I do think the conventional licensing model, especially for collaboration software, is dying (although I'm not stupid enough to predict the actual death-date - in anything to do with IT, a better model co-exists with the old ways for ages).

Unfortunately, I think that some people who failed with SharePoint will also fail with Huddle (and other collaboration solutions) - and for similar reasons, around blame cultures, egos and politics - and will blame the software instead of their organisational/management failings. To end on an optimistic note, however, this is the sort of customer maturity issue Huddle's "start small and grow with success" model might help with - as long as top management buys into and understands collaboration.

By: Dana Gardner, Principal Analyst, Interarbor Solutions Posted: 24th April 2013 Copyright Interarbor Solutions © 2013

Welcome to the latest edition of the HP Discover Performance Podcast Series. Our next discussion examines how TTNET, the largest internet service provider in Turkey, with six million subscribers, significantly improved applications deployment while cutting costs and time to delivery.

We'll hear how TTNET deployed advanced Service Virtualization (SV) solutions to automate end-to-end test cases, gaining a path to integrated Unified Functional Testing (UFT).

To learn how, we're joined by Hasan Yükselten, Test and Release Manager at TTNET, which is a subsidiary of Türk Telekom, based in Istanbul. The interview is conducted by Dana Gardner, Principal Analyst at Interarbor Solutions. [Disclosure: HP is a sponsor of this and other BriefingsDirect podcasts.]

Here are some excerpts:

Gardner: What was the situation there before you became more automated, before you started to use more software tools?

Yükselten: We're the leading ISP in Turkey. We deploy more than 200 applications per year, and we have to provide better and faster services to our customers every week, every month. Before HP SV, we had to use the other test infrastructures in our test cases.

We mostly had problems on issues such as the accessibility, authorization, downtime, and private data for reaching the other third-party’s infrastructures. So, we needed virtualization on our test systems, and we needed automation for getting fast deployment to make the release time shorter. And of course, we needed to reduce our cost. So, we decided to solve the problems by implementing SV.

Gardner: How did you move from where you were to where you wanted to be?

Yükselten: Before SV, we couldn’t do automation, since the other parties are in discrete locations and it was difficult to reach the other systems. We could automate functional test cases, but for end-to-end test cases, it was impossible to do automation.

First, we implemented SV for virtualizing the other systems, and we put SV between our infrastructure and the third-party infrastructure. We learned the requests and responses and then could use SV instead of the other party infrastructure.

After this, we could also use automation tools. We managed to use automation tools via integrating Unified Functional Testing (UFT) and SV tools, and now we can run automation test cases and end-to-end test cases on SV.

We started to use SV in our test systems first. When we saw the success, we decided to implement SV for the development systems also.

Gardner: Give me a sense of the type of applications we’re talking about.

Yükselten: We are mostly working on customer relationship management (CRM) applications. We deploy more than 200 applications per year and we have more than six million customers. We have to offer new campaigns and make some transformations for new customers, etc.

We have to save all the informations, and while saving the information, we also interact the other systems, for example the National Identity System, through telecom systems, public switched telephone network (PSTN) systems.

We have to ask informations and we need make some requests to the other systems. So, we need to use all the other systems in our CRM systems. And we also have internet protocol television (IPTV) products, value added services products, and the company products. But basically, we’re using CRM systems for our development and for our systems.

Gardner: So clearly, these are mission-critical applications essential to your business, your growth, and your ability to compete in your market.

Yükselten: If there is a mistake, a big error in our system, the next day, we cannot sell anything. We cannot do anything all over Turkey.

Gardner: Let's talk a bit about the adoption of SV. What you actually have in place so far?

Yükselten: Actually, it was very easy to adopt these products into our system, because including proof of concept (PoC), we could use this tool in six weeks. We spent first two weeks for the PoC and after four weeks, we managed to use the tool.

For the first six weeks, we could use SV for 45 percent of end-to-end test cases. In 10 weeks, 95 percent of our test cases could be run on SV. It was very easy to implement. After that, we also implemented two other SVs in our other systems. So, we're now using three SV systems. One is for development, one is just for the campaigns, and one is for the E2E tests.

HP Software helped us so much, especially R&D. HP Turkey helped us, because we were also using application lifecycle management (ALM) tools before SV. We were using QTP LoadRunners, Quality Center, etc., so we had a good relation with HP Software.

Since SV is a new tool, we needed a lot of customization for our needs, and HP Software was always with us. They were very quick to answer our questions and to return for our development needs. We managed to use the tool in six weeks, because of HP’s Rapid Solutions.

Gardner: My understanding is that you have something on the order of 150 services. You use 50 regularly, but you're able to then spin up and use others on a more ad-hoc basis. Why is it important for you to have that kind of flexibility and agility?

Yükselten: We virtualized more than 150 services, but we use 48 of them actively. We use these portions of the service because we virtualized our third-party infrastructures for our needs. For example, we virtualized all the other CRM systems, but we don’t need all of them. In gateway remote, you can simulate all the other web services totally. So, we virtualized all the web services, but we use just what we need in our test cases.

In three months we got the investment back actually, maybe shorter than three months. It could have been two and half months. For example, for the campaign test cases, we gained 100 percent of efficiency. Before HP, we could run just seven campaigns in a month, but after HP, we managed to run 14 campaigns in a month.

We gained 100 percent efficiency and three man-months in this way, because three test engineers were working on campaigns like this. For another example, last month we got the metrics and we saw that we had a total blockage for seven days, so that was 21 working days for March. We saved 33 percent of our manpower with SV and there are 20 test engineers working on it. We gained 140 man-months last month.

For our basic test scenarios, we could run all test cases in 112 hours. After SV, we managed to run it in 54 hours. So we gained 100 percent efficiency in that area and also managed to do automation for the campaign test cases. We managed to automate 52 percent of our campaign test cases, and this meant a very big efficiency for us. Totally, we saved more than $50,000 per month.

Gardner: Do you expect now to be able to take this to a larger set of applications across Türk Telekom?

Yükselten: Yes. Türk Telekom licenses these tools and started to use these tools in their test service to get this efficiency for those systems. We have a branch company called AVEA, and they also want to use this tool. After our getting this efficiency, many companies want to use this virtualization. Eight companies visited us in Turkey to get our experiences on this tool. Many companies want this and want to use this tool in their test systems.

Gardner: Do you have any advice for other organizations like those you've been describing, now that you have done this? Any recommendations on what you would advise others that might help them improve on how they do it?

Yükselten: Companies must know their needs first. For example, in our company, we have three blockage systems for third parties and the other systems don't change everyday. So it was easy to implement SV in our systems and virtualize the other systems. We don’t need to do virtualization day by day, because the other systems don't change every day.

Once a month, we consult and change our systems, update our web services on SV, and this is enough for us. But if the other party's systems changes day by day or frequently, it may be difficult to do virtualization every day.

This is an important point. Companies should think automation besides virtualization. This is also a very efficient aspect, so this must be also considered while making virtualization.

We started to use UFT with integrating SV. As I told you, we managed to automate 52 percent of our campaign test cases so far. So we would like to go on and try to automate more test cases, our end-to-end test cases, the basic scenarios, and other systems.

Our first goal is doing more automation with SV and UFT and the other is using SV in development sites. We plan to find early defects in development sites and getting more quality products into the test.

Of course, in this way, we get rapid deployment and we make shorter release times because the product will have more quality. Using performance test and SV also helps us on performance. We use HP LoadRunner for our performance test cases. We have three goals now, and the last one is using SV with integrating LoadRunner.

Gardner: Well, it's really impressive. It sounds as if you put in place the technologies that will allow you to move very rapidly, to even a larger payback. So congratulations on that. Gain more insights and information on the best of IT Performance Management at www.hp.com/go/discoverperformance.

Listen to the podcast. Find it on iTunes. Read a full transcript or download a copy.

By: Dana Gardner, Principal Analyst, Interarbor Solutions Posted: 23rd April 2013 Copyright Interarbor Solutions © 2013

Both enterprises and independent software vendors (ISVs) know the software-development game has changed. Not only do they need to rapidly develop and deploy more mobile apps across multiple interfaces and device platforms, but they need to really rethink all of their client development—and even try and come up with a singular approach to most of them.

Fast to their rescue, the suppliers of development tools and testing systems are tripping over each other to appeal to them in this new game. And, as in the past with other deployment advances, we're seeing a major philosophical split between the 'nativists' (running directly on the device hardware) and the 'virtualizers' (with their scripting and interpretive layers and containers).

First, the nativists. Embarcadero Technologies, with its RAD Studio and former Borland CodeGear assets, is not surprisingly catering to its skills base—the hard core developers at home in Delphi and C++Builder, as well as C and Objective-C. Embarcadero therefore today delivered RAD Studio XE4, with an attractive offer to those seeking native—what Embarcadero calls "multi-device, true native"—apps development, but across most mobile devices from a singular code base and a single core skills set. RAD Studio XE4 has a single application framework for iOS, Windows, and Mac OSX, with support for Android coming soon.

RAD Studio XE4 allows developers to gain more control over the development lifecycle and deliver apps with tighter security, a better user experience, lightning quick performance, and a small footprint. Those that want to target iOS devices, as well as OSX and Windows PCs, can write once and run anywhere, so to speak, says Embarcadero. The key is FireMonkey, a cross-platform GUI framework developed by Embarcadero to provide Delphi and C++Builders with a single framework. This is the same lineage of the graphical language tools that sprung from native (fat) PC development.

But native development for mobile (nee PCs) isn't the only game in town, nor the only way to seek the 'run anywhere' nirvana. The other approaches to the mobile and cross-platform development complexity problem are more aligned with open source, HTML5, and scripting, all with roots in the web.

And so HP, last month, threw it's weight from the IT management perspective behind "a hybrid approach" for mobile. HP Anywhere, as HP calls it, aids in the distributing and consuming of IT management information to mobile devices. But this may well be a model for far broader enterprise-to-mobile process alignment.

Especially where BYOD is the goal, the hybrid approach works best, says Genefa Murphy, Director of Mobile Product Management and User Experience at HP Software. [Disclosure: Both Embarcadero and HP are sponsors of BriefingsDirect podcasts.]

Under this 'virtualizers' vision, the HP Anywhere server connects IT management systems to the HP Anywhere Client on Android or iOS devices, forming the basic client app or container on the end-point devices. Then so-called Mini-Apps are downloadable to that container to provide the access and interface to specific IT management tasks or modules.

Two best ends
These two examples of mobile enablement to me represent the two best ends of the enterprise mobile needs spectrum. And, chances are, enterprises are going to need both, especially for existing applications and processes. For example, the Embarcadero approach can swiftly take existing full-client applications and deliver them to the needed mobile tier devices with strong performance and security, and no need to rewrite for each client and OS, said John Thomas (JT), Director of Product Management at Embarcadero.

For more on my views of how cloud, mobile and enterprise IT intersect, see my two-part interview on the Gathering Clouds blog.

The question yet to be answered is what combination of native, scripting, or hybrid container-type models will fit best for entirely new 'mobile first' applications. This is a work in progress, and will also vary greatly from company to company, based on a maze of variables for each. Looks for a lot more blogs on that greenfield apps trend in the future.

For now, however, a lot of the pain for IT in going mobile is in getting existing PC applications via code reuse—as well as business processes on back-end systems—out to where they can be used… on the modern mobile landscape and in the hands of newly empowered mobile users. Incidentally, the new Embarcadero tools and framework allows .NET apps to be driven out to iOS devices in a pretty snappy fashion. That's assuming, of course, Windows CE won't be your preferred client environment after all. You know who you are.

Currently, RAD Studio XE4 delivers multi-device development for ARM and Intel devices, including Apple iPhone, iPod Touch, iPad, Mac OSX, Windows PCs, Slates, and Surface Pro tablets, said JT. And RAD Studio XE4 allows developers to take advantage of the full range of capabilities available on each of those devices to deliver the best user experience, he added. The full Android support should come mid-year.

The Embarcadero tools allow developers or designers to also quickly create no-code, visual mockups with live or simulated data and deploy to actual target devices (like PCs, phones, or tablets), or simulate on Windows or Mac, so that the requirements and app role can be best defined and tuned.

RAD Studio XE4 is available immediately. To download a free trial, visit http://www.embarcadero.com/products/rad-studio/downloads. Pricing starts at $1,799. Delphi and C++Builder pricing starts at $149 for Starter edition and $999 and up for full commercial development licenses. Upgrade discounts are available for users of recent earlier versions. An introductory 10 percent discount is available on most RAD Studio XE4 family products through May 22.

As for HP Anywhere, it manages the cross-platform device client issue using HMTL5 and Javascipt, and we'll be seeing a lot of that too from many 'virtualizers.' HP also boats RAD via an emulator that allows quick switching between device views. HP is taking its HP Anywhere story to both the test and QA people as well as developers as they seek ways to bring more business functions to the mobile enterprise worker corps.

By: David Norfolk, Practice Leader - Development, Bloor Research Posted: 22nd April 2013 Copyright Bloor Research © 2013

At one, rather over-simplified, level, New Development is about building mobile apps: get them out quickly, sell them cheap, throw them away and build another if they don't work. I know of a games manufacturer whose test methodology consists of throwing a new game at a crowd of students for an afternoon. On one occasion, by chance, this resulted in a game being sold that was unplayable by anyone left-handed... A disaster? Not really, the game sold for 50p or so - so a lot of left-handed people who bought it simply didn't care much that it didn't work - and no-one in that space remembers who built a game anyway. No doubt that company will smarten its ideas up (if it can - which is another discussion) when it comes up with another "Angry Birds".

However, new development is also being used by enterprises coping with the BYOD movement, trying to provide mobile access to company systems. Here, whether the app works impacts the business; and issues of maintainability, security, complexity and governance matter.

Organisations can no longer expect to dictate to staff, let along customers, what mobile devices they can use. On the other hand, there are advantages to writing in native code for iOS, Android etc (improved application functionality and quality of user experience; performance; security) if you can overcome the major issue, if you use the vendor's device SDK, of needing a different code-base for every kind of device,. Of course, you can write to a virtualised platform - for example, Java Xamarin, Mono etc. - if you can manage the overheads of an extra layer of code and, possibly, the security implications on running on what is a very large target for malware developers (remember the recent Java exploits).

Embarcadero now claims to have come up with a third choice. It can provide developers with as agile and programmer-friendly rapid-prototyping development environment as offered by scripting languages etc (a claim lent credence by its experience with Delphi/C++, originally from Borland); yet deliver genuinely native ARM code for several different platforms from a single code-base.

On a first look, I'm rather impressed; although I might take pedantic issue with the "multi-platform" claim for what you can buy today, at least. Embarcadero RAD Studio XE4 currently supports Windows and Mac OSX desktops and iOS mobile, with Android to follow shortly. That's certainly several platforms supported natively from a single code base, so "multi-platform" is justified technically even for mobile, once Android support arrives; but I'd think that an enterprise might expect "multi-platform" to include something approaching everything out there; i.e. including Symbian and BlackBerry too. An enterprise buying a mobile development platform might well expect it to support everything from a single code-base - even stuff that is non-strategic or even obsolete or only popular in an odd corner of the world, but which it isn't expedient to replace just now. I remember the cries of pain from enterprises when Microsoft dropped old versions of Visual Basic from its distribution CDs, because the overheads of managing change across the world mean that many enterprises, even those recognising the benefits of the modernised VB, still had to maintain old technology well past its sell-by date.

Nevertheless, I'm not selling this stuff and I have to assume that those who are, do understand their market - and will respond to customer feedback if or when they get it. If you are trying to develop for Android and iOS from a single code-base (which does make a lot of sense), Emabarcadero says that RAD Studio provides a similar or better environment to that of other C++ or Objective C coding environments and also provides enterprise-class database connectivity (and Embarcadero does understand data structures). However, because of its generation of truly native ARM code, Embarcadero also claims that it offers:

• Higher performance for number crunching applications;
• Lower latency, with a responsive native user experience and no garbage collection issues;
• The ability to talk directly to APIs, peripherals, and gadgets (which has advantages; but so does virtualising hardware);
• The placing of the developer in control of app performance (although that's a two-edged sword, as some developers don't really understand the need to optimise only real bottlenecks);
• A smaller footprint, which is ideal for small fixed size devices;
• Native security with a reduced risk of generic 3rd party attacks (although that's only part of the application security issue, of course).

So, mobile developers now have another cross-platform choice (I think trying to maintain several native code-bases, one per platform, is a bit of a dead-end), which delivers native code; to add to scripted and VM approaches such as Java, HTML5, Appcelerator, Xamarin, Mono and so on. I think Embarcadero RAD Studio XE4 merits careful consideration by enterprise mobile developers (and it is probably also useful for Windows and OSX desktop developers, of course).

By: Dana Gardner, Principal Analyst, Interarbor Solutions Posted: 5th April 2013 Copyright Interarbor Solutions © 2013

Later this month, The Open Group’s first conference in Australia will focus on "How Does Enterprise Architecture Transform an Enterprise?"

With special attention devoted to enterprise transformation, speakers and a variety of sessions will place the transformation in the context of such vertical industries as finance, defense, exploration, mining, and minerals.

As a prelude to the event, BriefingsDirect recently interviewed two of the main speakers at the conference: Hugh Evans, the Chief Executive Officer of Enterprise Architects, a specialist enterprise architecture (EA) firm based in Melbourne, Australia, and Craig Martin, Chief Operations Officer and Chief Architect at Enterprise Architects.

As some background, Hugh is both the founder and CEO at Enterprise Architects. His professional experience blends design and business, having started out in traditional architecture, computer games design, and digital media, before moving into enterprise IT and business transformation.

In 1999, Hugh founded the IT Strategy Architecture Forum, which included chief architects from most of the top 20 companies in Australia. He has also helped found the Australian Architecture Body of Knowledge and the London Architecture Leadership Forum in the UK.

Since starting Enterprise Architects in 2002, Hugh has grown the team to more than 100 people, with offices in Australia, the UK, and the U.S.

With a career spanning more than 20 years, Craig has held executive positions in the communications, high tech, media, entertainment, and government markets and has operated as an Enterprise Architect and Chief Consulting Architect for a while.

In 2012, Craig became COO of Enterprise Architects to improve the global scalability of the organization, but he is also a key thought leader for strategy and architecture practices for all their clients and also across the EA field.

Craig has been a strong advocate of finding differentiation in businesses through identifying new mixes of business capabilities in those organizations. He advises that companies that do not optimize how they reassemble their capabilities will struggle, and he also believes that business decision making should be driven by economic lifecycles.

The interview was conducted by Dana Gardner, Principal Analyst at Interarbor Solutions.[Disclosure: The Open Group is a sponsor of BriefingsDirect podcasts.]

Here are some excerpts:

Gardner: What are some of the big problems that businesses are facing that architecture-level solutions can benefit?

Evans: I'll start with the trend in the industry around fast-paced change and disruptive innovation. You'll find that many organizations, many industries, at the moment in the U.S., Australia, and around the world are struggling with the challenges of how to reinvent themselves with an increasing number of interesting and innovative business models coming through.

For many organizations, this means that they need to wrap their arms around an understanding of their current business activities and what options they've got to leverage their strategic advantages.

We're seeing business architecture as a tool for business model innovation and, on the other side, we're also seeing business architecture as a tool that's being used to better manage risk, compliance, security, and new technology trends around things like cloud, big data, and so on.

Martin: Yes, there is a strong drive within the industry to try and reduce complexity. As organizations are growing, the business stakeholders are confronted with a large amount of information, especially within the architecture space. We're seeing that they're struggling with this complexity and have to make accurate and efficient business decisions on all this information.

What we are seeing, and based upon what Hugh has already discussed, is that some of those industry drivers are around disruptive business models. For example, we're seeing it with the likes of higher education, the utility space, and financial services space, which are the dominant three.

There is a lot of change occurring in those spaces, and businesses are looking for ways to make them more agile to adapt to that change, and looking towards disciplined architecture and the business-architecture discipline to try and help them in that process.

Gardner: Is there anything about the past 10 or 15 years in business practices that have led now to this need for a greater emphasis on that strategic architectural level of thinking?

Martin: A lot has to do with basically building blocks. We've seen a journey that’s traveled within the architecture disciplines specifically. We call it the commodification of the business, and we've seen that maturity in the IT space. A lot of processes that used to be innovative in our business are now becoming fairly utility and core to the business.

In any Tier 1 organization, a lot of the processes that used to differentiate them are now freely available in a number of vendor platforms, and any of their competitors can acquire those.

So they are looking for that differentiation, the ability to be able to differentiate themselves from their competitors, and away from that sort of utility space. That’s a shift that’s beginning to occur. Because a lot of those IT aspects have become industrialized, that’s also moving up into the business space.

In other words, how can we now take complex mysteries in the business space and codify them? In other words, how can we create building blocks for them, so that organizations now can actually effectively work with those building blocks and string them together in different ways to solve more complex business problems.

Evans: EA is now around 30 years old, but the rise in EA has really come from the need for IT systems to interoperate and to create common standards and common understanding within an organization for how an IT estate is going to come together and deliver the right type of business value.

Through the '90s we saw the proliferation of technologies as a result of the extension of distributed computing models and the emergence of the Internet. We've seen now the ubiquity of the Internet and technology across business. The same sort of concepts that ring true in technology architecture extend out into the business, around how the business interoperates with its components.

The need to change very fast for business, which is occurring now in the current economy, with the entrepreneurship and the innovation going on, is seeing this type of thinking come to the fore. This type of thinking enables organizations to change more rapidly. The architecture itself won't make the organization change rapidly, but it will provide the appropriate references and enable people to have the right conversations to make that happen.

Business architecture, as well as strategic architecture, is still quite a nascent capability for organizations, and many organizations are really still trying to get a grip on this. The general rule is that organizations don’t manage this so well at the moment, but organizations are looking to improving in this area, because of the obvious, even heuristic, payoffs that you get from being better organized.

You end up spending less money, because you're a more efficient organization, and you end up delivering better value to customers, because you're a more effective organization. This efficiency and effectiveness need within organizations is worth the price of investment in this area.

The actual tangible benefits that we're seeing across our customers includes reduced cost of their IT estate.

You have improved security and improved compliance, because organizations can see where their capabilities are meeting the various risk and compliance profiles, and you are also seeing organizations bring products to market quicker.

The ability to move through the product management process, bring products to market more rapidly, and respond to customer need more rapidly puts organizations in front and makes them more competitive.

The sorts of industries we're seeing acting in this area would include the postal industry, where they are moving from traditional mail to parcels, which is a result of a move towards online retailing. You're also seeing it in the telco sector and you're seeing it in the banking and finance sector.

In the banking and finance sector, we've also seen a lot of this investment driven by the merger and acquisition (M&A) activity that’s come out of the financial crisis in various countries where we operate. These organizations are getting real value from understanding where the enterprise boundaries are, how they bring the business together, how they better integrate the organizations and acquisitions, and how they better divest.

Martin: We're seeing, especially at the strategic level, that the architecture discipline is able to give business decision makers a view into different strategic scenarios.

For example, where a number of environmental factors and market pressures would have been inputs into a discussion around how to change a business, we're also seeing business decision makers getting a lot of value from running those scenarios through an actual hypothesis of the business model.

For example, they could be considering four or five different strategic scenarios, and what we are seeing is that, using the architecture discipline, it's showing them effectively what those scenarios look like as they cascade through the business. It's showing the impact on capabilities, on people and the approaches and technologies, and the impact on capital expenditures (CAPEX) and operational expenditures (OPEX).

Those views of each of those strategic scenarios allows them to basically pull the trigger on the better strategic scenario to pursue, before they've invested all of their efforts and all that analysis to possibly get to the point where it wasn’t the right decision in the first place. So that might be referred to as sort of the strategic enablement piece.

We're also seeing a lot of value for organizations within the portfolio space. We traditionally get questions like, "I have 180 projects out there. Am I doing the right things? Are those the right 180 projects, and are they going to help me achieve the types of CAPEX and OPEX reductions that I am looking for?"

With the architecture discipline, you don’t take a portfolio lens into what’s occurring within the business. You take an architectural lens, and you're able to give executives an overview of exactly where the spend is occurring. You give them an overview of where the duplication is occurring, and where the loss of cohesion is occurring.

A common problem we find, when we go into do these types of gigs, is the amount of duplication occurring across a number of projects. In a worst-case scenario, 75 percent of the projects are all trying to do the same thing, on the same capability, with the same processes.

So there’s a reduction of complexity and the production of efforts that’s occurring across the organizations to try and bring it and get it into more synergistic sessions.

We're also seeing a lot of value occurring up at the customer experience space. That is really taking a strong look at this customer experience view, which is less around all of the underlying building blocks and capabilities of an organization and looking more at what sort of experiences we want to give our customer? What type of product offerings must we assemble, and what underlying building blocks of the organization must be assembled to enable those offerings and those value propositions?

That sort of traceability through the cycle gives you a view of what levers you must pull to optimize your customer experience. Organizations are seeing a lot of value there and that’s basically increasing their effectiveness in the market and having a direct impact on their market share.

And that’s something that we see time and time again, regardless of what the driver was behind the investment in the architecture project, seeing the team interact and build a coalition for action and for change. That’s the most impressive thing that we get to see.

Gardner: Let’s drill down a little bit into some of what you'll be discussing at the conference in Sydney in April. One of the things that’s puzzling to me, when I go to these Open Group Conferences, is to better understand the relationship between business architecture and IT architecture and where they converge and where they differ. Perhaps you could offer some insights and maybe tease out what some discussion points for that would be at the conference.

Martin: That’s actually quite a hot topic. In general, the architecture discipline has grown from the IT space, and that’s a good progression for it to take, because we're seeing the fruits of that discipline in how they industrialize IT components.

We're seeing the fruits of that in complex enterprise resource planning (ERP) systems, the modularization of those ERP systems, their ability to be customized, and adapt to businesses. It’s a fairly mature space, and the natural progression of that is to apply those same thinking patterns back up into the business space.

In order for this to work effectively well, when somebody asks a question like that, we normally respond with a "depends" statement. We have in this organization a thing called the mandate curve, and it relates to what the mandate is within the business. What is the organization looking to solve?

Are they looking to build an HR management system? Are they looking to gain efficiencies from an enterprise-wide ERP solution? Are they looking to reduce the value chain losses that they're having on a monthly basis? Are they looking to improve customer experience across a group of companies? Or are they looking to improve shareholder value across the organization for an M&A, or maybe reduce cost-to-income.

Those are some of the problem spaces, and we often get into that mind space to ask, "Those are the problems that you are solving, but what mandate is given to architecture to solve them?" We often find that the mandate for the IT architecture space is sitting beneath the CIO, and the CIO tends to use business architecture as a communication tool with business. In other words, to understand business better, to begin to apply architecture rigor to the business process.

Evans: It’s interesting, Dana. I spent a lot of time last year in the UK, working with the team across a number of business-architecture requirements. We were building business-architecture teams. We were also delivering some projects, where the initial investigation was a business-architecture piece, and we also ran some executive roundtables in the UK.

One thing that struck me in that investigation was the separation that existed in the business-architecture community from the traditional enterprise and technology architecture or IT architecture communities in those organizations that we were dealing with.

One insurance company, in particular, that was building a business-architecture team was looking for people that didn’t necessarily have an architecture background, but possibly could apply that insight. They were looking for deep business domain knowledge inside the various aspects of the insurance organization that they were looking to cover.

So to your question about the relationship between business architecture and IT architecture, where they converge and how they differ, it’s our view that business architecture is a subset of the broader EA picture and that these are actually integrated and unified disciplines.

However, in practice you'll find that there is often quite a separation between these two groups. I think that the major reason for that is that the drivers that are actually creating the investment for business architecture are now from coming outside of IT, and to some extent, IT is replicating that investment to build the engagement capability to engage with business so that they can have a more strategic discussion, rather than just take orders from the business.

I think that over this year, we're going to see more convergence between these two groups, and that’s certainly something that we are looking to foster in EA.

Gardner: I just came back from The Open Group Conference in California a few weeks ago, where the topic was focused largely on big data, but analysis was certainly a big part of that. Now, business analysis and business analysts, I suppose, are also part of this ecosystem. Are they subsets of the business architect? How do you see the role of business analysts now fitting into this, given the importance of data and the ability for organizations to manage data with new efficiency and scale?

Martin: Once again, that's also a hot topic. There is a convergence occurring, and we see that across the landscape, when it comes to the number of frameworks and standards that people certify on. Ultimately, it comes to this knife-edge point, in which we need to interact with the business stakeholder and we need to elicit requirements from that stakeholder and be able to model them successfully.

The business-analysis community is slightly more mature in this particular space. They have, for example, the Business Analysis Body of Knowledge (BABOK). Within that space, they leverage a competency model, which, in effect, goes through a cycle, from an entry level BA, right up to what they refer to as the generalist BA, which is where they see the start of the business-architecture role.

There's a career path from a traditional business analyst role, which is around requirements solicitation and requirements management, which seems to be quite project focused. In other words, dropping down onto project environments, understanding stakeholder needs and requirements, and modeling those and documenting them, helping the IT teams model the data flows, the data structures but with a specific link into the business space.

As you move up that curve, you get into the business-architecture space, which is a broader structural view around how all the building blocks fit together. In other words, it’s a far broader view than what the business analyst traditional part would take, and looks at a number of different domains. The business architect tends to focus a lot on, as you mentioned, the information space, and we see a difference between the information and the data space.

So the business architect is looking at performance, market-related aspects, and customer information, as well as the business processes and functional aspects of an organization.

You can see that the business analysts could almost be seen as the soldiers of these types of functions. In other words, they're the guys that are in the trenches seeing what's working on a day-to-day basis. They've got a number of tools that they're equipped with, which for example the BABOK has given them.

And there are all different ways and techniques that they are using to elicit those requirements from various business stakeholders, until they move out that curve up into the business architecture and strategic architecture space.

Gardner: Craig, in your presentation at The Open Group Conference in Sydney, what do you hope to accomplish?

Martin: How do I build cohesion in an organization? How do I look at different types of scenarios that I can execute against? What are the better ways to assemble all the efforts in my organization to achieve those outcomes? That’s taking us through a variety of examples that will be quite visual.

We'll also be addressing the specific role of where we see the career path and the complementary nature of the business analyst and business architect, as they travel through the cycle of trying to operate at a strategic level and as a strategic enabler within the organization.

Gardner: How do you often find that enterprises get beyond the inertia and into this discussion about architecture and about the strategic benefits of it?

Martin: We often have two market segments, where a Tier 1 type company would want to build the capability themselves. So there's a journey that we need to take them on around how to have a business-architecture capability while delivering the actual outcomes?

Tier 2 and Tier 3 clients often don’t necessarily want to build that type of capability, so we would focus directly on the outcomes. And those outcomes start with two views. Traditionally, we're seeing the view driven almost on a bottom-up view, as the sponsors of these types of exercises try to get credibility within the organization.

That relates to helping the clients build what we refer to as the utility of the business-architecture space. Our teams go in and, in effect, build a bunch of what we refer to as anchor models to try and get a consistent representation of the business and a consistent language occurring across the entire enterprise, not just within a specific project.

And that gives them a common language they can talk about, for example, common capabilities and common outcomes that they're looking to achieve. In other words, it's not just a bunch of building blocks, but the actual outcome of each of those building blocks and how does it match something like a business-motivation model.

They also look within each of those building blocks to see what the resources are that creates each of those building blocks—things like people, process and tools. How do we mix those resources in the right way to achieve those types of outcomes that the business is looking for? Normally, the first path that we go through is to try to get that sort of consistent language occurring within an organization.

As an organization matures, that artifact starts to lose its value, and we then find that, because it has created a consistent language in the organization, you can now overlay a variety of different types of views to give business people insights. Ultimately, they don’t necessarily want all these models, but they actually want insight into their organizations to enable them to make decisions.

We can overlay objectives, current project spend, CAPEX, and OPEX. We can overlay where duplication is occurring, where overspend is occurring, where there's conflict occurring at a global scale around duplication of efforts, and with the impact of costs and reduction and efficiencies, all of those types of questions can be answered by merely overlaying a variety of views across this common language.

That starts to elevate the value of these types of artifacts, and we start to see our business sponsors walking into meetings with all of these overlays on them, and having conversations between them and their colleagues, specifically around the insights that are drawn from these artifacts. We want the architecture to tell the story, not necessarily lengthy PowerPoint presentations, but as people are looking at these types of artifacts, they are actually seeing all the insights that come specifically from it.

The third and final part is often around the business getting to a level of maturity, in that they're starting to use these types of artifacts and then are looking for different ways that they can now mix and assemble. That’s normally a sign of a mature organization and the business-architecture practice.

They have the building blocks. They've seen the value or the types of insights that they can provide. Are there different ways that I can string together my capabilities to achieve different outcomes? Maybe I have got different critical success factors that I am looking to achieve. Maybe there are new shift or new pressures coming in from the environment.

How can I assemble the underlying structures of my organization to better cope with it? That’s the third phase that we take customers through, once they get to that level of maturity.

Evans: I agree with Craig on the point that, if you show the business what can actually be delivered such as views on a page that elicit the right types of discussions and that demonstrate the issues, when they see what they're going to get delivered, typically the eyes light up and they say, "I want one of those things."

The thing with architecture that I have noticed over the years is that architecture is done by a lot of very intelligent people, who have great insights and great understanding, but it's not just enough to know the answer. You have to know how to engage somebody with the material. So when the architecture content that’s coming through is engaging, clear, understandable, and can be consumed by a variety of stakeholders, they go, "That’s what I want. I want one of those."

So my advice to somebody who is going down this path is that if they want to get support and sponsorship for this sort of thing, make sure they get some good examples of what gets delivered when it's done well, as that’s a great way to actually get people behind it.

Listen to thepodcast. Find it on iTunes. Read a full transcript or download a copy.

By: David Norfolk, Practice Leader - Development, Bloor Research Posted: 4th April 2013 Copyright Bloor Research © 2013

Now that I'm taking a new interest in social collaboration, I'm getting a little concerned about people implementing social collaboration technology and then looking for a collaboration issue to use it on (as Lucy Wimmer, Head of Global Corporate Communications at Huddle points out: "It's this idea of the technology becoming bigger than the project that is often the issue with legacy systems such as SharePoint"). Or, worse, I'm concerned about managers possibly thinking that installing collaboration software will magically generate a collaborative organisation without any further effort. Surely, however, no IT group would ever install software as an end in itself and then go looking for a problem to fix with it? Well, in my opinion, there's optimism and then there's experience of life...

So, I've had a bit of an informal email discussion about what we see as the issues around social collaboration with Raheel Retiwalla of Fuzed, one of the more interesting social collaboration solutions. Some of the things that he says have "kept us [at Fuzed] up at night wondering about the use of social within the enterprise, its impact, and about how a solution can help harness the power of social within the enterprise" make interesting reading.

He seems to feel that the use of Fuzed has to be largely transparent to existing desktop workers, so that barriers to its adoption are minimised: "our vision of a desktop app is about using actionable notifications that let the user contribute knowledge instantly without having to go to Fuzed...[this includes] integration with productivity tools like Outlook, Word, Excel and even Windows Explorer" so that desktop workers needn't leave their familiar 'productivity tools' environment. That sounds good, although I do have a nagging feeling that some of these productivity tools aren't really as productive as they are cracked up to be (I'm sure they are productive of documents and/or presentations; but I rather wonder about how productive they are of 'waste' too). Still, they are widely used, de-facto desktop standards; I just hope Open Office, say, is also supported. I also note that Raheel is thinking about the gamification of collaboration software - a successful computer game provides a more supportive user experience than most enterprise software can manage currently - but that's an idea worth an article of its own, I think.

Raheel claims that using the power of social to add context is Fuzed's USP "this is a very unique and innovative thinking we have in identifying other ways in which the value of social collaboration can be tapped. It's the idea that people in a community can contribute and connect related pieces of information together which is a powerful capability", he says. This supports use cases in market research, the development of central idea hubs (to support innovation) and knowledge transfer.

He also envisages a rather richer implementation of the App Store concept, "where customers can connect their existing applications so that key information is accessible and therefore easily shareable from within Fuzed". Information from these applications can be connected to other information - as the 'context' talked about in the previous paragraph. This sounds good but I feel that it needs further investigation - the devil may well be in the detail.

Raheel certainly does recognise the scalability issue. With people belonging to multiple communities and sharing information with any and every appropriate stakeholder, might not social collaboration software simply be a source of yet more information overload? "Our thoughts around this," he says, "include providing all controls to the user so that they control people, communities, content and topics that are relevant to them at that moment. This also includes a facility for pausing notifications and providing subscription-only views". Once again, this sounds good, but I'm not writing an InDetail research paper here and I'll have to look at what this actually means in practice, at some future time.

Fuzed does offer role-based security: "who can do what within a community, who can see what information is in a community and what they can do with that information". I must ask about audit trails and versioning too.

I am particularly interested in Raheel's thinking around feedback. In Bloor's context, social collaboration is ultimately about improving the business outcomes for the organisation, which implies monitoring of outcomes; feedback mechanisms; and process improvement. Fused has tools for assessments, surveys, forms and form reviews so that management can tap into a collective feedback capability which lets them monitor - and promote - the success of these communities. However, the effectiveness of this will come from innovative management vision as much as from the use of tools.

Raheel also reminded me of the licensing issue, which I must add to my evolving social collaboration checklist: "as far as I know," he says, "we are the only ones with what we call an active concurrent licensing model where customers pay us only for the maximum numbers of people that are actively using Fuzed at any given moment in time. We further define the term "using Fuzed" as people who are actively contributing knowledge or interacting with the application. For example, if you are only receiving notifications on your desktop or mobile and not actually interacting with those notifications you are not classified as an active concurrent user". Now, that is an interesting approach and merits further analysis. In particular, it gives Fuzed a real incentive for promoting the active use of its collaboration software; rather than for selling collaborative 'shelfware' (this latter is an established collaboration antipattern, it seems to me).

Finally, Raheel comments on Manageability and Marketing. Fuzed provides tools to enable community owners and technicians to control the collaboration system as appropriate. At first, this may seem rather foreign to the idea of collaboration; but light-touch controls will be needed. To take a couple of obvious examples, if social collaboration takes off as promised in a business, it (or the information it supports) will become critical to business success, which implies that business continuity assurance will be needed; and there are significant legal restrictions on the sharing of, say, personal data that would need to be enforced. Controls, versioning and audit trails will be particularly important for the deployment of social collaboration in government organisations, as well. Fuzed also provides analytics capabilities (which, I think, could be used to help to enable 'light touch' controls). According to Raheel: "we have taken analytics one step forward in the sense that we allow network owners to act on the insights gained from the analytics. We allow that by providing a full featured marketing function that lets network owners engage and target specific messages to their audience based on the analytics".

As I've implied already, this piece is no formal review of Fuzed. However, I think I have identified some useful issues that are important to the designers of Fuzed; and these will contribute to our analyses of social collaboration software - and its use cases - generally.

By: Shitali Malviya, Consultant, Sigma Infosolutions Posted: 2nd April 2013 Copyright Sigma Infosolutions © 2013

Introduction
As the internet and the World Wide Web got increasingly popular and powerful in the last 20 years, so did web applications. The landscape has evolved from simple CGI and scripting applications to powerful B2B and B2B applications, encompassing techniques such as Web 2.0, SaaS, cloud deployed applications and platforms such as mobile phones.

With this evolution also comes increasing risks posed by human and non-human actors to application users. Insecure software is already undermining the financial, healthcare, defense, energy, and other critical infrastructures of nations and businesses. The digital infrastructure has become increasingly complex and interconnected, resulting in increased difficulty of ensuring adequate application security.

Secure web applications, defined simply, means that the information exchange between authorized users and the system is handled with utmost care for security concerns. These concerns can be classified at high level in 3 categories:

1. Confidentiality:
   Ensure only system permitted authorized users interact and exchange data.
2. Integrity: 
   Ensure that data is not compromised by users not authorized to use data.
3. Availability:
   Ensure systems are available for use when authorized users need them.

Web Application Security Architecture
The best system architecture designs and detailed design documents contain security discussions in each and every feature, how the risks are going to be mitigated, and what was actually done during coding. Security architecture starts on the day the business requirements are modeled, and are never finished until the last copy of your application is decommissioned.

This article aims at how one can build a rapid web application using Grails rapid application framework on the Java platform. Before we get into how Grails helps in developing a secure web application, let us briefly look at the details of common risks to web application security.

Web Application Security Threats
As per Open Web Application Security Project (OWASP) information, there are 10 most important security threats for web applications. This 2010 list enumerates the following most important risk categories:

Injection
Injection attacks, such as SQL, OS, and LDAP injection, occur when untrusted data is sent to an application backend as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing unauthorized data.

Cross-site Scripting (XSS)
XSS flaws occur whenever an application takes untrusted data and sends it to a web browser without proper validation and escaping for threats such as JavaScript code. XSS allows attackers to execute scripts in the victim’s browser which can hijack user sessions, deface web sites, or redirect the user to malicious sites.

Broken Authentication and Session Management
Application functions related to authentication and session management are often not implemented correctly, allowing attackers to steal passwords, keys, session tokens, or exploit other implementation flaws to assume other users’ identities.

Insecure Direct Object References
A direct object reference occurs when a developer exposes a reference to an internal implementation object, such as a file, directory, or database key. Without an access control check or other protection, attackers can manipulate these references to access unauthorized data.

Cross-site Request Forgery (CSRF)
A CSRF attack forces a logged-on victim’s browser to send a forged HTTP request, including the victim’s session cookie and any other automatically included authentication information, to a vulnerable web application. This allows the attacker to force the victim’s browser to generate requests the vulnerable application thinks are legitimate requests from the victim.

Security Misconfiguration
Good security requires having a secure configuration defined and deployed for the application, frameworks, application server, web server, database server, and platform. All these settings should be defined, implemented, and maintained as many are not shipped with secure defaults. This includes keeping all software up to date, including all code libraries used by the application.

Insecure cryptographic storage
Many web applications do not properly protect user sensitive data, such as credit cards, user PINs and authentication credentials, with appropriate encryption or hashing. Attackers may steal or modify such weakly protected data to conduct identity theft, credit card fraud, or other crimes.

Failure to restrict secure URL access
Many web applications check URL access rights before rendering protected links and buttons. However, applications need to perform similar access control checks each time these pages are accessed, or attackers will be able to forge URLs to access these hidden pages anyway.

Insufficient Transport Layer Protection
Applications frequently fail to authenticate, encrypt, and protect the confidentiality and integrity of sensitive network traffic. When they do, they sometimes support weak algorithms, use expired or invalid security certificates, or do not use them correctly.

Invalid URL redirects and forwards
Web applications frequently redirect and forward users to other pages and websites, and use untrusted data to determine the destination pages. Without proper validation, attackers can redirect victims to phishing or malware sites, or use forwards to access unauthorized pages.

Grails Approach to Secure Application Development
As stated earlier in the first section, several non-trivial business web applications these days are developed using modern application frameworks designed for rapid application development using Agile methods and principles such as 'Do not repeat yourself' (DRY). These frameworks are available pretty much in all the widely used programming languages and platforms such as .NET, Java/JEE, PHP, Python, Ruby etc. Grails is one such platform designed for those principles using a modern approach to Model View Controller architecture.

Let us look at what Grails offer in securing and building a secure web application.

What does Grails framework provide out of the box?

Overview
Grails is no more or less secure than traditional web applications written using Java Servlets as controllers. However Java servlets (and hence Grails) are extremely secure and largely immune to common buffer overrun and malformed URL exploits due to the default security sandbox provisions of the JVM.

Web security problems typically occur due to developer naivety or mistakes, and there is a little Grails can do to avoid common mistakes and make writing secure applications easier to write.

Default Support
Grails has a few built in safety mechanisms by default for the OWASP top 10 risks listed above. The support gets better with the maturity of the Grails platform and as adoption grows each day.

Injection Risk

• All standard database access via GORM (Grails Object Relational Mapping) domain objects is automatically SQL escaped to prevent SQL injection attacks
• The default scaffolding HTML templates HTML all data fields when displayed.
• Grails link creating tags support such, g:link, g:form, g:createLink g:createLinkTo and others. All use appropriate escaping mechanisms to prevent code injection risk.
• Grails provides codecs to allow you to trivially escape data when rendered as HTML, JavaScript and URLs to prevent injection attacks here.
• Hibernate, which is the technology underlying GORM domain classes, automatically escapes data when committing to database so this is not an issue. However it is still possible to write bad dynamic HQL code that uses unchecked request parameters.

Authentication Risk
Currently Grails does not supply any implementation for this. There are multiple security plugins, including Spring Security, Shiro, and Authentication, and if your needs are very simple you can guard your application with Grails filters.

Cross-site Scripting Risk (XSS)
It is important that your application verifies as much as possible that incoming requests were originated from your application and not from another site. Ticketing and page flow systems can help. Grails has a plug in that supports Spring Web flow component for flow based web applications.

It is also important to ensure that all data values rendered into views are escaped correctly. For example when rendering to HTML or XHTML, one can use Grails controller API encodeAsHTML() on every object to ensure that people cannot maliciously inject JavaScript or other HTML into data or tags viewed by others. Grails supplies several Dynamic Encoding Methods for this purpose and if a particular output escaping format is not supported, it is easy to write your own using a custom codec.

As a practice, one must also avoid the use of request parameters or data fields for determining the next URL to redirect the user to. If you use a successURL parameter, for example, to determine where to redirect a user to after a successful login, attackers can imitate your login procedure using your own site, and then redirect the user back to their own site once logged in, potentially allowing JS code to then exploit the logged-in account on the site.

Insecure URL access risk
This is where bad data is supplied such that when it is later used to create a link in a page, clicking it will not cause the expected behaviour, and may redirect to another site or alter request parameters. A safe bet is to assume that every unprotected URL is publicly accessible one way or another to help think about securing the URL access. HTML/URL injection is easily handled with codecs already built in Grails.

Denial of service
Load balancers, proxy servers and other appliances are more likely to be useful here, but there are also issues relating to excessive queries for example where a link is created by an attacker to set max=1000000 so that a query could exceed the memory limits of the server or slow the system down. The solution here is to always sanitize request parameters before passing them to dynamic finders or other GORM query methods:

Guessable IDs
Many applications use the last part of the URL as an "id" of some object to retrieve from GORM or elsewhere. Especially in the case of GORM these are easily guessable as they are typically sequential integers. Therefore you must assert that the requesting user is authenticated and authorized to view the details before returning the response to the user.

Other risks and application specific risks
For other security risks explicitly not handled by Grails, one can use OWASP enterprise security API for Java to handle them. Grails, being a Java compatible language, can easily interoperate with this API. For further reference, please refer the link https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API

Summary
In this article, we have looked at the security aspects of web application, the typical risks a web application faces and high level overview of how a modern web development framework on the Java platform, GRAILS, helps you meet the goals of agile development without comprising web security.

By: Dana Gardner, Principal Analyst, Interarbor Solutions Posted: 26th March 2013 Copyright Interarbor Solutions © 2013

This BriefingsDirect IT leadership interview focuses on how Associated Surgeons and Physicians, LLC in Indiana went from zero to 100 percent virtualized infrastructure, and how many compliance and efficiency goals have been met and exceeded as a result.

In part one of a two-part sponsored interview series, we discuss how a mid-market health services provider rapidly adopted server and client virtualization, and how that quickly lead to the ability to move to mobile, bring your own device (BYOD), and ultimately advanced disaster recovery (DR) benefits.

Associated Surgeons and Physicians found the right prescription for allowing users to designate and benefit from their own device choices, while also gaining an ability to better manage sensitive data and to create a data-protection lifecycle approach.

Here to share his story on how they did it, we welcome, Ray Todich, Systems Administrator at Associated Surgeons and Physicians. The discussion is moderated by Dana Gardner, Principal Analyst at Interarbor Solutions . Disclosure: VMware is a sponsor of BriefingsDirect podcasts.]

Here are some excerpts:

Gardner: When I go to the physician’s office, I see how they've gotten so efficient at moving patients in and out, the scheduling is amazing. Every minute is accounted for. Downtime is just very detrimental and backs up everything. This critical notion of time management is so paramount.

Todich: Oh, it’s absolutely massive. If we have a snag somewhere, or even if our systems are running slow, then everything else runs slow. The ability that virtualization gives us is the core or heart of the entire infrastructure of the business. Without an efficient heart, blood doesn’t move, and we have a bigger problem on our hands.

Gardner: So over the past 10 or 15 years, as you pointed out, technology has just become so much more important to how a health provider operates, how they communicate to the rest of the world in terms of supplies, as well as insurance companies and payers, and so forth. Tell me a little bit about Associated Surgeons and Physicians. How big is the organization, what do you do, how have they been growing?

Todich: Pretty rapidly. Associated Surgeons and Physicians is a group of multi-specialty physicians and practices in Northeast Indiana and Northwest Ohio.

It began at the practice level, and then it really expanded. We're up to, I think, 14 additional locations and/or practices that have joined. We're also using an electronic medical record (EMR) application, given to us by Greenway, and that’s a big one that comes in.

We're growing exponentially. It went from one or two satellite practices that needed to piggyback Greenway, to probably 13 or 14 of them, and this is only the beginning. With that type of growth rate, you have to concern yourself with the amount of money it costs to serve everybody. If you have one physical server that goes out, you affect hundreds of users and thousands of patients, doctors, and whatnot. It’s a big problem, and that’s where virtualization came in strong.

Gardner: How about this in terms of the size of the organization? How many seats are you accommodating in terms of client, and then what is it about an IT approach to an organization such as yours that also makes virtualization a good fit?

Todich: Right now, we have somewhere around 300 employees. As far as how many clients this overall organization has, it’s thousands. We have lots of people who utilize the organization. The reality is that the IT staff here is used in a minimalist approach, which is one thing that I saw as well when I was coming into this.

One or even two persons to manage that many servers can be a nightmare, and on top of that, you try to do your best to help all the users. If you have 300-plus people and their desktops, printers, and so forth, so the overall infrastructure can be pretty intimidating, when you don’t have a lot of people managing it.

Going virtual was a lifesaver. Everything is virtualized. You have a handful of physical ESX hosts that are managing anything, and everything is stored on centralized storage. It makes it considerably efficient as an IT administrator to utilize virtualization.

That’s actually how we went into the adoption of VMware View, because of 300-plus users, and 300-plus desktops. At that point, it can be very hairy. At times, you have to try and divine what the right answer is. You have this important scenario going on, and you have this one and another one, and how do you manage them all. It becomes easier, when you virtualize everything, because you can get to everything very easily and cover everyone’s desktops.

Gardner: What attracted you, at the beginning, to go to much higher total levels of server—and then client—virtualization?

Todich: When I first started here, the company was entirely physical. And as background, I came from a couple of companies that utilized virtualization at very high levels. So I'm very aware of the benefits, as far as administration, and the benefits of overall redundancy and activities—the software and hardware used to allow high performance, high availability, access to people’s data—and still allow security be put in place.

When I came in, it looked like something you might have seen maybe 15 years ago. There were a lot of older technologies in place. The company had a lot of external drives hanging off the servers for backups, and so on.

My first thing to implement was server virtualization, which at the time, was the vSphere 4.1 package. I explained to them what it meant to have centralized storage, what it meant to have ESX host, and how creating virtual machines (VMs) would benefit them considerably over having physical servers in the infrastructure.

I gave them an idea on how nice it is to have alternate redundancy configured correctly, which is very important. When hardware drops out, RAID configuration goes south, or the entire server goes out, you've just lost an entire application—or applications—which, in turn, gives downtime.

I helped them to see the benefits of going virtualized, and at that time, it was solely for the servers.

Gardner: How long did it take you to go from being 100 percent physical to where you are now, basically 100 percent virtual?

Todich: We've been going at it for about about a year-and-a-half. We had to build the infrastructure itself, but we had to migrate all our applications from physical to virtual(P2V). VMware does a wonderful job with its options for using P2V. It’s a time saver as well. For anybody who has to deal with the one that’s building the house itself, it can really be a help.

VMware, in itself, has the ability to reach out as far and wide as you want it to. It’s really up to the people who are building it. It was very rapid, and it’s so much quicker to build servers or desktops, once you get your infrastructure in place.

In the previous process of buying a server, in which you have to get it quoted out and make sure everything is good, do all the front-end sales stuff, and then you have to wait for the hardware to get here. Once it’s here, you have to make sure it’s all here, and then you have to put it altogether and configure everything, so forth. Any administrator out there who's done this understands exactly what that’s all about.

Then you have to configure and get it going, versus, "Oh, you need another server, here, right click, deploy from template," and within 10 minutes you have a new server. That, all by itself, is priceless.

Gardner: And you have a double whammy here, because you're a mid-market size company and don’t have a large, diversified IT staff to draw on. At the same time, you have branch offices and satellites, so you're distributed. To have people physically go to these places is just not practical. What is it about the distributed nature of your company that also makes virtualization and View 5.1 a good approach for a lean IT organization?

Todich: It helped us quite a bit, first and foremost, with the ability to give somebody a desktop, even if they were not physically connected to our network. That takes place a lot here.We have a lot of physicians who may be working inside of another hospital at the time.

Instead of them creating a VPN connection back into our organization, VMware View gave them the ability to have a client on their desktop, whether it be a PC, a MacBook, an iPod, an iPad, or whatever they have, even a phone, if they really want to go that route. They can connect anywhere, at anytime, as long as they have an Internet connection and they have the View client. So that was huge, absolutely huge.

They also have the ability to use PC-over-IP, versus RDP, That’s very big for us as well. It keeps the efficiency and the speed of the machines moving. If you're in somebody else’s hospital, you're bound to whatever network you are attached to there, so it really helps and it doesn’t bother their stuff as much. All you're doing is borrowing their Internet and not anything else.

Gardner: Tell me a bit more about your footprint. We've spoken about vSphere 4.1 and adopting along the path of 5.1. You even mentioned View. What else are you running there to support this impressive capabilities set?

Todich: We moved from vSphere 4.1 to 5.1, and going to VMware View. We use 5.1 there as well. We decided to utilize the networking and security vCloud Networking package, which at the time was a package called vShield. When we bought it, everything changed, nomenclature wise, and some of the products were dispersed, which actually was more to our benefit. We're very excited about that.

As far as our VDI deployment, that gave us the ability to use vShield Endpoint, which takes your anti-virus and offloads it somewhere else on the network, so that your hosts are not burdened with virus scans and updates. That’s a huge gain.

The word huge doesn’t even represent how everybody feels about that going away. It's not going away physically, just going away to another workhorse on the network so that the physicians, medical assistants (MAs), and everybody else isn’t burdened with, "Oh, look, it's updating," or "Look, it's scanning something." It's very efficient.

Gardner: You mentioned the networking part of this, which is crucial when you're going across boundaries and looking for those efficiencies. Tell me a bit more about how the vCloud networking and security issues have been impacted.

Todich: That was another big one for us. Along with the networking and security package comes a portion of the package called the vShield Edge, which will ultimately give us the ability to create our own DMZ the way that we want to create it, something that we don’t have at this time. This is very important to us.

Utilizing the vShield Edge package was fantastic, and yet another layer of security as well. Not only do we have our physical hardware, our guardians at the gate, but we also have another layer, and the way that it works, wrapping itself around each individual ESX host, is absolutely beautiful. You manage it just like you manage firewalls. So it’s very, very important.

Plus, some of the tools that we were going to utilize we felt most comfortable in, as far as security servers for the VDI package, that you want them sitting in a DMZ. So, all around, it really gave us quite a bit to work with, which we're very thankful for.

Gardner: One of the things, of course, that’s key in your field is compliance and there's a lot going on with things like HIPAA, documents, and making sure the electronic capabilities are there for payers and provided. Tell me a bit about compliance and what you've been able to achieve with these advancements in IT?

Todich: With compliance, we've really been able to up our security, which channels straight into HIPAA. Obviously, HIPAA is very concerned with people’s data and keeping it private. So it’s a lot easier to manage all our security in one location.

With VDI, it's been able to do the same. If we need to make any adjustments security wise, it’s simply changing a golden image for our virtual desktop and then resetting everybody's desktops. It’s absolutely beautiful, and the physicians are very excited about it. They seem to really get a hold of what we have done with the ability that we have now, versus the ability we had two years ago. It does wonders.

Upgrading to a virtual infrastructure has helped us considerably in maintaining and increasing meaningful use expectations, with the ability to be virtual and have the redundancy that gives, along with the fact that VMs seem to run a lot more efficiently virtually. We have better ways to collect data, a lot more uptime, and a lot more efficiency, so we can collect more data from our customers.

The more people come through, the more data is collected, the more uptime is there, the more there are no problems, which in turn has considerably helped meeting and exceeding the expectations of what's expected with meaningful use, which was a big deal.

Gardner: I've heard that term "meaningful use" elsewhere. What does that really mean? Is that just the designation that some regulatory organization has, or is that more of a stock-in-trade description?

Todich: My understanding of it, as an IT administrator, is basically the proper collection of people's data and keeping it safe. I know that it has a lot in with our EMR application, and what is collected when our customers interact with us.

Gardner: Are there any milestones or achievements you've been able to make in terms of this adoption, such as behaviors, and then the protection of the documents and privacy data that has perhaps moved you into a different category and allows you to move forward on some of these regulatory designations?

Todich: It's given us the ability to centralize all our data. You have one location, when it comes to backing up and restoring, versus a bunch of individual physical servers. So data retention and protection has really increased quite a bit as far as that goes.

Gardner: How about DR?

Todich: With DR, I think there are a lot of businesses out there that hear that and don’t necessarily take it that seriously, until disaster hits. It’s probably the same thing with people and tornadoes. When they're not really around, you don’t really care. When all of a sudden, a tornado is on top of your house, I bet you care then.

VMware gives you the ability to do DR on a variety of different levels, whether it’s snapshotting, or using Site Recovery Manager, if you have a second data center location. It’s just endless.

One of the most important topics that can be covered in an IT solution is about our data. What happens if it stops or what happens if we lose it? What can we do to get it back, and how fast, because once data stops flowing, money stops flowing as well, and nobody wants that.

It’s important, especially if you're recording people’s private health information. If you lose certain data that’s very important, it’s very damaging across the board. So to be able to retain our data safely is of the highest concern, and VMware allows us to do that.

Also, it’s nice to have the ability to do snapshotting as well. Speaking of servers and whatnot, I'll have to lay it on that one, because in IT, everybody knows that software upgrades come. Sometimes, software upgrades don’t go the way that they're supposed to, whether it’s an EMR application, a time-saving application, or ultrasounds.

If you take a snapshot before the upgrade and run your upgrade on that snapshot, if everything goes great and everybody is satisfied. You can just merge the snapshot with the primary image and you are good to go.

If it doesn’t work out in your favor, you have the ability to delete that snapshot and you're back to where you started from before the migration, which was hopefully a functioning state.

Gardner: Let’s look to the future a bit. It sounds as if with these capabilities and the way that you've been describing DR benefits, you can start to pick and choose data center locations, maybe even thinking about software-defined networking and data center. That then allows you to pick and choose a cloud provider or a hosting model. So are you thinking about being able to pick up and virtually move your entire infrastructure, based on what makes sense to your company over the next say 5 or 10 years?

Todich: That’s exactly right, and the way this is growing, something that's been surfacing a lot in our neck of the woods is the ability to do hosting and provide cloud-based solutions, and VMware is our primary site on that as well.

But, if need be, if we had to migrate our data center from one state to another, we'll have the option to do that, which is very important, and it helps with uptime as well. Stuff happens. I mean, you can be at a data center physically and something happens to a generator that has all the power. All of a sudden, everybody is feeling the pain.

So with the ability to have the Site Recovery, it’s priceless, because it just goes to location B and everybody is still up. You may see a blip or you may not, and nothing is lost. That leaves everybody to deal with the data center issue and everything is still up and going, which is very nice.

Gardner: I imagine too, Ray, that it works both ways. On one hand, you have a burgeoning ecosystem of cloud and hosting, of providers and options, that you can pursue, do your cost benefit analysis, think about the right path, and create redundancy.

At the same time, you probably have physicians or individual, smaller physician practices, that might look to you and say, "Those guys are doing their IT really well. Why don’t we just subscribe to their services or piggyback on their infrastructure?" Do you have any thoughts about becoming, in a sense, an IT services provider within the healthcare field? It expands your role and even increases your efficiency and revenues.

Todich: Yes, our sights are there. As a matter of fact, our heads are being turned in that direction without even trying to, because a lot of people are doing that. It’s a lot easier for smaller practices, instead of buying all the infrastructure and putting it all in place to get everything up, and then maintaining it, we will house it for you. We'll do that.

Listen to the podcast. Find it on iTunes. Read a full transcript or download a copy.

By: Dana Gardner, Principal Analyst, Interarbor Solutions Posted: 25th March 2013 Copyright Interarbor Solutions © 2013

OwnCloud, Inc. recently released the latest version of the ownCloud Community Edition with a number of usability, performance, and integration enhancements.

Based on an open-source project of the same name, the ownCloud file sync and share software, deployed on-premise, not only offers users greater control, but allows organizations to integrate existing security, storage, monitoring and reporting tools, while still taking advantage of the software’s simplicity and flexibility.

File sync and share services like Dropbox, Google Docs, and Box Inc. have revolutionized the way users share information. These cloud-based services make it easy to share files with clean interfaces and seemingly endless amounts of storage. However, not everyone wants to turn over their information to a service provider—for those who prefer to control how and where their data is stored there’s ownCloud. 

OwnCloud comes in a free, community edition, and the company will launch a commercially supported enterprise edition of the software in the second quarter. That version will target enterprise IT departments in need of on-premise file sync and share for sensitive corporate data. The company estimates it has more than 750,000 users worldwide today.

In the latest offering, the user interface has been streamlined, so that the main web navigation panel is now clearly differentiated from in-app navigations, says Markus Rex, CEO of ownCloud. And the way in which the software’s settings are laid out have been revamped, making it easier to distinguish personal settings from app-specific settings, he says.

“We’ve completely revamped the design with a much simplified interface so you can differentiate the navigation elements and focus on what you want to work with, instead of distracting from that,” says Rex.

New features
This version of ownCloud also features a Deleted Files app that lets users restore accidentally deleted files and folders, and improved app management, so that third-party apps can be easily installed from the central apps repository and automatically removed from the server, if disabled. Also included is a new search engine that lets users find files stored by both name and by content, thanks to the Lucene-based full text search engine app, and a new antivirus feature, courtesy of Clam AV, scans uploaded files for malware. This release also includes improved contacts, calendar and bookmarks, says Rex.

Performance benefits in this release come from improved file cache and faster syncing of the desktop client, according to company officials. Externally mounted file systems such as Google Drive, Dropbox, FTP and others can be scanned on-demand and in the background to increase performance. And hybrid clouds can be created by mixing and matching storage, thanks to file system abstraction that offers more flexibility and greater performance.

“You can get to the data in all of your data silos from one spot on a mobile client or desktop client, so you can get to files you might not be able to access otherwise from those devices,” says Rex.

This release features improved integration with LDAP and Active Directory and an enhanced external storage app to boost performance of integrated secondary storage including Dropbox, Swift, FTP, Google Docs, Amazon S3, WebDAV and external ownCloud servers.

(BriefingsDirect contributor Cara Garretson provided editorial assistance and research on this post. She can be reached on LinkedIn.)

This page has been translated into Spanish language by Maria Ramos from Webhostinghub.com

By: David Norfolk, Practice Leader - Development, Bloor Research Posted: 21st March 2013 Copyright Bloor Research © 2013

[{page:Service virtualisation:Service virtualisation}] is usually thought of as simply a testing tool. It lets you simulate services (either internal such as SAP, or external such as Salesforce, or even services not yet developed) you need in order to test developing systems without the logistics problem of finding an expert to run the system for you - and without the cost of the licences and infrastructure needed for the real thing.

However, at a breakfast meeting run by CA Technologies and SQS, Burt Klein (a CA Technologies Evangelist for service virtualisation) reminded me that service virtualisation can be rather more than this. It can actually change the whole development process (and culture), around automating the business, for the better:

• It doesn't just let you run tests that were hard to set up before and expensive; it encourages early testing because you can now overlap testing across teams (each team gets its own virtual service and data scenarios to test against, which can't be impacted by what other teams are doing).
• Virtualised services can be set up and operated by code - scripts - which takes a manual component out of the testing and delivery process. This facilitates agile development and deployment and helps to remove barriers between developers and operations staff - it facilitates [{page:DevOps}].
• It helps take software delivery to the maturity of an engineering process. Cars these days don't arrive with several km on the clock after a pre-delivery test drive; the components are built and tested and if the components deliver the expected outcomes, they just fit together and work, With service virtualisation, software component interfaces have been verified as they were built, minimising the need for, and possible impact of, 'end of development' integration and performance testing.
• With service virtualisation, the development environment looks more like the real production environment - thus helping developers to take ownership of business outcomes instead of just supplying coded components. This could be a significant, and desirable, change to development culture.

Of course, the devil is in the detail and I suspect that an organisation needs a certain level of maturity (and to invest in training and 'change mentors') in order to get the most out of service virtualisation. However, the value that people like Klein claim it delivers, from delivery process improvement overall, goes far beyond what you'd get just from making testing a bit easier. Service virtualisation helps you build quality into your automated business systems earlier, as they are being built, when addressing any quality issues is cheaper.

If you want to assess the credibility of this statement, there's a book from CA Press by John Michelsen and Jason English called "Service Virtualisation: reality is overrated" (ISBN 978-1-4302-4671-8) and a community-oriented website. I'm a little cynical about vendor evangelists myself - in the past, I've met plenty of "technology evangelists" in white suits, straight out of college, with their employer's technology hard-wired into their brain - but Klein isn't so young and has paid some dues; and the service virtualisation book is readable (not as turgid as most textbooks) - and I couldn't find any mention of the CA LISA service virtualisation product in its index.

There have to be some issues around service virtualisation: for a start, you had better make sure you can continuously validate the accuracy of your service simulations cheaply and easily (which probably implies both a disciplined development/IT environment and the choice of the right tools); and its adoption implies the management of significant cultural change (which needs to be resourced and managed). Nevertheless, I think that any organisation should be looking at it today, now that the technology has matured a bit; and not simply from a testing point of view.

For instance, service virtualisation can be used to simulate the business environment for training, reducing the cost of training (no licences needed and less hardware) and allowing trainers more control over what trainees have to deal with. As I said, service virtualisation can be more than just a testing tool.

By: Dana Gardner, Principal Analyst, Interarbor Solutions Posted: 20th March 2013 Copyright Interarbor Solutions © 2013

Welcome to the latest edition of the HP Discover Performance Podcast Series. Our next discussion examines how Achmea Holding, one of the largest providers of financial services and insurance in the Netherlands, has made large strides in running their IT operations like an efficient business itself.

We'll hear how Achmea re-architected its IT operations to both be more responsive to users and more manageable by the business, all based on clear metrics.

Here to explore these and other enterprise IT performance issues, we're joined by our co-host for this sponsored podcast, Georg Bock, Director of the Customer Success Group at HP Software, and he's based in Germany.

And we also welcome our special guest, Richard Aarnink, leader in the IT Management Domain at Achmea in the Netherlands, to explain how they've succeeded in making IT better governed and agile—even to attain "enterprise resource planning (ERP) for IT" benefits.

The discussion is moderated by Dana Gardner, Principal Analyst at Interarbor Solutions. [Disclosure: HP is a sponsor of BriefingsDirect podcasts.]

Here are some excerpts:

Gardner: Why is running IT more like a business important? Why does this make sense now?

Aarnink: Over the last year, whenever a customer asked us questions, we delivered what he asked. We came to the conclusion that delivery of every request that we got was an intensive process for which we created projects.

It was very difficult to make sure that it was not a one-time hero effect, but that we could deliver to the customer what he asked every time, on scope, on specs, on budget, and on time. We looked at it and said, "Well, it is actually like running a normal business, and therefore why should we be different? We should be predictive as well."

Gardner: Georg Bock, is this something you are seeing more and more of in the field?

Bock: Yes, we definitely see this as a trend in the market, specifically with the customers that are a little more mature in their top-down strategic thinking. Let’s face it, running IT like a business is an end-to-end process that requires quite a bit of change across the organization—not only technology, but also process and organization. Everyone has to work hand in hand to be, at the end of the day, predictable and repeatable in what they're doing, as Richard just explained.

That’s a huge change for most organizations. However, when it’s being done and when it has lived in the organization, there's a huge payback. It is not an easy thing to undertake but it’s inevitable, specifically when we look at the new trends around cloud multi-sourcing, mobility, etc., which brings new complexity to IT.

You'd better have your bread and butter business under control before moving into those areas. That’s why also the timing right now is very important and top of people’s minds.

Gardner: Tell us a bit about Achmea, the size of your organization, and why IT is so fundamentally important to you.

Aarnink: Achmea is a large insurance provider in the Netherlands. We have around eight million customers in the Netherlands with 17,000 employees. We're a very old and cooperative organization, and we have had lots and lots of mergers and acquisitions in the last 20 years. So we had various sets of IT departments from all the other companies that we centralized over the past years.

If you look at insurance, it's actually having the trust that whenever something happens to a customer, he can rely on the insurer to help him out, and usually this means providing money. IT is necessary to ensure that we can deliver on those promises that we made to our customers. So it’s a tangible service that we deliver, it’s more like money, and it’s all about IT.

Of the 17,000 employees that we have in the Netherlands, about 1,800–2,000 employees work in the centralized IT department. Over the last year, we changed our target operating model to centralize the technologies in competence centers, as we call them, in the department that we call Solution Development.

We created a new department, IT Operations, and we created business-relationship departments that were merged with the business units that were asking or demanding functionality from our IT department. We changed our entire operating model to cope with that, but we still have a lot of homegrown applications that we have to deliver on a daily basis.

Changing the department and the organizational structure is one thing, and now we need to change the content and the applications we deliver.

Gardner: How has all this allowed you to better manage all the aspects of IT, and make it align with the business?

Aarnink: To answer that question I need to elaborate a little bit on the strategy and governance department, which is actually within the IT department. What we centralized there were project portfolio and project steering, and also the architectural capabilities.

We make sure that whatever solution we deliver is architectured from a single model that we manage centrally. That's a real benefit that we gained in centralizing this and making sure that we can—from both the architecture and project perspectives—govern the projects that we're going to deliver to our business units.

Bock: Achmea is a leader in that, and the structure that Richard described is inevitable to be successful. ERP for IT, or running IT as a business, the fundamental IT processes, is all about standardization, repeatability, and predictability, especially in situations where you have mergers and acquisitions. It’s always a disruption if you have to bring different IT departments together. If you have a standard that’s easy to replicate, that’s a no-brainer and winner from a business bottom-line perspective.

In order to achieve that, you have to have a team that has a horizontal unit and can drive the standardization of the company. Richard and Achmea are not alone in that. Richard and I have quite a number of discussions with other companies from other industries, and we very much see that everyone has the same problem and, given those horizontal teams, primary enterprise architecture, chief technology officer (CTO) office, or whatever you like to call those departments, is definitely a trend in the industry and for those mature customers that want to take that perspective and drive it forward that way.

But as I said, it’s all about standardization. It’s not rocket science from an intellectual perspective, but we have to cut through the political difficulties of driving the adoptions across the different organizations in the company.

Gardner: What sort of problems or issues did you need to resolve as you worked to change things for the better?

Aarnink: We looked at the entire scope of implementing ERP for IT and first we looked at the IT projects and the portfolio. We looked at that and found out that we still had several departments running their own solutions in managing IT projects and also budgets. In the past, we had a mechanism of only controlling the budget for the different business units, but no centralized view on the IT portfolio, as a whole, for Achmea.

We started in that area, looking at one system of record for IT projects and portfolio management, so we could steer what we wanted to develop and what we wanted to sunset.

Next, we looked at application portfolio management and tried to look at the set of applications that we want to currently use and want to use in the future and the set of applications that we want to sunset in the next year and how that related to the IT project. So that was one big step that we made in the last two years. There's still a lot of work to be done in that area, but it is a big topic.

The second big topic was looking at service management. Due to all the mergers, we still had lots of variations on IT process. Incident management was covered in a whole different way, when you looked at several departments from the past.

We adopted service desks to cater to all those kind of deviations from the standard ITIL process. We looked at that and said that we had to centralize again and we had to make sure that we become more prescriptive in how these process will look and how we make sure that it's standardized.

That was the second area that we looked at. The third area was more on the application quality. How could we make sure that we got a better first-time-right score in delivering IT projects? How could we make sure that there is one system of record for requirements and one system of record for test results and defects. That’s three areas that we invested in in the first phase.

Gardner: What have you have seen in the market that leads you to believe that ERP for IT is not a vision, but is, in fact, happening, and that we're starting to see tangible benefits?

Bock: Richard very much nicely described real, practical results, rather than coming up with a dogmatic, philosophical process in the first place. I think it’s all about practical results and practical results need to be predictable and repeatable, otherwise it’s always the one-time hero effort that Richard brought up in the beginning, and that’s not scalable at all.

At some point you need process, but you shouldn’t try that dogmatically. I also hear about the Agile versus the waterfall, whatever is applicable to the problem is the right thing to do. Does that rule out process? No, not at all. You have to live the process in a little different way.

Everyone has to get away from their dogmatic position and look at it in a little more relaxed way. We shouldn’t take our thoughts too seriously, but when we drive ERP for IT to apply some standard ways of doing things, we just make our life easier. It has nothing to do with esoteric vision, but it's something that is very achievable. It’s about getting a couple of people to agree on practical ways of getting it done.

Then, we can draw the technological consequences from it, rather than the other way around. That's been the problem in IT from my perspective for years. Technology always came first and now we look for the nail that you can use that hammer for. That’s not the right thing to do.

From my perspective, standardization is simply a necessary conclusion from some of the trial-and-error mistakes that have been made over the last 10–15 years, where people tried to customize the hell out of everything just to be in line with the specificity of how things are being done in their particular company. But nobody asked why it was that way.

Aarnink: I completely agree. We had several discussions about how the incident process is being carried out, and it’s the same in every other company as well. Of course there are slight differences, but the fact is that an incident needs to be so resolved, and that’s the same within every company.

You can easily create a best practice for that, adopt it within your own company, and unburden yourself from thinking about how you should go for this process, reinvent it, creating your own tool sets, interfaces with external companies. That can all be centralized, it can all be standardized.

It’s not our business to create our own IT tools. It’s the business of delivering policy management systems for our core industry, which is insurance. We don’t want all the IT that we need in order to just to keep the IT running. We want that standardized, so we can concentrate on delivering business value.

Gardner: Now that we've been calling this ERP for IT, I think it’s important to look back on where ERP as a concept came from and the fact that getting more data, more insight, repeatability, analyzing processes, determining best processes and methods and then instantiating them, is at the core of ERP. But when we try to do that with IT, how do we measure, what is the data, and what do we analyze?

Richard, at Achmea, are you looking at key performance indicators (KPIs) and are you using project portfolio management maturity models? How is it that you're measuring this so that you can, in fact, do what ERP does best; make it repeatable, make it standardized?

Aarnink: If you look from the budget perspective, we look at the budgets, the timeframes, and the scope of what we need to deliver and whether we deliver on time, on budget, and on specs, as I already said. So those are basically the KPIs that we're looking for when we deliver projects.

But also, if you look at the processes involved when you deliver a project, then you talk about requirements management. How quickly can you create a set of requirements and what is the reuse of requirements from the past. Those are the KPIs we're looking for in the specific processes when you deliver an IT project.

So the IT project is a vehicle helping you deliver the value that you need, and the processes underneath that actually do the work for you. At that level we try to standardize and we try to make KPIs in order to make sure that we use as much as possible, that we deliver quality, and we have the resources in place that we actually need to deliver those functionalities.

You need to look at small steps that can be taken in a couple of months’ time. So draw up a roadmap and enable yourself to deliver value every, let’s say 100 days. Make sure that every time you deliver functionality that’s actually used, and you can look at your roadmap and adjust it, so you enable yourself to be agile in that way as well.

The biggest thing that you need to do is take small steps. The other thing is to look at your maturity. We did a CMMi test review. We didn't do the entire CMMi accreditation, but only looked at the areas that we needed to invest in.

We looked at where we had standardized already and the areas that we needed to look at first. That can help you prioritize. Then, of course, look at companies in your network that actually did some steps in this and make sure that you get advice from them as well.

Bock: I absolutely agree with what Richard said. If we're looking for some recipe for successes, you have to have a good balance of strategic goals and tactical steps towards that strategic goal. Those tactical steps need to have a clear measure and a clear success criteria associated with them. Then you're on a good track

I just want to come back to the notion of ERP for IT that you alluded to earlier, because that term can actually hurt the discussion quite a bit. If you think about ERP 20 years ago, it was a big animal. And we shouldn’t look at IT nowadays in the same manner as ERP was looked at 20 years ago. We don’t want to reinvent a big animal right now, but we have to have a strategic goal where we look at IT from an end-to-end perspective, and that’s the analogy that we want to draw.

ERP is something that has always been looked as an end-to-end process, and having a clear, common context associated from an end-to-end perspective, which is not the case in IT today. We should learn from those analogies that we shouldn’t try to implement ERP literally for IT, because that would take the whole thing in one step, where as Richard just said very nicely, you have to take it in digestible pieces, because we have to deal with a lot of technology there. You can't take that in one shot.

Listen to the podcast. Find it on iTunes. Read a full transcript or download a copy.

By: Dana Gardner, Principal Analyst, Interarbor Solutions Posted: 19th March 2013 Copyright Interarbor Solutions © 2013

Avaya today announced a set of Collaborative Cloud offerings designed to make it easier for more types of organizations to deploy unified communications (UC), contact center (CC) and video conferencing—all as on-demand services.

The adoption of UC and CC as a service (UCaaS and CCaaS) brings utility-based pricing to cloud-service providers (CSPs) so they can offer varied and flexible packages to many types of clients. This creates new revenue streams for CSPs by allowing them to deliver app integrations, mobile collaboration and multichannel customer service for their customers. And it allows buyers to only pay for the IP-based communications services they want and need.

This makes the burgeoning bring you own device (BYOD) trend easier for enterprises to manage because they can off-load more of the complexities of mobile and BYOD environments to their cloud and service providers, said Bruce MacVarish, Director of Cloud Solutions at Avaya. The offerings enable CSPs to evolve and augment enterprise communications with cloud-based solutions, as well as provide greater interoperability across vendors, domains and protocols, he said.

Santa Clara-based Avaya is carving out four delivery and distribution models for UCaaS and CCaaS: private cloud/on-premises stacks, managed services for service providers, hosted multi-tenancy services for channel players, and a full software-as-a-service (SaaS) cloud capability powered by Avaya focused on the mid-market and smaller organization users.

The video services are more geared toward synchronous video interactions, and not hosted, asynchronous video serving, although Avaya offers both. Think of it as video conferencing as a service on demand, integrating into more mobile devices and therefore business processes.

Avaya's move, like with many evolving cloud models, forms a transition from CapEx to OpEx, utility-based pricing and consumption. It also offers ease and speed in adoption, and a single point of integration for value-added SPs and developers.

I expect to see more SaaS business apps providers and cloud-savvy enterprises integrate Avaya's and other UC services into their web, mobile and cloud offerings. These would include such benefits as click-to-call, customer support interception points, and embedded video conferencing brought directly into more business apps, services and processes.

Hybrid deployments
It will be curious to see how the hybrid deployments of UCaaS and CCaaS are assimilated into other business cloud services as the market matures. Will enterprises and SPs alike seek to embed more UC functions, while themselves controlling the UC stack? Or will communications, like many other business services, be something they expect in any cloud stack? Or what combo of hosting will they prefer in which apps?

A lot of the noise around hybrid cloud fails to take the communications feature and their integration into account. Same for big data: Shouldn't all the unstructured data in communications be part of any analytics mix? How to manage that?

Avaya is now in a controlled release of the solutions, and expects general availability in three to six months, said MacVarish.

Earlier this month, Avaya announced new security enhancements for enterprise collaboration.

In more detail, the new and expanded Avaya offerings for CSPs are:

• Avaya Cloud Enablement for Unified Communications and Customer Experience Management. Based on Avaya Aura, it allows flexible, utility-based, OpEx pricing for CSPs so they pay on actual customer usage. Avaya Control Manager enables centrally managed multi-tenancy.
• Avaya Cloud Enablement for Video provides CSPs with a scalable platform and multi-tenancy that delivers interoperable, multi-vendor mobile video collaboration. Enhancements to the Elite Series MCUs, Scopia Mobile and Scopia Desktop extend BYOD videoconferencing across most endpoints.
• Avaya Communications Outsourcing Solutions (COS) Express, a private cloud offering for up to 500-seat contact centers, can be hosted by Avaya, a CSP or channel partners—either as Avaya or co-branded services.

Avaya Collaborative Cloud solutions also include Avaya Collaboration Pods, a portfolio of cloud-ready, turnkey solutions designed to simplify installation and operations of real-time applications; and the AvayaLive suite of public-cloud based communications and collaboration services.

By: Dana Gardner, Principal Analyst, Interarbor Solutions Posted: 8th March 2013 Copyright Interarbor Solutions © 2013

As IT aligns itself with business goals, Agile software development is increasingly enabling developers to better create applications that meet user needs quickly. And, now, the advent of increased mobile apps development is further accelerating the power of Agile methods.

Thought it’s been around for decades, Agile’s tenets of collaboration, incremental development, speed, and flexibility resonate with IT leaders who want developers to focus on working with users to develop the applications. This method stands in contrast to the more rigid and traditional process of collecting user requirements, taking months to create a complete application, and delivering the application to users with the hopes that it fits the bill and that requirements haven’t changed during the process.

In fact, in today’s world, where business leaders can shop for the technology they need with any cloud or software-as-a-service (SaaS) provider they choose, IT must ensure enterprise applications are built collaboratively to meet needs, or lose out to the competition.

“In many cases today, the business has alternatives, thanks to cloud—all the services they could need are available with a credit card,” says Raziel Tabib, Senior Product Manager of Application Lifecycle Management with HP Software . “IT has to work to be the preferred solution. If the IT department wants to maintain its position, it has to make the best tools to meet business needs. Developers have to get engaged with end users to ensure they are meeting those needs.” [Disclosure: HP is a sponsor of BriefingsDirect podcasts.]

HP Software recently released HP Agile Manager, a SaaS-based solution for planning and executing agile projects. And the division itself has embraced some of the principles of agile that have, for example, helped it to move from an 18-month release cycle to come up with product releases and refreshes every month, says Tabib.

Pick and choose
However, Agile is far from an all-or-nothing proposition, particularly for large organizations with developers distributed across the globe that may have a harder time adopting certain agile work styles, he warns.

“We’re not saying any organization can just look at the agile manifesto and start tomorrow with scrum meetings and everything will work well,” Tabib says. “We have engineers in Israel, Prague, and Vietnam. While some agile practices are easy to pick up, others are really difficult to adopt, when you’re talking about organizations at that scale.”

That’s okay, he adds—organizations should be encouraged to cherry pick the elements of agile that make sense to embrace, blend them with more traditional approaches to application development, and still reap benefits.

A report published in September of 2012 by Forrester Consulting on behalf of HP supports the idea that Agile is one of many disciplines that can be used to develop applications that meet users needs.

The report, entitled Agile Software Development and the Factors that Drive Success, surveyed 112 professionals regarding application development habits and success. It found that companies already successful in application development used Agile techniques to make them even better.

For example, respondents cited the Agile practice of limiting the amount of work in progress to reduce the impact of sudden business change meant that requirements didn’t grow stale while waiting for coding to begin—but that their overall success was based on more than just implementing agile.

And it found respondents at companies that weren’t as successful with application development reported using aspects of agile. The upshot of the survey was that simply adopting agile did not ensure success. “Agile software development is one tool in a vast toolbox,” reads the report. “But a fool with a tool is still a fool.”

I think Agile will get even more of a boost in value as developers move toward a 'mobile first' approach, which seems tightly coupled with fast, iterative apps improvement schedules.

One of the neat things about a mobile first orientation is that it forces long-overdue simplification and ease in use in apps. When new apps are designed for their mobile device deployment first, the dictates of the mobile constraints prevail.

Combine that with Agile, and the guiding principles of speed and keeping user requirements dominant help keep projects from derailing. Revisions and updates remain properly constrained. Mobile First discourages snowballing of big applications, instead encouraging releases of smaller, more manageable apps.

Mobile First design benefits combined with Agile methods can be well extended across SaaS, cloud, VDI, web, and even client-server applications.

(BriefingsDirect contributor Cara Garretson provided editorial assistance and research on this post. She can be reached on LinkedIn.)

By: Dana Gardner, Principal Analyst, Interarbor Solutions Posted: 4th March 2013 Copyright Interarbor Solutions © 2013

We recently assembled a panel of enterprise architecture (EA) experts to explain how such simultaneous and complex trends as big data, cloud computing, security, and overall IT transformation can be helped by the combined strengths of The Open Group Architecture Framework (TOGAF®) and the ArchiMate® modeling language.

The panel consisted of Chris Forde, General Manager for Asia-Pacific and Vice President of Enterprise Architecture at The Open Group; Iver Band, Vice Chair of The Open Group ArchiMate Forum and Enterprise Architect at The Standard, a diversified financial services company; Mike Walker, Senior Enterprise Architecture Adviser and Strategist at HP and former Director of Enterprise Architecture at Dell; Henry Franken, the Chairman of The Open Group ArchiMate Forum and Managing Director at BIZZdesign, and Dave Hornford, Chairman of the Architecture Forum at The Open Group and Managing Partner at Conexiam. I served as the moderator.

This special BriefingsDirect thought leadership interview series comes to you in conjunction with The Open Group Conference recently held in Newport Beach, California. The conference focused on "big data—the transformation we need to embrace today." [Disclosure: The Open Group and HP are sponsors of BriefingsDirect podcasts.]

Here are some excerpts:

Gardner: Is there something about the role of the enterprise architect that is shifting?

Walker: There is less of a focus on the traditional things we come to think of EA such as standards, governance and policies, but rather into emerging areas such as the soft skills, business architecture, and strategy.

To this end I see a lot in the realm of working directly with the executive chain to understand the key value drivers for the company and rationalize where they want to go with their business. So we're moving into a business-transformation role in this practice.

At the same time, we've got to be mindful of the disruptive external technology forces coming in as well. EA can’t just divorce from the other aspects of architecture as well. So the role that enterprise architects play becomes more and more important and elevated in the organization.

Two examples of this disruptive technology that are being focused on at the conference are big data and cloud computing. Both are providing impacts to our businesses, not because of some new business idea but because technology is available to enhance or provide new capabilities to our business. The EA’s still do have to understand these new technology innovations and determine how they will apply to the business.

We need to get really good enterprise architects—it’s difficult to find good ones. There is a shortage right now, especially given that a lot of focus is being put on the EA department to really deliver sound architectures.

Gardner: We've been talking a lot here about big data, but usually that's not just a standalone topic. It's big data and cloud, cloud, mobile and security.

So with these overlapping and complex relationships among multiple trends, why is EA and things like the TOGAF framework and the ArchiMate modeling language especially useful?

Band: One of the things that has been clear for a while now is that people outside of IT don't necessarily have to go through the technology function to avail themselves of these technologies any more. Whether they ever had to is really a question as well.

One of things that EA is doing, and especially in the practice that I work in, is using approaches like the ArchiMate modeling language to effect clear communication between the business, IT, partners and other stakeholders. That's what I do in my daily work, overseeing our major systems modernization efforts. I work with major partners, some of which are offshore.

I'm increasingly called upon to make sure that we have clear processes for making decisions and clear ways of visualizing the different choices in front of us. We can't always unilaterally dictate the choice, but we can make the conversation clearer by using frameworks like the TOGAF standard and the ArchiMate modeling language, which I use virtually every day in my work.

Hornford: The fundamental benefit of these tools is the organization realizing its capability and strategy. I just came from a session where a fellow quoted a Harvard study, which said that around a third of executives thought their company was good at executing on its strategy. He highlighted that this means that two-thirds are not good at executing on their strategy.

If you're not good at executing on your strategy and you've got big data, mobile, consumerization of IT and cloud, where are you going? What's the correct approach? How does this fit into what you were trying to accomplish as an enterprise?

An enterprise architect that is doing their job is bringing together the strategy, goals and objectives of the organization. Also, its capabilities with the techniques that are available, whether it's offshoring, onshoring, cloud, or big data, so that the organization is able to move forward to where it needs to be, as opposed to where it's going to randomly walk to.

Forde: One of the things that has come out in several of the presentations is this kind of capability-based planning, a technique in EA to get their arms around this thing from a business-driver perspective. Just to polish what Dave said a little bit, it's connecting all of those things. We see enterprises talking about a capability-based view of things on that basis.

Gardner: Let's get a quick update. The TOGAF framework, where are we and what have been the highlights from this particular event?

Hornford: In the last year, we've published a minor upgrade for TOGAF version 9.1 which was based upon cleaning up consistency in the language in the TOGAF documentation. What we're working on right now is a significant new release, the next release of the TOGAF standard, which is dividing the TOGAF documentation to make it more consumable, more consistent and more useful for someone.

Today, the TOGAF standard has guidance on how to do something mixed into the framework of what you should be doing. We're peeling those apart. So with that peeled apart, we won't have guidance that is tied to classic application architecture in a world of cloud.

What we find when we have done work with the Banking Industry Architecture Network (BIAN) for banking architecture, Sherwood Applied Business Security Architecture (SABSA) for security architecture, and the TeleManagement Forum, is that the concepts in the TOGAF framework work across industries and across trends. We need to move the guidance into a place so that we can be far nimbler on how to tie cloud with my current strategy, how to tie consumerization of IT with on-shoring?

Franken: The ArchiMate modeling language turned two last year, and the ArchiMate 1.0 standard is the language to model out the core of your EA. The ArchiMate 2.0 standard added two specifics to it to make it better aligned also to the process of EA.

According to the TOGAF standard, this is being able to model out the motivation, why you're doing EA, stakeholders and the goals that drive us. The second extension to the ArchiMate standard is being able to model out its planning and migration.

So with the core EA and these two extensions, together with the TOGAF standard process working, you have a good basis on getting EA to work in your organization.

Gardner: Mike, fill us in on some of your thoughts about the role of information architecture vis-à-vis the larger business architect and enterprise architect roles.

Walker: Information architecture is an interesting topic in that it hasn’t been getting a whole lot of attention until recently.

Information architecture is an aspect of enterprise architecture that enables an information strategy or business solution through the definition of the company's business information assets, their sources, structure, classification and associations that will prescribe the required application architecture and technical capabilities.

Information architecture is the bridge between the business architecture world and the application and technology architecture activities.

The reason I say that is because information architecture is a business-driven discipline that details the information strategy of the company. As we know, and from what we’ve heard at the conference keynotes like in the case of NASA, big data, and security presentations, the preservation and classification of that information is vital to understanding what your architecture should be.

From an industry perspective, this is one of the least matured, as far as being incorporated into a formal discipline. The TOGAF standard actually has a phase dedicated to it in data architecture. Again, there are still lots of opportunities to grow and incorporate additional methods, models and tools by the enterprise information management discipline.

Enterprise information management not only captures traditional topic areas like master data management (MDM), metadata and unstructured types of information architecture but also focuses on the information governance, and the architecture patterns and styles implemented in MDM, big data, etc. There is a great deal of opportunity there.

From the role of information architects, I’m seeing more and more traction in the industry as a whole. I've dealt with an entire group that’s focused on information architecture and building up an enterprise information management practice, so that we can take our top line business strategies and understand what architectures we need to put there.

This is a critical enabler for global companies, because oftentimes they're restricted by regulation, typically handled at a government or regional area. This means we have to understand that we build our architecture. So it's not about the application, but rather the data that it processes, moves, or transforms.

Gardner: Up until not too long ago, the conventional thinking was that applications generate data. Then you treat the data in some way so that it can be used, perhaps by other applications, but that the data was secondary to the application.

But there's some shift in that thinking now more toward the idea that the data is the application and that new applications are designed to actually expand on the data’s value and deliver it out, to mobile tiers perhaps. Does that follow in your thinking that the data is actually more prominent as a resource perhaps on par with applications?

Walker: You're spot on, Dana. Before the commoditization of these technologies that resided on premises, we could get away with starting at the application layer and work our way back because we had access to the source code or hardware behind our firewalls. We could throw servers out, and we used to put the firewalls in front of the data to solve the problem with infrastructure. So we didn’t have to treat information as a first-class citizen. Times have changed, though.

Information access and processing is now democratized and it’s being pushed as the first point of presentment. A lot of times this is on a mobile device and even then it’s not the corporate’s mobile device, but your personal device. So how do you handle that data?

It's the same way with cloud, and I’ll give you a great example of this. I was working as an adviser for a company, and they were looking at their cloud strategy. They had made a big bet on one of the big infrastructures and cloud-service providers. They looked first at what the features and functions that that cloud provider could provide, and not necessarily the information requirements. There were two major issues that they ran into, and that was essentially a showstopper. They had to pull off that infrastructure.

The first one was that in that specific cloud provider’s terms of service around intellectual property (IP) ownership. Essentially, that company was forced to cut off their IP rights.

As you know, IP is a big business these days, and so that was a showstopper. It actually broke the core regulatory laws around being able to discover information.

So focusing on the applications to make sure it meets your functional needs is important. However, we should take a step back and look at the information first and make sure that for the people in your organization who can’t say no, their requirements are satisfied.

Gardner: Data architecture is it different from EA and business architecture, or is it a subset? What’s the relationship, Dave?

Hornford: Data architecture is part of an EA. I won’t use the word subset, because a subset starts to imply that it is a distinct thing that you can look at on its own. You cannot look at your business architecture without understanding your information architecture. When you think about big data, cool. We've got this pile of data in the corner. Where did it come from? Can we use it? Do we actually have legitimate rights, as Mike highlighted, to use this information? Are we allowed to mix it and who mixes it?

When we look at how our business is optimized, they normally optimize around work product, what the organization is delivering. That’s very easy. You can see who consumes your work product. With information, you often have no idea who consumes your information. So now we have provenance, we have source and, as we move for global companies, we have the trends around consumerization, cloud and simply tightening cycle time.

Gardner: Of course, the end game for a lot of the practitioners here is to create that feedback loop of a lifecycle approach, rapid information injection and rapid analysis that could be applied. So what are some of the ways that these disciplines and tools can help foster that complete lifecycle?

Band: The disciplines and tools can facilitate the right conversations among different stakeholders. One of the things that we're doing at The Standard is building cadres equally balanced between people in business and IT.

We're training them in information management, going through a particular curriculum, and having them study for an information management certification that introduces a lot of these different frameworks and standard concepts.

We want to create these cadres to be able to solve tough and persistent information management problems that affect all companies in financial services, because information is a shared asset. The purpose of the frameworks is to ensure proper stewardship of that asset across disciplines and across organizations within an enterprise.

Hornford: The core is from the two standards that we have, the ArchiMate standard and the TOGAF standard. The TOGAF standard has, from its early roots, focused on the components of EA and how to build a consistent method of understanding of what I'm trying to accomplish, understanding where I am, and where I need to be to reach my goal.

When we bring in the ArchiMate standard, I have a language, a descriptor, a visual descriptor that allows me to cross all of those domains in a consistent description, so that I can do that with traceability. When I pull in this lever or I have this regulatory impact, what does it hit me with, or if I have this constraint, what does it hit me with?

If I don’t do this, if I don’t use the framework of the TOGAF standard, or I don’t use the discipline of formal modeling in the ArchiMate standard, we're going to do it anecdotally. We're going to trip. We're going to fall. We're going to have a non-ending series of surprises, as Mike highlighted.

"Oh, terms of service. I am violating the regulations. Beautiful. Let’s take that to our executive and tell him right as we are about to go live that we have to stop, because we can't get where we want to go, because we didn't think about what it took to get there." And that’s the core of EA in the frameworks.

Walker: To build on what Dave has just talked about and going back to your first question Dana, the value statement on TOGAF from a business perspective. The businesses value of TOGAF is that they get a repeatable and a predictable process for building out our architectures that properly manage risks and reliably produces value.

The TOGAF framework provides a methodology to ask what problems you're trying to solve and where you are trying to go with your business opportunities or challenges. That leads to business architecture, which is really a rationalization in technical or architectural terms the distillation of the corporate strategy.

From there, what you want to understand is information—how does that translate, what information architecture do we need to put in place? You get into all sorts of things around risk management, etc., and then it goes on from there, until what we were talking about earlier about information architecture.

If the TOGAF standard is applied properly you can achieve the same result every time, That is what interests business stakeholders in my opinion. And the ArchiMate modeling language is great because, as we talked about, it provides very rich visualizations so that people cannot only show a picture, but tie information together. Different from other aspects of architecture, information architecture is less about the boxes and more about the lines.

Forde: Building on what Dave was saying earlier and also what Iver was saying is that while the process and the methodology and the tools are of interest, it’s the discipline and the quality of the individuals doing the work.

Iver talked about how the conversation is shifting and the practice is improving to build communications groups that have a discipline to operate around. What I am hearing is implied, but actually I know what specifically occurs, is that we end up with assets that are well described and reusable.

And there is a point at which you reach a critical mass that these assets become an accelerator for decision making. So the ability of the enterprise and the decision makers in the enterprise at the right level to respond is improved, because they have a well disciplined foundation beneath them.

A set of assets that are reasonably well-known at the right level of granularity for them to absorb the information and the conversation is being structured so that the technical people and the business people are in the right room together to talk about the problems.

This is actually a fairly sophisticated set of operations that I am discussing and doesn't happen overnight, but is definitely one of the things that we see occurring with our members in certain cases.

Hornford: I want to build on that what Chris said. It’s actually the word "asset." While he was talking, I was thinking about how people have talked about information as an asset. Most of us don’t know what information we have, how it’s collected, where it is, but we know we have got a valuable asset.

I'll use an analogy. I have a factory some place in the world that makes stuff. Is that an asset? If I know that my factory is able to produce a particular set of goods and it’s hooked into my supply chain here, I've got an asset. Before that, I just owned a thing.

I was very encouraged listening to what Iver talked about. We're building cadres. We're building out this approach and I have seen this. I'm not using that word, but now I'm stealing that word. It's how people build effective teams, which is not to take a couple of specialists and put them in an ivory tower, but it’s to provide the method and the discipline of how we converse about it, so that we can have a consistent conversation.

When I tie it with some of the tools from the Architecture Forum and the ArchiMate Forum, I'm able to consistently describe it, so that I now have an asset I can identify, consume and produce value from.

Forde: And this is very different from data modeling. We are not talking about entity relationship, junk at the technical detail, or third normal form and that kind of stuff. We're talking about a conversation that’s occurring around the business context of what needs to go on supported by the right level of technical detail when you need to go there in order to clarify.

Listen to the podcast. Find it on iTunes. Read a full transcript or download a copy.

By: David Norfolk, Practice Leader - Development, Bloor Research Posted: 2nd March 2013 Copyright Bloor Research © 2013

My name is David Norfolk, I'm responsible for [{page:Enterprise Development:Development}] (including [{page:New Development:New Development}]) and [{page:Governance:Governance}] at Bloor; and I'm also now taking over responsibility for [{page:Social Collaboration:Social Collaboration}] technology from Roger Whitehead.

I've known Roger for years, since the introduction of Lotus Notes and Groupware. I think I may even have invented the term Workgroup Computing when I wrote "The Book of Workgroup Computing" Apricot Pc Magazine, ISBN 1858700159 / 1-85870-015-9 EAN 9781858700151) back then; and Roger was one of my sources. I have immense respect for Roger's knowledge and insights in this field (many of them are still available on this site).

I take a fairly broad view of the Social Collaboration topic; which, for me, includes (at one end of the spectrum) "enterprise collaboration" - the technology-enabled ability to exchange and receive information seamlessly across departmental and organisational boundaries. This enables organisations to transact business in today's mobile and agile marketplace and is related to the development of "collaborative teams" in technology-based businesses - I still think that Tom DeMarco's and Timothy Lister's "Peopleware" has relevance here, as recommended reading.

Nevertheless, I think that the emphasis needs to be on Social Collaboration; not only because achieving this, either internally or with individual customers etc., markedly enhances enterprise collaboration.

One characteristic of implementations of "collaboration software" is that they often don't deliver the benefits originally expected - and this is largely due to dysfunctional people issues and management failures (including the choice of the wrong KPIs), rather than to any technology failures with the software or its design. Social collaboration needs to be worked at and involves cultural change; just buying and installing Microsoft SharePoint, say, won't deliver much general collaboration by itself, let alone a social collaboration culture or collaborative teams. However, a top-down vision of a collaborative culture might well be facilitated with the appropriate choice of collaboration software - which might turn out to be Fuzed, or Huddle, or even SharePoint.

Two things need to be stressed: first, that too early concentration on ROI may kill a collaboration culture before it can get going (which isn't to say that you shouldn't measure KPIs and anticipated outcomes); and, second, that resources must be available for education and achieving buy-in to the collaborative culture at all levels. Top management buy-in to the collaborative vision is particularly important: I still remember one of the very early Lotus Notes success stories which was then cancelled by the CEO saying, in effect, "I don't care if this Notes thing is cost-effective and makes the business work better; I simply don't want my minions knowing stuff and collaborating amongst themselves without me and my managers being in control and doling out information to them as we think necessary".

Social collaboration, in our context, is only worthwhile if it contributes to better business outcomes (which can include increased staff or customer loyalty and morale). These outcomes must be measured and monitored; and collaboration software should be seen as an enabling technology for achieving them.

By: Dana Gardner, Principal Analyst, Interarbor Solutions Posted: 20th February 2013 Copyright Interarbor Solutions © 2013

NetIQ today announced new appliances that help enable businesses and other organizations to simply and securely access the power of two mega trends—cloud and social media.

Cloud Access 1.1 provides a single sign-on virtual appliance that provides access to cloud services without complex and risky controls. Users within the company can access the permissioned cloud services without having to keep track of numerous and often changing usernames and passwords.

The IT team retains control of which services users can access, while making any changes in authentication for each individual site transparent to the end user. Administrators can provision services for employees on an as-needed basis, while easily de-provisioning those services when the employee leaves the company, or no longer requires access to certain services because of a role change or some other reason.

Feature-rich connectors automatically provision users to popular cloud-based applications, such as Google Apps, Salesforce, Office365, and some 200 verified connectors to security assertion markup language (SAML)-enabled cloud applications. CloudAccess 1.1 also includes a Connector Toolkit that allows IT personnel and partners to extend these federation capabilities to any SAML-enabled third-party software-as-a-service (SaaS) applications.

The issue of access ease and control still vexes web apps, never mind cloud and social platforms. It's clearly an issue that needs to be solved if users and enterprises alike are to adopt at the they pace they want.

“Prior to CloudAccess 1.1, existing approaches to managing user access to external resources was a difficult and manual process—made even more complex in light of the demands of today’s dynamic organizations,” said Kent Purdy, solution marketing manager at NetIQ. “CloudAccess 1.1 is not just delivering cloud single sign-on, but also simplifying IT’s ability to successfully turn SaaS, cloud, mobility, and other disruptive trends into business-enabling opportunities."

Log data
Access logs also let IT administrators see how often cloud services are being used, which will allow them to determine whether various services are still cost-effective for the company. It also provides visibility into which employees accessed which services—and for how long.

The second appliance solution is SocialAccess 1.0, which helps organizations—retailers, commerce hubs, state and local governments—rapidly engage with customers and constituents by allowing them to use their unique social identity and profile information from providers such as Facebook, Twitter, Google, and others.

Until now, such access required individuals to create and maintain a unique username and password for each site, which is costly for the organization and inconvenient for the individual. SocialAccess 1.0 enables large-scale “bring your own identity” (BYOI) services that simplify how organizations interact with stakeholders and develop greater levels of customer intimacy, all while increasing brand loyalty and reducing IT costs.

Because it's an appliance, it makes it quick to deploy and easy to use for retailers, commerce hubs, state and local government and others seeking rapid engagement with stakeholders without the need to build, manage and maintain an identity store.

The impact of social media on corporate decision-making came into focus last week, when bourbon-maker Beam, Inc., announced plans to cut the alcohol content of its Marker's Mark brand by watering it down in order to meet growing demand. Within days, social media—Facebook and Twitter—were filled with furious protests over the move, leading Beam to reverse it's decision. The impact of social media is by no means a flash in the pan.

Demanding access
“Consumers are demanding convenient access to more services from more endpoints than ever and organizations need to be able to seize the opportunities that social identity, mobile computing, cloud and other trends naturally create,” said Geoff Webb, director, Solution Strategy at NetIQ. “BYOI is a great example of the opportunity to build on existing processes, improve existing services and respond more rapidly to customers."

One early adopter of the SocialAccess appliance is the New York City Department of Information Technology and Telecommunications (DoITT). The department serves a network of 120 agencies, board, and offices, as well as more than 8 million residents, 300,000 employees, and approximately 50 million visitors a year.

The department was looking for a way for people to log into NYC.gov and have a personalized experience. Using SocialAccess and social media sign-on, users were spared the need to create and maintain another online identity.

CloudAccess 1.1 is offered on a subscription basis or perpetual license. For more information, visit www.netiq.com/cloudaccess. SocialAccess 1.0 is licensed on a per user basis. For more information, visit www.netiq.com/socialaccess. 

By: David Norfolk, Practice Leader - Development, Bloor Research Posted: 11th February 2013 Copyright Bloor Research © 2013

I recently blogged about the Qualitest Group and its third party testing services. I like the idea of using an external testing organisation because I believe that testers need a different mind-set to developers - a delight in breaking things and finding defects perhaps - and, in most organisations, such a mindset is career limiting. It's a question for an IT group to ask itself - do we like having people that regularly find our mistakes and publicise them to those around us? If not, perhaps it should be considering a third party testing organisation, that fully understands testing in all its aspects and employs people with the "testing mindset".

That choice raises further questions, however, which really concern the governance of the development process and its quality assurance. Does your external testing partner allow developers to unit-test their own code, for example? With old-style development practices, people probably shouldn't test their own code (the developers often have the wrong mindset and their test cases can embody the same misconception of the requirement as the code does); but developers unit-testing their own work is pretty fundamental to eXtreme Programming and Agile development. Agile, also, is generally becoming accepted as the way to go, both for productivity and quality. It's a question to ask your testing partners: "do you support agile development effectively without 'spoiling' the Agile culture we're trying to promote?".

Another thing I like about Qualitest is its results-based testing approach. However, this rather assumes that you have something to compare your results against and that the results you want are feasible. You can never claim 100% confidence that there are no bugs in a system, even a safety-critical system; and Qualitest would say that you can never say that "testing is finished".

Nevertheless, I would suggest that that's actually a matter of semantics, to a large extent. Should you discuss the semantics of a results-based testing SLA saying something like "Find at least 95% of the bugs" with your testing partner? There are ways of estimating the total bugs in a piece of code (here, for example) but does the SLA refer to these estimates or merely to finding 95% of the bugs actually reported by users? Does a design flaw count as a bug? What about the possibility of a systematic testing bias that puts the most business-critical bugs in the 5% that aren't found? And, what about latent bugs which haven't been found and perhaps can't ever be reached - with current workloads and data patterns? Are they worth wasting time on? Perhaps not; but latent bugs can represent a potential production disaster waiting to happen when workloads change or new data enters the system (perhaps you gain a significant Far East customer for the first time and its data looks different to what you've been processing before). So perhaps latent bugs are important (which is partly why static code analysis can be important).

I like results-based testing because it promises to give you a fair and equitable contract with your external testing partner. It can also, perhaps, give you a handle on the "is testing finished" issue - something else to question your testing partner about, I think.

"Is testing finished" is really another question of semantics. If you can place confidence limits on the number of bugs found relative to the number of bugs expected; if you can put numbers on the risk associated with "going live"; and if you can estimate, with confidence, the cost associated with the risk going live against the cost to the business of withholding the new automated service; then you have, in a real and practical (although limited) sense, "finished testing". Even if running some more tests (perhaps tests which you haven't thought of and which aren't in your test pack) might find some more defects.

Part of the value of employing an organisation like Qualitest is that it is a testing specialist and understands the testing process and its semantics, probably better than most developers do. However, although management can outsource responsibility for the execution of testing and quality assurance, it can't outsource responsibility for Quality. If, for example, one of the 5% of defects Qualitest hasn't found (while satisfying its testing by results SLA) results in confidential customer credit card details held by a company being splashed over the Internet, it'll be (potentially) the company's directors in the dock facing gaol, not Qualitest's directors.

So, the semantics of testing is probably important to the managers employing a firm like Qualitest. For example:

• Is a "bug" in an automated system a coding error; an error in automating business logic; an error in the business logic being automated; or a fundamental misunderstanding of the business operation and its commercial context by business management? Even if you replace "bug" with "defect", depending on where I am in the organisation and how technical I am, I might reasonably expect one, some or any of these to be addressed by a quality assurance or testing team that promises to help me control the "quality" of my automated business systems. And I've been, sloppily, mixing up "bug" and "defect" throughout this piece; this is common (although I do hope that many readers noticed), but is it acceptable?
• Is "defect free" software possible? Altran Praxis (formally Praxis High Integrity Systems) promises to deliver "zero defect" software and this claim has been validated by the NSA. This isn't trivial and Praxis achieves zero defects by using mathematical proof where it is cost-effective (but only where it is cost-effective, not everywhere) and by developing in a restrictive subset of Ada that doesn't support constructs which facilitate coding errors; but what it means by "zero defect" is that the code complies 100% with the spec. Is this the same as what you mean by "defect free"? Mind you, just 100% compliance with spec would be a useful step forward for many systems.
• If I design my system to store credit card details in a database that is accessible via SQL queries embedded in orders sent over the web, is this a "bug", a "system defect" or a "design fault" and would you expect your testing team, or Qualitest, to find this? Or, does this, perhaps, depend on what you ask (and pay) your testers, or Qualitest, to do? Perhaps you think this is something your security team should be testing; but perhaps they think it's a development issue and, in practice, nobody takes ownership of such issues.
• If I say that you have bugs in your systems because you tell your developers that you want bugs in your systems are you shocked and in immediate denial? But if you, perchance, reward developers for delivering ahead of schedule and reward them again for coming in out-of-hours to fix production bugs, aren't you, in effect, telling your developers that you are happy to live with bugs in the interests of immediate delivery and conspicuous "company loyalty" in your developers? Especially if you try to reduce what you spend on quality assurance as much as possible. I would see this as a "cultural defect" or "organisational defect" - a failure of "good governance", perhaps - which will impact the business; but, in semantic terms, does this count as a "system defect" which you could expect your quality assurance partners to help you eliminate?

I just raise the questions and they don't invalidate my view that external testing by an organisation such as Qualitest may bring significant improvements to system quality. But the outsourcing of testing has consequences and raises governance issues which are often cultural and semantic as much as technical - but no less important for all that.

By: Dana Gardner, Principal Analyst, Interarbor Solutions Posted: 31st January 2013 Copyright Interarbor Solutions © 2013

The next BriefingsDirect IT leadership discussion focuses on how global telecommunications giant AT&T has created advanced cloud services for its business customers. We'll see how AT&T has developed the ability to provide virtual private clouds and other computing capabilities as integrated services at scale.

To learn more about implementing cloud technology to deliver and commercialize an adaptive and reliable cloud services ecosystem, we sat down with Chris Costello, Assistant Vice President of AT&T Cloud Services. The interview was conducted by Dana Gardner, Principal Analyst at Interarbor Solutions. [Disclosure: VMware is a sponsor of BriefingsDirect podcasts.]

Here are some excerpts:

Gardner: Why are business cloud services such an important initiative for you?

Costello: AT&T has been in the hosting business for over 15 years, and so it was only a natural extension for us to get into the cloud services business to evolve with customers' changing business demands and technology needs.

We have cloud services in several areas. The first is our AT&T Synaptic Compute as a Service. This is a hybrid cloud that allows VMware clients to extend their private clouds into AT&T's network-based cloud using a virtual private network (VPN). And it melds the security and performance of VPN with the economics and flexibility of a public cloud. So the service is optimized for VMware's more than 350,000 clients.

If you look at customers who have internal clouds today or private data centers, they like the control, the security, and the leverage that they have, but they really want the best of both worlds. There are certain workloads where they want to burst into a service provider’s cloud.

We give them that flexibility, agility, and control, where they can simply point and click, using free downloadable tools from VMware, to instantly turn up workloads into AT&T's cloud.

Another capability that we have in this space is AT&T Platform as a Service. This is targeted primarily to independent software vendors (ISVs), IT leaders, and line-of-business managers. It allows customers to choose from 50 pre-built applications, instantly mobilize those applications, and run them in AT&T's cloud, all without having to write a single line of code.

So we're really starting to get into more of the informal buyers, those line-of-business managers, and IT managers who don't have the budget to build it all themselves, or don't have the budget to buy expensive software licenses for certain application environments.

Examples of some of the applications that we support with our platform as a service (PaaS) are things like salesforce automation, quote and proposal tools, and budget management tools.

The third key category of AT&T's Cloud Services is in the storage space. We have our AT&T Synaptic Storage as a Service, and this gives customers control over storage, distribution, and retrieval of their data, on the go, using any web-enabled device. In a little bit, I can get into some detail on use cases of how customers are using our cloud services.

This is a very important initiative for AT&T. We're seeing customer demand of all shapes and sizes. We have a sizable business and effort supporting our small- to medium-sized business (SMB) customers, and we have capabilities that we have tailor-developed just to reach those markets.

As an example, in SMB, it's all about the bundle. It's all about simplicity. It's all about on demand. And it's all about pay per use and having a service provider they can trust.

In the enterprise space, you really start getting into detailed discussions around security. You also start getting into discussions with many customers who already have private networking solutions from AT&T that they trust. When you start talking with clients around the fact that they can run a workload, turn up a server in the cloud, behind their firewall, it really resonates with CIOs that we're speaking with in the enterprise space.

Also in enterprises, it's about having a globally consistent experience. So as these customers are reaching new markets, it's all about not having to stand up an additional data center, compute instance, or what have you, and having a very consistent experience, no matter where they do business, anywhere in the world.

Gardner: The fact is that a significant majority of CIOs and IT executives are men, and that’s been the case for quite some time. But I'm curious, does cloud computing and the accompanying shift towards IT becoming more of a services brokering role change that? Do you think that with the consensus building among businesses and partner groups being more important in that brokering role, this might bring in a new era for women in tech?

Costello: I think it is a new era for women in tech. Specifically to my experience in working at AT&T in technology, this company has really provided me with an opportunity to grow both personally and professionally.

I currently lead our Cloud Office at AT&T and, prior to that, ran AT&T’s global managed hosting business across our 38 data centers. I was also lucky enough to be chosen as one of the top women in wireline services.

What drives me as a woman in technology is that I enjoy the challenge of creating offers that meet customer needs, whether they be in the cloud space, things like driving eCommerce, high performance computing environment, or disaster recovery (DR) solutions.

I love spending time with customers. That’s my favorite thing to do. I also like to interact with many partners and vendors that I work with to stay current on trends and technologies. The key to success of being a woman working in technology is being able to build offers that solve customers' business problem, number one.

Number two is being able to then articulate the value of a lot of the complexity around some of these solutions, and package the value in a way that’s very simple for customers to understand.

Some of the challenge and also opportunity of the future is that, as technology continues to evolve, it’s about reducing complexity for customers and making the service experience seamless. The trend is to deliver more and more finished services, versus complex infrastructure solutions.

I've had the opportunity to interact with many women in leadership, whether they be my peer group, managers that work as a part of my team, and/or mentors that I have within AT&T that are senior leaders within the business.

I also mentor three women at AT&T, whether they be in technology, sales, or an operations role. So I'm starting to see this trend continue to grow.

Gardner: You have a lot of customers who are already using your business network services. I imagine there are probably some good cost-efficiencies in moving them to cloud services as well.

Costello: Absolutely. We've embedded cloud capabilities into the AT&T managed network. It enables us to deliver a mobile cloud as well. That helps customers to transform their businesses. We're delivering cloud services in the same manner as voice and data services, intelligently routed across our highly secure, reliable network.

AT&T's cloud is not sitting on top of or attached to our network, but it's fully integrated to provide customers a seamless, highly secure, low-latency, and high-performing experience.

Gardner: Why did you chose VMware and vCloud Datacenter Services as a core to the AT&T Synaptic Compute as a Service.

Costello: AT&T uses VMware in several of our hosting application and cloud solutions today. In the case of AT&T Synaptic Compute as a Service, we use that in several ways, both to serve customers in public cloud and hybrid, as well as private cloud solutions.

We've also been using VMware technology for a number of years in AT&T’s Synaptic Hosting offer, which is our enterprise-grade utility computing service. We've also been serving customers with server virtualization solutions available in AT&T data centers around the world and also can be extended into customer or third-party locations.

Just to drill down on some of the key differentiators of AT&T Synaptic Compute as a Service, it’s two-fold.

One is that we integrate with AT&T private networking solutions. Some of the benefits that customers enjoy as a result of that are orchestration of resources, where we'll take the amount of compute storage and networking resources and provide the exact amount of resources at the exact right time to customers on-demand.

Our solutions offer enterprise-grade security. The fact that we've integrated our AT&T Synaptic Compute as a Service with a private networking solution allows customers to extend their cloud into our network using VPN.

Let me touch upon VMware vCloud Datacenter Services for a minute. We think that’s another key differentiator for us, in that we can allow clients to seamlessly move workloads to our cloud using native VMware toolsets. Essentially, we're taking technical complexity and interoperability challenges off the table.

With the vCloud Datacenter program that we are part of with VMware, we're letting customers have access to copy and paste workloads and to see all of their virtual machines, whether it be in their own private cloud environment or in a hybrid solution provided by AT&T. Providing that seamless access to view all of their virtual machines and manage those through single interface is key in reducing technical complexity and speeding time to market.

We've been doing business with VMware for a number of years. We also have a utility-computing platform called AT&T Synaptic Hosting. We learned early on, in working with customers’ managed utility computing environments, that VMware was the virtualization tool of choice for many of our enterprise customers.

As technologies evolved over time and cloud technologies have become more prevalent, it was absolutely paramount for us to pick a virtualization partner that was going to provide the global scale that we needed to serve our enterprise customers, and to be able to handle the large amount of volume that we receive, given the fact that we have been in the hosting business for over 15 years.

As a natural extension of our Synaptic Hosting relationship with VMware for many years, it only made sense that we joined the VMware vCloud Datacenter program. VMware is baked into our Synaptic Compute as a Service capability. And it really lets customers have a simplified hybrid cloud experience. In five simple steps, customers can move workloads from their private environment into AT&T's cloud environment.

Think that you are the IT manager and you are coming into start your workday. All of a sudden, you hit 85 percent utilization in your environment, but you want to very easily access additional resources from AT&T. You can use the same console that you use to perform your daily job for the data center that you run in-house.

In five clicks, you're viewing your in-house private-cloud resources that are VMware based and your AT&T virtual machines (VMs) running in AT&T's cloud, our Synaptic Compute as a Service capability. That all happens in minutes' time.

Gardner: I should also think that the concepts around the software-defined datacenter and software-defined networking play a part in this. Is that something you are focused on?

Costello: Software-defined datacenter and software-defined networks are essentially what we're talking about here with some uniqueness that AT&T Labs has built within our networking solutions. We essentially take our edge, our edge routers, and the benefits that are associated with AT&T networking solutions around redundancy, quality of service, etc., and extend that into cloud solutions, so customers can extend their cloud into our network using VPN solutions.

Previously many customers would have to buy a router and try to pull together a solution on their own. It can be costly and time consuming. There's a whole lot of efficiency that comes with having a service provider being able to manage your compute storage and networking capabilities end to end.

Global scale was also very critical to the customers who we've been talking to. The fact that AT&T has localized and distributed resources through a combination of our 38 data centers around the world, as well as central offices, makes it very attractive to do business with AT&T as a service provider.

Gardner: We've certainly seen a lot of interest in hybrid cloud. Is that one of the more popular use cases?

Costello: I speak with a lot of customers who are looking to be able to virtually expand. They have data center, systems, and application investments and they have global headquarters locations, but they don't want to have to stand up another data center and/or virtually expand and/or ship staff out to other location. So certainly one use case that's very popular with customers is, "I can expand my virtual data center environment and use AT&T as a service provider to help me to do that."

Another use case that's very popular with our customers is disaster recovery. We see a lot of customers looking for a more efficient way to be able to have business continuity, have the ability to fail over in the event of a disaster, and also get in and test their plans more frequently than they're doing today.

For many of the solutions that are in place today, clients are saying they are expensive and/or they're just not meeting their service-level agreements (SLAs) to their business unit. One of the solutions that we recently put in place for a client is that we put them in two of AT&T's geographically diverse data centers. We wrapped it with AT&T's private-networking capability and then we solutioned our AT&T Synaptic Compute as a Service and Storage as a Service.

The customer ended up with a better SLA and a very powerful return on investment (ROI) as well, because they're only paying for the cloud resources when the meter is running. They now have a stable environment so that they can get in and test their plans as often as they'd like to and they're only paying for a very small storage fee in the event that they actually need to invoke in the event of a disaster. So DR plans are very popular.

Another use case that’s very popular among our clients is short-term compute. We work with a lot of customers who have massive mathematical calculations and they do a lot of number crunching.

Finally, in the compute space, we're seeing a lot of customers start to hang virtual desktop solutions off of their compute environment. In the past, when I would ask clients about virtual desktop infrastructure (VDI), they'd say, "We're looking at it, but we're not sure. It hasn’t made the budget list." All of a sudden, it’s becoming one of the most highly requested use cases from customers, and AT&T has solutions to cover all those needs.

Gardner: Do you think that this will extend to some of the big data and analytics crunching that we've heard about?

Costello: I don’t think anyone is in a better position than AT&T to be able to help customers to manage their massive amounts of data, given the fact that a lot of this data has to reside on very strong networking solutions. The fact that we have 38 data centers around the world, a global reach from a networking perspective, and all the foundational cloud capabilities makes a whole lot of sense.

Speaking about this type of a "bursty" use case, we host some of the largest brand name retailers in the world. When you think about it, a lot of these retailers are preparing for the holidays, and their servers are going underutilized much of year. So how attractive is it to be able to look at AT&T, as a service provider, to provide them robust SLAs and a platform that they only have to pay for when they need to utilize it, versus sitting and going very underutilized much of the year?

We also host many online gaming customers. When you think about the gamers that are out there, there is a big land rush when the buzz occurs right before the launch of a new game. We work very proactively with those gaming customers to help them size their networking needs well in advance of a launch. Also we'll monitor it in real time to ensure that those gamers have a very positive experience when that launch does occur.

Listen to the podcast. Find it on iTunes. Read a full transcript or download a copy.

By: Dana Gardner, Principal Analyst, Interarbor Solutions Posted: 29th January 2013 Copyright Interarbor Solutions © 2013

Convercent, a new company that launched today, aims to fill a void in the governance, risk, and compliance (GRC) market with approachable tools that help employees implement corporate values while offering ways to measure and rate such contributions.

GRC has traditionally provided companies with tools to help customers meet government and industry regulations, enforce corporate policies and better deal with risk. Yet the areas of corporate culture and values—which are becoming increasing important in today’s business climate—were rarely addressed.

“Our platform allows companies to take the fuzzy-wuzzy of ethics—to take the sign off the wall—and turn it into structured data to measure employee actions against the organization’s stated values and culture,” said Patrick Quinlan, Convercent's CEO.

Launching with 52 employees, $10.2 million in venture funding, the start-up hopes to capitalize on the recent trend of companies using their core ethics, culture and values to drive their business model. Convercent’s founders had earlier invested in a compliance software maker called Business Controls Inc. and is converting the 300 customers from that venture to Convercent.

Whole Foods is an example of such a company—the grocery store’s brand makes a promise of quality and safety to its customers. If that promise is broken, the brand is damaged and the results could be far more devastating than a regulatory fine, said Quinlan.

Plenty of companies are making corporate values a top priority today, according to Quinlan, who offers the example of Google’s "Don't be evil" credo. Ensuring that employees walk the walk of the company’s ethics is becoming as important as making sure they abide by more traditional corporate or regulatory guidelines.

“Companies like ours spend 85 percent of every dollar on people,” said Quinlan. “If we don’t drive an effective culture, how can we drive performance?”

Cloud application
Convercent integrates corporate values and more traditional GRC activities into a cloud application that features mobile access and a clean user interface. For example, employees can use the application to read a definition of what their company considers community service, see examples of such activities, and log hours spent in service.

Aimed at legal, audit and compliance executives, the tool can also be used to distribute company policies, stay compliant with regulations, educate employees, and align company performance with culture, said CIO Philip Winterburn. It offers a way for companies to report and respond to incidents and craft escalations, investigations and resolutions.

Managers can receive reports on employee or department engagement and generate related scores, turning the ambiguous area of company involvement into a mathematical measurement, according to Winterburn.

The product is available at launch in more than 40 languages and can also produce on-the-fly translations. Mobile access from iOS devices is included at launch, with plans for support of Android devices to follow.

Founders Quinlan, Winterburn, and Barclay Friesen hail from compliance software maker Rivet Software. The three also founded Nebbiolo Ventures, which they describe as an entrepreneurial venture. A video of the Convercent product launch can be found here.

(BriefingsDirect contributor Cara Garretson provided editorial assistance and research on this post. She can be reached on LinkedIn.)

By: Dana Gardner, Principal Analyst, Interarbor Solutions Posted: 23rd January 2013 Copyright Interarbor Solutions © 2013

The Bring Your Own Device (BYOD) trend has rapidly morphed from a disruptive worry into a strategic, positive initiative for many organizations across the globe, according to results from a new global survey released recently.

In fact, significant business benefits often follow when BYOD-adopter companies empower their employees with their preferred devices and work habits, as well as more say in the applications and data access they need to get their jobs done… anytime, from anywhere, the survey shows.

What's more, the rapidly improved productivity and enhanced collaboration among employees—as well as greater communication and better service with customers, suppliers and partners—are proving to be competitive advantages for companies that do BYOD best.

The survey was recently conducted by Dell Software Group and market researcher Vanson Bourne from nearly 1,500 IT executives around the world. It clearly demonstrates that, while BYOD shows promise, many organizations are struggling with making the most of BYOD. [Disclosure: Quest Software, part of Dell's Software Group, is a sponsor of BriefingsDirect podcasts.]

The majority of survey respondents agree that BYOD strategies deliver benefits—more than 70 percent said they believe that BYOD can boost employee productivity and customer response time, and 59 percent say they feel their company could be at a competitive disadvantage if they didn't implement BYOD.

And attitudes toward the innovation impact that BYOD has are largely the same among the midsized (between 1,000 and 3,000 employees) and large (more than 3,000 employees) companies surveyed. Roughly half of respondents in both groups say that BYOD has significantly changed the business culture at their organizations.

Yet less than half of the IT leadership respondents—44 percent—say they understand the importance of a user-centric approach to BYOD. And this is where many organizations are missing the boat, according to Dell Software.

"It's important that organizations define a program to help manage and protect their corporate information, but also to empower employees to do their jobs better and faster, or to improve customer satisfaction, or whatever the goal is," says Roger Bjork, Director of Enterprise Mobility Solutions at Dell Software Group. "Companies that do BYOD for a purpose, to help with a broader goal, are seeing better results versus those who simply let BYOD happen. A big part of that is focusing on the user aspect, and not limiting it to a device discussion."

To me these results should remove doubt that embracing desktop virtualization (VDI) and mobile device management are priorities for IT. I also think that BYOD is a catalyst to more general IT transformation and more business-centric emphasis for IT innovation. You could say that BYOD forms a capstone on the rising archway of VDI, web apps, thin clients, terminal services, and other applications delivery advancements overt the past 15 years.

The idea, of course, going back to the very first PCs, is to let the user decide how to work best.

Benefits of putting users first
Indeed, those survey respondents who say they believe the user-centric approach to BYOD is the right one also reported they are able to drive business benefits, satisfy users and gain a competitive edge to a higher degree than survey respondents who don't see the benefit of a user-centric approach. Some 64 percent of respondents say BYOD works well when the specific user needs are understood by IT.

And respondents at companies further along in their BYOD strategy implementations are more likely to agree that the most benefit is derived from programs that put the user first. Understanding individual user needs and the resulting improvements in employee productivity and satisfaction are much more important pillars of a BYOD strategy than simply allowing employees to use the device in their pocket or purse for work, says Bjork.

"You do a disservice if you make this about what shiny object do employees want to use to connect to email. It's much broader than that," he says. "I think the survey data definitely shows companies that have well thought-out BYOD strategies have fewer issues and are garnering better results."

A one-size fits all approach to BYOD does not work, says Bjork,  IT should manage the spread of BYOD. "You can't just let BYOD happen," he added.

A user-centric approach to BYOD fits with the recent trend for IT to transform into a service-delivery organization that understands not only the goals of the business, but how to support employees to help them achieve these goals, adds Bjork. What's more, as the Millennial Generation enters the workforce with certain digital expectations, user-centric BYOD policies can be leveraged as recruiting tools.

"Let's face it, this is not just a mobile thing. It has a much broader impact," says Bjork. "BYOD is a method, not a result… You should start by asking 'What is the user trying to accomplish?'"

The bottom line is that IT now needs to support multiple ways of working for a variety of styles and devices that appeal and adjust based on user preferences and innovations.

Additional points
Other noteworthy points that arose from the survey:

• Survey participants in the U.S. are least likely to stress users over devices when crafting a BYOD strategy, while respondents in Singapore were most likely to do so. Other geographies covered by the survey include the U.K, France, Germany, Italy, Australia, India and the Beijing region of China;
• Respondents listed more flexible working hours, the ability to foster creativity, speed innovation, boost morale and facilitate teamwork and collaboration as personal gains for employees working with BYOD strategies;
• Organizations that consider applications as part of a their BYOD strategy are more likely to link and manage devices per user; clearly define roles for their user community in one central database; track and support each user's level of mobility, and deliver applications to users based on their role within the company. Of those with no formal BYOD policy, 27 percent say they can't provide any of these functions;
• The top five BYOD challenges listed by survey respondents are abuse of policies; theft/loss of mobile devices; lack of control over applications and data on devices; employees leaving the company with insider knowledge; and unauthorized data distribution.

Dell's position on the importance of a user-centric BYOD strategy comes from experience. Carol Fawcett was the CIO of Quest Software, which was recently acquired by Dell, with nearly 4,000 employees in 23 countries. The company focused on giving employees access to the applications and data they needed to get their jobs done, regardless of what device was being used.

"We found this approach helped us quickly move out of device firefighting mode to be much more strategic, which also enabled us to resolve our biggest BYOD problems, such as security, access rights and data leakage," says Fawcett. "The results of this latest BYOD survey reinforce the importance of putting users first in order to develop the most effective policies and turn BYOD into a long-term, sustainable business benefit."

As Quest found with its own workers, the better planned the BYOD acceptance, the fewer negative issues and the better the productivity result. I recently spoke with Fawcett at length about the experience.

I think we should also expect that BYOD planning will be done in association with—and as an accelerant to—other larger initiatives such as data center consolidation, IT transformation, and applications modernization.

Bjork further suggested that companies that have a policy-based approach to security and access control, and adopt services oriented architectures and data lifecycle management will be in a better position to avail themselves of BYOD faster and at lower risk. VDI and thin-client initiatives also pave the way to BYOD.

(BriefingsDirect contributor Cara Garretson provided editorial assistance and research on this post. She can be reached on LinkedIn.)

By: Dana Gardner, Principal Analyst, Interarbor Solutions Posted: 18th January 2013 Copyright Interarbor Solutions © 2013

Data and apps integration provider Jitterbit this week released a new version of its solution, Jitterbit 5, designed to be the glue between on-premise, cloud, social, and mobile data.

Jitterbit focuses on simple yet powerful integration technologies that can be quickly and easily deployed to create integrated processes and data views. We've seen a lot of interest in light-weight, low-coding integration capabilities as more SaaS and cloud services need to be coordinated. This is now becoming even more pertinent to bringing data together from a variety of sources.

Jitterbit 5 aims to raise the level of simplicity even higher with new features that streamline process integration, said the Oakland, CA company. The wizards-based approach allows non-technical users to design integration projects through a graphical, point-and-click interface. I think making more people able to tailor and specify integrations can significantly boost innovation and productivity.

In enterprise computing today, there are three main sources of data that must come together to help drive the business forward, according to Jitterbit's thinking. First there's corporate data—which for years has been the cornerstone of technology strategies—that sits in databases, data warehouses, enterprise applications, etc. and is typically kept safe and sound on-premise, behind the firewall.

Over the past few years, two other sources of data have emerged as critical for businesses that want to optimize their operations and better serve their customers; data stored in cloud services, and data from a pair of new platforms—social and mobile. And we'll no doubt be seeing ever larger and more specific data emerge from business and consumer activities from these domains.

These newer sources of data can be located anywhere, and the information they provide comes in a wide variety of formats, making it harder than ever to integrate with structured corporate information using traditional integration technologies.

Three pillars
Jitterbit's focus therefore is to help enterprises better achieve integration of data from all these three pillars of modern computing. And the means to do it must appeal to the business analysts who understand best the need to have many types of different data readily available and associated with business processes in near real time.

"Vendors have been trying to solve the issue of integration of technology for over 20 years. The majority of companies come at it with a technical perspective—they try to solve the problem for the professional developer," says Andrew Leigh, vice president of products with Jitterbit.

"But the problem of integration isn't just a technical issue; it's a business issue. The people who are best at building, managing, and changing integration are the ones that understand it's really a process. We're putting integration back in the hands of the business analysts who really understand the data and processes to make that integration effective."

While Jitterbit features wizards and other simple tools to let non-technical users quickly build the data connections that the business requires, it's important that they work in partnership with IT to ensure the process is governed correctly, says Leigh, who recently joined Jitterbit from Salesforce.com.

"We've built all the knowledge and best practices that the industry has been building up over the last two decades into our solution; now we're focused on the user experience and hiding complexity," says Leigh.

Latest release
This latest release also features enhanced connectivity to Salesforce, Microsoft Dynamics and SAP, as well as Twitter and Chatter. The new Instant View and Process Monitor tools provide visibility to the status and results of more complex business process integrations. And Version 5.0 supports large-volume cloud APIs to allow organizations to rapidly synchronize large volumes of data at higher levels of performance.

Jitterbit's approach also fits into the vision of "integration as a service," which seems a natural development of cloud models. I'd like to see more cloud services providers embed such integration services into their offerings. This is especially important for PaaS to go mainstream.

A video describing the new features in Jitterbit 5.0, available now can be found here. A free 30-day trial of the product is available here.

(BriefingsDirect contributor Cara Garretson provided editorial assistance and research on this post. She can be reached on LinkedIn.)

By: Simon Holloway, Practice Leader - Process Management & RFID, Bloor Research Posted: 17th January 2013 Copyright Bloor Research © 2013

For those of you who have been involved in mapping the process of an organisation, you will know that often there is a series time element involved in how the process works and this can be difficult to model. Just before Christmas, I had a briefing from Scott Menter, VP of Business Solutions for BP Logix, in which he explained how his company had come up with a solution to this issue.

BP Logix were initially founded in 1995. They are a privately-held company with their headquarters in San Diego. They started specialising in BPMS in 2004, focusing on providing a solution that incorporates collaboration and managing information flow at its core. In response to customer needs, they subsequently began to provide and manage electronic forms, then to address workflow, review and approval of their documents. Product development has a key customer involvement through their use of a Customer Advisory Board, which are made up of representatives from major customers (current companies involved include ITT, Abbott Labs, DuPont and Starwood Hotels & Resorts). What differentiates BP Logix is that they are the first BPMS provider that I have come across who have addressed the needs of time-based or activity-focused processes.

Why is time important? Menter explained this by talking about his dog, Bella. She knows when she wants to go for a walk and it is always at the same time of the day. Similarly she will whine if she doesn't get her food ball at the right time. So time is important. Menter added, "Time is the key to why we implement BPM in the first place."

Before we take a look at how BP Logix' Process Director deals with time, it is important to understand that the product is otherwise a standard BPMS. Process Director provides integrated reporting, workflow software, eForms, content management, dashboard, portal and application integration. There is support for standard BPMN style modelling of process. It is built on the .NET Framework and its multi-language capability supports international localisation. There is support for customisation via an SDK. As can be seen in Figure 1, the product can be deployed in a 3-tier data access environment, providing a separation between client access, business logic and database access. The client browser (tier 1) uses HTTP/HTML and AJAX to communicate with the server. The server business layer (tier 2) uses ADO.NET to access the database repository. The database can be either Microsoft SQL Server or Oracle. Process Director provides built-in integration with many third-party and in-house applications and databases:

• Scanners and imaging software
• Windows file systems
• Microsoft Active Directory
• ERP and CRM applications
• SQL compliant databases
• Email systems, such as MS Exchange Server, Outlook
• Mobile devices, such as iPad, Android, iPhone, BlackBerry
• Web portals, such as MS SharePoint, IBM WebSphere
• Single Sign-On (SSO) products
• Integration with web services using the SDK.

Figure 1: BP Logix Product Architecture (Source: BP Logix, Inc.)

BPM solutions have focused on getting the quality and governance of business processes. But time is a critical element of the planning, management and improvement of business processes. Time allows business users to gain additional control over their processes and creates the opportunity to predict how later stages in the process will be affected by changes introduced in the earlier stages. This predictive capability BP Logix has named Predictive BPM or pBPM. BP Logix see this approach as offering organisations more insight than before into their processes, providing the earliest possible notification of potential delays.

Figure 2: The Time Issue (Source: BP Logix, Inc.)

To support this new predictive concept, BP Logix has introduced a recently-patented technology that fuses Project Management methodologies with BPM, called Process Timelines. Business users design Process Timelines by answering two questions as they add each step to the process: What must complete before this step can begin - the dependency question; and, How long will this step take to complete - the duration question. Each activity will begin as soon as its prerequisites, if any, are complete.

Figure 3: A Process Timeline (Source: BP Logix, Inc.)

For those of us used to using MS Project or any other project definition tool that supports Gantt charts this seems quite logical. I have myself, in the past, used MS Project to show dependencies between processes as well as parallelism. What is neat about the BP Logix solution is that they have integrated traditional process modelling with Process Timelines within Process Director. A single Process Timeline activity can contain an entire traditional workflow, enabling several workflows to be strung together to form a more complex, yet easily manageable process.

Reports and information can be displayed in real time or scheduled for distribution. Report distribution allows scheduled reports to be emailed to recipients as PDF documents. A web-based dashboard interface is also available. The reporting information can be exported to various formats, including Microsoft Excel or any SQL compliant report writer such as Crystal Reports.

If you are looking at managing your business process, then Process Director is certainly a product that should be on your shortlist. I was impressed with its ease of use as well as its support for time-based processes.

By: David Norfolk, Practice Leader - Development, Bloor Research Posted: 7th January 2013 Copyright Bloor Research © 2013

There is no question that C++ is currently used in a lot of mission-critical applications (but, then, so is COBOL) and in a lot of commercial software packages. But is it a dying language, due for replacement by Java, C#, Python, Scala and so on? And, considering that a lot of COBOL and Fortran is still in active use, does this matter much anyway?

The answers are probably "no" and "no". Things are still happening in the C++ world. The latest Intel compilers, for example, are extremely good at optimising code for the latest Intel architectures and its Threading Building Blocks helps you exploit parallel programming on multicore architectures efficiently. Now there's a new C++ standard which addresses many of the issues associated with C++ programming. Even Bjarne Stroustrup says that C++11 feels like a new language here - read more in this interview.

Standard C++11 still lacks Java-style garbage collection, used to clean up allocated memory that is no longer needed (and I'm not sure that relying on programmers to do their own garbage collection is entirely safe), but it does include a state-of-the-art threading library. Many programmers don't like garbage collection, because of the propensity for basic Java to stop for a few seconds while garbage collecting, but that's an implementation issue and you can get modern high performance Javas with better-managed "deterministic" garbage collection facilities offering predictable latency (see, for example, Oracle JRockit). Read about the C++11 innovations here.

Embarcadero's new C++Builder XE3 compiler, which supports the new C++11 standards and allows VCL (Visual Component Library, a visual framework for building Windows applications originally developed by Borland) and FireMonkey (which is what Embarcadero calls its "modern, multi-platform, hardware accelerated GUI and application framework") to be moved onto 64bit platforms, is another sign that interest in C++ is still active. Embarcadero (or, rather, Borland, part of which it acquired in 2008) has a good record for providing productive developer tools and its new compiler promises "agile C++". In other words, developers can use Embarcadero extensions to make C++ up to 5x faster than traditional development, Embarcadero says, using rapid prototyping, PME (properties/methods/events) component-based programming, and visual development. Of course, that's hard to verify in the general case (and no improvement at all satisfies the "up to" 5 times promise) but if you are, or want to be, a C++ shop, it's probably worth investigating (the original Borland C++ Builder was pretty good).

Embarcadero's new compiler builds on clang, a front-end for the respected open-source LLVM compiler, which (it says) will address any advantage Intel compilers have in exploiting Intel's architectures And, usefully, Embarcadero promises industry-leading compliance with the C++ standards.

The key promise of C++Builder XE3, however, is that it will let you target multiple platforms with a single codebase and a single developer team. That sounds good to us, although it won't really come to fruition until its iOS and Android on ARM capabilities arrive. This is also a 64bit compiler, with good support for a Windows 8 look and feel interface, so it offers lots of options for legacy C++ Windows application modernisation (it supports (Windows XP, Windows Vista, Windows 7, and Windows 8). And support for Mac OS X and Retina Display (letting developers deliver a native user experience and automatic HiDPI display support in Mac applications) has to be a bonus. Despite the C++11 improvements, we suspect that native support for a wide range of popular desktop and mobile user environments will be what drives any actual C++ resurgence.

On balance, C++ probably wouldn't be our language of choice these days for general business systems, where something like Java (or Scala) will probably be more productive overall. But C++ is still the optimal choice for some applications and a perfectly adequate choice (if you have the right C++ skills) for many more; and we aren't in the business of building applications anyway. C++ certainly isn't anything like dead yet and, according to C++ guru Herb Sutter, now "computing feels young and fresh in a way that it hasn't felt for years, and that has only happened to this degree at two other times in its history" - although he's talking about the UI and mobile devices, which are what modern C++ has to support.

By: Dana Gardner, Principal Analyst, Interarbor Solutions Posted: 13th December 2012 Copyright Interarbor Solutions © 2012

Open-source provider Talend has received a favorable advisory ruling from the U.S. Customs and Border Protection (CBP) agency concerning the government's ability to purchase open-source software, opening the way for all software vendors to increase their share of business with US federal agencies.

The CBP has determined that software products comply with the Trade Agreement Act (TAA) when that software is manufactured in what is known as a "designated country," even if the majority of its source code was created in a non-designated country. [Disclosure: Talend is a sponsor of BriefingsDirect podcasts.]

The US TAA says that government agencies may acquire only products or services produced in certain countries—known as designated countries. This has sometimes hampered the agencies from acquiring open-source software if some of the code was developed outside of those countries, even when the majority of production took place inside designated countries.

“Country of origin” issues sometimes have been used as a pretext to make a case against the procurement of open-source software. Talend conducts the vast majority of its software production in the U.S., France or Germany but, like many manufacturers, it also seeks talent in countries that can fall outside those considered designated countries

"With this finding, any other company that meets the same criteria can get the same approval," said Yves de Montcheuil, Vice President of Marketing at Talend. "And then government buying can meet the trade agreement status. The process can now be easily repeated."

While governments around the world have been moving to embrace open source for a long time, adoption has been slow and inconsistent in the U.S., though it is steadily growing as more federal agencies revise their guidelines and regulations, and some states pass laws requiring the consideration of open-source options.

Useful guidance
"The Talend Ruling is significant because government users now have useful guidance specifically addressing open source software that is developed and substantially transformed in a designated country, but also includes, or is based upon, source code from a non-designated country," said Fern Lavallee, DLA Piper LLP, counsel to Talend. "The timing of this ruling is right given the Department of Defense’s well publicized attention and commitment to Better Buying Power and DoD’s recent Open Systems Architecture initiative."

"This is great news for everyone in the software industry," said Bertrand Diard, co-founder and CEO of Talend. "While the news is significant for Talend and offers an opportunity for us to address needs in the federal space, our belief is that many software vendors—whether they are open source based or not—will benefit from the ruling."

A copy of the advisory ruling can be obtained by emailing press@talend.com.

The U.S. Department of Defense (DoD) is currently and significantly revising the December 2011 draft of the “DoD Open Systems Architecture, Contract Guidebook for Program Managers.” The guidance document, expect by the end of 2012, helps DoD program managers use Open System Architecture principles for National Security Systems.

By: Dana Gardner, Principal Analyst, Interarbor Solutions Posted: 12th December 2012 Copyright Interarbor Solutions © 2012

Welcome to the latest edition of the HP Discover Performance Podcast Series. Our next discussion examines how global insurance leader American International Group (AIG) has leveraged a performance center of excellence (COE) to help drive business transformation.

We learn in our discussion how AIG's Global Performance Architecture Group improved performance of their services to deliver better experiences and payoffs for businesses and end-users alike.

Here to explore these and other enterprise IT issues, we're joined by our co-host for this sponsored podcast, Chief Software Evangelist at HP, Paul Muller.

And we also welcome our special guest, Abe Naguib, Senior Director of AIG’s Global Performance Architecture Group. The discussion is moderated by Dana Gardner, Principal Analyst at Interarbor Solutions. [Disclosure: HP is a sponsor of BriefingsDirect podcasts.]

Here are some excerpts:

Gardner: Many organizations are now focusing more on the user experience and the business benefits and less on pure technology—and, for many, it's a challenge. From a very high level, how do you perceive the best way to go about a cultural shift, or an organizational shift, from a technology focus more toward this end-user experience focus?

Naguib: There are several paradigms involved from the COO and CFO’s push on innovation and efficiency. A lot of the tooling that we use, a lot of the products we use, help to fully diversify and resolve some of the challenges we have. That’s to keep change running.

The CIO has to keep his eye forward to periodically change tracks, ensuring that the customers are getting the best value for their money. That’s a tall order and he has to predict benefit, gauge value, maintain integrity, socialize, and evolve the strategy of business ideas on how technology should run.

We have to manage quite a few challenges from the demand of operating a global franchise. Our COE looks at various levels of optimization and one key target is customer service, and factors that drive the value chain.

That’s aligning DevOps to business, reducing data-center sprawl, validating and making sense of vendors, products, and services, increasing the return on investment (ROI) and total cost of ownership (TCO) of emerging technologies, economy of scale, improving services and hybrid cloud systems, as we isolate and identify the cascading impacts on systems. These efforts help to derive value across the chain and eventually help improve customer value.

Gardner: Paul Muller, does this jibe with what you're seeing in the field? Do you see an emphasis that’s more on this sort of process level, when it comes to IT, with, of course, more input from folks like the COO and the chief financial officer?

Muller: As I was listening to Abe's description I was thinking that you really can tell the culture of an organization by the level of initiatives, and thinking that it has. In fact, you can't change one without changing the other. What I've just described is a very high level of cultural maturity.

We do see it, but we see it in maybe 10 to 15 percent of organizations that have gone through the early stages of understanding the performance and quality of applications, optimizing it for cost and performance, but then moving through to the next stage, reevaluating the entire chain, and looking to take a broader perspective with lots of user experience. So it's not unique, but it's certainly used among the more mature in terms of observational thinking.

Gardner: Tell us about AIG, its breadth, and particularly the business requirements that your Global Performance Architecture Group is tasked with meeting.

Naguib: AIG is a leading international insurance organization, across 130 countries. AIG’s companies serve commercial, institutional, individual customers, through one of the world’s most extensive property/casualty networks, and are leading providers of life insurance and retirement services in the US.

Among the brand pillars that we focused on are integrity, innovation, and market agility across the variety of products that we offer, as well as customer service.

With AIG’s mantra of "better, faster, cheaper," my organization’s people, strategy, and comprehensive tools help us to bridge these gaps that a global firm faces today. There are many technology objectives across different organizations that we align, and we utilize various HP solutions to drive our objectives, which is getting the various IT delivery pistons firing in the same direction and at the right time.

These include performance, application lifecycle management (ALM), and business service management (BSM), as well as project and portfolio management (PPM). Over time our Global Performance organization has evolved, and our senior manager realized our strategic benefit and capability to reduce cost, risk, and mitigate production and risk.

Our role eventually moved out of quality assurance's QA’s functional testing area to focus on emphasizing application performance, architecture design patterns, emerging technologies, infrastructure and consolidation strategies, and risk mitigation, as well increasing ROI and economy of scale. With the right people, process, and tools, our organization enabled IT transparency and application tuning, reduced infrastructure consumption, and accelerated resolution of any system performances in dev and production.

The key is bringing together our business-critical and strategic drivers across IT’s various segments, which fosters alignment, agility, and eventually unity. Now, our leaders seek our guidance to help tune IT at some degree of financial performance to unlock optimal business value.

Gardner: Is that a pattern you're seeing, that the people in QA are in the sense breaking out of just an application performance level and moving more into what we could call IT performance level?

Naguib: In the last six or seven years, there's less focus on just basic performance optimization. The focus is now on business strategy impact on infrastructure CAPEX, and OPEX. Correlating business use cases to impact on infrastructure is the golden grail.

Once you start communicating to CIOs the impact of a system and the cost of hosting, licensing, headcount, service sprawl, branding, and services that depend on each other, we're more aligning DevOps with business.

Muller: I just had a conversation not three weeks ago with a financial institution in another part of the world. I asked who is responsible for your end-to-end business process—in this case I think it was mortgage origination—and the entire room looked at each other, laughed, and said "We don't know."

So you've really got this massive gap in terms of not just IT process maturity, but you also have business-process maturity, and it's very challenging, in my experience, to have one without having the other.

Gardner: I think we have to recognize too that most businesses now realize that software is such an integral part of their business success. Being adept at software, whether it's writing it, customizing it, implementation and integration, or just overall lifecycle has become kind of the lifeblood of business, not just an element of IT. Do you sense that, Abe, that software is given more clout in your organization?

Naguib: Absolutely Dana. I truly believe that. I've been kind of an internal evangelist on this, but I always say that software drives the hardware. Whether I communicate with the enterprise architects, the dev teams, the infrastructure teams, software frankly does drive the hardware.

That's really the key point here. If you start managing your root cost and performance from a software perspective and then work your way out, you’ve got the key to unlocking everything from efficiencies to optimizing your ROI and to addressing TCO over time. It's all business driven. Know your use cases. Know how it impacts your software, which impacts your infrastructure.

Gardner: Just being productive for its own sake isn’t good enough in this economy. We have to show real benefits, and you have to measure those benefits. Maybe you have some way to translate how this actually does benefit your customers. Any metrics of success you can share with us, Abe?

Naguib: Yes, during our initial requirements-gathering phase with our business leaders, we start defining appropriate test-modeling strategy, including volumetrics, and managing and understanding the deployment pattern with subscriber demographics and user roles. We start aligning DevOps organizations with business targets which improves delivery expectations, ROI, TCO, and capacity models.

Then, before production, our Application Performance Engineering (APE) team identifies weak spots to provide the production team with a reusable script setting thresholds on exact hotspots in a system, so that eventually in production, they can take appropriate productive measures. Now, this is value add.

Muller: As we’re seeing across the planet at the moment, there's a recognition that to bring great software and information is really a function of getting Layers 1 through 7 in the technology stack working, but it's also about getting Layer 8 working. Layer 8, in this case, is the people. Unfortunately, being technologists, we often forget about the people in this process.

What Abe just described is a great representation of the importance of getting not just a functional part of IT, in this case quality and performance, working well, but also it's about recognizing the software will one day be delivered to operational staff to internally monitor and manage it in a production setting.

The big transformation taking place right now is that our organization is connecting different silos of IT delivery, in particular development, quality, and operations, to help them accelerate the release of quality applications, and to automate things like threshold setting, and optimize monitoring of metrics ahead of time. Rather than discovering that an application might fail to perform in a production setting, where you've got users screaming at you, you get all of that work done ahead of time.

You create a culture of sharing and trust between development, quality, and operations that frankly doesn’t exist in a lot of processes where the relationship between development and operations is pretty strained.

Gardner: Abe, how do you measure this? We recognized the importance of the metrics, but is there a new coin of the realm in terms of measurement? How do you put this into a standardized format that you’re going to take to your CFO and your COO and say here’s what's really happening?

Naguib: That's a good question. Tying into what Paul was saying, nobody cared about whether we improved performance by three seconds or two seconds. You care at the front end, when you hear users grumbling. The bottom line is how the application behaves, translating that into business impact as well as IT impact.

Business impact is what are the dollar values to make key use cases and transactions that don't scale. Again, software drives the hardware. If an application consumes more hardware, the hardware is cheap now-a-days, but licenses aren’t. You have database and you have middleware products running in that environment, whether it's on-premise or in the cloud.

The point is that impact should be measured, and that's how we started communicating results through our organization. That's when we started seeing C-level officers tuning in and realizing the impact of performance of both to the bottom line, even to the top line.

Our role is to provide more insight earlier and quicker to the right people at the right time.

Leveraging HP’s partnership and solutions helped us to address technologies, whether Web 2.0, client-server, legacy systems, Web, cloud-based, or hybrid models. We were able to leverage consistent dashboards across different IT solutions internally, then target weak spots and help drive optimization, whether on premise or cloud.

Muller: In the enterprise today, it's all about getting your ideas out of your head and making them a reality. As Abe just described, most of the best ideas today that are on their way into business processes you can ultimately turn into software. So success is really all about having the best applications and information possible.

The challenge is understanding how the technology, the business process and the benefits come together and then orchestrating that—the delivery of that benefit to your organization. It's not something that can be done without a deliberate focus on process. Again, the challenge is always understanding your organization's maturity, not just from an IT standpoint but, importantly, from a broader standpoint.

Naguib: What's the common driver for all? Money talks. Translating things into a dollar value started to bring groups together to understand what we can do better to improve our process.

What we're seeing more is that it's not just internal dev and ops that we're aligning with, or even our business service level expectations. It's also partnerships with key vendors that have opened up the roadmap to align our technologies, requirements, and our challenges into those solutions.

The gains we make are simple. They can be boiled down into three key benefits: savings, performance, and business agility. Leveraging HP's ALM solutions helps us drive IT and business transformation and unlock resources and efficiencies. That helps streamline delivery and an increased reliability of our mission critical systems.

My favorite has always been HP's LoadRunner Performance Center. It’s basically our Swiss Army Knife to support diverse platform technologies and align business use cases to the impact on IT and infrastructure via SiteScope, HP SiteScope.

We're able to deep dive into the diagnostics, if needed. And the best part is, after we've dealt with tuning, we can help activate post-production monitoring using the same script, understanding where the weak spots are.

So the tools are there. The best part is integrated, and actually work together very well.

Gardner: It really sounds like you've grabbed onto this system-of-record concept for IT, almost enterprise resource planning (ERP) for IT. Is that fair?

Naguib: That's a good way to put it.

Muller: One of the questions I get a lot from organizations is how we measure and reflect the benefit. What hard data have you managed to get?

Naguib: IDC came in and did an extensive three-month study, and it was interesting what they have found. We've realized a saving of more than $11 million annually for the past five years by increasing our economy of scale. Scale on a system allows more applications on the same host.

It's an efficiency from both hardware and software. They also found that our using solutions from HP increased staff productivity by over $300,000 a year. Instead of fighting fires, we're actually now focusing on innovation, and improving business reliability by over $600,000 a year.

So all that together shows a recoup, a five-year ROI, about 577 percent. I was very excited about that study. They also showed that we resolved mean time resolution over 70 percent through production debugging, root cause, and resolution efforts.

So what we found, and technologists would agree with me, is that today, with hardware being cheaper than software, there is a hidden cost associated with hosting an application. The bottom line, if we don’t test and tune our applications holistically, either the architecture, code, infrastructure, and shared services, these performance issues can quickly degrade quality of service, uptime, and eventually IT value.

Gardner: Abe, any recommendations that you might have for other organizations that are thinking of moving in this direction and that want to get more mature, as Paul would say. What are some good things to keep in mind as you start down this path?

Naguib: Besides software drives the hardware—and I can't stress that enough—are all the ways to understand business impact and translate whatever you're testing into the business model.

What happens to the scenarios such as outages? What happens when things are delayed? What is the impact on business operability, productivity, liability, customer branding. There are so many details that stem from performance. We used to be dealing with the "Google factor" of two-second response time, but now, we're getting more like millisecond response, because there are so many interdependencies between our systems and services.

Another fact is that a lot of products come into our doors on a daily basis. Modern technologies come in with a lot of promises and a lot of commitments.

So it's being able to weed through the chaff, identify what works, how the interdependencies work, and then, being able to partner with vendors of those solutions and services. Having tools that add transparency into their products and align with our environment helps bring things together more. Treating IT like a business by translating the impact into dollar value, helps to get lined up and responsive.

Muller: It might be a little controversial here, but the first step for progress on all of this is look in the mirror and understand your organization and its level of maturity. You really need to assess that very self-critically before you start. Otherwise, you're going to burn a lot of capital, a lot of time, and a lot of credibility trying to make a change to an organization from state A to state B. If you don’t understand the level of maturity of your present state before you start working on the desired state, you can waste a lot of time and money. It's best to look in the mirror.

The second step is to make sure that, before you even begin that process, you create that alignment and that desired state in the construct of the business. Make sure that your maturity aligns to the business's maturity and their goal. I just described the ability to measure the business impact in terms of revenue of IT services. Many companies can’t even do something as fundamental as that. It can be really hard to drive alignment, unless you’ve got business-IT alignment ahead of time.

I have said this so many times. The technology is a manageable problem, Layers 1 through 7, including management software to a certain degree, have solved problems the most time. Solving the problem of Layer 8 is tough. You can reboot the server, but you can’t reboot a person.

I always recommend bringing along some sort of management of organizational change function. In our case, we actually have a number of trained organizational psychologists working for us who understand what it takes to get several hundred, sometimes several thousand, people to change the way they behave, and that’s really important. You’ve got to bring the people along with it.

Gardner: I'd like to thank our supporter for this series, HP Software, and remind our audience to carry on the dialogue with Paul Muller through the Discover Performance Group on LinkedIn, and also to follow Raf on his popular blog, Following the White Rabbit.

You can also gain more insights and information on the best of IT performance management at http://www.hp.com/go/discoverperformance.

And you can always access this and other episodes in our HP Discover Performance Podcast Series at hp.com and on iTunes under BriefingsDirect.

Listen to the podcast. Find it on iTunes. Read a full transcript or download a copy.

By: Dana Gardner, Principal Analyst, Interarbor Solutions Posted: 11th December 2012 Copyright Interarbor Solutions © 2012

The modern class of C and C++ tools are workhorses of PC applications development. And Objective-C tools have proven the rapid application development means of choice for native mobile development for iOS and Mac OS X.

So wouldn't it be nice to let the developers with the skills and proficiency in building native applications for the prominent enterprise computing clients of yesteryear (like Windows) gain ease in bringing better apps to all the mobile and fat client types demanded for the foreseeable future?

Embarcadero Technologies thought so, and long enough ago that they began re-architecting their compiler and C++ Builder development architecture in time to now provide write-once, run-natively-anywhere-that-counts benefits. [Disclosure: Embarcadero Technologies is a sponsor of BriefingsDirect podcasts.]

And now is when it really counts, with the advent of Windows 8, growing Mac OS X use and exploding sales of iOS and Android clients.

Embarcadero on Monday made generally available C++Builder XE3, which allows a common development effort to natively target—using a new 64-bit compiler—Windows 8, Mac OS X and Intel (not yet ARM) clients. And, coming this summer, the same compiler outputs to run those same apps natively on iOS and Android mobile clients. ARM support comes at end of 2013.

What's more, more of the Embarcadero stable of tools and IDEs will leverage the architecture. So more tools to build more apps once that run on more devices natively. The compiler architecture is extensible to make more tools that make more code more extensible to more platforms. Almost rhymes.

Vision to close chasms
The vision to bridge the long-standing chasm between mobile and full client environments—never mind the Windows-Mac chasm—came as Embarcadero acquired the CodeGear technology set from Borland back in 2008. Embarcadero said it immediately set out to build C++Builder XE3 then, to allow one code effort for many more targets.

"The old way of supporting multiple platforms was not practical," said Michael Swindell, Senior Vice President of Marketing and Product Management at Embarcadero in San Francisco. That old way included highly redundant and costly development to target different platforms. The old way forced ISVs and enterprises to make guesses about which clients to target, despite an extremely dynamic market and fast-changing users preferences.

"We needed to re-organize for a multi-client world," said Swindell. He said that ISVs and developers can hedge their bets by using C++Builder XE3 now, with the knowledge the same code will be able to quickly tuned and deployed in Q3 of this year on iOS and Android.

And there are some additional synergies that should appeal to the commercial ISVs.

The common mantra behind Delphi and C++ Builder, as well as any RAD IDE, of course, is to make less code to more work fast. C++Builder XE3 takes that a big step further by applying Embarcadero's agile benefits to a common architecture supporting the major IDEs to deliver cross-client platform development on all the major targets. Full Delphi support on the new C++Builder XE3 underlying architecture comes this spring, with all the Delphi database connectivity and web services support built in.

And there are some additional synergies that should appeal to the commercial ISVs. The C++Builder XE3 architecture is already "app store ready," enabling ease in bringing the apps to Apple and Google app stores. But for enterprises, Embarcadero is also developing synergies between its AppWave capabilities and C++Builder XE3 so that enterprises too can gain a streamlined means to deploy the apps for PCs, Macs and iOS and Android uses from an AppWave app store. Expect that in the fall, said Swindell.

So the net-net on this from my perspective is that Embarcadero has primed the pump for accelerated enterprise mobile development for 2013. And, it's given developers with C and C++ skills the means to build and deploy via app stores mobile apps on-demand, via subscription models, even inside enterprises. It also means that apps can be designed with common logic and requirements and then delivered on multiple devices, so workforces can use those apps anywhere, anytime. Very powerful.

Best of mobile to enterprise
In essence, this brings what we have come to like about consumer and entertainment and web apps—but to the workplace on all relevant platforms natively—in a way that's not too complicated, costly or time-consuming.

I'm not seeing that in any comprehensive way from Microsoft, Apple or Google, nor from any PaaS development offerings in the market.

And so I would expect that PaaS-hungry providers may look to OEM or otherwise license the C++Builder XE3 technology to bring to a cloud deployment model, and to better cross the PC-Mac divide, and to consolidate new apps development for all uses.

The C and C++ IDE tools and C++Builder XE3 technology, incidentally, need not only run on-premises. Embarcadero is exploring the means to make it all cloud-based, and to make tool clients using HTML5. A hybrid future for such multi-device development can't be too far off.

By: Dana Gardner, Principal Analyst, Interarbor Solutions Posted: 6th December 2012 Copyright Interarbor Solutions © 2012

Message Bus has a pedigreed CEO, an impressive list of customers and partners and technology that makes its cloud-based service highly scalable and resilient, yet the young company's goal is simple: help customers keep their legitimate email messages out of recipients' spam folders.

With Twitter co-founder Jeremy LaTrasse at the helm, Message Bus is navigating the often dark waters of email delivery so that its customers don't have to. The company's Global Delivery Network, launched in mid-November, aims to be to email and mobile messaging what Amazon Web Services are to cloud computing and Dropbox to cloud storage.

The service is a cloud-native application, meaning that it's not tied to the underlying infrastructure of a single cloud service provider. Therefore Message Bus can scale and move its customers' workloads across different cloud infrastructures as needed (the company says it currently deploys on Joyent, Amazon Web Services and Rackspace cloud services). This approach avoids the scale limitations of working with a single cloud service provider, as well as the possibility of service disruption if a provider experiences an outage.

But it takes more than the right architecture to provide an effective message delivery service. Message Bus has done extensive relationship building with top ISPs including AOL, Microsoft and Google to understand what they expect from a trusted sender and sticks to those guidelines, resulting in a higher likelihood that legitimate emails make it to the inbox.

"More than 90 percent of all mail worldwide ends up in one of those places; if there’s no trust with those ISPs then the message won’t make it into the box," says LaTrasse. "So we had the idea to build best practices into the network, so everyone who sends through our service follows them. We made the relationships happen, and all our customers benefit, as well as their recipients."

Out of control
Currently, one in five legitimate emails is either blocked or routed to the spam folder, says Message Bus, making it difficult for companies relying on email as a primary driver of revenue and brand recognition to get their message across. What's more, the cost and complexity of launching messaging campaigns across multiple channels (email, mobile and social messaging, etc) is spinning out of control.

Customers of the Global Delivery Network don't need dedicated messaging hardware or personnel; instead they build a virtual SMTP bridge to send their messages across Message Bus' network. This significantly reduces upfront infrastructure costs as well as ongoing staffing, says LaTrasse, and allows customers to focus on the content of the messages, knowing that they'll be delivered in a manner that's effective, secure, and complaint.

At the same time it unveiled the Global Delivery Network, Message Bus launched a free reporting service called Discover that informs customers of email senders who may be abusing their domain name for illicit or unauthorized purposes. And late in November the company announced an enhancement to its service with the deployment of Opscode's Hosted Chef to automate configuration, environment and application management across the multiple cloud infrastructures powering the company's service.

Message Bus lists American Greetings, MyFitnessPal, and Telly among its early users.

(BriefingsDirect contributor Cara Garretson provided editorial assistance and research on this post. She can be reached on LinkedIn at http://linkd.in/T6trhH.)