By: Dana Gardner, Principal Analyst, Interarbor Solutions Posted: 13th May 2013 Copyright Interarbor Solutions © 2013

The next BriefingsDirect IT leadership discussion focuses on how leading Australian IT services provider Thomas Duryea Consulting made a successful journey to cloud computing as a business.

We'll learn why a cloud-of-clouds approach is providing new types of IT services to Thomas Duryea’s many Asia-Pacific region customers.

The first part of our series addressed the rationale and business opportunity for TD's cloud-services portfolio, which is built on VMware software.

The latest discussion continues a three-part series on how Thomas Duryea, or TD, designed, built and commercialized an adaptive cloud infrastructure. This second installment focuses on how a variety of risks associated with cloud adoption and cloud use have been identified and managed by actual users of cloud services.

Learn more about how adopters of cloud computing have effectively reduced the risks of implementing cloud models from Adam Beavis, General Manager of Cloud Services at Thomas Duryea in Melbourne, Australia. The interview is conducted by Dana Gardner, Principal Analyst at Interarbor Solutions. [Disclosure: VMware is a sponsor of BriefingsDirect podcasts.]

Here are some excerpts:

Gardner: Adam, we've been talking about cloud computing for years now, and I think it's pretty well established that we can do cloud computing quite well technically. The question that many organizations keep coming back with is whether they should do cloud computing. If there are certain risks, how do they know what risks are important? How do they get through that? What are you in learning so far at TD about risk and how your customers face that?

Beavis: People are becoming more comfortable with the cloud concept as we see cloud becoming more mainstream, but we're seeing two sides to the risks. One is the technical risks, how the applications actually run in the cloud.

What we're also seeing—more at a business level—are concerns like privacy, security, and maintaining service levels. We're seeing that pop up more and more, where the technical validation of the solution gets signed off from the technical team, but then the concerns begin to move up to board level.

We're seeing intense interest in the availability of the data. How do they control that, now that it's been handed off to a service provider? We're starting to see some of those risks coming more and more from the business side.

Gardner: I've categorized some of these risks over the past few years, and I've put them into four basic buckets. One is the legal side, where there are licenses and service-level agreements (SLAs), issues of ownership, and permissions.

The second would be longevity. That is to say, will the service provider be there for the long term? Will they be a fly-by-the-seat-of-the-pants organization? Are they are going to get bought and maybe merged into something else? Those concerns.

The third bucket I put them in is complexity, and that has to do with the actual software, the technology, and the infrastructure. Is it mature? If it's open source, is there a risk for forking? Is there a risk about who owns that software and is that stable?

And then last, the long-term concern, which always comes back, is portability. You mentioned that about the data and the applications. We're thinking now, as we move toward more software-defined data centers, that portability would become less of an issue, but it's still top of mind for many of the people I speak with.

So let's go through these, Adam. Let's start with that legal concern. Do you have any organizations that you can reflect on and say, here is how they did it, here is how they have figured out how to manage these licenses and control of the IP risks?

Beavis: The legal one is interesting. As a case study, there's a not-for-profit organization for which we were doing some initial assessment work, where we validated the technical risk and evaluated how we were going to access the data once the information was in a cloud. We went through that process, and that went fine, but obviously it then went up to the legal team.

One of the big things that the legal team was concerned about was what the service level agreeement was going to be, and how they could capture that in a contract. Obviously, we have standard SLAs, and being a smaller provider, we're flexible with some of those service levels to meet their needs.

But the one that they really started to get concerned about was data availability… if something were to go wrong with the organization. It probably jumps into longevity a little bit there. What if something went wrong and the organization vanished overnight? What would happen with their data?

That's where we see legal teams getting involved and starting to put in things like the escrow clause, similar to what we had with software as a service (SaaS) for a long time. We're starting to see organizations' legal firms focus on doing these, and not just for SaaS—but infrastructure as a service (IaaS) as well. It provides a way for user organizations to access their data if provider organizations like TD were to go down.

So that's one that we're seeing at the legal level. Around the terms and conditions, once again being a small service provider, we have a little more flexibility in what we can provide to the organizations on those.

Once our legal team sits down and agrees on what they're looking for and what we can do for them, we're able to make changes. With larger organizations, where SLAs are often set in stone, there's no flexibility about making modifications to those contracts to suit the customer.

Gardner: Tell us about your organization, how big you are, and who your customers are, and then we'll get back into some of these risks issues and how they have been managed.

Beavis: Traditionally, we came from a system-integrator background, based on the east coast of Australia—Melbourne and Sydney. The organization has been around for 12 years and had a huge amount of success in that infrastructure services arena, initially with VMware.

Other companies heavily expanded into the enterprise information systems area. We still have a large focus on infrastructure, and more recently, cloud. We've had a lot of success with the cloud, mainly because we can combine that with a managed services.

We go to market with cloud. It's not just a platform where people come and dump data or an application. A lot of the customers that come into our cloud have some sort of managed service on top of that, and that's where we're starting to have a lot of success.

As we spoke about in part one, our customers drove us to start building a cloud platform. They can see the benefits of cloud, but they also wanted to ensure that for the cloud they were moving to, they had an organization that could support them beyond the infrastructure.

That might be looking after their operating systems, looking after some of their applications such as Citrix, etc. that we specialize in, looking after their Microsoft Exchange servers, once they move it to the cloud and then attaching those applications. That's where we are. That's the cloud at the moment.

Gardner: Is there something about the platform and industry-standard decisions that you've made that helps your customers feel more comfortable? Do they see less risk because, even though your organization is one organization, the infrastructure is broader and there's some stability about that that comes to the table?

Beavis: Definitely. Partnering with VMware was one of our core decisions, because their platform everywhere is end-to-end standard VMware. It really gives us an advantage when addressing that risk if organizations ask what happens if our company doesn't run or they're not happy with the service.

The great thing is that within our environment—and it's one part of VMware’s vision—you can then pick up those applications, and move them to another VMware cloud provider. Thank heaven, we haven't had that happen, and we intend it not to happen. But, for organizations to understand that, if something were to go wrong, they can move that to another service provider without having to re-architect those applications or make any major changes. This is one area where we're well getting around that longevity risk discussion.

Gardner: Is there a confluence between portability and what organizations are doing with disaster recovery (DR)? Maybe they're mirroring data and/or infrastructure and applications for purposes of business continuity and then are able to say, "This reduces our risk, because not only do we have better DR and business continuity benefits, but we’re also setting the stage for us to be able to move this where we want, when we want."

They can create a hybrid model, where they can pick and choose on-premises, versus a variety of other cloud providers, and even decide on those geographic or compliance issues as to where they actually physically place the data. That's a big question, but the issue is business continuity, as part of this movement toward a lower risk, how does that pan out?

Beavis: That's actually one of the biggest movements that we’re seeing at the moment. Organizations, when they refresh their infrastructure, don’t see the the value refreshing DR on-premise. Let the first step cloud be "let's move the DR out to the cloud, and replicate from on-premises out into our cloud."

Then, as you said, we have the advantage to start to do things like IaaS testing, understanding how those applications are going to work in the cloud, tweak them, get the performance right, and do that with little risk to the business. Obviously, the production machine will continue to run on-premises, while we're testing snapshots.

It's a good way to put a live snapshot of that environment, and how it’s going to perform in the cloud, how your users are going to access it, bandwidth, and all that type of stuff that you need to do before starting to run up. DR is still the number one use case that we’re seeing people move to the cloud.

Gardner: As we go through each of these risks, and I hear you relating how your customers and TD, your own organization, have reacted to them, it seems to me that, as we move toward this software-defined data center, where we can move from the physical hardware and the physical facilities, and move things around in functional blocks, this really solves a lot of these risk issues.

You can manage your legal, your SLAs, and your licenses better when you know that you can pick and choose the location. That longevity issue is solved, when you know you can move the entire block, even if it's under escrow, or whatever. Complexity and fear about forking or immaturity of the infrastructure itself can be mitigated, when you know that you can pick and choose, and that it's highly portable.

It's a round-about way of getting to the point of this whole notion of software-defined data center. Is that really at heart a risk reduction, a future direction, that will mitigate a lot of these issues that are holding people back from adopting cloud more aggressively?

Beavis: From a service provider's perspective it certainly does. The single-pane management window that you can do now, where you can control everything from your network—the compute and the storage—certainly reduces risk, rather than needing several tools to do that.

And the other area where the venders are starting to work together is the integration of things like backup and, as we spoke about earlier, DR. Tools are now sitting natively within that VMware stack around the software-defined data center, written to the vSphere API, as we're trying to retrofit products to achieve file-level backups within a virtual data center, within vCloud. Pretty much every day, you wake up there's a new tool that's now supported within that.

From a service provider's perspective it's really reducing the risk and time to market for the new offerings, but from a customer's perspective it's really getting in that experience that they used to. On-premise over a TD cloud, from their perspective, makes it a lot easier for them to start to adopt and consume the cloud.

Gardner: I suppose this is a good segue into this notion of how to make your data, applications, and the configuration metadata portable across different organizations, based on some kind of a standard or definition. How does that work? What are the ways in which organizations are asking for and getting risk reduction around this concept of portability?

Beavis: Once again, it's about having a common way that the data can move across. The basics come into that hybrid-cloud model initially, like how people are getting things out. One of the things that we see more and more is that it's not as simple as people moving legacy applications and things up to the cloud.

To reduce that risk, we're doing a cloud-readiness assessment, where we come in and assess what the organization has, what their environment looks like, and what's happening within the environment, running things like the vCenter Operations tools from VMware to right-size those environments to be ready for the cloud.

Gardner: Now the flip-side of that would be that some of your customers who have been dabbling in cloud infrastructure, perhaps open-source frameworks of some kind, or maybe they have been integrating their own components of open-source available software, licensed software. What have you found when it comes to their sense of risk, and how does that compare to what we just described in terms of having stability and longevity?

Beavis: Especially in Australia, we probably have 85 percent to 90 percent of organizations with some sort of VMware in their data center. They no doubt seem to be more comfortable gravitating to some providers that are running familiar platforms, with teams familiar with VMware. They're more comfortable that we, as a service provider, are running a platform that they're used to.

We'll probably talk about the hybrid cloud a bit later on, but that ability for them to still maintain control in a familiar environment, while running some applications across in the TD cloud, is something that is becoming quite welcoming within organizations. So there's no doubt that choosing a common platform that they're used to working on is giving them confidence to start to move to the cloud.

Listen to the podcast. Find it on iTunes. Read a full transcript or download a copy.

By: Dana Gardner, Principal Analyst, Interarbor Solutions Posted: 7th May 2013 Copyright Interarbor Solutions © 2013

Dell Software has delivered Foglight for Virtualization, Enterprise Edition to extend the depth and breadth of managing and optimizing server virtualization as well as virtual desktop infrastructure (VDI) and their joint impact on such IT resources as storage.

Building on the formerly named Quest vFoglight Pro virtualization management solution, Dell re-branded vFoglight to Foglight for Virtualization to make it the core platform to the Foglight family. Foglight is not sitting still either. Improvements this year move beyond monitoring support for VMware View VDI, to later support for VMware vCloud Director, OpenStack, and Citrix Xen VDI. [Disclosure: Dell Software and WMware are sponsors of BriefingsDirect podcasts.]

The higher value from such ecosystem and heterogeneous management support is the ability for virtualization server and system administrators to comprehensively optimize various flavors of data-center server virtualization, as well as the major VDI types, with added capabilities to track and analyze performance from the application level all the way to the server and storage hardware level. This week's announcements have also shown a spotlight on the recently updated Foglight for Storage Management 2.5.

“With Foglight for Virtualization, Enterprise Edition, Dell is showing its commitment to offering a  solution that encompasses all aspects of virtual infrastructure performance monitoring and management, built on a platform that can scale as the infrastructure grows,” said Steve Rosenberg, general manager for Performance Monitoring, Dell. “This new release expands Foglight’s ability not only to monitor the additional infrastructure area of VDI, but also to correlate metrics from VDI with performance for applications, the virtual layer, the network, and underlying servers and storage.”

Dell Software also last week released a series of BYOD-targeted products and services, which are related to the better VDI management capabilities. That's because many enterprises and mid-market firms that are tasked with moving quickly to BYOD are using VDI to do it.

With the increasing adoption of VMware View in virtualized data centers (including for MSPs), VDI support is fast becoming a mainstay for today’s IT departments and managed service providers. VDI and server virtual machines (VMs) often utilize the same hardware components. Yet, both of these virtualized infrastructures serve different users and have separate requirements and resource demands, explained John Maxwell, vice president of product management for performance monitoring for virtualization, networking,storage and hardware at Dell Software.

Single-source solution
As a result, VDI and server VMs require dedicated performance monitoring systems. However, these systems must also be connected, because so many underlying resources are often shared. Agent-based Foglight for Virtualization, Enterprise Edition offers virtualization administrators a more single-source solution that not only identifies and fixes performance issues within VMware View, but continues to run all features available in vOPS Server Enterprise with no effect on overall vCenter performance.

Foglight for Storage Management 2.5 has been released as an optional "cartridge" to Foglight for Virtualization. Foglight for Storage Management now offers physical storage performance reporting in addition to virtual reporting, providing customers with complete "VM to physical LUN" visibility. 

Additional enhancements in this release include LUN latency reporting, NPIV support, and the ability for customers to purchase the product either as a stand-alone cartridge, or as an optional cartridge to Foglight for Virtualization.

Additionally, Foglight is a unified performance monitoring platform that allows individual product solutions, delivered as sets of pluggable “cartridges,” to run stand-alone or to interoperate. Each individual product delivers best-of-breed functionality to the admin for that area, while simultaneously integrating with other cartridges to deliver true end-to-end monitoring from end-user experience to the underlying storage and server hardware layers, and everything in between, said Maxwell.

Foglight for Virtualization Enterprise Edition 6.8 is available now for a 45-day trial from www.quest.com. Pricing starts at $799 per socket. Foglight for Storage Management 2.5 is also available now for a 45-day trial from www.quest.com.  Pricing starts at $499 per socket.

Because Foglight is built on a common architecture to support the cartridges, it seems likely that it will move from an on-premises only offering to a SaaS-based version too, especially to support cloud- and MSP-based VDI offerings, and also to manage hybrid VDI implementations.

By: Dana Gardner, Principal Analyst, Interarbor Solutions Posted: 3rd May 2013 Copyright Interarbor Solutions © 2013

Collaboration will take center stage next week when Ariba, an SAP company, holds its Ariba LIVE conference in Washington, DC. In an effort to fuel greater collaboration between companies through new capabilities and network-derived intelligence, Ariba will announce an enhanced set of tools, as well as a joint offering with Dell Boomi.

Leading the list of enhanced Ariba tools are:

• Ariba Spot Buy. With the integration of Ariba Procure-to-Pay and Ariba Discovery, buyers can quickly discover and qualify new sources of supply for one-off, time-sensitive, or hard-to-find purchases.
• Ariba Recommendations. Through new services that push network-derived intelligence and community-generated content directly into the context of specific business processes and use cases, companies can make more informed decisions at the point of transaction or activity. “Suppliers You May Like,” for example, helps guide buyers to qualified suppliers based on a host of inputs, including buyer requirements, supplier capabilities and performance ratings, and how often other buyers on the network have awarded business to them.

“Just as consumers tap into personal networks like Facebook, Twitter and Amazon.com to connect with friends and family, share and shop, companies are leveraging digital networks to more efficiently engage with their trading partners and collaborate across the entire commerce process,” said Sanish Mondkar, Ariba Chief Product Officer. “This new, more social and connected way of operating is redefining the way business is done. But it demands a new set of tools and processes that are only possible at scale in a truly networked environment. Ariba is delivering these tools today.”

Spot buys—or unplanned purchases of unique items—account for more than 40 percent of a company’s total spend. Spot buys are challenging because they require quick turnaround, and buyers generally lack efficient or effective methods to source them. [Disclosure: Ariba and Dell are sponsors of BriefingsDirect podcasts.]

Selective leveraging
According to independent research firm The Hackett Group, “by selectively leveraging software tools in areas like supplier discovery and online bidding, organizations can reduce the time it takes to find the right suppliers from weeks to days or even hours and drive cost reductions of between two percent and five percent on average.”

Nearly one million selling organizations across more than 20,000 product categories are connected to the Ariba Network. And they have access to the more than 13 million leads worth over $5 billion that are posted each year by more than half of the Global 2000 who are connected to the network as well.

New features added to Ariba Discovery allow selling organizations to get the right messages to the right audience and convert these leads into sales.

• Profile Pitch. Sellers can create highly targeted profiles and messaging based on industry, commodity, territory and other factors to promote themselves to active buyers. 
• Badges and Social Sharing. Selling organizations can further raise their visibility by adding Ariba badges to their company websites and/or email signatures, defining vanity URLs for their company profiles and sharing their public URLs and postings on social sites such as Facebook, Twitter, and LinkedIn.

Pre-packaged integration
Ariba and Dell Boomi will announce that they are teaming to deliver pre-packaged integration as a service offerings to help selling organizations drive new levels of efficiency and effectiveness across their operations.

Designed to simplify and speed integration to the Ariba Network, the Ariba Integration Connector, powered by Dell Boomi Integration Packs, enables companies to collaborate more efficiently and drive game-changing improvements in productivity and performance.  The first connector integrates with Intuit QuickBooks. Additional connectors to enable sellers who own Microsoft Dynamics AX, Netsuite and Sage Peachtree solutions to quickly and easily integrate with the Ariba Network are planned to be released later this year.

“From the beginning, the Ariba Network has been built to be an open platform to connect all companies using any system to foster more efficient business-to-business collaboration,” said Tim Minahan, senior vice president, network strategy, Ariba. “With these new connectors, we are making it even easier for sales organizations of all sizes to fully automate their customer transactions and collaborations over the Ariba Network—directly from their preferred CRM, ERP and accounting systems.”

The Ariba Integration Connector removes the barriers to system-to-network integration by eliminating complexity. An out-of-the-box solution delivered as a service, the connector provides a fast, easy and affordable way for companies to connect to the Ariba Network—regardless of the back-end systems they use. The connector currently supports integration with Intuit QuickBooks Desktop 2009-2013, Premier and Enterprise for US, UK, and CA Enterprise and Enterprise Plus.

The connector is available and in use today. To learn more about Ariba’s Connection solutions and the benefits they can deliver to your organization, visit http://www.ariba.com/services/connection-solutions.

By: Clive Longbottom, Head of Research, Quocirca Posted: 1st May 2013 Copyright Quocirca © 2013

CA is a company with a somewhat chequered past. Two of its CEOs (along with other senior staff) have been accused concerning financial irregularities, and the repercussions around these issues are only just quietening down. The other big challenge for CA is that its name is often extended into "CA, the mainframe software company".

The last but one CEO, John Swainson, did everything he could to put CA on more of an even keel. He uncovered and fixed the majority of the issues around the financial problems, and also oversaw the acquisition of companies that would help CA better position itself in a heterogeneous world of mainframe and distributed computing, with an aim of being just as attractive to those who do not have any mainframe computing in their organisation as those who do.

Swainson moved on, and a stint was carried out as CEO by Bill McCracken, a 'safe pair of hands' who was unlikely to ever set the world on fire.

Now, a new CEO is on board—and it looks like he means to move CA along as fast as he can. Michael Gregoire comes with experience from a line of other technology companies, having been at EDS, PeopleSoft and, latterly, Taleo. His first major appearance in front of the public was at this year's CA World, held in Las Vegas, where he presented his vision in front of several thousand customers, prospects, partners and media, along with being streamed to several thousand more people watching remotely.

Gregoire had to make sure that what he said engaged with prospects while not scaring the existing customers. On the whole, I would say that he probably managed this. His view seems to be that CA has to become not only more cloud-friendly, but to become one of the largest cloud companies around. Further speakers covered how CA was not going to be an infrastructure or platform as a service (I/PaaS) company as such—it would provide tooling that would be used by others who were providing such services. However, when it comes to software as a service (SaaS), then CA's aim is to be there—as fast as possible.

A 'cloud first' strategy will be balanced with providing on-premise solutions to keep the faithful customers happy and also to provide a pathway for these customers to move to cloud as and when it makes sense to them. Over time, CA will offer as much of its portfolio as possible as cloud services.

Under Swainson's tenure, the foundations were laid for CA to acquire a group of companies that positioned it well to deal with cloud computing. 3Tera provided a means of designing and automating the build of functions and applications; Nimsoft provided a means of monitoring and measuring how applications were performing. Wily gave application performance monitoring, and existing software such as Unicenter and Clarity provided additional means of managing what was happening in the cloud—or across a hybrid environment of physical, on-premise systems and different private and public cloud systems. Other acquisitions filled in gaps in CA's portfolio.

On top of these, CA has now acquired Layer 7 Technologies and Nolio, bringing API management and application release management to the game.

The problem for Gregoire could well be one which faced Swainson and McCracken. Yes, CA now has a portfolio of tools that provide it with the capabilities to be a world-leader in hybrid cloud management. Yes, there is a lot of work that needs to be done to pull everything together in a way that gets rid of all the redundant functionality that exists between all the acquired systems. The biggest problem, though, is more prosaic: how to make enough money from an overall offering?

A full, soup-to-nuts offering would use the capabilities of 3Tera to enable a business user to define what they need as a business process and have the basic technical components mapped out. Clarity would provide a timeline and resource management layer to create a 'project' for the work. Layer 7 would then be used to manage the various APIs between the internal and external functions identified by 3Tera and pull the overall composite application together. Nolio would be used to roll out the application as required. Nimsoft and Wily would be used to monitor and self-remediate any issues seen in the running of the application in real time.

Six enterprise systems all working nicely together. But, would you pay the full cost for all six systems? Highly doubtful. 

It is far more likely that, in this case, six times one adds up to no more that around 2.5. Can CA present a solution to the market that is at the right price point, but also keeps its shareholders and Wall Street happy? It is more likely that Gregoire will have to be bull-headed around the issue and face down the shareholders and Wall Street based on the fact that if CA does not meet the issue head-on, then there may be no CA further on down the track.

As it lies, the mainframe still accounts for around 60% of CA's revenues and more than that in profit. The mainframe side of the business cannot be left to fade, but new revenue streams will come through cloud computing.

CA has the arsenal of software to be a leading player in the cloud world. As always, the devil is in the detail: CA has to be able to move this collection of disparate software built up through acquisitions into meaningful packages of function at price points that are attractive to the markets.

Only time will tell if Gregoire is up to this task.

By: Philip Howard, Research Director - Data Management, Bloor Research Posted: 26th April 2013 Copyright Bloor Research © 2013

BLU Acceleration has been introduced with the latest version of IBM DB2 (10.5), for Linux, UNIX and Windows and some elements of the technology have also been included in the Informix Data Warehouse Accelerator.

It is based on a combination of parallel vector processing, dynamic in-memory caching, columnar storage, a query technique known as data skipping and extended compression. It eliminates the need for indexes and aggregation (therefore removing the tuning necessary for these artifacts) and without requiring any change to existing SQL or the schema. It operates on the data while it's still compressed thus saving the CPU time that would otherwise be needed for decompression. Not only does BLU acceleration perform predicates on compressed data, but joins, grouping, in-lists and LIKE predicates as well. IBM claims the technology is "better than in-memory" since whatever data resides in the cache is in-memory optimised, but like a traditional database the data can be larger than cache and pre-fetched on-demand while queries run. That helps for large marts and warehouses where the most active part of the data is small enough to fit in memory (such as the most recent year), but a larger data volume (perhaps 10 years) needs to be available for occasional access.

IBM is reporting some big speedups with significantly reduced DBA tuning. Database memory, workload management, and other configuration details adapt to your server automatically. At their launch event on April 3 IBM reported typical performance gains of 8x–25x, with multiple reference customers and partners standing up with even larger numbers (25x–74x) though they admit that this will vary.

Basically, what this all means is that the relational storage engine in DB2 (as opposed to the XML and graph storage engines) will now be able to store data in either of two types of tables: a conventional row-based relational table or in a compressed, encoded columnar table. Of course, row-based tables are also compressed but you would expect better compression on columns because all data in a single column has the same datatype and you can therefore optimise your compression algorithms more efficiently. As noted, you do not have to change your schema to implement column-based storage.

The advantages of columns have been well rehearsed: they reduce the need for indexes, and often mean reading far less data. However, they are not a panacea: there are some types of queries for which it may still make sense to have indexes even when using columnar storage. Just look at Sybase IQ, which supports a variety of index types despite being exclusively columnar. In the case of DB2 you will have a choice: row-based data with indexes or column-based data without indexes - what this implies is that you will need to think carefully about what data to store in columns and what data in rows. Queries, incidentally, can span both row and column-based storage and IBM claims that it is easy to migrate tables from rows to columns. However, you only get BLU Acceleration for the columnar data.

Data skipping is similar, in theory, to Netezza's zonemaps. That is, it allows queries to skip over data that is not required to answer the query in hand. However, remember that this data is in cache and on disk where it would be in the case of Netezza-based appliances (PureData System for Analytics). The BLU Acceleration technology provides data skipping regardless of whether the data is coming from disk or memory.

The parallelism I mentioned is actually what I would call cross-core parallelism (because I think that's easier to understand - you can parallelise across the cores within a single CPU as well as across sockets). Columnar processing and operating on compressed data in memory are useful tricks, but with workload speedups in the 8x–74x range there is probably more to the technology as well. IBM claims one of their strengths is the efficiency of the parallelism made possible by some deep engineering to reduce "memory access latency", in other words the time it takes to get data from RAM into the CPU where it can be processed. Most systems have a fair bit of memory access latency, but it gets disruptive across sockets. BLU Acceleration is doing something special to keep those latencies low.

The first big question is how this will stack up in performance terms with things such as SAP HANA and other purely in-memory approaches. Certainly, IBM's approach should mean that you need less memory for the same tasks and, other things being equal, this would mean a lower cost offering because there's no need to buy enough memory for all the data to fit there. The question will be about how performance compares. IBM's quoted figures are that things like cube loads and query performance should improve by an order of magnitude and I understand that, for some queries, performance may improve considerably more than this. At their product launch on April 3, IBM quoted some individual query speedups of over 1000x.

The second big question surrounds what used to be Netezza. With these features DB2 is starting to look like something that can compete directly with the PureData System for Analytics for analytic workloads. Of course this has hardware acceleration (FPGAs) that DB2 doesn't have but what is memory if not a hardware accelerator? On the other hand I daresay that the developers working on the Netezza platform will also be looking to see how they can leverage memory (and SSDs) so that they can stay ahead of the DB2 game.

By: Dana Gardner, Principal Analyst, Interarbor Solutions Posted: 24th April 2013 Copyright Interarbor Solutions © 2013

Welcome to the latest edition of the HP Discover Performance Podcast Series. Our next discussion examines how TTNET, the largest internet service provider in Turkey, with six million subscribers, significantly improved applications deployment while cutting costs and time to delivery.

We'll hear how TTNET deployed advanced Service Virtualization (SV) solutions to automate end-to-end test cases, gaining a path to integrated Unified Functional Testing (UFT).

To learn how, we're joined by Hasan Yükselten, Test and Release Manager at TTNET, which is a subsidiary of Türk Telekom, based in Istanbul. The interview is conducted by Dana Gardner, Principal Analyst at Interarbor Solutions. [Disclosure: HP is a sponsor of this and other BriefingsDirect podcasts.]

Here are some excerpts:

Gardner: What was the situation there before you became more automated, before you started to use more software tools?

Yükselten: We're the leading ISP in Turkey. We deploy more than 200 applications per year, and we have to provide better and faster services to our customers every week, every month. Before HP SV, we had to use the other test infrastructures in our test cases.

We mostly had problems on issues such as the accessibility, authorization, downtime, and private data for reaching the other third-party’s infrastructures. So, we needed virtualization on our test systems, and we needed automation for getting fast deployment to make the release time shorter. And of course, we needed to reduce our cost. So, we decided to solve the problems by implementing SV.

Gardner: How did you move from where you were to where you wanted to be?

Yükselten: Before SV, we couldn’t do automation, since the other parties are in discrete locations and it was difficult to reach the other systems. We could automate functional test cases, but for end-to-end test cases, it was impossible to do automation.

First, we implemented SV for virtualizing the other systems, and we put SV between our infrastructure and the third-party infrastructure. We learned the requests and responses and then could use SV instead of the other party infrastructure.

After this, we could also use automation tools. We managed to use automation tools via integrating Unified Functional Testing (UFT) and SV tools, and now we can run automation test cases and end-to-end test cases on SV.

We started to use SV in our test systems first. When we saw the success, we decided to implement SV for the development systems also.

Gardner: Give me a sense of the type of applications we’re talking about.

Yükselten: We are mostly working on customer relationship management (CRM) applications. We deploy more than 200 applications per year and we have more than six million customers. We have to offer new campaigns and make some transformations for new customers, etc.

We have to save all the informations, and while saving the information, we also interact the other systems, for example the National Identity System, through telecom systems, public switched telephone network (PSTN) systems.

We have to ask informations and we need make some requests to the other systems. So, we need to use all the other systems in our CRM systems. And we also have internet protocol television (IPTV) products, value added services products, and the company products. But basically, we’re using CRM systems for our development and for our systems.

Gardner: So clearly, these are mission-critical applications essential to your business, your growth, and your ability to compete in your market.

Yükselten: If there is a mistake, a big error in our system, the next day, we cannot sell anything. We cannot do anything all over Turkey.

Gardner: Let's talk a bit about the adoption of SV. What you actually have in place so far?

Yükselten: Actually, it was very easy to adopt these products into our system, because including proof of concept (PoC), we could use this tool in six weeks. We spent first two weeks for the PoC and after four weeks, we managed to use the tool.

For the first six weeks, we could use SV for 45 percent of end-to-end test cases. In 10 weeks, 95 percent of our test cases could be run on SV. It was very easy to implement. After that, we also implemented two other SVs in our other systems. So, we're now using three SV systems. One is for development, one is just for the campaigns, and one is for the E2E tests.

HP Software helped us so much, especially R&D. HP Turkey helped us, because we were also using application lifecycle management (ALM) tools before SV. We were using QTP LoadRunners, Quality Center, etc., so we had a good relation with HP Software.

Since SV is a new tool, we needed a lot of customization for our needs, and HP Software was always with us. They were very quick to answer our questions and to return for our development needs. We managed to use the tool in six weeks, because of HP’s Rapid Solutions.

Gardner: My understanding is that you have something on the order of 150 services. You use 50 regularly, but you're able to then spin up and use others on a more ad-hoc basis. Why is it important for you to have that kind of flexibility and agility?

Yükselten: We virtualized more than 150 services, but we use 48 of them actively. We use these portions of the service because we virtualized our third-party infrastructures for our needs. For example, we virtualized all the other CRM systems, but we don’t need all of them. In gateway remote, you can simulate all the other web services totally. So, we virtualized all the web services, but we use just what we need in our test cases.

In three months we got the investment back actually, maybe shorter than three months. It could have been two and half months. For example, for the campaign test cases, we gained 100 percent of efficiency. Before HP, we could run just seven campaigns in a month, but after HP, we managed to run 14 campaigns in a month.

We gained 100 percent efficiency and three man-months in this way, because three test engineers were working on campaigns like this. For another example, last month we got the metrics and we saw that we had a total blockage for seven days, so that was 21 working days for March. We saved 33 percent of our manpower with SV and there are 20 test engineers working on it. We gained 140 man-months last month.

For our basic test scenarios, we could run all test cases in 112 hours. After SV, we managed to run it in 54 hours. So we gained 100 percent efficiency in that area and also managed to do automation for the campaign test cases. We managed to automate 52 percent of our campaign test cases, and this meant a very big efficiency for us. Totally, we saved more than $50,000 per month.

Gardner: Do you expect now to be able to take this to a larger set of applications across Türk Telekom?

Yükselten: Yes. Türk Telekom licenses these tools and started to use these tools in their test service to get this efficiency for those systems. We have a branch company called AVEA, and they also want to use this tool. After our getting this efficiency, many companies want to use this virtualization. Eight companies visited us in Turkey to get our experiences on this tool. Many companies want this and want to use this tool in their test systems.

Gardner: Do you have any advice for other organizations like those you've been describing, now that you have done this? Any recommendations on what you would advise others that might help them improve on how they do it?

Yükselten: Companies must know their needs first. For example, in our company, we have three blockage systems for third parties and the other systems don't change everyday. So it was easy to implement SV in our systems and virtualize the other systems. We don’t need to do virtualization day by day, because the other systems don't change every day.

Once a month, we consult and change our systems, update our web services on SV, and this is enough for us. But if the other party's systems changes day by day or frequently, it may be difficult to do virtualization every day.

This is an important point. Companies should think automation besides virtualization. This is also a very efficient aspect, so this must be also considered while making virtualization.

We started to use UFT with integrating SV. As I told you, we managed to automate 52 percent of our campaign test cases so far. So we would like to go on and try to automate more test cases, our end-to-end test cases, the basic scenarios, and other systems.

Our first goal is doing more automation with SV and UFT and the other is using SV in development sites. We plan to find early defects in development sites and getting more quality products into the test.

Of course, in this way, we get rapid deployment and we make shorter release times because the product will have more quality. Using performance test and SV also helps us on performance. We use HP LoadRunner for our performance test cases. We have three goals now, and the last one is using SV with integrating LoadRunner.

Gardner: Well, it's really impressive. It sounds as if you put in place the technologies that will allow you to move very rapidly, to even a larger payback. So congratulations on that. Gain more insights and information on the best of IT Performance Management at www.hp.com/go/discoverperformance.

Listen to the podcast. Find it on iTunes. Read a full transcript or download a copy.

By: David Norfolk, Practice Leader - Development, Bloor Research Posted: 24th April 2013 Copyright Bloor Research © 2013

I'm at CA-2013 and CA Technologies is telling a good joined-up story around advanced technology and mobile solutions. It has feedback loops around the user experience and so on. The devil may be in the detail but it really is sounding good.

Unfortunately, I can't take part in the interactive demo, because neither my phone nor my netbook can see the CA wireless network reliably. Perhaps I'm in a dead spot; perhaps I need to reconfigure something (but it works in the hotel room) but the effect is that I'm not listening to the excellent presentation because I'm frustrated and annoyed and trying to debug my connection. Of course, I should just give up, but people don't. And no-one is monitoring my horrible user experience with their lovely network performance monitoring tools - because I can't get on the soddin' network.

OK, in the greater scheme of things who cares. But if I was a sales rep, going in to make an important sale in a rotten frame of mind, my company might. And that's my point; however good your technology, some - a lot, possibly - of the time it will be operating in failure mode; and the impact on the users' performance may be important.

New Development needs to go beyond mobile technology and the 'light path' of working wherever you are and look at the business process it enables and how that is impacted by technology failure-the dark path - even if that failure is outside your control. The New Developer needs to worry about people issues and the psychology of their interaction with technology. For instance, one of the benefits from mobility CA noted was that a manager could make decisions wherever they were, at any hour of the day or night. That's cool and, managed properly, even useful for the manager concerned. However, looked at another way, it might mean that manager is on call 24x7, working a 7 day week and under constant stress of broadband slowdowns, dead phone batteries and lost signal. How will his/her spouse and family like that? How reliable will his/her decisions be after a blazing row with his/her spouse? Could this mobility solution actually fail even if the technology the new developer built doesn't, and shouldn't the developer of mobile solutions - or somebody - be thinking about this dark path and what to do about it?

When I was a very old-technology developer I was always told that what really mattered was how a system performed in failure mode, because that's where it'd mostly be. Does that apply to mobile development however? Surely no-one ever gets slowwww connections, loses signal, tries to work in a crowded bar... Surely not...

By: Dana Gardner, Principal Analyst, Interarbor Solutions Posted: 23rd April 2013 Copyright Interarbor Solutions © 2013

Both enterprises and independent software vendors (ISVs) know the software-development game has changed. Not only do they need to rapidly develop and deploy more mobile apps across multiple interfaces and device platforms, but they need to really rethink all of their client development—and even try and come up with a singular approach to most of them.

Fast to their rescue, the suppliers of development tools and testing systems are tripping over each other to appeal to them in this new game. And, as in the past with other deployment advances, we're seeing a major philosophical split between the 'nativists' (running directly on the device hardware) and the 'virtualizers' (with their scripting and interpretive layers and containers).

First, the nativists. Embarcadero Technologies, with its RAD Studio and former Borland CodeGear assets, is not surprisingly catering to its skills base—the hard core developers at home in Delphi and C++Builder, as well as C and Objective-C. Embarcadero therefore today delivered RAD Studio XE4, with an attractive offer to those seeking native—what Embarcadero calls "multi-device, true native"—apps development, but across most mobile devices from a singular code base and a single core skills set. RAD Studio XE4 has a single application framework for iOS, Windows, and Mac OSX, with support for Android coming soon.

RAD Studio XE4 allows developers to gain more control over the development lifecycle and deliver apps with tighter security, a better user experience, lightning quick performance, and a small footprint. Those that want to target iOS devices, as well as OSX and Windows PCs, can write once and run anywhere, so to speak, says Embarcadero. The key is FireMonkey, a cross-platform GUI framework developed by Embarcadero to provide Delphi and C++Builders with a single framework. This is the same lineage of the graphical language tools that sprung from native (fat) PC development.

But native development for mobile (nee PCs) isn't the only game in town, nor the only way to seek the 'run anywhere' nirvana. The other approaches to the mobile and cross-platform development complexity problem are more aligned with open source, HTML5, and scripting, all with roots in the web.

And so HP, last month, threw it's weight from the IT management perspective behind "a hybrid approach" for mobile. HP Anywhere, as HP calls it, aids in the distributing and consuming of IT management information to mobile devices. But this may well be a model for far broader enterprise-to-mobile process alignment.

Especially where BYOD is the goal, the hybrid approach works best, says Genefa Murphy, Director of Mobile Product Management and User Experience at HP Software. [Disclosure: Both Embarcadero and HP are sponsors of BriefingsDirect podcasts.]

Under this 'virtualizers' vision, the HP Anywhere server connects IT management systems to the HP Anywhere Client on Android or iOS devices, forming the basic client app or container on the end-point devices. Then so-called Mini-Apps are downloadable to that container to provide the access and interface to specific IT management tasks or modules.

Two best ends
These two examples of mobile enablement to me represent the two best ends of the enterprise mobile needs spectrum. And, chances are, enterprises are going to need both, especially for existing applications and processes. For example, the Embarcadero approach can swiftly take existing full-client applications and deliver them to the needed mobile tier devices with strong performance and security, and no need to rewrite for each client and OS, said John Thomas (JT), Director of Product Management at Embarcadero.

For more on my views of how cloud, mobile and enterprise IT intersect, see my two-part interview on the Gathering Clouds blog.

The question yet to be answered is what combination of native, scripting, or hybrid container-type models will fit best for entirely new 'mobile first' applications. This is a work in progress, and will also vary greatly from company to company, based on a maze of variables for each. Looks for a lot more blogs on that greenfield apps trend in the future.

For now, however, a lot of the pain for IT in going mobile is in getting existing PC applications via code reuse—as well as business processes on back-end systems—out to where they can be used… on the modern mobile landscape and in the hands of newly empowered mobile users. Incidentally, the new Embarcadero tools and framework allows .NET apps to be driven out to iOS devices in a pretty snappy fashion. That's assuming, of course, Windows CE won't be your preferred client environment after all. You know who you are.

Currently, RAD Studio XE4 delivers multi-device development for ARM and Intel devices, including Apple iPhone, iPod Touch, iPad, Mac OSX, Windows PCs, Slates, and Surface Pro tablets, said JT. And RAD Studio XE4 allows developers to take advantage of the full range of capabilities available on each of those devices to deliver the best user experience, he added. The full Android support should come mid-year.

The Embarcadero tools allow developers or designers to also quickly create no-code, visual mockups with live or simulated data and deploy to actual target devices (like PCs, phones, or tablets), or simulate on Windows or Mac, so that the requirements and app role can be best defined and tuned.

RAD Studio XE4 is available immediately. To download a free trial, visit http://www.embarcadero.com/products/rad-studio/downloads. Pricing starts at $1,799. Delphi and C++Builder pricing starts at $149 for Starter edition and $999 and up for full commercial development licenses. Upgrade discounts are available for users of recent earlier versions. An introductory 10 percent discount is available on most RAD Studio XE4 family products through May 22.

As for HP Anywhere, it manages the cross-platform device client issue using HMTL5 and Javascipt, and we'll be seeing a lot of that too from many 'virtualizers.' HP also boats RAD via an emulator that allows quick switching between device views. HP is taking its HP Anywhere story to both the test and QA people as well as developers as they seek ways to bring more business functions to the mobile enterprise worker corps.

By: Dana Gardner, Principal Analyst, Interarbor Solutions Posted: 5th April 2013 Copyright Interarbor Solutions © 2013

Later this month, The Open Group’s first conference in Australia will focus on "How Does Enterprise Architecture Transform an Enterprise?"

With special attention devoted to enterprise transformation, speakers and a variety of sessions will place the transformation in the context of such vertical industries as finance, defense, exploration, mining, and minerals.

As a prelude to the event, BriefingsDirect recently interviewed two of the main speakers at the conference: Hugh Evans, the Chief Executive Officer of Enterprise Architects, a specialist enterprise architecture (EA) firm based in Melbourne, Australia, and Craig Martin, Chief Operations Officer and Chief Architect at Enterprise Architects.

As some background, Hugh is both the founder and CEO at Enterprise Architects. His professional experience blends design and business, having started out in traditional architecture, computer games design, and digital media, before moving into enterprise IT and business transformation.

In 1999, Hugh founded the IT Strategy Architecture Forum, which included chief architects from most of the top 20 companies in Australia. He has also helped found the Australian Architecture Body of Knowledge and the London Architecture Leadership Forum in the UK.

Since starting Enterprise Architects in 2002, Hugh has grown the team to more than 100 people, with offices in Australia, the UK, and the U.S.

With a career spanning more than 20 years, Craig has held executive positions in the communications, high tech, media, entertainment, and government markets and has operated as an Enterprise Architect and Chief Consulting Architect for a while.

In 2012, Craig became COO of Enterprise Architects to improve the global scalability of the organization, but he is also a key thought leader for strategy and architecture practices for all their clients and also across the EA field.

Craig has been a strong advocate of finding differentiation in businesses through identifying new mixes of business capabilities in those organizations. He advises that companies that do not optimize how they reassemble their capabilities will struggle, and he also believes that business decision making should be driven by economic lifecycles.

The interview was conducted by Dana Gardner, Principal Analyst at Interarbor Solutions.[Disclosure: The Open Group is a sponsor of BriefingsDirect podcasts.]

Here are some excerpts:

Gardner: What are some of the big problems that businesses are facing that architecture-level solutions can benefit?

Evans: I'll start with the trend in the industry around fast-paced change and disruptive innovation. You'll find that many organizations, many industries, at the moment in the U.S., Australia, and around the world are struggling with the challenges of how to reinvent themselves with an increasing number of interesting and innovative business models coming through.

For many organizations, this means that they need to wrap their arms around an understanding of their current business activities and what options they've got to leverage their strategic advantages.

We're seeing business architecture as a tool for business model innovation and, on the other side, we're also seeing business architecture as a tool that's being used to better manage risk, compliance, security, and new technology trends around things like cloud, big data, and so on.

Martin: Yes, there is a strong drive within the industry to try and reduce complexity. As organizations are growing, the business stakeholders are confronted with a large amount of information, especially within the architecture space. We're seeing that they're struggling with this complexity and have to make accurate and efficient business decisions on all this information.

What we are seeing, and based upon what Hugh has already discussed, is that some of those industry drivers are around disruptive business models. For example, we're seeing it with the likes of higher education, the utility space, and financial services space, which are the dominant three.

There is a lot of change occurring in those spaces, and businesses are looking for ways to make them more agile to adapt to that change, and looking towards disciplined architecture and the business-architecture discipline to try and help them in that process.

Gardner: Is there anything about the past 10 or 15 years in business practices that have led now to this need for a greater emphasis on that strategic architectural level of thinking?

Martin: A lot has to do with basically building blocks. We've seen a journey that’s traveled within the architecture disciplines specifically. We call it the commodification of the business, and we've seen that maturity in the IT space. A lot of processes that used to be innovative in our business are now becoming fairly utility and core to the business.

In any Tier 1 organization, a lot of the processes that used to differentiate them are now freely available in a number of vendor platforms, and any of their competitors can acquire those.

So they are looking for that differentiation, the ability to be able to differentiate themselves from their competitors, and away from that sort of utility space. That’s a shift that’s beginning to occur. Because a lot of those IT aspects have become industrialized, that’s also moving up into the business space.

In other words, how can we now take complex mysteries in the business space and codify them? In other words, how can we create building blocks for them, so that organizations now can actually effectively work with those building blocks and string them together in different ways to solve more complex business problems.

Evans: EA is now around 30 years old, but the rise in EA has really come from the need for IT systems to interoperate and to create common standards and common understanding within an organization for how an IT estate is going to come together and deliver the right type of business value.

Through the '90s we saw the proliferation of technologies as a result of the extension of distributed computing models and the emergence of the Internet. We've seen now the ubiquity of the Internet and technology across business. The same sort of concepts that ring true in technology architecture extend out into the business, around how the business interoperates with its components.

The need to change very fast for business, which is occurring now in the current economy, with the entrepreneurship and the innovation going on, is seeing this type of thinking come to the fore. This type of thinking enables organizations to change more rapidly. The architecture itself won't make the organization change rapidly, but it will provide the appropriate references and enable people to have the right conversations to make that happen.

Business architecture, as well as strategic architecture, is still quite a nascent capability for organizations, and many organizations are really still trying to get a grip on this. The general rule is that organizations don’t manage this so well at the moment, but organizations are looking to improving in this area, because of the obvious, even heuristic, payoffs that you get from being better organized.

You end up spending less money, because you're a more efficient organization, and you end up delivering better value to customers, because you're a more effective organization. This efficiency and effectiveness need within organizations is worth the price of investment in this area.

The actual tangible benefits that we're seeing across our customers includes reduced cost of their IT estate.

You have improved security and improved compliance, because organizations can see where their capabilities are meeting the various risk and compliance profiles, and you are also seeing organizations bring products to market quicker.

The ability to move through the product management process, bring products to market more rapidly, and respond to customer need more rapidly puts organizations in front and makes them more competitive.

The sorts of industries we're seeing acting in this area would include the postal industry, where they are moving from traditional mail to parcels, which is a result of a move towards online retailing. You're also seeing it in the telco sector and you're seeing it in the banking and finance sector.

In the banking and finance sector, we've also seen a lot of this investment driven by the merger and acquisition (M&A) activity that’s come out of the financial crisis in various countries where we operate. These organizations are getting real value from understanding where the enterprise boundaries are, how they bring the business together, how they better integrate the organizations and acquisitions, and how they better divest.

Martin: We're seeing, especially at the strategic level, that the architecture discipline is able to give business decision makers a view into different strategic scenarios.

For example, where a number of environmental factors and market pressures would have been inputs into a discussion around how to change a business, we're also seeing business decision makers getting a lot of value from running those scenarios through an actual hypothesis of the business model.

For example, they could be considering four or five different strategic scenarios, and what we are seeing is that, using the architecture discipline, it's showing them effectively what those scenarios look like as they cascade through the business. It's showing the impact on capabilities, on people and the approaches and technologies, and the impact on capital expenditures (CAPEX) and operational expenditures (OPEX).

Those views of each of those strategic scenarios allows them to basically pull the trigger on the better strategic scenario to pursue, before they've invested all of their efforts and all that analysis to possibly get to the point where it wasn’t the right decision in the first place. So that might be referred to as sort of the strategic enablement piece.

We're also seeing a lot of value for organizations within the portfolio space. We traditionally get questions like, "I have 180 projects out there. Am I doing the right things? Are those the right 180 projects, and are they going to help me achieve the types of CAPEX and OPEX reductions that I am looking for?"

With the architecture discipline, you don’t take a portfolio lens into what’s occurring within the business. You take an architectural lens, and you're able to give executives an overview of exactly where the spend is occurring. You give them an overview of where the duplication is occurring, and where the loss of cohesion is occurring.

A common problem we find, when we go into do these types of gigs, is the amount of duplication occurring across a number of projects. In a worst-case scenario, 75 percent of the projects are all trying to do the same thing, on the same capability, with the same processes.

So there’s a reduction of complexity and the production of efforts that’s occurring across the organizations to try and bring it and get it into more synergistic sessions.

We're also seeing a lot of value occurring up at the customer experience space. That is really taking a strong look at this customer experience view, which is less around all of the underlying building blocks and capabilities of an organization and looking more at what sort of experiences we want to give our customer? What type of product offerings must we assemble, and what underlying building blocks of the organization must be assembled to enable those offerings and those value propositions?

That sort of traceability through the cycle gives you a view of what levers you must pull to optimize your customer experience. Organizations are seeing a lot of value there and that’s basically increasing their effectiveness in the market and having a direct impact on their market share.

And that’s something that we see time and time again, regardless of what the driver was behind the investment in the architecture project, seeing the team interact and build a coalition for action and for change. That’s the most impressive thing that we get to see.

Gardner: Let’s drill down a little bit into some of what you'll be discussing at the conference in Sydney in April. One of the things that’s puzzling to me, when I go to these Open Group Conferences, is to better understand the relationship between business architecture and IT architecture and where they converge and where they differ. Perhaps you could offer some insights and maybe tease out what some discussion points for that would be at the conference.

Martin: That’s actually quite a hot topic. In general, the architecture discipline has grown from the IT space, and that’s a good progression for it to take, because we're seeing the fruits of that discipline in how they industrialize IT components.

We're seeing the fruits of that in complex enterprise resource planning (ERP) systems, the modularization of those ERP systems, their ability to be customized, and adapt to businesses. It’s a fairly mature space, and the natural progression of that is to apply those same thinking patterns back up into the business space.

In order for this to work effectively well, when somebody asks a question like that, we normally respond with a "depends" statement. We have in this organization a thing called the mandate curve, and it relates to what the mandate is within the business. What is the organization looking to solve?

Are they looking to build an HR management system? Are they looking to gain efficiencies from an enterprise-wide ERP solution? Are they looking to reduce the value chain losses that they're having on a monthly basis? Are they looking to improve customer experience across a group of companies? Or are they looking to improve shareholder value across the organization for an M&A, or maybe reduce cost-to-income.

Those are some of the problem spaces, and we often get into that mind space to ask, "Those are the problems that you are solving, but what mandate is given to architecture to solve them?" We often find that the mandate for the IT architecture space is sitting beneath the CIO, and the CIO tends to use business architecture as a communication tool with business. In other words, to understand business better, to begin to apply architecture rigor to the business process.

Evans: It’s interesting, Dana. I spent a lot of time last year in the UK, working with the team across a number of business-architecture requirements. We were building business-architecture teams. We were also delivering some projects, where the initial investigation was a business-architecture piece, and we also ran some executive roundtables in the UK.

One thing that struck me in that investigation was the separation that existed in the business-architecture community from the traditional enterprise and technology architecture or IT architecture communities in those organizations that we were dealing with.

One insurance company, in particular, that was building a business-architecture team was looking for people that didn’t necessarily have an architecture background, but possibly could apply that insight. They were looking for deep business domain knowledge inside the various aspects of the insurance organization that they were looking to cover.

So to your question about the relationship between business architecture and IT architecture, where they converge and how they differ, it’s our view that business architecture is a subset of the broader EA picture and that these are actually integrated and unified disciplines.

However, in practice you'll find that there is often quite a separation between these two groups. I think that the major reason for that is that the drivers that are actually creating the investment for business architecture are now from coming outside of IT, and to some extent, IT is replicating that investment to build the engagement capability to engage with business so that they can have a more strategic discussion, rather than just take orders from the business.

I think that over this year, we're going to see more convergence between these two groups, and that’s certainly something that we are looking to foster in EA.

Gardner: I just came back from The Open Group Conference in California a few weeks ago, where the topic was focused largely on big data, but analysis was certainly a big part of that. Now, business analysis and business analysts, I suppose, are also part of this ecosystem. Are they subsets of the business architect? How do you see the role of business analysts now fitting into this, given the importance of data and the ability for organizations to manage data with new efficiency and scale?

Martin: Once again, that's also a hot topic. There is a convergence occurring, and we see that across the landscape, when it comes to the number of frameworks and standards that people certify on. Ultimately, it comes to this knife-edge point, in which we need to interact with the business stakeholder and we need to elicit requirements from that stakeholder and be able to model them successfully.

The business-analysis community is slightly more mature in this particular space. They have, for example, the Business Analysis Body of Knowledge (BABOK). Within that space, they leverage a competency model, which, in effect, goes through a cycle, from an entry level BA, right up to what they refer to as the generalist BA, which is where they see the start of the business-architecture role.

There's a career path from a traditional business analyst role, which is around requirements solicitation and requirements management, which seems to be quite project focused. In other words, dropping down onto project environments, understanding stakeholder needs and requirements, and modeling those and documenting them, helping the IT teams model the data flows, the data structures but with a specific link into the business space.

As you move up that curve, you get into the business-architecture space, which is a broader structural view around how all the building blocks fit together. In other words, it’s a far broader view than what the business analyst traditional part would take, and looks at a number of different domains. The business architect tends to focus a lot on, as you mentioned, the information space, and we see a difference between the information and the data space.

So the business architect is looking at performance, market-related aspects, and customer information, as well as the business processes and functional aspects of an organization.

You can see that the business analysts could almost be seen as the soldiers of these types of functions. In other words, they're the guys that are in the trenches seeing what's working on a day-to-day basis. They've got a number of tools that they're equipped with, which for example the BABOK has given them.

And there are all different ways and techniques that they are using to elicit those requirements from various business stakeholders, until they move out that curve up into the business architecture and strategic architecture space.

Gardner: Craig, in your presentation at The Open Group Conference in Sydney, what do you hope to accomplish?

Martin: How do I build cohesion in an organization? How do I look at different types of scenarios that I can execute against? What are the better ways to assemble all the efforts in my organization to achieve those outcomes? That’s taking us through a variety of examples that will be quite visual.

We'll also be addressing the specific role of where we see the career path and the complementary nature of the business analyst and business architect, as they travel through the cycle of trying to operate at a strategic level and as a strategic enabler within the organization.

Gardner: How do you often find that enterprises get beyond the inertia and into this discussion about architecture and about the strategic benefits of it?

Martin: We often have two market segments, where a Tier 1 type company would want to build the capability themselves. So there's a journey that we need to take them on around how to have a business-architecture capability while delivering the actual outcomes?

Tier 2 and Tier 3 clients often don’t necessarily want to build that type of capability, so we would focus directly on the outcomes. And those outcomes start with two views. Traditionally, we're seeing the view driven almost on a bottom-up view, as the sponsors of these types of exercises try to get credibility within the organization.

That relates to helping the clients build what we refer to as the utility of the business-architecture space. Our teams go in and, in effect, build a bunch of what we refer to as anchor models to try and get a consistent representation of the business and a consistent language occurring across the entire enterprise, not just within a specific project.

And that gives them a common language they can talk about, for example, common capabilities and common outcomes that they're looking to achieve. In other words, it's not just a bunch of building blocks, but the actual outcome of each of those building blocks and how does it match something like a business-motivation model.

They also look within each of those building blocks to see what the resources are that creates each of those building blocks—things like people, process and tools. How do we mix those resources in the right way to achieve those types of outcomes that the business is looking for? Normally, the first path that we go through is to try to get that sort of consistent language occurring within an organization.

As an organization matures, that artifact starts to lose its value, and we then find that, because it has created a consistent language in the organization, you can now overlay a variety of different types of views to give business people insights. Ultimately, they don’t necessarily want all these models, but they actually want insight into their organizations to enable them to make decisions.

We can overlay objectives, current project spend, CAPEX, and OPEX. We can overlay where duplication is occurring, where overspend is occurring, where there's conflict occurring at a global scale around duplication of efforts, and with the impact of costs and reduction and efficiencies, all of those types of questions can be answered by merely overlaying a variety of views across this common language.

That starts to elevate the value of these types of artifacts, and we start to see our business sponsors walking into meetings with all of these overlays on them, and having conversations between them and their colleagues, specifically around the insights that are drawn from these artifacts. We want the architecture to tell the story, not necessarily lengthy PowerPoint presentations, but as people are looking at these types of artifacts, they are actually seeing all the insights that come specifically from it.

The third and final part is often around the business getting to a level of maturity, in that they're starting to use these types of artifacts and then are looking for different ways that they can now mix and assemble. That’s normally a sign of a mature organization and the business-architecture practice.

They have the building blocks. They've seen the value or the types of insights that they can provide. Are there different ways that I can string together my capabilities to achieve different outcomes? Maybe I have got different critical success factors that I am looking to achieve. Maybe there are new shift or new pressures coming in from the environment.

How can I assemble the underlying structures of my organization to better cope with it? That’s the third phase that we take customers through, once they get to that level of maturity.

Evans: I agree with Craig on the point that, if you show the business what can actually be delivered such as views on a page that elicit the right types of discussions and that demonstrate the issues, when they see what they're going to get delivered, typically the eyes light up and they say, "I want one of those things."

The thing with architecture that I have noticed over the years is that architecture is done by a lot of very intelligent people, who have great insights and great understanding, but it's not just enough to know the answer. You have to know how to engage somebody with the material. So when the architecture content that’s coming through is engaging, clear, understandable, and can be consumed by a variety of stakeholders, they go, "That’s what I want. I want one of those."

So my advice to somebody who is going down this path is that if they want to get support and sponsorship for this sort of thing, make sure they get some good examples of what gets delivered when it's done well, as that’s a great way to actually get people behind it.

Listen to thepodcast. Find it on iTunes. Read a full transcript or download a copy.

By: David Norfolk, Practice Leader - Development, Bloor Research Posted: 3rd April 2013 Copyright Bloor Research © 2013

Why do I feel the need to talk about enterprise architecture (EA) on an Enterprise Development page? Surely, as a practitioner friend told me recently, EA is for managers who want to interfere, not for practitioners who need to get the job done and actually build software? And there is some truth in that, I sometimes think that an 'architect' is often a 'systems analyst' with hubris issues (and salary to match) - and that EA is an (expensive) way of giving managers the comfortable illusion that they are in control of IT.

However that's just me being cynical (no, I'm not cynical; I just have experience of life). Those are two real EA anti-patterns, but there's a lot more to EA than that. Done right, EA is about building the right software (to support business outcomes and business management's vision for the business), not just about building software right.

Done properly, I think that EA models help to focus all stakeholders in automated business processes on productive 'business outcomes' and that these EA models should transform (with the addition of business detail around governance and risk management; and the technical detail needed to build software) into the automated technology systems that, these days, run the business (in conjunction with manual business decision processes etc., also derived from EA visions). An EA model is an aid to avoiding the waste associated with building the wrong systems; or building the right systems in the wrong business environment. It is also an aid to breaking down silos and fostering true collaboration between the business, IT and other stakeholders

I am particularly interested in open systems EA processes such as TOGAF, maintained by the Open Group; partly because I've seen what happens when top management gets locked into vendor-specific architectural approaches - that's another EA anti-pattern - and the consultancy that comes with them. To be fair, the big EA vendors are considerably more open these days, but I still think that TOGAF and its associated architectural modelling tool, ArchiMate, is a really good starting point for learning about EA (although it isn't quite the only open standards EA game in town these days - check out the OMG's UPDM unified architecture framework, for instance).

So, this article is to alert readers to a useful, free, educational resource for people that aren't yet familiar with EA approaches: the Case Experiences and Best Practices Using ArchiMate® and TOGAF® web seminar that you can find at The Open Group Bookstore here. This webinar was given by an EA practitioner from BiZZdesign and not only gives you an idea of how ArchiMate works (but there are other, more detailed, resources for this at the Bookstore), it also gives you an idea of the value that some organisations are getting out of EA.

By: Dana Gardner, Principal Analyst, Interarbor Solutions Posted: 26th March 2013 Copyright Interarbor Solutions © 2013

This BriefingsDirect IT leadership interview focuses on how Associated Surgeons and Physicians, LLC in Indiana went from zero to 100 percent virtualized infrastructure, and how many compliance and efficiency goals have been met and exceeded as a result.

In part one of a two-part sponsored interview series, we discuss how a mid-market health services provider rapidly adopted server and client virtualization, and how that quickly lead to the ability to move to mobile, bring your own device (BYOD), and ultimately advanced disaster recovery (DR) benefits.

Associated Surgeons and Physicians found the right prescription for allowing users to designate and benefit from their own device choices, while also gaining an ability to better manage sensitive data and to create a data-protection lifecycle approach.

Here to share his story on how they did it, we welcome, Ray Todich, Systems Administrator at Associated Surgeons and Physicians. The discussion is moderated by Dana Gardner, Principal Analyst at Interarbor Solutions . Disclosure: VMware is a sponsor of BriefingsDirect podcasts.]

Here are some excerpts:

Gardner: When I go to the physician’s office, I see how they've gotten so efficient at moving patients in and out, the scheduling is amazing. Every minute is accounted for. Downtime is just very detrimental and backs up everything. This critical notion of time management is so paramount.

Todich: Oh, it’s absolutely massive. If we have a snag somewhere, or even if our systems are running slow, then everything else runs slow. The ability that virtualization gives us is the core or heart of the entire infrastructure of the business. Without an efficient heart, blood doesn’t move, and we have a bigger problem on our hands.

Gardner: So over the past 10 or 15 years, as you pointed out, technology has just become so much more important to how a health provider operates, how they communicate to the rest of the world in terms of supplies, as well as insurance companies and payers, and so forth. Tell me a little bit about Associated Surgeons and Physicians. How big is the organization, what do you do, how have they been growing?

Todich: Pretty rapidly. Associated Surgeons and Physicians is a group of multi-specialty physicians and practices in Northeast Indiana and Northwest Ohio.

It began at the practice level, and then it really expanded. We're up to, I think, 14 additional locations and/or practices that have joined. We're also using an electronic medical record (EMR) application, given to us by Greenway, and that’s a big one that comes in.

We're growing exponentially. It went from one or two satellite practices that needed to piggyback Greenway, to probably 13 or 14 of them, and this is only the beginning. With that type of growth rate, you have to concern yourself with the amount of money it costs to serve everybody. If you have one physical server that goes out, you affect hundreds of users and thousands of patients, doctors, and whatnot. It’s a big problem, and that’s where virtualization came in strong.

Gardner: How about this in terms of the size of the organization? How many seats are you accommodating in terms of client, and then what is it about an IT approach to an organization such as yours that also makes virtualization a good fit?

Todich: Right now, we have somewhere around 300 employees. As far as how many clients this overall organization has, it’s thousands. We have lots of people who utilize the organization. The reality is that the IT staff here is used in a minimalist approach, which is one thing that I saw as well when I was coming into this.

One or even two persons to manage that many servers can be a nightmare, and on top of that, you try to do your best to help all the users. If you have 300-plus people and their desktops, printers, and so forth, so the overall infrastructure can be pretty intimidating, when you don’t have a lot of people managing it.

Going virtual was a lifesaver. Everything is virtualized. You have a handful of physical ESX hosts that are managing anything, and everything is stored on centralized storage. It makes it considerably efficient as an IT administrator to utilize virtualization.

That’s actually how we went into the adoption of VMware View, because of 300-plus users, and 300-plus desktops. At that point, it can be very hairy. At times, you have to try and divine what the right answer is. You have this important scenario going on, and you have this one and another one, and how do you manage them all. It becomes easier, when you virtualize everything, because you can get to everything very easily and cover everyone’s desktops.

Gardner: What attracted you, at the beginning, to go to much higher total levels of server—and then client—virtualization?

Todich: When I first started here, the company was entirely physical. And as background, I came from a couple of companies that utilized virtualization at very high levels. So I'm very aware of the benefits, as far as administration, and the benefits of overall redundancy and activities—the software and hardware used to allow high performance, high availability, access to people’s data—and still allow security be put in place.

When I came in, it looked like something you might have seen maybe 15 years ago. There were a lot of older technologies in place. The company had a lot of external drives hanging off the servers for backups, and so on.

My first thing to implement was server virtualization, which at the time, was the vSphere 4.1 package. I explained to them what it meant to have centralized storage, what it meant to have ESX host, and how creating virtual machines (VMs) would benefit them considerably over having physical servers in the infrastructure.

I gave them an idea on how nice it is to have alternate redundancy configured correctly, which is very important. When hardware drops out, RAID configuration goes south, or the entire server goes out, you've just lost an entire application—or applications—which, in turn, gives downtime.

I helped them to see the benefits of going virtualized, and at that time, it was solely for the servers.

Gardner: How long did it take you to go from being 100 percent physical to where you are now, basically 100 percent virtual?

Todich: We've been going at it for about about a year-and-a-half. We had to build the infrastructure itself, but we had to migrate all our applications from physical to virtual(P2V). VMware does a wonderful job with its options for using P2V. It’s a time saver as well. For anybody who has to deal with the one that’s building the house itself, it can really be a help.

VMware, in itself, has the ability to reach out as far and wide as you want it to. It’s really up to the people who are building it. It was very rapid, and it’s so much quicker to build servers or desktops, once you get your infrastructure in place.

In the previous process of buying a server, in which you have to get it quoted out and make sure everything is good, do all the front-end sales stuff, and then you have to wait for the hardware to get here. Once it’s here, you have to make sure it’s all here, and then you have to put it altogether and configure everything, so forth. Any administrator out there who's done this understands exactly what that’s all about.

Then you have to configure and get it going, versus, "Oh, you need another server, here, right click, deploy from template," and within 10 minutes you have a new server. That, all by itself, is priceless.

Gardner: And you have a double whammy here, because you're a mid-market size company and don’t have a large, diversified IT staff to draw on. At the same time, you have branch offices and satellites, so you're distributed. To have people physically go to these places is just not practical. What is it about the distributed nature of your company that also makes virtualization and View 5.1 a good approach for a lean IT organization?

Todich: It helped us quite a bit, first and foremost, with the ability to give somebody a desktop, even if they were not physically connected to our network. That takes place a lot here.We have a lot of physicians who may be working inside of another hospital at the time.

Instead of them creating a VPN connection back into our organization, VMware View gave them the ability to have a client on their desktop, whether it be a PC, a MacBook, an iPod, an iPad, or whatever they have, even a phone, if they really want to go that route. They can connect anywhere, at anytime, as long as they have an Internet connection and they have the View client. So that was huge, absolutely huge.

They also have the ability to use PC-over-IP, versus RDP, That’s very big for us as well. It keeps the efficiency and the speed of the machines moving. If you're in somebody else’s hospital, you're bound to whatever network you are attached to there, so it really helps and it doesn’t bother their stuff as much. All you're doing is borrowing their Internet and not anything else.

Gardner: Tell me a bit more about your footprint. We've spoken about vSphere 4.1 and adopting along the path of 5.1. You even mentioned View. What else are you running there to support this impressive capabilities set?

Todich: We moved from vSphere 4.1 to 5.1, and going to VMware View. We use 5.1 there as well. We decided to utilize the networking and security vCloud Networking package, which at the time was a package called vShield. When we bought it, everything changed, nomenclature wise, and some of the products were dispersed, which actually was more to our benefit. We're very excited about that.

As far as our VDI deployment, that gave us the ability to use vShield Endpoint, which takes your anti-virus and offloads it somewhere else on the network, so that your hosts are not burdened with virus scans and updates. That’s a huge gain.

The word huge doesn’t even represent how everybody feels about that going away. It's not going away physically, just going away to another workhorse on the network so that the physicians, medical assistants (MAs), and everybody else isn’t burdened with, "Oh, look, it's updating," or "Look, it's scanning something." It's very efficient.

Gardner: You mentioned the networking part of this, which is crucial when you're going across boundaries and looking for those efficiencies. Tell me a bit more about how the vCloud networking and security issues have been impacted.

Todich: That was another big one for us. Along with the networking and security package comes a portion of the package called the vShield Edge, which will ultimately give us the ability to create our own DMZ the way that we want to create it, something that we don’t have at this time. This is very important to us.

Utilizing the vShield Edge package was fantastic, and yet another layer of security as well. Not only do we have our physical hardware, our guardians at the gate, but we also have another layer, and the way that it works, wrapping itself around each individual ESX host, is absolutely beautiful. You manage it just like you manage firewalls. So it’s very, very important.

Plus, some of the tools that we were going to utilize we felt most comfortable in, as far as security servers for the VDI package, that you want them sitting in a DMZ. So, all around, it really gave us quite a bit to work with, which we're very thankful for.

Gardner: One of the things, of course, that’s key in your field is compliance and there's a lot going on with things like HIPAA, documents, and making sure the electronic capabilities are there for payers and provided. Tell me a bit about compliance and what you've been able to achieve with these advancements in IT?

Todich: With compliance, we've really been able to up our security, which channels straight into HIPAA. Obviously, HIPAA is very concerned with people’s data and keeping it private. So it’s a lot easier to manage all our security in one location.

With VDI, it's been able to do the same. If we need to make any adjustments security wise, it’s simply changing a golden image for our virtual desktop and then resetting everybody's desktops. It’s absolutely beautiful, and the physicians are very excited about it. They seem to really get a hold of what we have done with the ability that we have now, versus the ability we had two years ago. It does wonders.

Upgrading to a virtual infrastructure has helped us considerably in maintaining and increasing meaningful use expectations, with the ability to be virtual and have the redundancy that gives, along with the fact that VMs seem to run a lot more efficiently virtually. We have better ways to collect data, a lot more uptime, and a lot more efficiency, so we can collect more data from our customers.

The more people come through, the more data is collected, the more uptime is there, the more there are no problems, which in turn has considerably helped meeting and exceeding the expectations of what's expected with meaningful use, which was a big deal.

Gardner: I've heard that term "meaningful use" elsewhere. What does that really mean? Is that just the designation that some regulatory organization has, or is that more of a stock-in-trade description?

Todich: My understanding of it, as an IT administrator, is basically the proper collection of people's data and keeping it safe. I know that it has a lot in with our EMR application, and what is collected when our customers interact with us.

Gardner: Are there any milestones or achievements you've been able to make in terms of this adoption, such as behaviors, and then the protection of the documents and privacy data that has perhaps moved you into a different category and allows you to move forward on some of these regulatory designations?

Todich: It's given us the ability to centralize all our data. You have one location, when it comes to backing up and restoring, versus a bunch of individual physical servers. So data retention and protection has really increased quite a bit as far as that goes.

Gardner: How about DR?

Todich: With DR, I think there are a lot of businesses out there that hear that and don’t necessarily take it that seriously, until disaster hits. It’s probably the same thing with people and tornadoes. When they're not really around, you don’t really care. When all of a sudden, a tornado is on top of your house, I bet you care then.

VMware gives you the ability to do DR on a variety of different levels, whether it’s snapshotting, or using Site Recovery Manager, if you have a second data center location. It’s just endless.

One of the most important topics that can be covered in an IT solution is about our data. What happens if it stops or what happens if we lose it? What can we do to get it back, and how fast, because once data stops flowing, money stops flowing as well, and nobody wants that.

It’s important, especially if you're recording people’s private health information. If you lose certain data that’s very important, it’s very damaging across the board. So to be able to retain our data safely is of the highest concern, and VMware allows us to do that.

Also, it’s nice to have the ability to do snapshotting as well. Speaking of servers and whatnot, I'll have to lay it on that one, because in IT, everybody knows that software upgrades come. Sometimes, software upgrades don’t go the way that they're supposed to, whether it’s an EMR application, a time-saving application, or ultrasounds.

If you take a snapshot before the upgrade and run your upgrade on that snapshot, if everything goes great and everybody is satisfied. You can just merge the snapshot with the primary image and you are good to go.

If it doesn’t work out in your favor, you have the ability to delete that snapshot and you're back to where you started from before the migration, which was hopefully a functioning state.

Gardner: Let’s look to the future a bit. It sounds as if with these capabilities and the way that you've been describing DR benefits, you can start to pick and choose data center locations, maybe even thinking about software-defined networking and data center. That then allows you to pick and choose a cloud provider or a hosting model. So are you thinking about being able to pick up and virtually move your entire infrastructure, based on what makes sense to your company over the next say 5 or 10 years?

Todich: That’s exactly right, and the way this is growing, something that's been surfacing a lot in our neck of the woods is the ability to do hosting and provide cloud-based solutions, and VMware is our primary site on that as well.

But, if need be, if we had to migrate our data center from one state to another, we'll have the option to do that, which is very important, and it helps with uptime as well. Stuff happens. I mean, you can be at a data center physically and something happens to a generator that has all the power. All of a sudden, everybody is feeling the pain.

So with the ability to have the Site Recovery, it’s priceless, because it just goes to location B and everybody is still up. You may see a blip or you may not, and nothing is lost. That leaves everybody to deal with the data center issue and everything is still up and going, which is very nice.

Gardner: I imagine too, Ray, that it works both ways. On one hand, you have a burgeoning ecosystem of cloud and hosting, of providers and options, that you can pursue, do your cost benefit analysis, think about the right path, and create redundancy.

At the same time, you probably have physicians or individual, smaller physician practices, that might look to you and say, "Those guys are doing their IT really well. Why don’t we just subscribe to their services or piggyback on their infrastructure?" Do you have any thoughts about becoming, in a sense, an IT services provider within the healthcare field? It expands your role and even increases your efficiency and revenues.

Todich: Yes, our sights are there. As a matter of fact, our heads are being turned in that direction without even trying to, because a lot of people are doing that. It’s a lot easier for smaller practices, instead of buying all the infrastructure and putting it all in place to get everything up, and then maintaining it, we will house it for you. We'll do that.

Listen to the podcast. Find it on iTunes. Read a full transcript or download a copy.

By: Stuart Coetzee, Business Development Manager, TISSL Posted: 25th March 2013 Copyright TISSL © 2013

For the past 2 years, cloud-based computing (the cloud) has been seen as a game-changer and now everyone is hankering for a piece of the action. The benefits being trumpeted appear to make the move to the cloud a 'no-brainer'.  We’re told development costs are cheaper, the need for powerful services is reduced, data can be accessed anywhere at any time and the solution is almost infinitely scalable. There's also something very alluring about being in constant touch with colleagues whilst on a beach in the Caribbean sipping cocktails!

With the advent of 4G downloads and 'superfast' broadband services, earlier limitations on latency (the time taken by data to leave your device, reach the server and get back to you) and on download speeds appear to be behind us. However, despite these advancements, the dangers of running systems in the cloud are not negligible, so any move to cloud-based computing needs to undertaken with caution.

Let’s look first at business interruption. On average, an internet service provider will experience three major business interruption 'events' a year, each on average 4.7 hours, when systems and data may not be available. Other technology providers are likely to fall victim to similar outages. Even 'best in class' suppliers suffer from at least one event per annum; the laggards between four and five.

Imagine the worst case scenario; all your equipment fails during a Saturday evening service, when your ISP is manned only by a skeleton team who can respond to your problem. Suddenly you understand how your cloud-based supplier can keep costs low: support staff and backup service levels are pared down at non-peak times. This can be disastrous for your business.

Resilience is much talked about. This is a critical area to check before you commit to a cloud solution. In the restaurant and hotel trade, it’s imperative to be able to trade at all times, so firstly ensure that there is offline capability and redundancy within the system. This means that your systems and data pass immediately to another server in the case of failure.

Secondly, ensure that both your ISP and your technology provider have suitable disaster recovery arrangements in place. Disasters come in all shapes and sizes. 40% of them can be attributed to human error; others will be natural phenomena such as floods or fires, even electro-magnetic interference. Imagine telling a customer a solar flare was responsible for a delay in processing their order!

When your systems operate in the cloud, you lose a certain amount of control over your data. It no longer sits on a server in your head office or under the table in your office. You need to know precisely what your ISP or technology provider is doing with your data and be convinced there’s a failsafe recovery plan in place to prevent data loss.

Equally, you must be confident in the security of your data. Reassure yourself that the customer details you've painstakingly collected through loyalty schemes and feedback forms aren’t being sold to third-parties without your knowledge or used in advertising campaigns that may benefit competitors. In short, you need to be absolutely certain your data is being handled with complete confidentiality. And always check it’s being backed up!

Take a long hard look at the cost of a cloud-based solution. We recently looked at changing one of our van tracking systems. One company wanted a flat £1,000 per vehicle for an unlimited licence plus a £20 per month support fee for an excellent system. The other, cloud based and less functional, option was an affordable £200 per quarter. Let’s save a few pounds up-front and go with the second offering, we thought. However, after calculating the total cost, we realised the monthly fee would set us back an extra £680 over the lifetime of the vehicle but would offer a much better system. So, when comparing the cost of traditional deployment versus the cloud, calculate the costs over the contract’s lifetime and weigh that against the functionality offered.

That said, where we have been able to confidently opt for a superior system, we have moved a number of systems to the cloud.  We will continue this migration, at each step carefully considering the potential impact of moving a system out of our control. We advise all hospitality business to be similarly cautious and to take the same care when assessing and adopting the system options now available to them.

What are your experiences with moving to the cloud? Leave your comments below and add to the conversation.

By: Dana Gardner, Principal Analyst, Interarbor Solutions Posted: 19th March 2013 Copyright Interarbor Solutions © 2013

Avaya today announced a set of Collaborative Cloud offerings designed to make it easier for more types of organizations to deploy unified communications (UC), contact center (CC) and video conferencing—all as on-demand services.

The adoption of UC and CC as a service (UCaaS and CCaaS) brings utility-based pricing to cloud-service providers (CSPs) so they can offer varied and flexible packages to many types of clients. This creates new revenue streams for CSPs by allowing them to deliver app integrations, mobile collaboration and multichannel customer service for their customers. And it allows buyers to only pay for the IP-based communications services they want and need.

This makes the burgeoning bring you own device (BYOD) trend easier for enterprises to manage because they can off-load more of the complexities of mobile and BYOD environments to their cloud and service providers, said Bruce MacVarish, Director of Cloud Solutions at Avaya. The offerings enable CSPs to evolve and augment enterprise communications with cloud-based solutions, as well as provide greater interoperability across vendors, domains and protocols, he said.

Santa Clara-based Avaya is carving out four delivery and distribution models for UCaaS and CCaaS: private cloud/on-premises stacks, managed services for service providers, hosted multi-tenancy services for channel players, and a full software-as-a-service (SaaS) cloud capability powered by Avaya focused on the mid-market and smaller organization users.

The video services are more geared toward synchronous video interactions, and not hosted, asynchronous video serving, although Avaya offers both. Think of it as video conferencing as a service on demand, integrating into more mobile devices and therefore business processes.

Avaya's move, like with many evolving cloud models, forms a transition from CapEx to OpEx, utility-based pricing and consumption. It also offers ease and speed in adoption, and a single point of integration for value-added SPs and developers.

I expect to see more SaaS business apps providers and cloud-savvy enterprises integrate Avaya's and other UC services into their web, mobile and cloud offerings. These would include such benefits as click-to-call, customer support interception points, and embedded video conferencing brought directly into more business apps, services and processes.

Hybrid deployments
It will be curious to see how the hybrid deployments of UCaaS and CCaaS are assimilated into other business cloud services as the market matures. Will enterprises and SPs alike seek to embed more UC functions, while themselves controlling the UC stack? Or will communications, like many other business services, be something they expect in any cloud stack? Or what combo of hosting will they prefer in which apps?

A lot of the noise around hybrid cloud fails to take the communications feature and their integration into account. Same for big data: Shouldn't all the unstructured data in communications be part of any analytics mix? How to manage that?

Avaya is now in a controlled release of the solutions, and expects general availability in three to six months, said MacVarish.

Earlier this month, Avaya announced new security enhancements for enterprise collaboration.

In more detail, the new and expanded Avaya offerings for CSPs are:

• Avaya Cloud Enablement for Unified Communications and Customer Experience Management. Based on Avaya Aura, it allows flexible, utility-based, OpEx pricing for CSPs so they pay on actual customer usage. Avaya Control Manager enables centrally managed multi-tenancy.
• Avaya Cloud Enablement for Video provides CSPs with a scalable platform and multi-tenancy that delivers interoperable, multi-vendor mobile video collaboration. Enhancements to the Elite Series MCUs, Scopia Mobile and Scopia Desktop extend BYOD videoconferencing across most endpoints.
• Avaya Communications Outsourcing Solutions (COS) Express, a private cloud offering for up to 500-seat contact centers, can be hosted by Avaya, a CSP or channel partners—either as Avaya or co-branded services.

Avaya Collaborative Cloud solutions also include Avaya Collaboration Pods, a portfolio of cloud-ready, turnkey solutions designed to simplify installation and operations of real-time applications; and the AvayaLive suite of public-cloud based communications and collaboration services.

By: Andrew McCreath, Cloud Director, Savvis Posted: 14th March 2013 Copyright Savvis © 2013

When looking for the highest-value cloud platforms to integrate with, technology providers must exercise proper due diligence in examining their cloud partners.

The de facto indicator of the health of a cloud provider has traditionally been the size and breadth of its customer base. While serving as a valuable barometer, however, this information possesses inherent shortcomings.

Most companies will share these figures if asked, and you can almost always count on seeing the vaulted marquee customer logo slide in a PowerPoint at any given presentation. However, the tear-up-and-tear-down nature of cloud, coupled with the casual purchasing habits enabled by credit cards, means customers can pop in and out of existence and never be heard from again. 

Furthermore, there's a very real possibility that even those customers billing full-time on that vendor's cloud are using several different providers, each with its own ecosystem.   

Understanding what these companies are deploying on the vendor's cloud is also key, but in the absence of a case study or reference agreement, the curtain remains closed on what level of innovation is actually occurring on that platform. 

Now, that being said, there is absolute merit in examining an approximate customer count and looking at which companies are using the platform. But I want to raise a more observable and inferable criterion for evaluation. 

The ecosystem
Examining a cloud provider's ecosystem can glean a wealth of information, such as: 

Health
An anaemic ecosystem might signal integration and on-boarding friction. Similarly, a stagnating or declining ecosystem could be indicative of a lacklustre support infrastructure or attentive buyer base. A thriving ecosystem, on the other hand, is bereft of the above symptoms and operates within a defined, established and fluid model. 

Innovation
Look at the solutions coming to market via that specific cloud provider's platform. Are they truly innovative? Are they helping the partner and provider differentiate in the market? If the absence of this is systemic, it might be indicative of lack of strategy or direction. 

Selectiveness
High levels of redundancies in specific competencies are indicative of a lack of discretion when choosing which partners are inducted into the ecosystem. Competition is good, but B-list technologies serve to distract customers away from better solutions (like yours!). 

A vibrant ecosystem is a healthy, diverse and fertile place to nourish and grow innovative solutions. There are certain enabling elements that make this possible: 

• A scalable, capable, secure and extensible API driven platform
• Rapid and frictionless on-boarding
• A defined model to let partners know what is expected of them and what resources they should expect
• Enveloping support system sourced in house as well as community driven 

Most important is access to a wide and diverse potential customer base. This includes access via the provider's market segments, verticals, channels, internal IT and consulting services. 

Identifying those providers that provide the most reach—the most 'windows' for 'window shoppers'—will let you achieve the most return on your investment in integration work, on-boarding, marketing and selling. 

It's easy to get short-sighted and just focus on the vendor and the platform itself, but to be successful we must filter through all the signal noise created by the influx of new vendors, zoom out to view the surrounding ecosystem and then include it in our decision making process. 

No one ever has a magic crystal ball, but at least now you will have a compass.

Andrew McCreath is Director, Cloud Solutions, Savvis EMEA, a CenturyLink company. Follow him on Twitter at @AndrewMcCreath.

By: Dana Gardner, Principal Analyst, Interarbor Solutions Posted: 8th March 2013 Copyright Interarbor Solutions © 2013

As IT aligns itself with business goals, Agile software development is increasingly enabling developers to better create applications that meet user needs quickly. And, now, the advent of increased mobile apps development is further accelerating the power of Agile methods.

Thought it’s been around for decades, Agile’s tenets of collaboration, incremental development, speed, and flexibility resonate with IT leaders who want developers to focus on working with users to develop the applications. This method stands in contrast to the more rigid and traditional process of collecting user requirements, taking months to create a complete application, and delivering the application to users with the hopes that it fits the bill and that requirements haven’t changed during the process.

In fact, in today’s world, where business leaders can shop for the technology they need with any cloud or software-as-a-service (SaaS) provider they choose, IT must ensure enterprise applications are built collaboratively to meet needs, or lose out to the competition.

“In many cases today, the business has alternatives, thanks to cloud—all the services they could need are available with a credit card,” says Raziel Tabib, Senior Product Manager of Application Lifecycle Management with HP Software . “IT has to work to be the preferred solution. If the IT department wants to maintain its position, it has to make the best tools to meet business needs. Developers have to get engaged with end users to ensure they are meeting those needs.” [Disclosure: HP is a sponsor of BriefingsDirect podcasts.]

HP Software recently released HP Agile Manager, a SaaS-based solution for planning and executing agile projects. And the division itself has embraced some of the principles of agile that have, for example, helped it to move from an 18-month release cycle to come up with product releases and refreshes every month, says Tabib.

Pick and choose
However, Agile is far from an all-or-nothing proposition, particularly for large organizations with developers distributed across the globe that may have a harder time adopting certain agile work styles, he warns.

“We’re not saying any organization can just look at the agile manifesto and start tomorrow with scrum meetings and everything will work well,” Tabib says. “We have engineers in Israel, Prague, and Vietnam. While some agile practices are easy to pick up, others are really difficult to adopt, when you’re talking about organizations at that scale.”

That’s okay, he adds—organizations should be encouraged to cherry pick the elements of agile that make sense to embrace, blend them with more traditional approaches to application development, and still reap benefits.

A report published in September of 2012 by Forrester Consulting on behalf of HP supports the idea that Agile is one of many disciplines that can be used to develop applications that meet users needs.

The report, entitled Agile Software Development and the Factors that Drive Success, surveyed 112 professionals regarding application development habits and success. It found that companies already successful in application development used Agile techniques to make them even better.

For example, respondents cited the Agile practice of limiting the amount of work in progress to reduce the impact of sudden business change meant that requirements didn’t grow stale while waiting for coding to begin—but that their overall success was based on more than just implementing agile.

And it found respondents at companies that weren’t as successful with application development reported using aspects of agile. The upshot of the survey was that simply adopting agile did not ensure success. “Agile software development is one tool in a vast toolbox,” reads the report. “But a fool with a tool is still a fool.”

I think Agile will get even more of a boost in value as developers move toward a 'mobile first' approach, which seems tightly coupled with fast, iterative apps improvement schedules.

One of the neat things about a mobile first orientation is that it forces long-overdue simplification and ease in use in apps. When new apps are designed for their mobile device deployment first, the dictates of the mobile constraints prevail.

Combine that with Agile, and the guiding principles of speed and keeping user requirements dominant help keep projects from derailing. Revisions and updates remain properly constrained. Mobile First discourages snowballing of big applications, instead encouraging releases of smaller, more manageable apps.

Mobile First design benefits combined with Agile methods can be well extended across SaaS, cloud, VDI, web, and even client-server applications.

(BriefingsDirect contributor Cara Garretson provided editorial assistance and research on this post. She can be reached on LinkedIn.)

By: Dana Gardner, Principal Analyst, Interarbor Solutions Posted: 4th March 2013 Copyright Interarbor Solutions © 2013

We recently assembled a panel of enterprise architecture (EA) experts to explain how such simultaneous and complex trends as big data, cloud computing, security, and overall IT transformation can be helped by the combined strengths of The Open Group Architecture Framework (TOGAF®) and the ArchiMate® modeling language.

The panel consisted of Chris Forde, General Manager for Asia-Pacific and Vice President of Enterprise Architecture at The Open Group; Iver Band, Vice Chair of The Open Group ArchiMate Forum and Enterprise Architect at The Standard, a diversified financial services company; Mike Walker, Senior Enterprise Architecture Adviser and Strategist at HP and former Director of Enterprise Architecture at Dell; Henry Franken, the Chairman of The Open Group ArchiMate Forum and Managing Director at BIZZdesign, and Dave Hornford, Chairman of the Architecture Forum at The Open Group and Managing Partner at Conexiam. I served as the moderator.

This special BriefingsDirect thought leadership interview series comes to you in conjunction with The Open Group Conference recently held in Newport Beach, California. The conference focused on "big data—the transformation we need to embrace today." [Disclosure: The Open Group and HP are sponsors of BriefingsDirect podcasts.]

Here are some excerpts:

Gardner: Is there something about the role of the enterprise architect that is shifting?

Walker: There is less of a focus on the traditional things we come to think of EA such as standards, governance and policies, but rather into emerging areas such as the soft skills, business architecture, and strategy.

To this end I see a lot in the realm of working directly with the executive chain to understand the key value drivers for the company and rationalize where they want to go with their business. So we're moving into a business-transformation role in this practice.

At the same time, we've got to be mindful of the disruptive external technology forces coming in as well. EA can’t just divorce from the other aspects of architecture as well. So the role that enterprise architects play becomes more and more important and elevated in the organization.

Two examples of this disruptive technology that are being focused on at the conference are big data and cloud computing. Both are providing impacts to our businesses, not because of some new business idea but because technology is available to enhance or provide new capabilities to our business. The EA’s still do have to understand these new technology innovations and determine how they will apply to the business.

We need to get really good enterprise architects—it’s difficult to find good ones. There is a shortage right now, especially given that a lot of focus is being put on the EA department to really deliver sound architectures.

Gardner: We've been talking a lot here about big data, but usually that's not just a standalone topic. It's big data and cloud, cloud, mobile and security.

So with these overlapping and complex relationships among multiple trends, why is EA and things like the TOGAF framework and the ArchiMate modeling language especially useful?

Band: One of the things that has been clear for a while now is that people outside of IT don't necessarily have to go through the technology function to avail themselves of these technologies any more. Whether they ever had to is really a question as well.

One of things that EA is doing, and especially in the practice that I work in, is using approaches like the ArchiMate modeling language to effect clear communication between the business, IT, partners and other stakeholders. That's what I do in my daily work, overseeing our major systems modernization efforts. I work with major partners, some of which are offshore.

I'm increasingly called upon to make sure that we have clear processes for making decisions and clear ways of visualizing the different choices in front of us. We can't always unilaterally dictate the choice, but we can make the conversation clearer by using frameworks like the TOGAF standard and the ArchiMate modeling language, which I use virtually every day in my work.

Hornford: The fundamental benefit of these tools is the organization realizing its capability and strategy. I just came from a session where a fellow quoted a Harvard study, which said that around a third of executives thought their company was good at executing on its strategy. He highlighted that this means that two-thirds are not good at executing on their strategy.

If you're not good at executing on your strategy and you've got big data, mobile, consumerization of IT and cloud, where are you going? What's the correct approach? How does this fit into what you were trying to accomplish as an enterprise?

An enterprise architect that is doing their job is bringing together the strategy, goals and objectives of the organization. Also, its capabilities with the techniques that are available, whether it's offshoring, onshoring, cloud, or big data, so that the organization is able to move forward to where it needs to be, as opposed to where it's going to randomly walk to.

Forde: One of the things that has come out in several of the presentations is this kind of capability-based planning, a technique in EA to get their arms around this thing from a business-driver perspective. Just to polish what Dave said a little bit, it's connecting all of those things. We see enterprises talking about a capability-based view of things on that basis.

Gardner: Let's get a quick update. The TOGAF framework, where are we and what have been the highlights from this particular event?

Hornford: In the last year, we've published a minor upgrade for TOGAF version 9.1 which was based upon cleaning up consistency in the language in the TOGAF documentation. What we're working on right now is a significant new release, the next release of the TOGAF standard, which is dividing the TOGAF documentation to make it more consumable, more consistent and more useful for someone.

Today, the TOGAF standard has guidance on how to do something mixed into the framework of what you should be doing. We're peeling those apart. So with that peeled apart, we won't have guidance that is tied to classic application architecture in a world of cloud.

What we find when we have done work with the Banking Industry Architecture Network (BIAN) for banking architecture, Sherwood Applied Business Security Architecture (SABSA) for security architecture, and the TeleManagement Forum, is that the concepts in the TOGAF framework work across industries and across trends. We need to move the guidance into a place so that we can be far nimbler on how to tie cloud with my current strategy, how to tie consumerization of IT with on-shoring?

Franken: The ArchiMate modeling language turned two last year, and the ArchiMate 1.0 standard is the language to model out the core of your EA. The ArchiMate 2.0 standard added two specifics to it to make it better aligned also to the process of EA.

According to the TOGAF standard, this is being able to model out the motivation, why you're doing EA, stakeholders and the goals that drive us. The second extension to the ArchiMate standard is being able to model out its planning and migration.

So with the core EA and these two extensions, together with the TOGAF standard process working, you have a good basis on getting EA to work in your organization.

Gardner: Mike, fill us in on some of your thoughts about the role of information architecture vis-à-vis the larger business architect and enterprise architect roles.

Walker: Information architecture is an interesting topic in that it hasn’t been getting a whole lot of attention until recently.

Information architecture is an aspect of enterprise architecture that enables an information strategy or business solution through the definition of the company's business information assets, their sources, structure, classification and associations that will prescribe the required application architecture and technical capabilities.

Information architecture is the bridge between the business architecture world and the application and technology architecture activities.

The reason I say that is because information architecture is a business-driven discipline that details the information strategy of the company. As we know, and from what we’ve heard at the conference keynotes like in the case of NASA, big data, and security presentations, the preservation and classification of that information is vital to understanding what your architecture should be.

From an industry perspective, this is one of the least matured, as far as being incorporated into a formal discipline. The TOGAF standard actually has a phase dedicated to it in data architecture. Again, there are still lots of opportunities to grow and incorporate additional methods, models and tools by the enterprise information management discipline.

Enterprise information management not only captures traditional topic areas like master data management (MDM), metadata and unstructured types of information architecture but also focuses on the information governance, and the architecture patterns and styles implemented in MDM, big data, etc. There is a great deal of opportunity there.

From the role of information architects, I’m seeing more and more traction in the industry as a whole. I've dealt with an entire group that’s focused on information architecture and building up an enterprise information management practice, so that we can take our top line business strategies and understand what architectures we need to put there.

This is a critical enabler for global companies, because oftentimes they're restricted by regulation, typically handled at a government or regional area. This means we have to understand that we build our architecture. So it's not about the application, but rather the data that it processes, moves, or transforms.

Gardner: Up until not too long ago, the conventional thinking was that applications generate data. Then you treat the data in some way so that it can be used, perhaps by other applications, but that the data was secondary to the application.

But there's some shift in that thinking now more toward the idea that the data is the application and that new applications are designed to actually expand on the data’s value and deliver it out, to mobile tiers perhaps. Does that follow in your thinking that the data is actually more prominent as a resource perhaps on par with applications?

Walker: You're spot on, Dana. Before the commoditization of these technologies that resided on premises, we could get away with starting at the application layer and work our way back because we had access to the source code or hardware behind our firewalls. We could throw servers out, and we used to put the firewalls in front of the data to solve the problem with infrastructure. So we didn’t have to treat information as a first-class citizen. Times have changed, though.

Information access and processing is now democratized and it’s being pushed as the first point of presentment. A lot of times this is on a mobile device and even then it’s not the corporate’s mobile device, but your personal device. So how do you handle that data?

It's the same way with cloud, and I’ll give you a great example of this. I was working as an adviser for a company, and they were looking at their cloud strategy. They had made a big bet on one of the big infrastructures and cloud-service providers. They looked first at what the features and functions that that cloud provider could provide, and not necessarily the information requirements. There were two major issues that they ran into, and that was essentially a showstopper. They had to pull off that infrastructure.

The first one was that in that specific cloud provider’s terms of service around intellectual property (IP) ownership. Essentially, that company was forced to cut off their IP rights.

As you know, IP is a big business these days, and so that was a showstopper. It actually broke the core regulatory laws around being able to discover information.

So focusing on the applications to make sure it meets your functional needs is important. However, we should take a step back and look at the information first and make sure that for the people in your organization who can’t say no, their requirements are satisfied.

Gardner: Data architecture is it different from EA and business architecture, or is it a subset? What’s the relationship, Dave?

Hornford: Data architecture is part of an EA. I won’t use the word subset, because a subset starts to imply that it is a distinct thing that you can look at on its own. You cannot look at your business architecture without understanding your information architecture. When you think about big data, cool. We've got this pile of data in the corner. Where did it come from? Can we use it? Do we actually have legitimate rights, as Mike highlighted, to use this information? Are we allowed to mix it and who mixes it?

When we look at how our business is optimized, they normally optimize around work product, what the organization is delivering. That’s very easy. You can see who consumes your work product. With information, you often have no idea who consumes your information. So now we have provenance, we have source and, as we move for global companies, we have the trends around consumerization, cloud and simply tightening cycle time.

Gardner: Of course, the end game for a lot of the practitioners here is to create that feedback loop of a lifecycle approach, rapid information injection and rapid analysis that could be applied. So what are some of the ways that these disciplines and tools can help foster that complete lifecycle?

Band: The disciplines and tools can facilitate the right conversations among different stakeholders. One of the things that we're doing at The Standard is building cadres equally balanced between people in business and IT.

We're training them in information management, going through a particular curriculum, and having them study for an information management certification that introduces a lot of these different frameworks and standard concepts.

We want to create these cadres to be able to solve tough and persistent information management problems that affect all companies in financial services, because information is a shared asset. The purpose of the frameworks is to ensure proper stewardship of that asset across disciplines and across organizations within an enterprise.

Hornford: The core is from the two standards that we have, the ArchiMate standard and the TOGAF standard. The TOGAF standard has, from its early roots, focused on the components of EA and how to build a consistent method of understanding of what I'm trying to accomplish, understanding where I am, and where I need to be to reach my goal.

When we bring in the ArchiMate standard, I have a language, a descriptor, a visual descriptor that allows me to cross all of those domains in a consistent description, so that I can do that with traceability. When I pull in this lever or I have this regulatory impact, what does it hit me with, or if I have this constraint, what does it hit me with?

If I don’t do this, if I don’t use the framework of the TOGAF standard, or I don’t use the discipline of formal modeling in the ArchiMate standard, we're going to do it anecdotally. We're going to trip. We're going to fall. We're going to have a non-ending series of surprises, as Mike highlighted.

"Oh, terms of service. I am violating the regulations. Beautiful. Let’s take that to our executive and tell him right as we are about to go live that we have to stop, because we can't get where we want to go, because we didn't think about what it took to get there." And that’s the core of EA in the frameworks.

Walker: To build on what Dave has just talked about and going back to your first question Dana, the value statement on TOGAF from a business perspective. The businesses value of TOGAF is that they get a repeatable and a predictable process for building out our architectures that properly manage risks and reliably produces value.

The TOGAF framework provides a methodology to ask what problems you're trying to solve and where you are trying to go with your business opportunities or challenges. That leads to business architecture, which is really a rationalization in technical or architectural terms the distillation of the corporate strategy.

From there, what you want to understand is information—how does that translate, what information architecture do we need to put in place? You get into all sorts of things around risk management, etc., and then it goes on from there, until what we were talking about earlier about information architecture.

If the TOGAF standard is applied properly you can achieve the same result every time, That is what interests business stakeholders in my opinion. And the ArchiMate modeling language is great because, as we talked about, it provides very rich visualizations so that people cannot only show a picture, but tie information together. Different from other aspects of architecture, information architecture is less about the boxes and more about the lines.

Forde: Building on what Dave was saying earlier and also what Iver was saying is that while the process and the methodology and the tools are of interest, it’s the discipline and the quality of the individuals doing the work.

Iver talked about how the conversation is shifting and the practice is improving to build communications groups that have a discipline to operate around. What I am hearing is implied, but actually I know what specifically occurs, is that we end up with assets that are well described and reusable.

And there is a point at which you reach a critical mass that these assets become an accelerator for decision making. So the ability of the enterprise and the decision makers in the enterprise at the right level to respond is improved, because they have a well disciplined foundation beneath them.

A set of assets that are reasonably well-known at the right level of granularity for them to absorb the information and the conversation is being structured so that the technical people and the business people are in the right room together to talk about the problems.

This is actually a fairly sophisticated set of operations that I am discussing and doesn't happen overnight, but is definitely one of the things that we see occurring with our members in certain cases.

Hornford: I want to build on that what Chris said. It’s actually the word "asset." While he was talking, I was thinking about how people have talked about information as an asset. Most of us don’t know what information we have, how it’s collected, where it is, but we know we have got a valuable asset.

I'll use an analogy. I have a factory some place in the world that makes stuff. Is that an asset? If I know that my factory is able to produce a particular set of goods and it’s hooked into my supply chain here, I've got an asset. Before that, I just owned a thing.

I was very encouraged listening to what Iver talked about. We're building cadres. We're building out this approach and I have seen this. I'm not using that word, but now I'm stealing that word. It's how people build effective teams, which is not to take a couple of specialists and put them in an ivory tower, but it’s to provide the method and the discipline of how we converse about it, so that we can have a consistent conversation.

When I tie it with some of the tools from the Architecture Forum and the ArchiMate Forum, I'm able to consistently describe it, so that I now have an asset I can identify, consume and produce value from.

Forde: And this is very different from data modeling. We are not talking about entity relationship, junk at the technical detail, or third normal form and that kind of stuff. We're talking about a conversation that’s occurring around the business context of what needs to go on supported by the right level of technical detail when you need to go there in order to clarify.

Listen to the podcast. Find it on iTunes. Read a full transcript or download a copy.

By: Dana Gardner, Principal Analyst, Interarbor Solutions Posted: 25th February 2013 Copyright Interarbor Solutions © 2013

We recently assembled a panel of experts to explore how big data changes the status quo for architecting the enterprise. The bottom line from the discussion is that large enterprises should not just wade into big data as an isolated function, but should anticipate the strategic effects and impacts of big data—as well the simultaneous complicating factors of cloud computing and mobile—as soon as possible.

The panel consisted of Robert Weisman, CEO and Chief Enterprise Architect at Build The Vision; Andras Szakal, Vice President and CTO of IBM's Federal Division; Jim Hietala, Vice President for Security at The Open Group, and Chris Gerty, Deputy Program Manager at the Open Innovation Program at NASA. I served as the moderato

And this special BriefingsDirect thought leadership interview series comes to you in conjunction with The Open Group Conference recently held in Newport Beach, California. The conference focused on "big data—he transformation we need to embrace today." [Disclosure: The Open Group is a sponsor of this and other BriefingsDirect podcasts.]

An interesting thread for me throughout the conference was to factor where big data begins and plain old data, if you will, ends. Of course, it's going to vary quite a bit from organization to organization.

But Gerty from NASA, part of our panel, provided a good example: It’s when you run out of gas with your old data methods, and your ability to deal with the data—and it's not just the size of the data itself.

Therefore, big data means do things differently—not just to manage the velocity and the volume and the variety of the data, but to really think about data fundamentally and differently. And, we need to think about security, risk and governance. If it's a "boundaryless organization" when it comes to your data, either as a product or service or a resource, that control and management of which data should be exposed, which should be opened, and which should be very closely guarded all need to be factored, determined and implemented.

Here are some excerpts from the on-stage discussion:

Dana Gardner: You mentioned that big data to you is not a factor of the size, because NASA's dealing with so much. It’s when you run out of steam, as it were, with the methodologies. Maybe you could explain more. When do you know that you've actually run out of steam with the methodologies?

Gerty: When we collect data, we have some sort of goal in mind of what we might get out of it. When we put the pieces from the data together, it either maybe doesn't fit as well as you thought or you are successful and you continue to do the same thing, gathering archives of information.

At that point, where you realize there might even be something else that you want to do with the data, different than what you planned originally, that’s when we have to pivot a little bit and say, "Now I need to treat this as a living archive. It's a 'it may live beyond me' type of thing." At that point, I think you treat it as setting up the infrastructure for being used later, whether it’d be by you or someone else. That's an important transition to make and might be what one could define as big data.

Gardner: Andras, does that square with where you are in your government interactions—that data now becomes a different type of resource, and that you need to know when to do things differently?

Szakal: The importance of data hasn’t changed. The data itself, the veracity of the data, is still important. Transactional data will always need to exist. The difference is that you have certainly the three or four Vs, depending on how you look at it, but the importance of data is in its veracity, and your ability to understand or to be able to use that data before the data's shelf life runs out.

Some data has a shelf life that's long lived. Other data has very little shelf life, and you would use different approaches to being able to utilize that information. It's ultimately not about the data itself, but it’s about gaining deep insight into that data. So it’s not storing data or manipulating data, but applying those analytical capabilities to data.

Gardner: Bob, we've seen the price points on storage go down so dramatically. We've seen people just decide to hold on to data that they wouldn’t have before, simply because they can and they can afford to do so. That means we need to try to extract value and use that data. From the perspective of an enterprise architect, how are things different now, vis-à-vis this much larger set of data and variety of data, when it comes to planning and executing as architects?

Weisman: One of the major issues is that normally organizations are holding two orders of magnitude more data then they need. It’s a huge overhead, both in terms of the applications architecture that has a code basis, larger than it should be, and also from the technology architecture that is supporting a horrendous number of servers and a whole bunch of technology stuff that they don't need.

The issue for the architect is to figure out what data is useful, institute a governance process, so that you can have data lifecycle management, have a proper disposition, focus the organization on information data and knowledge that is basically going to provide business value to the organization, and help them innovate and have a competitive advantage.

And in terms of government, just improve service delivery, because there's waste right now on information infrastructure, and we can’t afford it anymore.

Gardner: So it's difficult to know what to keep and what not to keep. I've actually spoken to a few people lately who want to keep everything, just because they want to mine it, and they are willing to spend the money and effort to do that.

Jim Hietala, when people do get to this point of trying to decide what to keep, what not to keep, and how to architect properly for that, they also need to factor in security. It shouldn't come later in the process. It should come early. What are some of the precepts that you think are important in applying good security practices to big data?

Hietala: One of the big challenges is that many of the big-data platforms weren’t built from the get-go with security in mind. So some of the controls that you've had available in your relational databases, for instance, you move over to the big data platforms and the access control authorizations and mechanisms are not there today.

Planning the architecture, looking at bringing in third-party controls to give you the security mechanisms that you are used to in your older platforms, is something that organizations are going to have to do. It’s really an evolving and emerging thing at this point.

Gardner: There are a lot of unknown unknowns out there, as we discovered with our tweet chat last month. Some people think that the data is just data, and you apply the same security to it. Do you think that’s the case with big data? Is it just another follow-through of what you always did with data in the first place?

Hietala: I would say yes, at a conceptual level, but it's like what we saw with virtualization. When there was a mad rush to virtualize everything, many of those traditional security controls didn't translate directly into the virtualized world. The same thing is true with big data.

When you're talking about those volumes of data, applying encryption, applying various security controls, you have to think about how those things are going to scale. That may require new solutions from new technologies and that sort of thing.

Gardner: Chris Gerty, when it comes to that governance, security, and access control, are there any lessons that you've learned that you are aware of in terms of the best of openness, but also with the ability to manage the spigot?

Gerty: Spigot is probably a dangerous term to use, because it implies that all data is treated the same. The sooner that you can tag the data as either sensitive or not, mostly coming from the person or team that's developed or originated the data, the better.

Once you have it on a hard drive, once you get crazy about storing everything, if you don't know where it came from, you're forced to put it into a secure environment. And that's just kicking the can down the road. It’s really a disservice to people who might use the data in a useful way to address their problems.

We constantly have satellites that are made for one purpose. They send all the data down. It’s controlled either for security or for intellectual property (IP), so someone can write a paper. Then, after the project doesn’t get funded or it just comes to a nice graceful close, there is that extra step, which is almost a responsibility of the originators, to make it useful to the rest of the world.

Gardner: Let’s look at big data through the lens of some other major trends right now. Let’s start with cloud. You mentioned that at NASA, you have your own private cloud that you're using a lot, of course, but you're also now dabbling in commercial and public clouds. Frankly, the price points that these cloud providers are offering for storage and data services are pretty compelling.

So we should expect more data to go to the cloud. Bob, from your perspective, as organizations and architects have to think about data in this hybrid cloud on-premises off-premises, moving back and forth, what do you think enterprise architects need to start thinking about in terms of managing that, planning for the right destination of data, based on the right mix of other requirements?

Weisman: It's a good question. As you said, the price point is compelling, but the security and privacy of the information is something else that has to be taken into account. Where is that information going to reside? You have to have very stringent service-level agreements (SLAs) and, in certain cases, you might say it's a price point that’s compelling, but the risk analysis that I have done means that I'm going to have to set up my own private cloud.

Right now, everybody's asking is the public cloud is going to be the way to go. Vendors are going to have to be very sensitive to that and many are, at this point in time, addressing a lot of the needs of some of the large client basis. So it’s not one-size-fits-all and it’s more than just a price for service. Architecture can bring down the price pretty dramatically, even within an enterprise.

Gardner: Andras, how do the cloud and big data come together in a way that’s intriguing to you?

Szakal: Actually it’s a great question. We could take the rest of the 22 minutes talking on this one question. I helped lead the President’s Commission on big data that Steve Mills from IBM and—I forget the name of the executive from SAP—led. We intentionally tried to separate cloud from big data architecture, primarily because we don't believe that, in all cases, cloud is the answer to all things big data. You have to define the architecture that's appropriate for your business needs.

However, it also depends on where the data is born. Take many of the investments IBM has made into enterprise market management, for example, Coremetrics; several of these services that we now offer for helping customers understand deep insight into how their retail market or supply chain behaves.

All of that information is born in the cloud. But if you're talking about actually using cloud as infrastructure and moving around huge sums of data or constructing some of these solutions on your own, then some of the ideas that Bob conveyed are absolutely applicable.

I think it becomes prohibitive to do that and easier to stand up a hybrid environment for managing the amount of data. But I think that you have to think about whether your data is real-time data, whether it's data that you could apply some of these new technologies like Hadoop to, Hadoop MapReduce-type solutions, or whether it's traditional data warehousing.

Data warehouses are going to continue to exist and they're going to continue to evolve technologically. You're always going to use a subset of data in those data warehouses, and it's going to be an applicable technology for many years to come.

Gardner: So suffice it to say, an enterprise architect who is well versed in both cloud infrastructure requirements, technologies, and methods, as well as big data, will probably be in quite high demand. That specialization in one or the other isn’t as valuable as being able to cross-pollinate between them.

Szakal: Absolutely. It's enabling our architects and finding deep individuals who have this unique set of skills, analytics, mathematics, and business. Those individuals are going to be the future architects of the IT world, because analytics and big data are going to be integrated into everything that we do and become part of the business processing.

Gardner: Well, that’s a great segue to the next topic that I am interested in, and it's around mobility as a trend and also application development. The reason I lump them together is that I increasingly see developers being tasked with mobile first.

When you create a new app, you have to remember that this is going to run in the mobile tier and you want to make sure that the requirements, the UI, and the complexity of that app, don’t go beyond the ability of the mobile app and the mobile user. This is interesting to me, because data now has a different relationship with apps.

We used to think of apps as creating data and then the data would be stored and it might be used or integrated. Now, we have applications that are simply there in order to present the data and we have the ability now to present it to those mobile devices in the mobile tier, which means it goes anywhere, everywhere all the time.

Let me start with you Jim, because it’s security and risk, but it's also just rethinking the way we use data in a mobile tier. If we can do it safely, and that’s a big IF, how important should it be for organizations to start thinking about making this data available to all of these devices and just pour out into that mobile tier as possible?

Hietala: In terms of enabling the business, it’s very important. There are a lot of benefits that accrue from accessing your data from whatever device you happen to be on. To me, it is that question of "if," because now there’s a whole lot of problems to be solved relative to the data floating around anywhere on Android, iOS, whatever the platform is, and the organization being able to lock down their data on those devices, forgetting about whether it’s the organization device or my device. There’s a set of issues around that that the security industry is just starting to get their arms around today.

Gardner: Chris, any thoughts about this mobile ability that the data gets more valuable the more you can use it and apply it, and then the more you can apply it, the more data you generate that makes the data more valuable, and we start getting into that positive feedback loop?

Gerty: Absolutely. It's almost an appreciation of what more people could do and get to the problem. We're getting to the point where, if it's available on your desktop, you’re going to find a way to make it available on your device.

That same security question probably need to be answered anyway, but making it mobile compatible is almost an acknowledgment that there will be someone who wants to use it. So let me go that extra step to make it compatible and see what I get from them. It's more of a cultural benefit that you get from making things compatible with mobile.

Gardner: Any thoughts about what developers should be thinking by trying to bring the fruits of big data through these analytics to more users rather than just the BI folks or those that are good at SQL queries? Does this change the game by actually making an application on a mobile device, simple, powerful but accessing this real time updated treasure trove of data?

Gerty: I always think of the astronaut on the moon. He's got a big, bulky glove and he might have a heads-up display in front of him, but he really needs to know exactly a certain piece of information at the right moment, dealing with bandwidth issues, dealing with the environment, foggy helmet whatever.

It's very analogous to what the day-to-day professional will use trying to find out that quick e-mail he needs to know or which meeting to go to—which one is more important—and it all comes down to putting your developer in the shoes of the user. So anytime you can get interaction between the two, that’s valuable.

Weisman: From an enterprise architecture point of view my background is mainly defense and government, but defense mobile computing has been around for decades. So you've always been dealing with that.

The main thing is that in many cases, if they're coming up with information, the whole presentation layer is turning into another architecture domain with information visualization and also with your security controls, with an integrated identity management capability.

It's like you were saying about the astronaut getting it right. He doesn't need to know everything that’s happening in the world. He needs to know about his heads-up display, the stuff that's relevant to him.

So it's getting the right information to a person in an authorized manner, in a way that he can visualize and make sense of that information, be it straight data, analytics, or whatever. The presentation layer, ergonomics, visual communication are going to become very important in the future for that. There are also a lot of problems. Rather than doing it at the application level, you're doing it entirely in one layer.

Gardner: So clearly the implications of data are cutting across how we think about security, how we think about UI, how we factor in mobility. What we now think about in terms of governance and security, we have to do differently than we did with older data models.

Jim Hietala, what about the impact on spurring people towards more virtualized desktop delivery, if you don't want to have the date on that end device, if you want solve some of the issues about control and governance, and if you want to be able to manage just how much data gets into that UI, not too much not too little.

Do you think that some of these concerns that we’re addressing will push people to look even harder, maybe more aggressive in how they go to desktop and application virtualization, as they say, keep it on the server, deliver out just the deltas?

Hietala: That’s an interesting point. I’ve run across a startup in the last month or two that is doing is that. The whole value proposition is to virtualize the environment. You get virtual gold images. You don't have to worry about what's actually happening on the physical device and you know when the devices connect. The security threat goes away. So we may see more of that as a solution to that.

Gardner: Andras, do you see that that some of the implications of big data, far fetched as it may be, are propelling people to cultivate their servers more and virtualize their apps, their data, and their desktop right up to the end devices?

Szakal: Yeah, I do. I see IBM providing solutions for virtual desktop, but I think it was really a security question you were asking. You're certainly going to see an additional number of virtualized desktop environments.

Ultimately, our network still is not stable enough or at a high enough bandwidth to really make that useful exercise for all but the most menial users in the enterprise. From a security point of view, there is a lot to be still solved.

And part of the challenge in the cloud environment that we see today is the proliferation of virtual machines (VMs) and the inability to actually contain the security controls within those machines and across these machines from an enterprise perspective. So we're going to see more solutions proliferate in this area and to try to solve some of the management issues, as well as the security issues, but we're a long ways away from that.

Gerty: Big data, by itself, isn't magical. It doesn't have the answers just by being big. If you need more, you need to pry deeper into it. That’s the example. They realized early enough that they were able to make something good.

Gardner: Jim Hietala, any thoughts about examples that illustrate where we’re going and why this is so important?

Hietala: Being a security guy, I tend to talk about scare stories, horror stories. One example from last year that struck me. One of the major retailers here in the U.S. hit the news for having predicted, through customer purchase behavior, when people were pregnant.

They could look and see, based upon buying 20 things, that if you're buying 15 of these and your purchase behavior has changed, they can tell that. The privacy implications to that are somewhat concerning.

An example was that this retailer was sending out coupons related to somebody being pregnant. The teenage girl, who was pregnant hadn't told her family yet. The father found it. There was alarm in the household and at the local retailer store, when the father went and confronted them.

There are privacy implications from the use of big data. When you get powerful new technology in marketing people's hands, things sometimes go awry. So I'd throw that out just as a cautionary tale that there is that aspect to this. When you can see across people's buying transactions, things like that, there are privacy considerations that we’ll have to think about, and that we really need to think about as an industry and a society.

Listen to the podcast. Find it on iTunes. Watch the video. Read a full transcript or download a copy.

By: Andrew McCreath, Cloud Director, Savvis Posted: 31st January 2013 Copyright Savvis © 2013

It’s not just digital technologies but an emerging participatory media culture, fuelled by blogs, user generated content and social networks, that are transforming the relationships and practices through which media organisations have historically operated and created value.

There are two discrete trends disrupting established principles and practises: technological and people. Innovations in communications, devices, platforms and delivery have led to active participation and brought unprecedented personalisation to mass media.

The user can be, in essence, in charge and at the centre of everything and traditional media and content companies have to reinvent themselves, serving two types of digital experience or ‘states of mind’:

Lean Forward
In ‘Lean Forward’ mode, users tend to have a short attention span and scan rather than read, actively looking for content, perhaps multi-tasking. This state of mind is normally seen on the desktop PC.

Lean Back
The ‘Lean Back’ experience is more immersive, with the user in consumption mode, characterised by a longer attention span—analogous to printer or television and frequently seen in smartphone use.

The tablet is the first device that attempts to cross the boundaries by supporting both types of user experience, a phenomenon increasingly referred to as “curl-up computing”.

Curl-up Computing
No longer prepared to be dictated to by linear media schedules, people are becoming active information-seekers. In fact, many consumers no longer regard traditional content providers as their go-to sources of insight and instead wait for mainstream and niche news to be filtered through social channels, via links shared by people or brands they trust and respect.

Digitisation of content has arguably led to commoditisation, and digital natives’ expectations of a ‘free lunch’ have spawned gloomy predictions for the news and music segments in particular. The challenge is to identify innovative monetisation models to ensure survival, rather than a ‘pay for everything’ or ‘pay for nothing’ approach. Many media businesses are emulating the economics of software providers, for whom the cost of creating something of value is high, but the marginal cost of distributing it to each consumer is low.

However, with any content behind a pay wall, on-demand spending is driven by the quality and consistency of the user experience, ease of access and relevant content. Brands such as Facebook, Google and Apple have defined consumers’ expectations for the “it just works” technology experience. Consumerisation has also led to rising expectations in the workplace in terms of simplicity, usability and elegance—not always the hallmarks of corporate IT. Tolerance of delays or disruption to the user experience is low, and forgiveness is largely dependent on uniqueness or relevance of the content itself or the provider’s brand equity.

So what are the primary concerns for enabling modern day media conception? Meeting peaks in demand through cloud enablement and meeting customers’ performance expectations.

The cloud has great potential to shape the future of the industry, especially cloud-native media, which offer exciting new opportunities for content providers and broadcasters to transact in real-time with their audience, socially or commercially. Consider the cloud as the digital assembly line that enables mass customisation of media and advertising services to those in charge—the consumers. That’s why a cloud-enabled media strategy is not just a matter of having the right infrastructure—it’s about delivering the right tools, the right controls and the right user experience.

By: Dana Gardner, Principal Analyst, Interarbor Solutions Posted: 29th January 2013 Copyright Interarbor Solutions © 2013

Ford has exploited the strengths of big data analytics by directing them internally to improve business results. In doing so, they scour the metrics from the company’s best processes across myriad manufacturing efforts and through detailed outputs from in-use automobiles—all to improve and help transform their business.

So explains Michael Cavaretta, PhD, Technical Leader of Predictive Analytics for Ford Research and Advanced Engineering in Dearborn, Michigan. Cavaretta is one of a group of experts assembled this week for The Open Group Conference in Newport Beach, California.

Cavaretta has led multiple data-analysis projects at Ford to break down silos inside the company to best define Ford’s most fruitful data sets. Ford has successfully aggregated customer feedback and extracted all the internal data to predict how best new features in technologies will improve their cars.

As a contributor to the The Open Group conference and its focus on "Big Data—The Transformation We Need to Embrace Today," Cavaretta explains how big data is fostering business transformation by allowing deeper insights into more types of data efficiently, and thereby improving processes, quality control, and customer satisfaction.

The interview was moderated by Dana Gardner, Principal Analyst at Interarbor Solutions. [Disclosure: The Open Group is a sponsor of BriefingsDirect podcasts.]

Here are some excerpts:

Gardner: What's different now in being able to get at this data and do this type of analysis from five years ago?

Cavaretta: The biggest difference has to do with the cheap availability of storage and processing power, where a few years ago people were very much concentrated on filtering down the datasets that were being stored for long-term analysis. There has been a big sea change with the idea that we should just store as much as we can and take advantage of that storage to improve business processes.

Gardner: How did we get here? What's the process behind the benefits?

Cavaretta: The process behind the benefits has to do with a sea change in the attitude of organizations, particularly IT within large enterprises. There's this idea that you don't need to spend so much time figuring out what data you want to store and worry about the cost associated with it, and more about data as an asset. There is value in being able to store it, and being able to go back and extract different insights from it. This really comes from this really cheap storage, access to parallel processing machines, and great software.

I like to talk to people about the possibility that big data provides and I always tell them that I have yet to have a circumstance where somebody is giving me too much data. You can pull in all this information and then answer a variety of questions, because you don't have to worry that something has been thrown out. You have everything.

You may have 100 questions, and each one of the questions uses a very small portion of the data. Those questions may use different portions of the data, a very small piece, but they're all different. If you go in thinking, "We’re going to answer the top 20 questions and we’re just going to hold data for that," that leaves so much on the table, and you don't get any value out of it.

We're a big believer in mash-ups and we really believe that there is a lot of value in being able to take even datasets that are not specifically big-data sizes yet, and then not go deep, not get more detailed information, but expand the breadth. So it's being able to augment it with other internal datasets, bridging across different business areas as well as augmenting it with external datasets.

A lot of times you can take something that is maybe a few hundred thousand records or a few million records, and then by the time you’re joining it, and appending different pieces of information onto it, you can get the big dataset sizes.

Gardner: You’re really looking primarily at internal data, while also availing yourself of what external data might be appropriate. Maybe you could describe a little bit about your organization, what you do, and why this internal focus is so important for you.

Cavaretta: I'm part of a larger department that is housed over in the research and advanced-engineering area at Ford Motor Company, and we’re about 30 people. We work as internal consultants, kind of like Capgemini or Ernst & Young, but only within Ford Motor Company. We’re responsible for going out and looking for different opportunities from the business perspective to bring advanced technologies. So, we’ve been focused on the area of statistical modeling and machine learning for I’d say about 15 years or so.

And in this time, we’ve had a number of engagements where we’ve talked with different business customers, and people have said, "We'd really like to do this." Then, we'd look at the datasets that they have, and say, "Wouldn’t it be great if we would have had this. So now we have to wait six months or a year."

These new technologies are really changing the game from that perspective. We can turn on the complete fire-hose, and then say that we don't have to worry about that anymore. Everything is coming in. We can record it all. We don't have to worry about if the data doesn’t support this analysis, because it's all there. That's really a big benefit of big-data technologies.

The real value proposition definitely is changing as things are being pushed down in the company to lower-level analysts who are really interested in looking at things from a data-driven perspective. From when I first came in to now, the biggest change has been when Alan Mulally came into the company, and really pushed the idea of data-driven decisions.

Before, we were getting a lot of interest from people who are really very focused on the data that they had internally. After that, they had a lot of questions from their management and from upper level directors and vice-president saying, "We’ve got all these data assets. We should be getting more out of them." This strategic perspective has really changed a lot of what we’ve done in the last few years.

Gardner: Are we getting to the point where this sort of Holy Grail notion of a total feedback loop across the lifecycle of a major product like an automobile is really within our grasp? Are we getting there, or is this still kind of theoretical. Can we pull it altogether and make it a science?

Cavaretta: The theory is there. The question has more to do with the actual implementation and the practicality of it. We still are talking a lot of data where even with new advanced technologies and techniques that’s a lot of data to store, it’s a lot of data to analyze, there’s a lot of data to make sure that we can mash-up appropriately.

And, while I think the potential is there and I think the theory is there. There is also work in being able to get the data from multiple sources. So everything which you can get back from the vehicle, fantastic. Now if you marry that up with internal data, is it survey data, is it manufacturing data, is it quality data? What are the things do you want to go after first? We can’t do everything all at the same time.

Our perspective has been let’s make sure that we identify the highest value, the greatest ROI areas, and then begin to take some of the major datasets that we have and then push them and get more detail. Mash them up appropriately and really prove up the value for the technologists.

Gardner: Clearly, there's a lot more to come in terms of where we can take this, but I suppose it's useful to have a historic perspective and context as well. I was thinking about some of the early quality gurus like Deming and some of the movement towards quality like Six Sigma. Does this fall within that same lineage? Are we talking about a continuum here over that last 50 or 60 years, or is this something different?

Cavaretta: That’s a really interesting question. From the perspective of analyzing data, using data appropriately, I think there is a really good long history, and Ford has been a big follower of Deming and Six Sigma for a number of years now.

The difference though, is this idea that you don't have to worry so much upfront about getting the data. If you're doing this right, you have the data right there, and this has some great advantages. You’ll have to wait until you get enough history to look for somebody’s patterns. Then again, it also has some disadvantage, which is you’ve got so much data that it’s easy to find things that could be spurious correlations or models that don’t make any sense.

The piece that is required is good domain knowledge, in particular when you are talking about making changes in the manufacturing plant. It's very appropriate to look at things and be able to talk with people who have 20 years of experience to say, "This is what we found in the data. Does this match what your intuition is?" Then, take that extra step.

Gardner: How has the notion of the Internet of things being brought to bear on your gathering of big data and applying it to the analytics in your organization?

Cavaretta: It is a huge area, and not only from the internal process perspective—RFID tags within the manufacturing plans, as well as out on the plant floor, and then all of the information that’s being generated by the vehicle itself.

The Ford Energi generates about 25 gigabytes of data per hour. So you can imagine selling couple of million vehicles in the near future with that amount of data being generated. There are huge opportunities within that, and there are also some interesting opportunities having to do with opening up some of these systems for third-party developers. OpenXC is an initiative that we have going on to add at Research and Advanced Engineering.

We have a lot of data coming from the vehicle. There’s huge number of sensors and processors that are being added to the vehicles. There's data being generated there, as well as communication between the vehicle and your cell phone and communication between vehicles.

There's a group over at Ann Arbor Michigan, the University of Michigan Transportation Research Institute (UMTRI), that’s investigating that, as well as communication between the vehicle and let’s say a home system. It lets the home know that you're on your way and it’s time to increase the temperature, if it’s winter outside, or cool it at the summer time.

The amount of data that’s been generated there is invaluable information and could be used for a lot of benefits, both from the corporate perspective, as well as just the very nature of the environment.

Gardner: Just to put a stake in the ground on this, how much data do cars typically generate? Do you have a sense of what now is the case, an average?

Cavaretta: The Energi, according to the latest information that I have, generates about 25 gigabytes per hour. Different vehicles are going to generate different amounts, depending on the number of sensors and processors on the vehicle. But the biggest key has to do with not necessarily where we are right now but where we will be in the near future.

With the amount of information that's being generated from the vehicles, a lot of it is just internal stuff. The question is how much information should be sent back for analysis and to find different patterns? That becomes really interesting as you look at external sensors, temperature, humidity. You can know when the windshield wipers go on, and then to be able to take that information, and mash that up with other external data sources too. It's a very interesting domain.

Gardner: What skills do you target for your group, and what ways do you think that you can improve on that?

Cavaretta: The skills that we have in our department, in particular on our team, are in the area of computer science, statistics, and some good old-fashioned engineering domain knowledge. We’ve really gone about this from a training perspective. Aside from a few key hires, it's really been an internally developed group.

The biggest advantage that we have is that we can go out and be very targeted with the amount of training that we have. There are such big tools out there, especially in the open-source realm, that we can spin things up with relatively low cost and low risk, and do a number of experiments in the area. That's really the way that we push the technologies forward.

Talking with The Open Group really gives me an opportunity to be able to bring people on board with the idea that you should be looking at a difference in mindset. It's not "Here’s a way that data is being generated, look, try and conceive of some questions that we can use, and we’ll store that too." Let's just take everything, we’ll worry about it later, and then we’ll find the value.

It's important to be thinking about data as an asset, rather than as a cost. You even have to spend some money, and it may be a little bit unsafe without really solid ROI at the beginning. Then, move towards pulling that information in, and being able to store it in a way that allows not just the high-level data scientist to get access to and provide value, but people who are interested in the data overall. Those are very important pieces.

The last one is how do you take a big-data project, how do you take something where you’re not storing in the traditional business intelligence (BI) framework that an enterprise can develop, and then connect that to the BI systems and look at providing value to those mash-ups. Those are really important areas that still need some work.

There are many companies, especially large enterprises, that are looking at their data assets and wondering what can they do to monetize this, not only to just pay for the efficiency improvement but as a new revenue stream.

Gardner: For those organizations that want to get started on this, how do you get started?

Cavaretta: We're definitely a huge believer in pilot projects and proof of concept, and we like to develop roadmaps by doing. So get out there. Understand that it's going to be messy. Understand that it maybe going to be a little bit more costly and the ROI isn't going to be there at the beginning.

But get your feet wet. Start doing some experiments, and then, as those experiments turn from just experimentation into really providing real business value, that’s the time to start looking at a more formal aspect and more formal IT processes. But you've just got to get going at this point.

Listen to the podcast. Find it on iTunes. Read a full transcript or download a copy.

By: Dana Gardner, Principal Analyst, Interarbor Solutions Posted: 23rd January 2013 Copyright Interarbor Solutions © 2013

The Bring Your Own Device (BYOD) trend has rapidly morphed from a disruptive worry into a strategic, positive initiative for many organizations across the globe, according to results from a new global survey released recently.

In fact, significant business benefits often follow when BYOD-adopter companies empower their employees with their preferred devices and work habits, as well as more say in the applications and data access they need to get their jobs done… anytime, from anywhere, the survey shows.

What's more, the rapidly improved productivity and enhanced collaboration among employees—as well as greater communication and better service with customers, suppliers and partners—are proving to be competitive advantages for companies that do BYOD best.

The survey was recently conducted by Dell Software Group and market researcher Vanson Bourne from nearly 1,500 IT executives around the world. It clearly demonstrates that, while BYOD shows promise, many organizations are struggling with making the most of BYOD. [Disclosure: Quest Software, part of Dell's Software Group, is a sponsor of BriefingsDirect podcasts.]

The majority of survey respondents agree that BYOD strategies deliver benefits—more than 70 percent said they believe that BYOD can boost employee productivity and customer response time, and 59 percent say they feel their company could be at a competitive disadvantage if they didn't implement BYOD.

And attitudes toward the innovation impact that BYOD has are largely the same among the midsized (between 1,000 and 3,000 employees) and large (more than 3,000 employees) companies surveyed. Roughly half of respondents in both groups say that BYOD has significantly changed the business culture at their organizations.

Yet less than half of the IT leadership respondents—44 percent—say they understand the importance of a user-centric approach to BYOD. And this is where many organizations are missing the boat, according to Dell Software.

"It's important that organizations define a program to help manage and protect their corporate information, but also to empower employees to do their jobs better and faster, or to improve customer satisfaction, or whatever the goal is," says Roger Bjork, Director of Enterprise Mobility Solutions at Dell Software Group. "Companies that do BYOD for a purpose, to help with a broader goal, are seeing better results versus those who simply let BYOD happen. A big part of that is focusing on the user aspect, and not limiting it to a device discussion."

To me these results should remove doubt that embracing desktop virtualization (VDI) and mobile device management are priorities for IT. I also think that BYOD is a catalyst to more general IT transformation and more business-centric emphasis for IT innovation. You could say that BYOD forms a capstone on the rising archway of VDI, web apps, thin clients, terminal services, and other applications delivery advancements overt the past 15 years.

The idea, of course, going back to the very first PCs, is to let the user decide how to work best.

Benefits of putting users first
Indeed, those survey respondents who say they believe the user-centric approach to BYOD is the right one also reported they are able to drive business benefits, satisfy users and gain a competitive edge to a higher degree than survey respondents who don't see the benefit of a user-centric approach. Some 64 percent of respondents say BYOD works well when the specific user needs are understood by IT.

And respondents at companies further along in their BYOD strategy implementations are more likely to agree that the most benefit is derived from programs that put the user first. Understanding individual user needs and the resulting improvements in employee productivity and satisfaction are much more important pillars of a BYOD strategy than simply allowing employees to use the device in their pocket or purse for work, says Bjork.

"You do a disservice if you make this about what shiny object do employees want to use to connect to email. It's much broader than that," he says. "I think the survey data definitely shows companies that have well thought-out BYOD strategies have fewer issues and are garnering better results."

A one-size fits all approach to BYOD does not work, says Bjork,  IT should manage the spread of BYOD. "You can't just let BYOD happen," he added.

A user-centric approach to BYOD fits with the recent trend for IT to transform into a service-delivery organization that understands not only the goals of the business, but how to support employees to help them achieve these goals, adds Bjork. What's more, as the Millennial Generation enters the workforce with certain digital expectations, user-centric BYOD policies can be leveraged as recruiting tools.

"Let's face it, this is not just a mobile thing. It has a much broader impact," says Bjork. "BYOD is a method, not a result… You should start by asking 'What is the user trying to accomplish?'"

The bottom line is that IT now needs to support multiple ways of working for a variety of styles and devices that appeal and adjust based on user preferences and innovations.

Additional points
Other noteworthy points that arose from the survey:

• Survey participants in the U.S. are least likely to stress users over devices when crafting a BYOD strategy, while respondents in Singapore were most likely to do so. Other geographies covered by the survey include the U.K, France, Germany, Italy, Australia, India and the Beijing region of China;
• Respondents listed more flexible working hours, the ability to foster creativity, speed innovation, boost morale and facilitate teamwork and collaboration as personal gains for employees working with BYOD strategies;
• Organizations that consider applications as part of a their BYOD strategy are more likely to link and manage devices per user; clearly define roles for their user community in one central database; track and support each user's level of mobility, and deliver applications to users based on their role within the company. Of those with no formal BYOD policy, 27 percent say they can't provide any of these functions;
• The top five BYOD challenges listed by survey respondents are abuse of policies; theft/loss of mobile devices; lack of control over applications and data on devices; employees leaving the company with insider knowledge; and unauthorized data distribution.

Dell's position on the importance of a user-centric BYOD strategy comes from experience. Carol Fawcett was the CIO of Quest Software, which was recently acquired by Dell, with nearly 4,000 employees in 23 countries. The company focused on giving employees access to the applications and data they needed to get their jobs done, regardless of what device was being used.

"We found this approach helped us quickly move out of device firefighting mode to be much more strategic, which also enabled us to resolve our biggest BYOD problems, such as security, access rights and data leakage," says Fawcett. "The results of this latest BYOD survey reinforce the importance of putting users first in order to develop the most effective policies and turn BYOD into a long-term, sustainable business benefit."

As Quest found with its own workers, the better planned the BYOD acceptance, the fewer negative issues and the better the productivity result. I recently spoke with Fawcett at length about the experience.

I think we should also expect that BYOD planning will be done in association with—and as an accelerant to—other larger initiatives such as data center consolidation, IT transformation, and applications modernization.

Bjork further suggested that companies that have a policy-based approach to security and access control, and adopt services oriented architectures and data lifecycle management will be in a better position to avail themselves of BYOD faster and at lower risk. VDI and thin-client initiatives also pave the way to BYOD.

(BriefingsDirect contributor Cara Garretson provided editorial assistance and research on this post. She can be reached on LinkedIn.)

By: Clive Longbottom, Head of Research, Quocirca Posted: 22nd January 2013 Copyright Quocirca © 2013

Quocirca recently had an interesting discussion with an off-shore hosting and cloud company. Jersey-based (as in the UK Channel Islands, not the US New Jersey) Calligo is positioning itself as the right place to be for data—and for running the applications that create and consume the data.

Why is this important? Well, organisations are beginning to wake up to the fact that even when a data centre is in a 'friendly' country, there is still potentially high risks to the intellectual property (IP) held within the data.

The US Patriot Act and the Foreign Intelligence Surveillance Act (FISA) make those European companies that have looked into their possible impact shudder. That a foreign power can demand—and get—access to their data just because it is hosted by a company in the US—or is in a facility anywhere in the world that is owned by a company in the US—means that many are looking for alternative arrangements with companies that can still offer a broad range of services, but backed with better data security agreements that cannot be ridden roughshod over by the regional government.

Calligo’s view is that Jersey is highly controlled from a data viewpoint. Although it is nominally 'in' the UK, it is actually a separate British Crown Dependency. This means that it is autonomous, makes its own laws and operates outside of the reach of other country’s legal systems— including the UK. Sure, EU laws will still apply when push comes to shove—but a European customer may be happier with a Jersey/EU escalation than a /EU/US three-way battle.

This means that data can be stored in a country where the legal system is subject to fewer overall laws, is overseen by fewer people and can be targeted to specific needs. Jersey has pedigree here with the way it has dealt with financial services in its country.

Jersey is also well connected from a data viewpoint to both the UK and the European mainland through multiple cables, and from these to the rest of the world. Therefore, placing applications and data in a commercial, secure facility on an island that is part of the EU but is autonomous has many things going for it.

But, however well Jersey is connected to the rest of the world, it cannot overcome its relative geographic isolation. When super-fast response is needed—e.g. for financial trading in the US or in Japan—the underlying latency can still be an issue. Calligo recognises this, and is looking at where else in the world it can set up similar facilities and meet the needs of organisations that want to be assured of greater security for their data and therefore their intellectual property.

The Cayman Islands are one option—they are well placed for the south of the US, for Central America and for the major markets of the top of South America. Although the Cayman Islands are a British Overseas Territory with their own legal system, they come under the overall control of the UK and have a Governor appointed by the Queen—but can still enact and follow laws that make sense from a commercial viewpoint to the islands.

Calligo also includes a data ownership clause in its agreements—the data always belongs to and is owned by the customer. Many cloud providers make no statements about this, which can cause issues for the actual data owner. On top of this, Calligo says that it has a special clause in its agreements, which make it clear that should the untoward happen, the data has to be turned over to the customer (even by a business administrator)—so making it easier for a customer to regain access to the data and move it to another provider.

Similar approaches in other parts of the world could give Calligo an interesting footprint for a global offering. With small, autonomous island states being more likely to provide laws that are data friendly while still retaining strong audit and overall data security capabilities, Calligo’s offerings of IaaS, PaaS and SaaS (for example, it hosts SugarCRM and other applications) combined with the capability to use external cloud offerings where it makes sense (such as Google Maps) will make sense to many organisations.

Overall, Calligo looks like an interesting company. For those who have worries about how their data is secured not just from the baddies out there, but also from the governments who are enacting ever more threatening laws around data access, the use of Island nations as a home for data could be just as good as using them for financial affairs.

By: Andrew McCreath, Cloud Director, Savvis Posted: 21st December 2012 Copyright Savvis © 2012

Whether through public, private or hybrid, cloud delivery is now on the strategic agenda of CIOs for resource-efficiency benefits. Indeed, as IT plays an ever-increasing role in business strategy, CIOs and IT leaders have the opportunity to influence the board and aid business growth.

What issues should CIOs keep front of mind in 2013? What expectations should they hold to? In 2012, Savvis looked at just that in a study of 500 IT leaders. Based on their insights, suggest IT execs resolve in 2013 to stick to:

1. Ensuring collaboration between IT and the rest of the organisation
2. Delivering operational efficiencies at every level and function
3. Aligning IT activities to become a business enabler

Collaboration
Although budget limitations remain an issue, CIOs are turning their attention to increasing collaboration within organisations, promoting projects that make them more agile and differentiate them in the marketplace.

Implementing a collaborative infrastructure solution is an important first step when pushing IT to the forefront of business strategy. A fully integrated IT infrastructure solution allows organisations to gain transparency, predictability and control over their cost models, time to market, product portfolio and many other business drivers.

IT leaders clearly understand how outsourcing enables them to focus and improve other areas of the business. In fact, 50 per cent of UK IT Leaders are driven by the need of IT agility to address business needs through outsourcing. The benefits of redirecting resources away from infrastructure and onto core competencies include improved internal communication, enhanced operational efficiencies and the ability to align funds to more revenue-generating projects that drive the business forward.

Delivery
Cloud continues to be seen as the leading way to deliver flexible, efficient and cost effective computing to every level of the organisation.

Rather than paying a fixed upfront CapEx or long-term contract fee, the cost of cloud varies with the amount of services used — a true ‘pay as you go’ model. In our study into global IT outsourcing, Savvis, IT leaders, told us that the top three benefits of this model are cost reduction and containment, infrastructure scalability and flexibility, and improved quality of service.

This ‘scalability model’ enables businesses to respond to changing needs and opportunities in real-time, delivering a tailored yet flexible infrastructure.

Competitive advantage
Finally, CIOs should expect the most from their IT solution.  IT outsourcing is instrumental in differentiating an organisation, whether through stretching IT budget to invest in innovation and revenue-generating projects, or simply delivering flexible, efficient infrastructure performance. Our report revealed that, on average, CIOs predict a 26 per cent saving of IT budget through outsourcing. IT outsourcing is viewed as a business enabler, boosting IT budget by a quarter and helping them deliver more value to the business as a whole.

While it’s no surprise that CIOs themselves are acutely aware of the business benefits of IT outsourcing, then, perhaps their most important task of all is to communicate them to leaders beyond the IT organisation.

By: Dana Gardner, Principal Analyst, Interarbor Solutions Posted: 11th December 2012 Copyright Interarbor Solutions © 2012

It's no surprise that most enterprises are now taking big data more seriously. But what might raise an eyebrow is how many organizations say they rely on real-time processing of big data to fuel their business, as well as the number of companies who say they're thinking about taking their big data to the cloud.

These findings come from a recent survey conducted by GigaSpaces, which asked 243 IT executives in various industries about their big data perceptions and plans. GigaSpaces, a provider of end-to-end scaling solutions for distributed application environments and an open platform-as-a-service (PaaS) stack for cloud deployment, conducted the survey online during the fall of 2012.

Among the survey findings:

• Some 80 percent of respondents said that big data processing is a mission-critical function
• More than 70 percent said their business requires processing of big data in fast—in real time—either in large volumes, at high velocity, or both
• Only 20 percent of respondents said they have no plans to move their big data to the cloud, indicating a widespread readiness to consider the option

The first finding shows that enterprises are moving beyond collecting and storing big data and delving deeper. Their businesses require that they process this data in real time as events occur, be they trades on a stock exchange, alerts from security monitors, or location changes from GPS devices.

The second finding demonstrates the need for low latency and high performance in processing big data streams, as these functions are becoming mission critical and delays or dropped data can't be tolerated.

Real-time tools
GigaSpaces, which sponsored the survey, also asked survey respondents what tools they're using to process big data in real time, and here's where a gap is revealed: only 12 percent have adopted real-time event processing tools. According to GigaSpaces, this suggests that most enterprises still have not found the right solution that offers the ability to handle massive data while also providing the required speed.

"Most enterprises haven’t yet adopted these real-time event processing tools, they're managing instead with a combination of a NoSQL data store with a Hadoop processing platform," says Tsipi Erann, marketing communications manager at GigaSpaces. "It's clear that enterprises haven’t yet found the right solution that’s dedicated to real-time processing and also fits into their architecture."

As for moving big data to the cloud, survey respondents seem eager to reap the cost-savings and improved agility offered by this model. Only 20 percent of them said they have no plans to move big data applications to the cloud, while 44 percent have concrete plans or have already started this migration.

Among the 34 percent who said they were unsure about cloud deployments, primary concerns cited were scalability and security.

GigaSpaces cross-referenced answers to the question of big data's business importance with answers to the cloud question and came up with this statement: 80 percent of respondents who define their big data applications as mission critical to the business are planning or considering a move to the cloud. The company said it will use findings from this survey to help shape the direction of its offerings.

"We understand the importance of giving customers the right features and will use the input in the creation of such a solution, whether it’s integration with Hadoop or processing or transactional management," says Yaron Parasol, product manager at GigaSpaces.

(BriefingsDirect contributor Cara Garretson provided editorial assistance and research on this post. She can be reached on LinkedIn.)

By: Dana Gardner, Principal Analyst, Interarbor Solutions Posted: 11th December 2012 Copyright Interarbor Solutions © 2012

The modern class of C and C++ tools are workhorses of PC applications development. And Objective-C tools have proven the rapid application development means of choice for native mobile development for iOS and Mac OS X.

So wouldn't it be nice to let the developers with the skills and proficiency in building native applications for the prominent enterprise computing clients of yesteryear (like Windows) gain ease in bringing better apps to all the mobile and fat client types demanded for the foreseeable future?

Embarcadero Technologies thought so, and long enough ago that they began re-architecting their compiler and C++ Builder development architecture in time to now provide write-once, run-natively-anywhere-that-counts benefits. [Disclosure: Embarcadero Technologies is a sponsor of BriefingsDirect podcasts.]

And now is when it really counts, with the advent of Windows 8, growing Mac OS X use and exploding sales of iOS and Android clients.

Embarcadero on Monday made generally available C++Builder XE3, which allows a common development effort to natively target—using a new 64-bit compiler—Windows 8, Mac OS X and Intel (not yet ARM) clients. And, coming this summer, the same compiler outputs to run those same apps natively on iOS and Android mobile clients. ARM support comes at end of 2013.

What's more, more of the Embarcadero stable of tools and IDEs will leverage the architecture. So more tools to build more apps once that run on more devices natively. The compiler architecture is extensible to make more tools that make more code more extensible to more platforms. Almost rhymes.

Vision to close chasms
The vision to bridge the long-standing chasm between mobile and full client environments—never mind the Windows-Mac chasm—came as Embarcadero acquired the CodeGear technology set from Borland back in 2008. Embarcadero said it immediately set out to build C++Builder XE3 then, to allow one code effort for many more targets.

"The old way of supporting multiple platforms was not practical," said Michael Swindell, Senior Vice President of Marketing and Product Management at Embarcadero in San Francisco. That old way included highly redundant and costly development to target different platforms. The old way forced ISVs and enterprises to make guesses about which clients to target, despite an extremely dynamic market and fast-changing users preferences.

"We needed to re-organize for a multi-client world," said Swindell. He said that ISVs and developers can hedge their bets by using C++Builder XE3 now, with the knowledge the same code will be able to quickly tuned and deployed in Q3 of this year on iOS and Android.

And there are some additional synergies that should appeal to the commercial ISVs.

The common mantra behind Delphi and C++ Builder, as well as any RAD IDE, of course, is to make less code to more work fast. C++Builder XE3 takes that a big step further by applying Embarcadero's agile benefits to a common architecture supporting the major IDEs to deliver cross-client platform development on all the major targets. Full Delphi support on the new C++Builder XE3 underlying architecture comes this spring, with all the Delphi database connectivity and web services support built in.

And there are some additional synergies that should appeal to the commercial ISVs. The C++Builder XE3 architecture is already "app store ready," enabling ease in bringing the apps to Apple and Google app stores. But for enterprises, Embarcadero is also developing synergies between its AppWave capabilities and C++Builder XE3 so that enterprises too can gain a streamlined means to deploy the apps for PCs, Macs and iOS and Android uses from an AppWave app store. Expect that in the fall, said Swindell.

So the net-net on this from my perspective is that Embarcadero has primed the pump for accelerated enterprise mobile development for 2013. And, it's given developers with C and C++ skills the means to build and deploy via app stores mobile apps on-demand, via subscription models, even inside enterprises. It also means that apps can be designed with common logic and requirements and then delivered on multiple devices, so workforces can use those apps anywhere, anytime. Very powerful.

Best of mobile to enterprise
In essence, this brings what we have come to like about consumer and entertainment and web apps—but to the workplace on all relevant platforms natively—in a way that's not too complicated, costly or time-consuming.

I'm not seeing that in any comprehensive way from Microsoft, Apple or Google, nor from any PaaS development offerings in the market.

And so I would expect that PaaS-hungry providers may look to OEM or otherwise license the C++Builder XE3 technology to bring to a cloud deployment model, and to better cross the PC-Mac divide, and to consolidate new apps development for all uses.

The C and C++ IDE tools and C++Builder XE3 technology, incidentally, need not only run on-premises. Embarcadero is exploring the means to make it all cloud-based, and to make tool clients using HTML5. A hybrid future for such multi-device development can't be too far off.

By: David Norris, Practice Leader - Analytics, Bloor Research Posted: 3rd December 2012 Copyright Bloor Research © 2012

Big Data is one of the hot topics of the moment, and one of the most exciting aspects of Big Data is the opportunities that it offers for expanding the whole concept of Operational Intelligence. By Operational Intelligence, what I mean is that as we now have the means to design and attach sensors, which can operate in real time, into all manner of operational systems, be they electronic or mechanical, be they as large as an oil rig, as geographically spread as a communications network, or as commonplace as the family car; we can now generate and capture vast amounts of operational data.

But, as we all know, it is one thing to have data, it is another thing entirely to turn that data into meaningful insight, information that we can use to manage and improve operations. Operational Intelligence is about using that data, to not only inform us of what has happened in the past, and what is occurring at present, but, most significantly, to predict what is a likely outcome in the future from what we see now. This means that we will be able to predict and pre-empt parts failure, avoid mistakes being repeated, identify fraud before it has been completed, and maintain systems at more effective levels for longer than was previously thought possible. This is an emerging field, which today is dominated by bespoke systems being created by Systems Integrators. In Quartet FS this market is now joined by a technology that has the potential to provide a commercial off the shelf core to all such solutions, with all the advantages that brings in terms, of price, performance, resilience, future proofing, and lack of narrow proprietary lock-in.

Quartet FS has its origins in powerful analytics being applied in real time to streaming data in the Financial Services market. Typical applications have been in such things as derivatives trading, where the requirement is for highly accurate results, based not on samples, but on the whole data set. In this demanding and complex world Quartet FS has already proven itself successful, and is an established player in the global market, with a presence in London, Paris, New York and Singapore.

Quartet FS provides a parallel query capability, working in memory, using the multi-threaded capability of commodity multi-core technology. So what is being offered is a high end esoteric capability running on low end commodity hardware. About as exotic as it gets is a suggestion that, for the most demanding applications, solid state data storage is preferable to platters. This is always a winning formula, and the added bonus is that, through a partnership with TIBCO, Quartet FS can offer the TIBCO Silver Fabric technology to offer the capability across not just a single box, but a cluster, and, of course, coming from TIBCO this is reliable enterprise-class functionality.

The core technology is based on multi-core parallel processing that avoids the common pitfalls of bottlenecks and a failure to fully exploit parallel capability to provide the full potential of the technology. Currently they are looking at a capability in terms of a terabyte of memory across 32 cores, and all at affordable prices.

The technology is already proven to be more than capable of addressing such demanding applications as intra-day trading risk within the Financial Services market, and is now being applied to such applications as logistics, supply chain, and network management. I believe that rather than building bespoke solutions to the emerging needs of the Operational Intelligence market, Quartet FS offers an engine with all of the attributes required to offer reliable, and scalable performance, based on proven commercial of the shelf capability, making it a question of why would you not consider it as the most viable solution to your need?

By: Dana Gardner, Principal Analyst, Interarbor Solutions Posted: 30th November 2012 Copyright Interarbor Solutions © 2012

HP this week announced a new version of its HP Business Service Management (BSM) software to endow IT organizations with big data analysis capabilities across mobile, hybrid, and cloud IT environments. The goal: To significantly improve the performance and availability of software services.

As organizations have adopted virtualization and cloud technologies, the complexity to effectively monitor trouble across these systems has skyrocketed. And, with the rise of shared services, IT no longer knows or controls all the technologies supporting their businesses.

So HP has broadened its BSM solutions to deliver better end-to-end visibility into IT applications and services by exploiting powerful, real-time and historical analytics. With enhanced BSM, IT can anticipate performance and trouble issues before they happen. [Disclosure: HP is a sponsor of BriefingsDirect podcasts.]

"IT organizations are looking for new ways to deliver predictable service levels," said Ajei Gopal, senior vice president and general manager, Hybrid and Cloud Products, Software at HP. "The new HP Business Service Management software delivers end-to-end operational intelligence to help IT make better decisions and improve service levels in complex, dynamic IT environments."

Operational analytics
New to HP BSM is HP Operational Analytics (OpsAnalytics), a capability that delivers ongoing intelligence about the health of IT services by automating the correlation and analysis of consolidated data, including reams of machine data, logs, events, topology, and performance information.

OpsAnalytics is enabled through the integration of HP ArcSight Logger, a universal log management solution, with correlation capabilities of HP Operations Manager i (OMi), and the predictive analytics of HP Service Health Analyzer (SHA). This combination delivers deep visibility and insight into nearly any performance or availability issue, so, says HP, IT operators can:

• Remediate known problems before they occur with predictive analytics that forecast problems and prioritize issues based on business impact
• Proactively solve unknown issues by collecting, storing, and analyzing IT operational data to automatically correlate service abnormalities with the problem source
• Resolve incidents faster with knowledge based on historical analysis of prior similar events that contains search capabilities across logs and events.

HP BSM further helps clients maximize IT investments with end-to-end visibility across heterogeneous environments, enabling clients to:

• Ensure service availability with a 360-degree view of IT performance, gathered by aggregating data from disparate sources into a single dashboard using out-of-the-box connectors to a range of management frameworks, including IBM Tivoli Enterprise Console and IBM Tivoli Monitoring and Microsoft System Center
• Resolve and improve performance of applications running in OpenStack and Python cloud environments with diagnostics that pinpoint performance bottlenecks
• Improve availability of web and mobile applications through greater insight into client side performance issues.

HP also enables virtualization administrators to diagnose and troubleshoot performance bottlenecks in highly virtualized environments with HP Virtualization Performance Viewer (vPV), which helps reduce operational resources by up to 70 percent and decrease time to problem resolution by up to 50 percent, and is available as a free download, said HP.

The free versions of HP Virtualization Performance Viewer (vPV) and HP ArcSight Logger are available to download from www.hp.com/go/vpv and www.hp.com/go/opsanalytics respectively.

By: Dana Gardner, Principal Analyst, Interarbor Solutions Posted: 30th November 2012 Copyright Interarbor Solutions © 2012

The latest BriefingsDirect IT trends discussion targets enterprise backup, why it’s broken, and how to fix it.

Nowadays the backup of enterprise information and associated data protection is fragmented, complex, and inefficient. But new approaches are helping to simplify the data-protection process, keep costs in check, and improve recovery speed and confidence.

Joining us to share insights on how data protection became such a mess—and how new techniques are being adopted to gain comprehensive and standard control over the data lifecycle—are John Maxwell, Vice President of Product Management for Data Protection at Quest Software, now part of Dell, and George Crump, Founder and Lead Analyst at Storage Switzerland, an analyst firm focused on the storage market. The chat is moderated by Dana Gardner, Principal Analyst at Interarbor Solutions.  [Disclosure: Quest Software is a sponsor of BriefingsDirect podcasts.]

Here are some excerpts:

Gardner: Why has something seemingly as straightforward as backup become so fragmented and disorganized?

Maxwell: Dana, I think it’s a perfect storm, to use an overused cliché. If you look back 20 years ago, we had heterogeneous environments, but they were much simpler. There were NetWare and UNIX, and there was this new thing called Windows. Virtualization didn’t even really exist. We backed up data to tape, and a lot of data was in terabytes, not petabytes.

Flash forward to 2012, and there’s more heterogeneity than ever. You have stalwart databases like Microsoft SQL Server and Oracle, but then you have new apps being built on MySQL. You now have virtualization and, in fact, we're at the point this year where we're surpassing the 50 percent mark on the number of servers worldwide that are virtualized.

Now we're even starting to see people running multiple hypervisors, so it’s not even just one virtualization platform anymore, either. So the environment has gotten bigger, much bigger than we ever thought it could or would. We have numerous customers today that have data measured in petabytes, and we have a lot more applications to deal with.

And last, but not least, we now have more data that’s deemed mission critical and, by mission critical, I mean data that has to be recovered in less than an hour. Surveys 10 years ago showed that in a typical IT environment, 10 percent of the data was mission critical. Today, surveys show that it’s 50 percent and more.

Crump: I would dovetail into what he just mentioned about mission criticality. There are definitely more platforms, and that’s a challenge, but the expectation of the user is just higher. The term I use for it is IT is getting "Facebooked."

I've had many IT guys say to me, "One of the common responses I get from my users is, 'My Facebook account is never down.'" So there is this really high expectation on availability, returning data, and things of that nature that probably isn’t really fair, but it’s reality.

One of the reasons that more data is getting classified as mission critical is just that the expectation that everything will be around forever is much higher.

The other thing that we forget sometimes is that the backup process, especially a network backup, probably unlike any other, stresses every single component in the infrastructure. You're pulling data off of a local storage device on a server, it’s going through that server CPU and memory, it’s going down a network card, down a network cable, to a switch, to another card, into some sort of storage device, be it disk or tape.

So there are 15 things that happen in a backup and all 15 things have to go flawlessly. If one thing is broken, the backup fails, and, of course, it’s the IT guy’s fault. It’s just a complex environment, and I don’t know of another process that pushes on all aspects of the environment in one fell swoop like backup does.

Gardner: So the stakes are higher, the expectations are higher, the scale and volume and heterogeneity are all increased. What does this mean, John, for those that are tasked with managing this, or trying to get a handle on it as a process, rather than a technology-by-technology approach?

Maxwell: There are two issues here. One, you expect today's storage administrator, or sysadmin, to be a database administrator (DBA), a VMware administrator, a UNIX sysadmin, and a Windows admin. That’s a lot of responsibility, but that’s the fact.

A lot of people think that they are going to have as deep a level of knowledge on how to recover a Windows server as they would an Oracle database. That’s just not the case, and it's the same thing from a product perspective, from a technology perspective.

Is there really such a thing as a backup product, the Swiss Army knife, that does the best of everything? Probably not, because being the best of everything means different things to different accounts. It means one thing for the small to medium-size business (SMB), and it could mean something altogether different for the enterprise.

We've now gotten into a situation where we have the typical IT environment using multiple backup products that, in most cases, have nothing in common. They have a lot of hands in the pot trying to manage data protection and restore data, and it has become a tangled mess.

Gardner: Before we dive a little bit deeper into some of these major areas, I'd like to just visit another issue that’s very top of mind for many organizations, and that’s security, compliance, and business continuity types of issues, risk mitigation issues. George Crump, how important is that to consider, when you look at taking more of a comprehensive or a holistic view of this backup and data-protection issue?

Crump: It's a really critical issue, and there are two ramifications. Probably the one that strikes fear in the heart of every CEO on the planet is all the disclosure laws that exist now that say that, when you lose a customer’s data, you have to let him know. Unfortunately, probably the only effective way to do that is to let everybody know.

I'm sure everybody listening to this podcast has gotten more than one letter already this year saying their Social Security number has been exposed, things like that. I can think of three or four I've already gotten this year.

So there is the downside of legally having to admit you made a mistake, and then there is the legal requirements of retaining information in case of a lawsuit. The traditional thing was that if I got a discovery motion filed against me, I needed to be able to pull this information back, and that was one motivator. But the bigger motivator is having to disclose that we did lose data.

And there's a new one coming in. We're hearing about big data, analytics, and things like that. All of that is based on being able to access old information in some form, pull it back from something, and be able to analyze it.

That is leading many, many organizations to not delete anything. If you don't delete anything, how do you store it? A disk-only type of solution forever, as an example, is a pretty expensive solution. I know disk has gotten a lot cheaper, but forever, that’s a really long time to keep the lights on, so to speak.

Gardner: Let's look at this a bit more from the problem-solution perspective. We have multiple platforms, we have operating systems, hypervisors, application types, even appliances. What's the solution?

Maxwell: The problem is we need to step back, take inventory of what we've got, and choose the right solution to solve the problem at hand, whether you're an SMB or an enterprise.

But the biggest thing we have to address is, with the amount and complexity of the data, how can we make sysadmins, storage administrators, and DBAs productive, and how can we get them all on the same page? Why do each one of these roles in IT have to use different products?

George and I were talking earlier. One of the things that he brought up was that in a lot of companies, data is getting backed up over and over by the DBA, the VMware administrator, and the storage administrator, which is really inefficient. We have to look at a holistic approach, and that may not be one-size-fits-all. It may be choosing the right solutions, yet providing a centered means for administration, reporting, monitoring, etc.

Gardner: Is there anything different and specific about backup that makes this even harder to move from that point solution, best-of-breed mentality, into more of a comprehensive process standardization approach?

Crump: It really ties into what John said. Every line of business is going to have its own demands and requirements. To expect not even a backup administrator, but an Oracle administrator that’s managing an Oracle database for a line of business, to understand the nuances of that business and how they want to keep things is a lot to ask.

When backup is broken, the default survival mechanism is to throw everything out, buy the latest enterprise solution, put the stake in the ground, and force everybody to centralize on that one item. That works to a degree, but in every project we've been involved with, there are always three or four exceptions. That means it really didn’t work. You didn't really centralize.

Then there are covert operations of backups happening, where people are backing up data and not telling anybody, because they still don't trust the enterprise application. Eventually, something new comes out. The most immediate example is virtualization, which spawned the birth of several different virtualized specific applications. So bringing all that back in again becomes very difficult.

I agree with John. What you need to do is give the users the tools they want. Users are too sophisticated now for you to say, "This is where we are going to back it up and you've got to live with it." They're just not going to put up with that anymore. It won't work.

So give them the tools that they want. Centralize the process, but not the actual software. I think that's really the way to go.

Gardner: So we recognize that one size fits all probably isn’t going to apply here. We're going to have multiple point solutions. That means integration at some level or multiple levels. That brings us to our next major topic. How do we integrate well without compounding the complexity and the problems set? John?

Maxwell: We've been working on this now for almost two years here at Quest, and now at Dell, and we are launching in November, something called NetVault XA. “XA” stands for Extended Architecture. We have a portfolio of very rich products that span the SMBs and the enterprise, with focus on virtual backup, heterogeneous backup, instantaneous snapshots and deep application recovery, and we’re keenly interested in leveraging those technologies for the DBAs and sysadmins in ways that make their lives easier and make sure they are more productive.

NetVault XA solves some really big issues. First of all, it unifies the user experience across products, and by user, I mean the sysadmin, the DBA, and the storage administrator, across products. The initial release of NetVault XA will support both our vRanger and NetVault Backup, as well as our NetVault SmartDisk product and, next year, we'll be adding even more of our products under NetVault XA as well.

So now we've provided a common means of administration. We have one UI. You don’t have to learn something different. Everyone can work on the same product, yet based on your login ID, you will have access to different things, whether it's data or capabilities, such as restoring an Oracle or SQL Server database, or restoring a virtual machine (VM).

That's a common UI. A lot of vendors right now have a lot of solutions, but they look like they're from three, four, or five different companies. We want to provide a singular user experience, but that's just really the icing on the cake with NetVault XA.

If we go down a little deeper into NetVault XA, once it’s is installed, learning alongside vRanger, NetVault, or both, it's going to self identify that vRanger or NetVault environment, and it's going to allow you to manage it the way that you have already set about from that ability.

We're really delivering a new approach here, one we think is going to be unique in the industry. That's the ability to logically group data and applications within lines of business.

You gave an example earlier of Oracle. Oracle is not an application. Oracle is a platform for applications, and sometimes applications span databases, file systems, and multiple servers. You need to be looking at that from a holistic level, meaning what makes up application A, what makes up application B, C, D, etc.?

Then, what are the service levels for those applications? How mission critical are they? Are they in that 50 percent of data that we've seen from surveys, or are they data that we restored from a week ago? It wouldn’t matter, but then again, it's having one tool that everyone can use. So you now have a whole different user experience and you're taking up a whole different approach to data protection.

Gardner: There really seems to be a drilling down into these technologies and surfacing information to such a degree that it strikes me as similar to what IT service management (ITSM) did for managing IT systems at a higher level. We're now bringing that to a discrete portion backup and recovery. Does that sound about right, George, or did I overstate it?

Crump: No, that's dead-on. The benefits of that type of architecture are going to be substantial. Imagine if you are the vRanger programmer, when all this started. Instead of having to write half of the backend, you could just plug into a framework that already existed and then focus most of your attention on the particular application or environment that you are going to protect.

You can be releasing the equivalent of vRanger 6 on vRanger 1, because you wouldn’t have to go write this backend that already existed. Also, if you think about it, you end up with a much more reliable software product, because now you're building on a library class that will have been well tested and proven.

Say you want to implement deduplication in a new version of the product or a new product. Instead of having to rewrite your own deduplication engine, just leverage the engine that's already there.

Maxwell: By having one common means—whether you're a DBA, a sysadmin, a VMware administrator, or a storage administrator—you are all on the same page. You can have people all buying into one way of doing things, so we don't have this data being backed up two or three times.

But the other thing that you get, and this is a big issue now, is protecting multiple sites. When we talk about multiple sites, people sometimes say, "You mean multiple data centers. What about all those remote office branch offices?" That right now is a big issue that we see customers running into.

The beauty of NetVault XA is I can now have various solutions implemented, whether it's vRanger running remotely or NetVault in a branch office, and I can be managing it. I can manage all aspects of it to make sure that those backups are running properly, or make sure replication is working properly. It could be halfway around the country or halfway around the world, and this way we have consistency.

Speaking of reporting, as you said earlier, what about a dashboard for management? One of our early users of NetVault XA is a large multinational company with 18 data centers and 250,000 servers. They have had to dedicate people to write service-level reports for their backups. Now, with NetVault XA, they can literally give their IT management, meaning their CIO and their CTOs, login IDs to NetVault XA, and they can see a dashboard that’s been color coded.

It can say, "Well, everything is green, so everything is protected," whether it's the Linux servers, Oracle databases, Exchange email, whatever the case. So by being able to reduce that level of complexity into a single pane of glass—I know it's a cliché, but it really is—it's really very powerful for large organizations and small.

Even if you have two or three locations and you're only 500 employees, wouldn’t it be nice to have the ability to look at your backups, your replicas, and your snapshots, whether they're in the data center or in branch offices, and whether you're a sysadmin, DBA, storage administrator, to be using one common interface and one common set of rules to all basically all get on the same plane?

So it's having a means to take an inventory and ensure that the servers are being maintained, that everything is being protected, because next to your employees, your data is the most important asset that you have.

Data is everywhere now. It’s in mobile devices. It certainly could be in cloud-based apps. That's one of the things that we didn’t talk about. At Quest we use seven software-as-a-service (SaaS)-based applications, meaning they're big parts, whether it's Salesforce.com or our helpdesk systems, or even Office 365. This is mission-critical corporate data that doesn’t run in our own data center. How am I protecting that? Am I even cognizant of it?

The cloud has made things even more interesting, just as virtualization has made it more interesting over the past couple of years. With NetVault XA, we give you that one single pane of glass with which you can report, analyze, and manage all of your data.

Gardner: Just to be clear John, this console is something you can view as a web interface, and I'm assuming therefore also through mobile devices. I'm going to guess that at some point, there will perhaps be even a more native application for some of the prominent mobile platforms.

Maxwell: It’s funny that you mentioned that. This is an HTML5-based application. So it's very new, very fresh, and very graphical. If you look at the UI, it was designed with tablets and laptops in mind. It's gotten to where you can do controls with your thumbs, assuming you're running this on a tablet.

In-house, and with early support customers, you can log into this remotely via laptops, or tablet computing. We even have some people using them on mobile phones, even though we're not quite there yet. I'm talking about the form factor of how the screens light up, but we will definitely be going that way. So a sysadmin or storage administrator can have at their fingertips the status of what’s going on in the data-protection environment.

What's nice is because this is a thin client, a web UI, you can define user IDs not only for the sysadmins and DBAs and storage administrators, but like I said earlier, IT management.

So if your boss, or your boss’ boss, wants to dial in and see the health of things, how much data you’re protecting, how much data is being replicated, what data is being protected up in the cloud, which is on-prem, all of that sort of stuff, they can now have a dashboard approach to seeing it all. That’s going to make everyone more productive, and it's going to give them a better sense that this data is being protected, and they can sleep at night.

Gardner: Is there anything here going forward that will make having a process approach to a data lifecycle and backup and recovery even more important?

Maxwell: Dana, you hit on something that's really near and dear to my heart, which is data deduplication. We have a very broad strategy. We offer our own software-based dedupe. We support every major hardware based dedupe appliance out there, and we're now adding support for Dell’s DR Series, DR4000 dedupe appliances. But we're still very much committed to tape, and we're building initiatives based on storing data in the cloud and backing up, replicating, failover, and so forth.

One of the things that we built into NetVault XA that's separate from the policy management and online monitoring is that we now have historical data. This is going to give you the ability to do some capacity management and capacity planning and see what the utilization is.

How much storage are your backups taking? What's the most optimum number of generations? Where are you keeping that data? Is some data being kept too long? Is some data not being kept long enough?

By offering a broad strategy that says we support a plethora of backup targets, whether it's tape, special-purpose backup appliances, software-based dedupe, or even the cloud, we're giving customers flexibility, because they have unique needs and they have different needs, based on service levels or budgets. We want to make them flexible, because, going back to our original discussion, one size doesn’t fit all.

Crump: Just to tie in with what John said, we need flexibility that doesn’t add complexity. Almost everything we've done so far in the environment up to now, has added flexibility, but also, for every ounce of flexibility, it feels like we have added two ounces of complexity, and it's something we just can't afford to deal with. So that's really the key thing.

Looking forward, at least on the horizon, I don't see a big shift, something like virtualization, that we need to be overly concerned with. What I do see is the virtual environment becoming more and more challenging, as we stack more and more VMs on it. The amount of I/O and the amount of data protection process that will surround every host is going to continue to increase. So the time is now to really get the bull by the horns and institute a process that will scale with the business long-term.

Listen to the podcast. Find it on iTunes. Read a full transcript or download a copy.

By: Dana Gardner, Principal Analyst, Interarbor Solutions Posted: 29th November 2012 Copyright Interarbor Solutions © 2012

Welcome to the latest edition of the HP Discover Performance Podcast Series. Our next discussion examines how regional healthcare services provider Lake Health in Ohio has matured from deploying security technologies to becoming more of a comprehensive risk-reduction practice provider internally for its own consumers.

We learn how Lake Health's Information Security Officer has been expanding the breadth and depth of risk management there to a more holistic level—and we're even going to discuss how they've gone about deciding which risk and compliance services to seek from outside providers, and which to retain and keep on-premises.

Here to explore these and other security-related enterprise IT issues, we're joined by our co-hosts for this sponsored podcast, Chief Software Evangelist at HP, Paul Muller, and Raf Los, Chief Security Evangelist at HP.

And we also welcome our special guest, Keith Duemling, Information Security Officer at Lake Health. The discussion is moderated by Dana Gardner, Principal Analyst at Interarbor Solutions. [Disclosure: HP is a sponsor of BriefingsDirect podcasts.]

Here are some excerpts:

Gardner: Many people are practicing IT security and they're employing products and technologies. They're putting in best practices and methods, of course.

But you have a different take. You've almost abstracted this up to information assurance—even quality assurance—for knowledge, information, and privacy. Tell me how that higher abstraction works, and why you think it's more important or more successful than just IT security?

Duemling: If you look at the history of information security at Lake Health, we started like most other organizations. We were very technology focused, implementing one or two point solutions to address specific issues. As our program evolved, we started to change how we looked at it and considered it less of a pure privacy issue and more of a privacy and quality issue.

Go back to the old tenets of security, with confidentiality, integrity, and availability. We started thinking that, of those three, we really focused on the confidentiality. But as an industry, we haven't focused that much on the integrity—and the integrity is closely tied to the quality.

So we wanted to transform our program into an information-assurance program, so that we could allow our clinicians and other caregivers to have the highest level of assurance that the information they're making decisions based on is accurate and is available, when it needs to be, so that they feel comfortable in what they are doing.

As background, Lake Health is a not-for-profit healthcare system. We’re about 45 minutes outside of Cleveland, Ohio. We have two freestanding hospitals and approximately 16 satellite sites of different sizes that provide healthcare to the citizens of the county that we’re in and three adjacent counties.

We have three freestanding 24x7 emergency rooms (ERs), which treat all kinds of injuries, from the simple broken fingers to severe car accidents, heart attacks, things of that nature.

We also have partnerships with a number of very large healthcare systems in the region, and organizations of that size. We send some of our more critically injured patients to those providers, and they will send some of their patients to us for more localized, smaller care closer to their place of residence.

We’ve grown from a single, small community hospital to the organization that we have now.

I've been with Lake Health for a little under eight years now. I started as a systems administrator, managing a set of Windows servers, and evolved to my current position over time.

Typically, when I started, an individual was assigned a set of projects to work on, and I was assigned a series of security projects. I had a security background that I came to the organization with. Over time, those projects congealed into the security program that we have now and, if I am not mistaken, it's in its third iteration right now. We seem to be on a three-year run for our security program, before it goes through a major retrofit.

So it's not just protecting information from being disclosed, but it's protecting information so that it's the right information, at the right time, for the right patient, for the right plan of care.

From a high level, the program has evolved from simple origins to more of a holistic type of analysis, where we look at the program and how it will impact patient care and the quality of that patient care.

Gardner: It sounds like what I used to hear—and it shows how long I have been around—in the manufacturing sector. I covered that 20 years ago. They talked about a move toward quality, and rather than just looking at minute or specific parts of a process, they had to look at it in total. It was a maturity move on behalf of the manufacturers, at that time.

Raf Los, do you see this as sort of a catching up time for IT and for security practices that are maybe 20 years behind where manufacturing was?

Los: What Keith’s group is going, and where many organizations are evolving to, is a practice that focuses less on “doing security” and more on enabling the enterprise and keeping quality high. After all, security is simply a function of—one of the three pillars—of quality. We look at does it perform, does it function, and is it secure?

So it's a natural expansion of this, sort of a Six Sigma-esque approach to the business, where IT is catching up, as you’ve aptly put it. So I tend to agree with it.

Gardner: Of course, compliance is really important in the healthcare field. Keith, tell us how your approach may also be benefiting you, not just in the quality of the information, but helping you with your regulatory and compliance requirements too?

Duemling: In the approach that we’ve taken, we haven’t tried to change the dynamics of that significantly. We've just tried to look at the other side of the coin, when it comes to security. We find that a lot of the controls that we put in place for security benefit from an assurance standpoint, and the same controls for assurance also benefit from a security standpoint.

As long as we align what we're doing to industry-accepted frameworks, whether it’d be NIST or ISO, and then add the healthcare-specific elements on top of that, we find that that gives us a good architecture to continue our program, and to be mindful of the assurance aspect as well as the security side.

One of the other benefits of the approach is that we look at the data itself or the business function and try to understand the risks associated with it and the importance of those functions and the availability of the data. When we put the controls and the protective measures around that, we typically find that if we're looking specifically at what the target is when we implement the control, our controls will last better and they will defend from multiple threats.

So we're not putting in a point solution to protect against the buzzword of the day. We're trying to put in technologies and practices that will improve the process and make it more resilient from both what the threats are today and what they are in the future.

Muller: A couple of observations ... The first is that we need to be really careful when we think about compliance. It's something of a security blanket, not so much for security executives. I think InfoSec security executives understand the role of compliance, but it can give business leaders a false sense of security to say, "Hey, we passed our audit, so we're compliant."

There was a famous case of a very large financial services institution that had been through five separate audits, all of which gave them a very clear bill of health. But it was very clear from some of the honey pots they put in place in terms of certain data that they were leaking data through to a market-based adversary. In other words, somebody was selling their data, and it wasn’t until the sixth audit that it uncovered the source of the problem.

So we need to be really careful. Compliance is actually the low bar. We're dealing with a market-based adversary. That is, someone will make money from your data. It's not the nation-state that we need to worry about so much as the people who are looking to exploit the value of your information.

Of course, once money and profit enter the equation, there are a lot of people very interested in automating and mechanizing their attack against your defense, and that attack surface is obviously constantly increasing.

The challenge, particularly in examples such as the one that Keith is talking about, comes in the mid-sized organizations. They've got all of the compliance requirements, the complexity, and the fascinating, or interesting, data from the point of view from a market-based adversary. They have all of that great data, but don't necessarily have the scale and the people to be able to protect that.

It's a question of how you balance the needs of a large enterprise with the resources of a mid-sized organization. I don't know, Keith, whether you've had any experience of that problem.

Duemling: I have, all too many times, experienced that problem that you’re defining right there. We find that technology that helps us to automate our situational awareness is something that's key for us. We can take the very small staff that we have and make it so that we can respond to the threats and have the visibility that we need to answer those tough questions with confidence, when we stand in front of the board or senior management. We're able to go home and sleep at night and not be working 24×7.

Los: Keith, let me throw a question at you, if you don't mind. We mentioned automation, and everybody that I have with this conversation with tends to—I don't want to say oversimplify—but can have an over-reliance on automation technology.

In an organization of your size, you’re right smack in the middle of that, too big not to be a target, too small to have all the resources you've ever wanted to defend yourself. How do you keep from being overrun by automation—too many dashboards, too many red lights blinking at you, so you can actually make sense of any of this?

Duemling: That's actually one of the reasons we selected HP's ArcSight. We had too many dashboards for our very small staff to manage, and we didn’t want Monday to be the dashboard for Product A, Tuesday for Product B, and things of that nature.

So we figured we would aggregate them and create the master dashboard, which we could use to have a very high-level, high-altitude view, drill down into the specific events, and then start referring them to subject matter experts. We wanted to have just those really sensitive events bubble up to the surface, so that we could respond to them and they wouldn’t get lost in the maze of dashboards.

Gardner: How did you unify all of these different elements under what you call a program for security? What were some of the steps you needed to take? We heard a little bit about the dashboard issue, but I'm trying to get a larger perspective on how you unified culture around this notion of information assurance?

Duemling: We started within the information and technology department where we had to really do an evaluation of what technologies we had in place. What are different individuals responsible for, and who do they report to? Once we found that there was this sprinkling of technology and responsibilities throughout the department, we had to put together a plan to unify that all into one program that has one set of objectives, is under one central leadership, and has its clear marching orders.

Then once we accomplished that, we started to do the same thing across the entire organization. We improved our relationship within IT, not just with sub-departments within IT, but then we also started to look outside and said, "We have to improve our relationship with compliance and we have to improve our relationship with physical security."

So we’re unifying our security program under the mantra of risk, and that's bringing all the different departments that are related to risk into the same camp, where we can exchange notes and drive towards a bigger enterprise focused set of objectives.

Los: At the end of the day, what security is chartered with, along with most of the rest of IT, as I said earlier, is empowering the organization to do its work. Lake Health does not exist for the sole purpose of security, and clearly they get that.

That's step one on this journey of understanding what the purpose of an IT security organization is. Along the broader concept of resiliency, one of the things that we look at in terms of security and its contribution to the business is, can the organization take a hit and continue, get back up to speed, and continue working?

Most organization technologists by now know it’s not a question of if you’re going to be hacked or attacked, but a question of when, and how you’re going to respond to that by allowing the intelligent use of automation, the aligning towards business goals, and understanding the organization, and what's critical in the organization.

They rely on critical systems, critical patient-care system. That goes straight to the enterprise resiliency angle. If you get hacked and your network goes down, IT security is going to be fighting that hack. At the same time, we need to realize how we separate the bad guys from the patient and the critical-care system, so that our doctors and nurses and support professionals can go back to saving lives, and making people’s lives better, while we contain the issue and eradicate it from our system.

It's more than just about security, and that's a fantastic revelation to wake up to every morning.

Gardner: Are there some other returns on investment (ROI), maybe it's a softer return like an innovation benefit or being able to devote more staff to innovation?

Duemling: I'd put forward two paybacks. One is about some earlier comments I heard. We, as an organization, did suffer a specific event in our history, where we were fighting a threat, while it was expected that our facilities would continue operating. Because of the significant size of that threat, we had degraded services, but we were able to continue—patients were able to continue coming in, being treated, things of that nature.

That happened earlier in our program, but it didn’t happen to the point where we didn’t have a program in place. So, as an organization, we were able to wage that war, for lack of a better term, while the business continued to function.

Although those were some challenging times for us, and luckily there was no patient data directly or indirectly involved with that, it was a good payoff that we were able to continue to fight the battle while the operations of the organization continued. We didn't have to shut down the facilities and inconvenience the patients or potentially jeopardize patient safety and/or care.

A second payoff is, if we fast forward to where we are now, lessons learned, technologies put in place, and things of that nature. We have a greater ability to answer those questions when people put them to us, whether it's a middle manager, senior manager, or the board. What are some of the threats we're seeing? How are we defending ourselves? What is the volume of the challenge? We're able to answer those questions with actual answers as opposed to, "I don't know," or "I'll get back to you."

So we can demonstrate more of an ROI through an improvement in situational awareness and security intelligence that we didn't have three, four, or five years earlier in the program’s life. And tools like ArcSight and some of the other technologies that we have, that aggregate that for us, get rid of the noise, and just let us hone in on the crown jewels of the information are really helpful for us to answer those questions.

Gardner: How about looking at this through the lens of a system of record perspective, an architectural term perhaps, has that single view, that single pane of glass, allowed you to gain the sense that you have a system of record or systems of record. Has that been your goal, or has that been perhaps even an unintended consequence?

Duemling: It's actually kind of both. One, it retains information that sometimes you wish you didn't retain, but that's the fact of what the device and the technology are in the solution and it’s meeting its objective.

But it is nice to have that historical system of record, to use your term, where you can see the historical events as they unfold and explain to someone, via one dashboard or one image, as a situation evolves.

Then, you can use that for forensic analysis, documentation, presentation, or legal to show the change in the threat landscape related to a specific incident or, from a higher level, a specific technology that's providing its statistical information into ArcSight, but you can then do trending and analysis on.

It is also good to get towards a single unified dashboard where you can see all of the security events that are occurring in the environment or outside the environment that you are pulling in, like edit from a disaster recovery (DR) site. You have that single dashboard where if you think there's a problem, you can go to that, start drilling down, and answer that question in a relatively short period of time.

Muller: I'll go back to Keith’s opening comments as well. Let's not undervalue the value of confidence—not having to second guess not just the integrity of your systems and your applications, but to second guess the value of information. It's one thing when we're talking about the integrity of the bank balance of a customer. Let's be clear that that's important, but it can also be corrected just as easily as it can be modified.

When you're talking about confidence in patient data, medical imaging, drug dispensations, and so forth, that’s the sort of information you can't afford to lack confidence in, because you need to make split-second decisions that will obviously have an impact on somebody’s life.

Duemling: I would add to that. Like you were saying, you can undo an incorrect or a fraudulent bank transfer, but you cannot undo something such as the integrity of your blood bank. If your blood bank has values that randomly change or if you put the wrong type of blood into a patient, you cannot undo those without there being a definitely negative patient outcome.

Los: Keith, along those lines, do you have separate critical systems that you have different levels of classifications for that are defended and held to a different standard of resilience, or do you have a network wide classification? I am just curious how you figure out what gets the most attention or what gets the highest concentration of security?

Duemling: The old model of security in healthcare environments was to have a very flat type of architecture, from both networking, support, and a security standpoint. As healthcare continues to modernize for multiple reasons, there's a need to build islands or castles. That’s the term we use internally, "castles", to describe it. You put additional controls, monitoring, and integrity checks in place around specific areas, where the data is the most valuable and the integrity is the most critical, because there are systems in a healthcare environment that are more critical than others.

Obviously, as we talked about earlier, the ones that are used for clinical decision making are technically more critical than the ones that are used for financial compensation as it results from treating patients. So although it's important to get paid, it's more important that patient safety is maintained at all times.

We can't necessarily defend all of our vast resources with the limited set of tools that we have. So we've tried to pick the ones that are the most critical to us and that's where we've tried to put all the hardening steps in place from the beginning, and we will continue to expand from there.

We look at every security project with the mindset of how we can do this most effectively and with the least amount of resources that are diverted from the clinical environment to the information security program.

That being said, security as a service, cloud-based technology, outsourcing, whatever term you would like use, is definitely something that we consider on a regular basis, when it comes to different types of controls or processes that we have to be responsible for. Or professional services in the events of things like forensics, where you don’t do it on a regular basis, so you may not consider yourself an expert.

We tend to do an evaluation of the likelihood of the threat materializing or dependence on the technology, what offerings are out there, both as a service and premise-based, what it would take from an internal resource standpoint to adequately support and use a technology. Then, we try and articulate that into a high-level summary of the different options, with cost, pros and cons related to each.

Then, typically, our senior management will discuss all of those, and we'll try and come to the decision that we think makes best for our organizations, not just for that point, but for the next three to five years. So some initiatives have gone premise-based and some have gone security-as-a-service based. We are kind of a mix.

Gardner: It's interesting that a common thread for successful organizations is knowing yourself well. It's also an indicator of maturity, of course.

You have had a good opportunity to know yourself and then to track your progress. Is that helping you make these decisions about what's core or context in the design of your risk-mitigation activities?

Duemling: Yes, it is. You have to know what you do well and also you have to know the areas where you, as an organization, are not going to be able to invest the time or the resources to get to a specific comfort level that you would feel would be adequate for what you are trying to achieve. Those are some of the things where we look to use security as a service.

We don't want to necessarily become experts on spam filtering, so we know that there are companies that specialize in that. We will leverage their investment, their technology, and their IP to help defend us from email-borne threats and things of that nature.

We're not going to try and get into the business of having a program or to create an event-correlation engine. That's why we're going to go out and look for the best-of-breed technologies out there to do it for us.

We'll pick those different technologies, whether it's as a service or premise-based and we'll implement those. That will allow us to invest in the people that know our environment the best and intimately and who can make decisions based on what those tools and those managed services tell them.

They can be the boots on the ground, for lack of a better term, making the decisions that are effective at the time, with all the situational awareness that they need to resolve the problem right then and there.

Gardner: For those of our listeners who are perhaps juggling quite a few security products or technologies and they would like to move into this notion of a program, and would like to have a unified view—any thoughts about getting started, any lessons learned that you could share?

Duemling: I would say just a couple of bullet points. Security is more than just technology. It really is the people, the process, and the technology. You have to understand the business that you are trying to protect. You have to understand that security is there to support the business, not to be the business.

Probably most importantly, when you want to evolve your security and set up projects into an actual security program, you have to be able to talk the language of the business to the people who run the business, so that they understand that it’s a partnership and you are there to support them, not to be a drain on their valuable resources.

Los: I think he has put it brilliantly just now. IT security is a resource and also a potential drain on resources. So the less we can take away from anything else the organization is doing, while enabling them to basically be better, deliver better, deliver smarter, and save more lives and make people healthier, that is ultimately the goal.

If there's nothing else that anybody takes away from a conversation like this, IT security is just another enabler in the business and we should really continue to treat it that way and work towards that goal.

Gardner: All right, last word to you today, Paul Muller. What sort of lessons learned or perhaps perceptions from the example of Lake Health would you amplify or extend?

Muller: I will just go back to some of my earlier comments, which is, let’s remember that our adversary is increasingly focused on the market opportunity of exploiting the data that we have inside our organizations—data in all of its forms. Where there is profit, as I said, there will be a drive for automation and best practices. They are also competing to hire the best security people in the world.

But as a result of that, and mixed in with the fact that we have this ever-increasing attack surface, the vulnerabilities are increasing dramatically. The statistic I saw from just October is that the cost of cyber crime has risen by 40 percent and the attack frequency has doubled in the last 12 months. This is very real proof that these market forces are at work.

The challenge that we have is educating our executives that compliance is important, but it is the low bar. It is table stakes, when we think about information and security. And particularly in the case of mid-sized enterprises, as Raf pointed out, they have all of the attractiveness as a target of a large enterprise, but not necessarily the resources to be able to effectively detect and defend against those sorts of attacks.

You need to find the right mix of services, whether we call it hybrid, whether we call it cloud or managed services, combined with your own on-premises services to make sure that you're able to defend yourself responsibly.

Gardner: I'd like to thank our supporter for this series, HP Software, and remind our audience to carry on the dialogue with Paul Muller through the Discover Performance Group on LinkedIn, and also to follow Raf on his popular blog, Following the White Rabbit.

You can also gain more insights and information on the best of IT performance management at http://www.hp.com/go/discoverperformance.

Listen to the podcast. Find it on iTunes. Read a full transcript or download a copy.

By: Clive Longbottom, Head of Research, Quocirca Posted: 23rd November 2012 Copyright Quocirca © 2012

The growing use of virtualisation has really helped many organisations.

Not only have the average utilisation rates of servers and storage improved, but the use of applications and other software packaged ready for installation – commonly known as virtual images or virtual machines – has meant that systems can be implemented or recovered far faster than they used to be.

However, this can be a two-edged sword.

The good side of being able to implement a runtime application rapidly is seen in hosted systems, cloud computing and private datacentres; but the bad side is seen most in development and test departments, and is spreading out into the runtime.

The problem is that virtual machines (VMs) are just too easy to use. In the past, if you wanted to install a copy of an application, the first thing to do was order a server. Then wait to receive the server. Then get it up and running, install all the patches to the operating system that the supplier had neglected to put in place. Then install all the support software that is required – app server, database, whatever, followed finally by the software you want to run. Long-winded? Yes – and often enough to put a general developer off, and they would just re-use a single server time and time again, cleaning the server down after each test and building back up from a golden back-up image to then test the next iteration of their software. Maybe a couple of hours each time to get to a “clean” position.

Today it is possible to grab some spare resource from a virtualised hardware base, spin up a VM and then install your software. This takes just a few minutes, and as the resource pool can be pretty big, it is easy for the developer to “forget” that they have a live VM running and just start up another one. IT departments could experience greater problems with VM sprawl – with test groups growing the VM pool and users being able to self-service systems that they may only use a couple of times.

The move towards a development/operations (DevOps) model for organising IT, where the development and test employees can push new images directly into the runtime, will make it much harder for IT administrators to keep track of all VMs.

Effective management of software licences and VMs

The result is that not only are resources being locked down by VMs that are not doing anything useful, but there could also be licences tied up in these VMs that are doing absolutely nothing useful. For many, it may not appear to be an issue – unless someone from the Federation Against Software Theft (FAST) walks in through the door asking to carry out a licence inspection.

Managing licences is something that many organisations still do not do. Suppliers such as Flexera offer full-service licence management, which can not only track licence usage, but also manage them against suppliers’ licence agreements and, in most cases, against their tiering systems, ensuring that an organisation gets the best value from its licences. Others, such as Centrix Software, can track licences and advise on how they are being used so that an organisation can decide how licences should be allocated more effectively, although Centrix really is for dealing with virtual desktop systems. However, what a buyer really should be looking for is a system that not only manages licences, but also manages the lifecycle of the VM itself. Features to look out for include:

• Building – the capability to create the VM from the component parts on the fly, using the right components for the right VM every time.
• Provisioning – the capability to take the VM and make it live out on the target platform.
• Patching and updating – the capability to ensure that all components and VMs are at the right level of patch for the job – not necessarily that everything is at the latest patch level, but that the build engine can gain access to components that meet the needs of the final provisioned system. For example, there may be a dependency on a certain piece of software to run on an operating system that is not patched to the latest level – the chosen system must have the granularity to be able to ensure that such rules are followed.
• VM monitoring – ensuring that VMs are running correctly and are “healthy”. Also, tracking usage and advising when VMs seem to be unused but live, so using up resources and licences that could be used elsewhere.
• Resource management – the capability to provision VMs with the right amount of resources at the right time, through thin-provisioning storage and low-resourcing central processor unit (CPU) and network to managing peaks and troughs of resource demands in a flexible and elastic manner.
• VM management – full reporting on VM usage to both technical and line-of-business users, along with rules-based lifecycle management of VMs in test and development and in the runtime environment, as well as full inventory of VMs and their contents.
• VM portability – the capability for VMs to be moved from development to test machines and then to runtime systems in a seamless and fully audited manner. Also, the capability for runtime VMs to be moved from one platform to another, particularly where an organisation is looking to use hybrid cloud environments and may need to move a VM from an on-premise platform to a co-location datacentre or into the public cloud.
• Auditability – every action on a VM and how it is used needs to be logged so that a full audit path is maintained. With an increase of activity in governance, risk and compliance (GRC), the need to be able to prove exactly what was used when dealing with any outsider or even for a particular transaction is an issue that is not going away, and as such, audit capabilities should be high on the list of requirements of any systems for managing VMs.

Optimising the virtual environment

Most of the incumbent systems management companies – IBM with Tivoli, CA, BMC – are moving in this direction in one way or another. However, others are doing more. Dell has been building on its Kace acquisition, and now that it has acquired Quest Software, expect to see a rapid move to a more full-service physical/ virtual systems management toolset.

Another company to watch is Serena Software. Under the umbrella of “orchestrated IT”, Serena is taking its existing application lifecycle management (ALM) approach and expanding it through to offer an organisation the choice of running as separate, but closely managed, development and test teams and a runtime team, or moving towards a more seamless DevOps approach where the various VMs are all fully managed according to a corporately and technically defined set of rules.

Outside of its Tivoli systems management capability, IBM also has its PureSystems and its z/Enterprise groups, with a universal resource manager that can ensure that a workload is placed on the best available resources – whether this be Windows, Linux or even a mainframe platform in the case of z/Enterprise, and also whether an Intel or Power chip is the best place for that workload to lie. This still needs the basic capabilities of Tivoli for other areas of managing the build and management of VMs, but gives good pointers as to the probable future of a fully managed virtual environment.

Virtualisation is a definite positive evolution in the use of available hardware resources.

However, organisations and technical teams have to understand that it is no silver bullet on its own. In fact, uncontrolled usage of virtualisation can lead to bigger problems where VM sprawl happens, at both the resource and the corporate responsibility levels. It is incumbent on those responsible for the IT function to ensure that the right systems are in place, to enable VMs to be managed at the right levels of granularity for full lifecycle management, with licence recovery and full audit capabilities in place to ensure that everything works to the best possible level.

By: Clive Longbottom, Head of Research, Quocirca Posted: 21st November 2012 Copyright Quocirca © 2012

At a recent Dell roundtable event on the future of cloud computing, the discussion centred around how cloud was not being adopted wholesale by many organisations yet. Various reasons were put forward, such as fear of change, fear of losing control, security issues and so on. A little while later on, several people were pushing the case for cloud around its capability to enable innovation.

Sure, cloud computing can provide a different way of doing things and can encourage a completely different way of facilitating business process – but if this is pushed as the main way that cloud works, then surely all that is happening is that users will be put off more? If fear of change is a factor to scare organisations off from using cloud, then moving critical business workloads to a relatively unproven emerging platform AND changing the way the application runs has to be enough not only to put the techies off the change, but also the business?

The view put forward by Quocirca was that organisations could start with a low-risk approach. If base level workloads such as file and print, email, payroll and so on were taken and moved onto a cloud architecture where resources could be shared in a flexible and dynamic manner, organisations could see that cloud worked and was ready for the higher level and more complex workloads.

At this stage, mayhem ensued. Several cries went up that this was just virtualisation, and not cloud. Why? Because it did not have self-service.

OK, the National Institute of Standards and Technology's (NIST) definition of cloud boils it down to 5 mandatory capabilities for cloud – broad network access, resource pooling, rapid elasticity, a measured service – and self-service. But just how important is self-service at a corporate level?

When salesforce.com first came to prominence, the biggest issue that Quocirca heard from organisations was that users were signing up to the service off their own bat, without involving IT. Therefore control was lost and new islands of functionality and data were being created that harmed the overall effectiveness of the business. In this case – and many others where externally sourced functions were easily available, such as Dropbox, self-service was a problem, not an advantage.

For simple reasons of governance risk and compliance, organisations need control over what their employees, consultants, contractors and partners can provision to themselves. Rules need to be in place and means of dealing with exceptions. NIST does not cover this in its definition, and therefore, Quocirca believes that it is too simple and is therefore flawed.

Let's look at it a different way: if a platform is connected to the internet, then it has broad access – even if there are then systems in place to ensure that only select users can get through to it. If it uses shared resources, it may just be virtualisation. Even if measurement tools are