Tuesday, August 17, 2010

HP buys Fortify, and it's about time!

This guest blog post comes courtesy of Tony Baer’s OnStrategies blog. Tony is a senior analyst at Ovum.

By Tony Baer

What took HP so long? Store that thought.

As we’ve stated previously, security is one of those things that have become everybody’s business. Traditionally the role of security professionals who have focused more on perimeter security, the exposure of enterprise apps, processes, and services to the Internet opens huge back doors that developers unwittingly leave open to buffer overflows, SQL injection, cross-site scripting, and you name it. Security was never part of the computer science curriculum.

But as we noted when IBM Rational acquired Ounce Labs, developers need help. They will need to become more aware of security issues but realistically cannot be expected to become experts. Otherwise, developers are caught between a rock and a hard place – the pressures of software delivery require skills like speed and agility, and a discipline of continuous integration, while security requires the mental processes of chess players.

At this point, most development/ALM tools vendors have not actively pursued this additional aspect of quality assurance (QA); there are a number of point tools in the wild that may not necessarily be integrated. The exceptions are IBM Rational and HP, which have been in an arms race to incorporate this discipline into QA. Both have so-called “black box” testing capabilities via acquisition – where you throw ethical hacks at the problem and then figure out where the soft spots are. It’s the security equivalent of functionality testing.

Raising the ante

With the mating ritual having predated IBM’s Ounce acquisition last year, buying Fortify was just a matter of time. At least a management interregnum didn’t stall it.

Last year IBM Rational raised the ante with acquisition of Ounce Labs, providing “white box” static scans of code – in essence, applying debugger type approaches. Ideally, both should be complementary – just as you debug, then dynamically test code for bugs, do the same for security: white box static scan, then black both hacking test.

Over the past year, HP and Fortify have been in a mating dance as HP pulled its DevInspect product (an also-ran to Fortify’s offering) and began jointly marketing Fortify’s SCA product as HP’s white box security testing offering. In addition to generating the tests, Fortify's SCA manages this stage as a workflow, and with integration to HP Quality Center, autopopulates defect tracking. [Disclosure: HP is a sponsor of BriefingsDirect podcasts.]

We’ll save discussion of Fortify’s methodology for some other time, but suffice it to say that it was previously part of HP’s plans to integrate security issue tracking as part of its Assessment Management Platform (AMP), which provides a higher level dashboard focused on managing policy and compliance, vulnerability and risk management, distributed scanning operations, and alerting thresholds.

In our mind, we wondered what took HP so long to consummate this deal. Admittedly, while the software business unit has grown under now departed CEO Mark Hurd, it remains a small fraction of the company’s overall business. And with the company’s direction of “Converged Infrastructure”, its resources are heavily preoccupied with digesting Palm and 3Com (not to mention, EDS).

The software group therefore didn’t have a blank check, and given Fortify’s 750-strong global client base, we don’t think that the company was going to come cheap (the acquisition price was not disclosed). With the mating ritual having predated IBM’s Ounce acquisition last year, buying Fortify was just a matter of time. At least a management interregnum didn’t stall it.

Finally!

This guest blog post comes courtesy of Tony Baer’s OnStrategies blog. Tony is a senior analyst at Ovum.

You may also be interested in:

Friday, August 13, 2010

Google needs to know: What does Oracle really want with Android?

The bombshell that Oracle is suing Google over Java intellectual property in mobile platform powerhouse Android came as a surprise, but in hindsight it shouldn't have.

We must look at the world through the lens that all guns are pointed at Google, and that means that any means to temper its interests and blunt it's potential influence are in play and will be used.

By going for Google's second of only two fiscal jugular veins in Android (the other being paid search ads), Oracle has mightily disrupted the entire mobile world -- and potentially the full computing client market. By asking for an injunction against Android based on Java patent and copyright violations, Oracle has caused a huge and immediate customer, carrier and handset channel storm for Google. Talk about FUD!

Could Oracle extend its injunctions requests to handset makers and more disruptively for mobile carriers, developers, or even end users? Don't know, but the uncertainty means a ticking bomb for the entire Android community. Oracle's suits therefore can't linger. Time is on Oracle's side right now. Even Google counter-suing does not stop the market pain and uncertainty from escalating.

We saw how that pain works when RIM suffered intellectual property claims again its Blackberries, when RIM was up against a court-ordered injunction wall. Fair or not, right or not, they had to settle and pay to keep the product and their market cap in the right motion. And speed was essential because investors are watching, wondering, worrying. Indeed, RIM should have caved sooner. That's the market-driven, short-term "time is not on our side" of Google's dilemma with Oracle's Java.

When Microsoft had to settle with Sun Microsystems over similar Java purity and license complaints a decade back, it was a long and drawn out affair, but the legal tide seemed to be turning against Microsoft. So Microsoft settled. That's the legal-driven, long-term "time is not on our side" of Google's dilemma with Oracle's Java.

Google is clearly in a tough spot. And so we need to know: What does Oracle really want with Android?

Not about the money

RIM's aggressors wanted money and got it. Sun also needed money (snarky smugness aside) too, and so took the loot from Microsoft and made it through yet another fiscal quarter. But Oracle doesn't need the money. Oracle will want quite something else in order for the legal Java cloud over Android to go away.

Oracle will probably want a piece of the action. But will Oracle be an Android spoiler ... and just work to sabotage Android for license fees as HP's WebOS and Apple's iOS and Microsoft's mobile efforts continue to gain in the next huge global computing market, that is for mobile and thin PC clients?

Or, will Oracle instead fall deeply, compulsively in love with Android ... Sort of a Phantom of the Opera (you can see Larry with the little mask already, no?), swooping down on the sweet music Google has been making with Android, intent on making that music its own, controlled from its own nether chambers, albeit with a darker enterprise pitch and tone. Bring in heavy organ music, please.

Chances are that Oracle covets Android, believes its teachings through Java technology (the angel of class libraries) entitles it to a significant if not controlling interest, and will hold dear Christine ... err, Android, hostage unless the opera goes on the way Oracle wants it to (with license payments all along the way). Bring in organ music again, please.

Trouble is, this phantom will not let his love interest be swept safely back into the arms of Verizon, HTC, Motorola and Samsung. Google will probably have to find a way make to make music with Oracle on Android for a long time. And they will need to do the deal quickly and quietly, just like Salesforce.com and Microsoft recently did.

What, me worry?

How did Google let this happen? It's not just a talented young girl dreaming of nightly rose-strewn encores, is it?

Google's mistake is it has acted like a runaway dog in a nighttime meat factory, with it fangs into everything but with very little fully ingested (apologies to Steve Mills for usurping his analogy). In stepping on every conceivable competitors' (and partners') toes with hubristic zeal -- yet only having solid success and market domination in a very few areas -- Google has made itself vulnerable with its newest and extremely important success with Android.

Did Google do all the legal blocking and tackling? Maybe it was a beta legal review? Did the Oracle buy of Sun catch it off-guard? Will that matter when market perceptions and disruption are the real leverage? And who are Google's friends now when it needs them? They are probably enjoying the opera from the 5th box.

Android is clearly Google's next new big business, with prospects of app stores, and legions of devoted developers, myriad partners on the software and devices side, globally pervasive channels though the mobile carriers, and the potential to extend same into the tablets and even "fit" PCs arena. Wow, sounds a lot like what Java could have been, what iOS is, and what WebOS wants to be.

And so this tragic and ironic double-cross -- Java coming back to stab Google in the heart -- delivers like an aria, one that is sweet music mostly to HP, Apple, and Microsoft. [Disclosure: HP is a sponsor of BriefingsDirect podcasts.]

[UPDATE: The stakes may spread far beyond the mobile market into the very future of Java. Or so says Forrester analyst Jeffrey Hammond, who argues that, in light of Oracle’s plans to sue Google over Android, “…this lawsuit casts the die on Java’s future."

"Java will be a slow-evolving legacy technology. Oracle’s lawsuit links deep innovation in Java with license fees. That will kill deep innovation in Java by anyone outside of Oracle or startups hoping to sell out to Oracle. Software innovation just doesn’t do well in the kind of environment Oracle just created," said Hammond.]

See related coverage:

Wednesday, August 11, 2010

Metastorm seeks to accelerate the strategic socialization of the enterprise for process improvement

Metastorm, the business process management (BPM) software provider that recently released two cloud-based business collaboration products, is betting on what it calls the "socialization of the enterprise."

We're seeing more social media techniques and approaches entering the enterprise, from Saleforce.com's Chatter to the forthcoming beta of HP's 48Upper. The trend is undeniable. A recent Trend Micro survey reveals social media use in the workplace has risen from 19 percent to 24 percent in the last two years.

Strategies to resist the socialization of the enterprise may be futile. So Metastorm is suggesting enterprises embrace it, using tools that foster rather than squash social productivity in the workplace.

Knowing that these technologies exist, there is this effort to figure out how to adapt this for a distributed business environment to increase the productivity and effectiveness of employees.



Part of that process is moving away from standalone products like Yammer and Socialtext and integrating social capabilities, profiles and collaboration with a richer enterprise experience, according to Laura Mooney, vice president of corporate communications at Metastorm, maker of Smart Business Workspace, a rich internet application that aims to empower knowledge workers to become more engaged and productive.

BriefingsDirect caught up with Mooney to discuss the issues around social enterprises.

BriefingsDirect: What’s your perspective on the business trend toward social enterprises?

Mooney: Companies don’t necessarily want to move away from stand-alone tools, but stand-alone tools are not necessarily well-integrated into the day-to-day operations and activities that employees are engaged in from a decision-making perspective.

As people got used to the instant ability to collaborate in their social life with using social networking capabilities, we discovered they wanted that same experience in the office environment in a way that would add business value. By tying social capabilities into the BPM foundation their work is already running on, employees can initiate that collaboration where it makes sense.

Metastorm focus on helping organizations, the people within the company, map out their strategy, understand the way different components of their business inter-operate and overlap, and then automate and execute business processes and try to improve these business processes on a day-to-day basis.

BriefingsDirect: Do tools like Facebook have a place in the enterprise from a productivity perspective?

Mooney: At work, Facebook is really not applicable to what I’m doing. But within this business process modeling tool, I have the ability to invite people that I can see online to participate in a process review session online, so we can all look at the same model and we can annotate, draw on it, and share it and get feedback. In that way, this is very meaningful to my day-to-day job.

Rather than getting on the phone or scheduling a conference call, trying to create a WebEx, and then trying to keep track of what it was we talked about, all of that would be captured.

It becomes useful also for audit purposes because a lot of companies can’t just change core business processes without some sort of audit trail. Having that audit ability is important from a business perspective versus random social networking. Social media is not necessarily trackable.

BriefingsDirect: Do you have any insight into the customer demand that’s sort of driving these traditional software vendors to play in the enterprise to the other world?

Mooney: It has to do with companies being so virtualized these days, especially the large organizations. Not only do they have multiple offices in different locations and most likely different countries, but there’s a shift toward telecommuting so everyone is not necessarily in the office at the same time. Knowing that these technologies exist, there is this effort to figure out how to adapt this for a distributed business environment to increase the productivity and effectiveness of employees.
BriefingsDirect contributor Jennifer LeClaire provided editorial assistance and research on this post. She can be reached at http://www.linkedin.com/in/jleclaire and http://www.jenniferleclaire.com.
You may also be interested in:

Tuesday, August 10, 2010

CollabNet rolls out trio of cloud ALM offerings with focus on Agile and governance benefits

In an aggressive move to drive Agile software deeper into the enterprise, CollabNet rolled out a trio of new offerings today at the Agile 2010 Conference.

CollabNet introduced version 5.4 of the CollabNet TeamForge application lifecycle management (ALM) platform, a TeamForge licensing option, and CollabNet Subversion Edge 1.1. Together with the recently released CollabNet TeamForge to ScrumWorks Pro Integration, the company is promising enterprises more flexibility to adopt Agile software development methods in the cloud.

“The products we’re introducing today enable organizations of any size, with developers located anywhere around the world, to realize breakthrough governance and innovation benefits while adopting Agile development methods at a pace that suits their business cycles, technical objectives, and team requirements,” says CollabNet CEO Bill Portelli.


Flagship product enhancements


Portelli says the tools and processes -- using any development methodology and technology -- can boost productivity by up to 50 percent and reduce the cost of software development by 80 percent.

Part of the promise depends on the latest version of CollabNet’s flagship product, the TeamForge ALM Platform. Version 5.4 is optimized for Agile teams and continuous integration. Some of the new features include dynamic planning improvements, such as drag-and-drop sequencing of backlog items and direct links between planning folders and file releases. The company says this makes it easier to implement Agile projects.

The products we’re introducing today enable organizations of any size, with developers located anywhere around the world, to realize breakthrough governance and innovation benefits.



TeamForge ALM version 5.4 also offers new personalization features that let users manipulate data in ways that best suit their needs and save their settings as their default view. And reporting enhancements, like the ability to embed dynamic charts directly within project pages, aim to make it easier to see release status at a glance.

CollabNet TeamForge ALM is $4,995 for the first 25 users and $749 per additional user, per year.

New licensing option

CollabNet also offers more flexibility with a TeamForge SCM licensing option. The new option promises the collaboration, enterprise-wide governance, and centralized management capabilities of the TeamForge platform to organizations that use Subversion for source code management.

According to the company, the new licensing option saves money for organizations that don’t need features like artifact tracking, task management, and document sharing. The new licensing option also adds centralized role-based access control, project workspaces, tools like wikis and discussion forums, and the secure delegation of repository administration to project teams. CollabNet TeamForge SCM is $2,995 for the first 25 users and $289 per additional user, per year.

Finally, CollabNet Subversion Edge is coming out of beta as a free, open-source download. Subversion Edge is certified stack that combines Subversion, the Apache Web server, and ViewVC with a Web-based management interface works to streamline installation, administration, use, and governance of the entire software stack. Subversion Edge also offers an auto-update feature.
BriefingsDirect contributor Jennifer LeClaire provided editorial assistance and research on this post. She can be reached at http://www.linkedin.com/in/jleclaire and http://www.jenniferleclaire.com.
You may also be interested in:

Friday, August 6, 2010

Cloud computing's ultimate value depends on open PaaS models to avoid applications and data lock-in

Listen to the podcast. Find it on iTunes/iPod and Podcast.com. Read a full transcript or download a copy. Sponsor: WSO2.

As enterprises examine the use of cloud computing for core IT functions, how can they protect themselves against service provider lock-in, ensure openness and portability of applications and data, and foster a true marketplace among cloud providers?

Indeed, this burning question about the value and utility of cloud computing centers on whether applications and data can move with relative ease from cloud to cloud -- that is, across so-called public- and private-cloud divides, and among and between various public cloud providers.

Get the free
"Cloud Lock-In Prevention Checklist"
here.

For enterprises to determine the true value of cloud models -- and to ascertain if their cost and productivity improvements will be sufficient to overcome the disruptive shift to cloud computing -- they really must know the actual degree of what I call "application fungibility."

Fungible means being able to move in and out of like systems or processes. But what of modern IT applications? Fungible applications could avoid the prospect of swapping on-premises platform lock-in for some sort of cloud-based service provider lock-in and, perhaps over time, prevent being held hostage to arbitrary and rising cloud prices.

Application fungibility would, I believe, create a real marketplace for cloud services, something very much in the best interest of enterprises, small and medium businesses (SMBs), independent software vendors (ISVs), and developers.

In this latest BriefingsDirect podcast discussion, we examine how enterprises and developers should be considering the concept of application fungibility, both in terms of technical enablers and standards for cloud computing, and also consider how to craft the proper service-level agreements (SLAs) to promote fungibility of their applications.

Here to explore how application fungibility can bring efficiency and ensure freedom of successful cloud computing, we're joined by Paul Fremantle, Chief Technology Officer and Co-Founder at WSO2, and Miko Matsumura, author of SOA Adoption for Dummies and an influential blogger and thought leader on cloud computing subjects. The discussion is moderated by Dana Gardner, Principal Analyst at Interarbor Solutions.

Here are some excerpts:
Matsumura: Fungibility is very, very critical, and one thing I want to emphasize is that the fungibility level of current solutions is very low.

... The economics of upscaling and downscaling as a utility is very attractive. Obviously, there are a lot of reasons why people would start moving into the cloud, but the thing that we're talking about today with this fungibility factor is not so much why would you start using cloud, but really what is the endgame for successful applications.

The area where we are specifically concerned is when the application is more successful than in your wildest dreams. Now, in some ways what it creates is almost an unprecedented leverage point for the supplier. If you're locked in to a very high-transactional, high-value application, at that point, if you have no flexibility or fungibility, you're pretty much stuck. The history of the pricing power of the vendor could be replicated in cloud and potentially could be even more significant.

... The things to look at in the cloud world are who are the emergent dominant players and will Amazon and Google or one of these players start to behave as an economic bully? Right now, since we're in the early days of cloud, I don't think that people are feeling the potential for domination.

But people who are thinking ahead to the endgame are pretty clear that that power will emerge because any rational, publicly traded company will maximize its shareholder value by applying any available leverage. If you have leverage against the customer, that produces very benevolent looking quarterly returns.

Fremantle: People are building apps in a month, a week, or even a day, and they need to be hosted. The enterprise infrastructure team, unfortunately, hasn’t been able to keep up with those productivity gains.

Now, people are saying, "I just want to host it." So, they go to Amazon, Rackspace, ElasticHosts, Joyent, whoever their provider is, and they just jump on that and say,"Here is my credit card, and there is a host to deploy my app on."

The problem comes when, exactly as Miko said, that app is now going to grow. And in some cases, they're going to end up with very large bills to that provider and no obvious way out of that.

You could say that the answer to that is that we need cloud standards, and there have been a number of initiatives to come up with standard cloud management application programming interfaces (APIs) that would, in theory, solve this. Unfortunately, there are some challenges to that, one of which is that not every cloud has the same underlying infrastructure.

Take Amazon, for example. It has its own interesting storage models. It has a whole set of APIs that are particularly specific to Amazon. Now, there are a few people who are providing those same APIs -- people like Eucalyptus and Ubuntu -- but it doesn’t mean you can just take your app off of Amazon and put it onto Rackspace, unfortunately, without a significant amount of work.

No way out

As we go up the scale into what's now being termed as platform as a service (PaaS), where people are starting to build higher level abstractions on top of those virtual machines (VMs) and infrastructure, you can get even more locked in.

When people come up with a PaaS, it provides extra functionality, but now it means that instead of just relying on a virtualized hardware, you're now relying on a virtualized middleware, and it becomes absolutely vital that you consider lock-in and don’t just end up trapped on a particular platform.

One of the things that naturally evolved, as a result of the emergence of a common foe, is this principle of unification, openness, and alliance.



Matsumura: From my perspective, to some extent, there already is a cloud marketplace -- but the marketplace radically lacks transparency and efficiency. It's a highly inefficient market.

The thing that's great is, if you look at rational optimization of strategic competitive advantage, [moving to the cloud makes perfect sense.] "My company that makes parts for airplanes is not an expert in keeping PC servers cool and having a raised floor, security, biometric identification, and all kinds of hosting things." So, maybe they outsource that, because that's not any advantage to them.

That's perfectly logical behavior. I want to take this now to a slightly different level, which is, organizations have emergent behavior that's completely irrational. It's comical and in some ways very unfortunate to observe.

In the history of large-scale enterprise computing, there has long been this tension between the business units and the IT department, which is more centralized. The business department is actually the frustrated party, because they have developed the applications in a very short time. The lagging party is actually the IT department.

There is this unfortunate emergent property that the enterprise goes after something that, in the long run turns out to be very disappointing. But, by the time the disappointment sets in, the business executives that approved this entry point into the cloud are long gone. They've gotten promotions, because, their projects worked and they got their business results faster than they would have if they had actually done it the right way and actually gone through IT.

Hard for IT to compete in short-term

So, it puts central IT into a very uncomfortable position, where they have to provide services that are equal to or better than professionals like Amazon. At the same time, they also have to make sure that, in the long-term interest of the company, these services have the fungibility, protection, reliability, and cost control demanded by procurement.

The question becomes how do you keep your organization from being totally taken advantage of in this kind of situation.

Fremantle: What we are trying to do at WSO2 is exactly to solve that problem through a technical approach, and there are also business approaches that apply to it as well.

The technical approach is that we have a PaaS, and what’s unique about it is that it's offering standard enterprise development models that are truly independent of the underlying cloud infrastructure.

What I mean is that there is this layer, which we call WSO2 Stratos, that can take web applications, web application archive (WAR) files, enterprise service bus (ESB) flows, business process automation (BPA) processes, and things like governance and identity management and do all of those in standard ways. It runs those in multi-tenant elastic cloud-like ways on top of infrastructures like Amazon, as well as private cloud installments like Ubuntu, Eucalyptus, and coming very soon, VMware.

Get the free
"Cloud Lock-In Prevention Checklist"
here.

What we're trying to do is to say that there is a set of open standards, both de facto and de jure standards, for building enterprise applications, and those can be built in such a way that they can be run on this platform -- in public cloud, private cloud, virtual private cloud, hybrid, and so forth.

What we're trying to do there is exactly what we've been talking about. There is a set of ways of building code that don’t tie you into a particular stack very tightly. They don’t tie you into a particular cloud deployment model very tightly, with the result that you really can take this environment, take your code, and deploy it in multiple different cloud situations and really start to build this fungibility. That’s the technical aspect.

One of the things that’s very important in cloud is how you license software like this. As an open source company, we naturally think that open source has a huge benefit here, because it's not just about saying you can run it any way. You need to then be able to take that and not be locked into it.

Our Stratos platform is completely open source under the Apache license, which means that you are free to deploy it on any platform, of any size, and you can choose whether or not to come to WSO2 for support.

We think we're the best people to support you, but we try and prove that every day by winning your business, not by tying you in through the lawyers and through legal and licensing approaches.



Matsumura: As a consumer of cloud, you need to be clear that the will of the partner is always essentially this concept of, "I am going to maximize my future revenue." It applies to all companies.

... Thing that’s fascinating about it is that, when a vendor says "Believe me," you look to the fine print. The fine print in the WSO2 case is the Apache license, which has incredible transparency.

It becomes believable, as a function, being able to look all the way through the code, to be able to look all the way through the license, and to realize, all of a sudden, that you're free. If someone is not being satisfactory in how they're behaving in the relationship, you're free to go.

If you look at APIs, where there is something that isn’t that opaque or isn’t really given to you, then you realize that you are making a long-term commitment, akin to a marriage. That’s when you start to wonder if the other person is able to do you harm and whether that’s their intention in the long run.

Fremantle: What Miko has been trying to politely say is that every vendor, whether it’s WSO2 or not, wants to lock in their customers and get that continued revenue stream.

Our lock-in is that we believe that it's such an enticing, attractive idea, that it's going to keep our customers there for many years to come.

Now, what’s WSO2's lock-in?

Our lock-in is that we have no lock-in. Our lock-in is that we believe that it's such an enticing, attractive idea, that it's going to keep our customers there for many years to come. We think that’s what entices customers to stay with us, and that’s a really exciting idea.

It's even more exciting in the cloud era. It was interesting in open source, and it was interesting with Java, but what we are seeing with cloud is the potential for lock-in has actually grown. The potential to get locked-in to your provider has gotten significantly higher, because you may be building applications and putting everything in the hands of a single provider; both software and hardware.

There are three layers of lock-in. You can get locked into the hardware. You can get locked into the virtualization. And, you can get locked into the platform. Our value proposition has become twice as valuable, because the lock-in potential has become twice as big.

... You're bound to see in the cloud market a consolidation, because it is all going to become price sensitive, and in price sensitive markets you typically see consolidation.

Two forms of consolidation

What I hope to see is two forms of consolidation. One is people buying up each other, which is the sort of old form. It would be really nice instead to see consolidation in the form of cloud providers banding together to share the same models, the same platforms, the same interfaces, so that there really is fungibility across multiple providers, and that being the alternative to acquisition.

That would be very exciting, because we could see people banding together to provide a portable run-time.

Matsumura: Smart organizations need to understand that it's not any individual's decision to just run off and do the cloud thing, but that it really has to combine enterprise architecture and ... cautionary procurement, in order to harness cloud and to keep the business units from running away in a way that is bad.

The thing that really critical though is when this is going to happen. There is a very tired saying that those who do not understand history are doomed to repeat it. We could spend almost decades in the IT industry just repeating the things of the past by reestablishing these kind of dominant-vendor, lock-in models.

A lot of it depends on what I call the emergent intelligence of the consumer. The reason I call it emergent intelligence is that it isn’t individual behavior, but organizational behavior. People have this natural tendency to view a company as a human being, and they expect rational behavior from individuals.

Aggregate behavior

But, in the endgame, you start to look at the aggregate behaviors of these very large organizations, and the aggregate behaviors can be extremely foolish. Programs like this help educate the market and optimize the market in such ways that people can think about the future and can look out for their own organizations.

The thing that’s really funny is that people have historically been very bad at understanding exponential growth, exponential curves, exponential costs, and the kind of leverage that they provides to suppliers.

People need to get smart on this fungibility topic. If we're smart, we're going to move to an open and transparent model. That’s going to create a big positive impact for the whole cloud ecosystem, including the suppliers.

Fremantle: It's up to the consumers of cloud to really understand the scenarios and the long-term future of this marketplace, and that’s what's going to drive people to make the right decisions. Those right decisions are going to lead to a fungible commodity marketplace that’s really valuable and enhances our world.

The challenge here is to make sure that people are making the right, educated decisions. I'd really like people to make informed decisions, when they choose a cloud solution or build their cloud strategy, that they specifically approach and attack the lock-in factor as one of their key decision points. To me, that is one of the key challenges. If people do that, then we're going to get a fair chance.

I don’t care if they find someone else or if they go with us. What I care most about is whether people are making the right decision on the right criteria. Putting lock-in into your criteria is a key measure of how quickly we're going to get into the right world, versus a situation where people end up where vendors and providers have too much leverage over customers.

Get the free
"Cloud Lock-In Prevention Checklist"
here.

Listen to the podcast. Find it on iTunes/iPod and Podcast.com. Read a full transcript or download a copy. Sponsor: WSO2.

You may also be interested in:

Wednesday, August 4, 2010

Revolution Analytics targets R language, platform at growing need to handle 'big data' crunching challenges

Revolution Analytics is working to revolutionize big data analysis with better crunching tools and an updated platform that brings the open source R statistics language to some the the largest data sets.

The company is betting its new big data scalability platform will help R transition from a research and prototyping tool to a production-ready platform for such enterprise applications as quantitative finance and risk management, social media, bioinformatics, and telecommunications data analysis.

The latest version of Revolution R Enterprise comes complete with an add-on package called RevoScaleR, a framework for multi-core processing of large data sets. With RevoScaleR, Revolution Analytics targets some of the largest levels of capacity and performance for analyzing big data, they said.

“With RevoScaleR, we’ve focused on making analytical models not just scale to the big data sets, but run the analysis in a fraction of the time compared to traditional systems,” says David Smith, vice president of Community and Marketing at Revolution Analytics. “For example, the FAA publishes a data set that contains every commercial airline take off and landing between 1987 and 2008. That’s more than 13 gigabytes of data. By analyzing that data, we can figure out the likelihood of airline delays in one second.”

A rows-and-columns approach

One second to analyze 13 GB of data should turn some heads because it takes 300 seconds with traditional methods. Under the hood of RevoScaleR is rapid fire access to data. For example, the RevoScaleR uses an XDF file format, a new binary big data file format with an interface to the R language that offers high-speed access to arbitrary rows, blocks and columns of data.

We’ve taken that one step further to develop a system that accesses the database by rows and columns at the same time



“The new SQL movement was all about going from relational databases to a flat file on a disk that offers fast to access by columns. A lot of the technology that’s behind things like Twitter and Facebook take this approach,” Smith said. “We’ve taken that one step further to develop a system that accesses the database by rows and columns at the same time, which is really well-attuned to doing these statistical computations.”

RevoScaleR also relies on a collection of the most-common statistical algorithms optimized for big data, including high-performance implementations of summary statistics, linear regression, binomial logistic regression and crosstabs. Data reading and transformation tools let users interactively explore and prepare large data sets for analysis. And, extensibility lets expert R users develop and extend their own statistical algorithms.

Integrating Hadoop

Based on the open-source R technologies, Revolution R Enterprise accordingly plays well with other modern big data architectures. Revolution R Enterprise leverages sources such as Hadoop, NoSQL or key value databases, relational databases, and data warehouses. These products can be used to store, regularize, and do basic manipulation on very large data sets—while Revolution R Enterprise now provides advanced analytics.

“Together, Hadoop and R can store and analyze massive, complex data,” says Saptarshi Guha, developer of the popular RHIPE R package that integrates the Hadoop framework with R in an automatically distributed computing environment. “Employing the new capabilities of Revolution R Enterprise, we will be able to go even further and compute dig data regressions and more.”

The new RevoScaleR package will be delivered as part of Revolution R Enterprise 4.0, which will be available for 32-and 64-bit Microsoft Windows in the next 30 days. Support for Red Hat Enterprise Linux (RHEL 5) is planned for later this year.
BriefingsDirect contributor Jennifer LeClaire provided editorial assistance and research on this post. She can be reached at http://www.linkedin.com/in/jleclaire and http://www.jenniferleclaire.com.
You may also be interested in:

Tuesday, August 3, 2010

Harvard Medical School use of cloud computing provides harbinger for new IT business value, Open Group panel finds

Listen to the podcast. Find it on iTunes/iPod and Podcast.com. Read a full transcript or download a copy. Sponsor: The Open Group.

We've assembled a panel to examine the business impact of cloud computing, to explore practical implementations of cloud models, and to move beyond the hype and into gaining business paybacks from successful cloud adoption.

Coming to you from The Open Group Conference in Boston on July 21, the panel tackles such issues as what stands in the way of cloud use, safe and low-risk cloud computing, and working around inhibitors to cloud use. We also delve into a compelling example of successful cloud practices at the Harvard Medical School.

Learn more about cloud best practices and produced practical business improvements from guests Pam Isom, Senior Certified Executive IT Architect at IBM; Mark Skilton, Global Director, Applications Outsourcing at Capgemini; Dr. Marcos Athanasoulis, Director of Research Information Technology for Harvard Medical School, and Henry Peyret, Principal Analyst at Forrester Research. The panel is moderated by Dana Gardner, Principal Analyst at Interarbor Solutions.

Here are some excerpts:
Athanasoulis: The business of Harvard Medical School is research. ... Similar to many industries, there is a culture that requires that, for IT to be successful, it has to be meeting the needs of the users.

We have a particularly interesting situation. I call Harvard Medical School the land of a thousand CIOs, because, in essence, we cannot mandate that anyone use central IT services, cloud services, or other things. So that sets a higher standard for us, because people have to want to use it. It has to be cost-effective and it has to meet their business, research objectives.

We set out about five years ago to start thinking about how to provide infrastructure. Over time, we've evolved into creating a cloud that's a private cloud at the medical school.

User participation

W
e've been able to put in place a cloud that, number one, has user participation. This means that the faculty have and the researchers have skin in the game.

They can use the resources that are made available and subsidized by the school, but if they need additional resources, additional computing power, they're able to buy it. They actually purchase nodes that go into the cloud and they own those nodes, but when those notes are idle, other people's work can run on it. So they buy into the cloud.

These folks are not very trusting of central IT organizations. Many of them want to do their own thing. In order to get them to be convinced that they ought to participate, we told them, "You buy equipment and, if it doesn't work out for you, you can take that equipment and put it under the bench in your lab and set it up how you want." That made them more comfortable. But, not a single time has anyone ever actually come back and said they were going to take back the equipment.

In essence, it's building the trust of the researchers or the business clients, if you're in more of a business environment, getting them engaged in their requirements, and making sure it will meet their needs.

... Personal relationship is a part of what it's about. We had to make sure that we weren't seen as just a black box that they had absolutely no control over. That was step number one.

Then we also had to make sure that it was very much of an iterative process. We would start with one folk's needs and then realize there were certain other needs.

... We started out with a relatively small cloud initially. Once people saw the value, they began to adopt it more, and it's really starting to have a snowball effect, where we are growing by orders of magnitude.

... People are moving from the giant project, two- to three-year implementation cycles to, "Let's take a chunk, see how it works, and then iterate and moderate along the way."

Skilton: What's illustrated [at Harvard Medical School] is this need to move to more continuous-release or continuous-improvement type of life cycle. This is a transformation for IT, which may be typically more project-cycle based. It's a subtle difference, but it's one that is fundamentally changing the way you would offer an incrementalized service as opposed to more of a clunky, project-based, traditional waterfall approach.

We're seeing software as a service (SaaS), due to the economic conditions, taken quite seriously now, particularly targeted at specific business processes, but also starting to become potentially more mainstream. Clearly, with Salesforce.com and others like that, we are seeing that starting to accelerate.

... We're starting to see utility computing becoming much more common mainstream, so that it’s no longer a fad or an alternative to mainstream. We're seeing that sort of consistency.

Demonstrate success early

Athanasoulis: It's always easier to show someone something that's already working and say, "Do you want to hop onto this bus" than to say, "We're going to build this great new giant infrastructure, and just trust us, it's going to work great. So, hop on board now, before anyone has even seen it or tried it out." It's having the ability to let people walk before they run. Come on and try it out. If it doesn’t work for you, so be it, but you also have demonstrated successes that people can point to.

... The CIO at Harvard Medical School, John Halamka, had the vision to start this. It started with his initial vision and going to bat to move from everyone from doing their own thing and setting up their own infrastructure, to creating a cloud that will actually work for people.

He had the foresight to say, "Let's try this out." He went to his leadership, the dean and others and said, "Yes, we're taking a chance. We're going to spend some money. We're not going to spend a huge amount of money until we prove the model, but we're going to have to put some money in and see how this works." It was a very interesting communication game.

Peyret: From an enterprise architect (EA) point of view, we should ... determine what are the elements that can migrate to the cloud, different types of cloud. Then, we should try to evangelize. The EA should be in between business and IT. That’s a good place to make a right choice and mitigate risks and choices.

... The EA should participate to establish and negotiate what I call the business service catalog, something that will be an extension of the ITIL service catalog, which is very IT-based and IT-defined.

Something that is missing currently within ITIL V3 is how to deal with the business to define the service and define also the contract in terms of cost and of service level agreement (SLA). But, it's not only the SLA. It's broader than that. That's something that's missing at the moment. Most of the EAs are not participating in that.

... The business service catalog is the next step. We have heard in enterprise architecture about business capabilities. We talked about that business capabilities to help develop business architecture.

A missing link

W
e have also heard SOA. There is a missing link in between -- the business service catalog. It's a way we will contractualize. I like very much the fact that you said, we are contractualizing, but with flexibility. We should manage that flexibility. We should predict what that flexibility means in terms of impact. Perhaps that service is not valuable for other parts of the company.

That's where I think that EA and the next step for EA will take place. SOA is not an end, and the next step will be the business service catalog, which we will develop to link to the business capabilities.

Isom: The catalog of services would be great. I think we need to be careful about that catalog of services, so that it doesn’t become too standardized.

We need to be careful with the catalog of services that we offer, but I definitely think that it is a new way of thinking, when it comes to the role and capacity of IT.



As I mentioned earlier today in one of my presentations, you want to be careful with that standardization, because you do want to give people some flexibility, but you need to manage that flexibility. So, you need to be careful. We need to be careful with the catalog of services that we offer, but I definitely think that it is a new way of thinking, when it comes to the role and capacity of IT.

It’s a new way of thinking, because along with that comes service management. You can't just think about offering the services. Can you really back up what you offer? So, it does introduce more thinking along those lines.

... The enterprise architect would be the one who would provide that enterprise view and make sure that anything that we do is thought out from a holistic perspective, even though we may actually start practicing on a smaller scale or for a smaller domain.

A good practice would be to involve the enterprise architect, even though we may start with a specific domain for implementing the cloud, because you've got to keep your eye on the strategic vision of the company.

... As far as what’s driving cloud as a solutions strategy is the need to improve business performance. If we can get solutions that will help drive business performance and business sustainability, the cloud is a good place for that.

... You can’t produce cloud solutions in a vacuum. You won’t get any consumers. So, it’s a great venue for cloud providers to work with business stakeholders to explain and explore opportunities for valuable services.

Athanasoulis: Defining the service with the users is the first clear step, and obviously getting the requirements from the users, particularly in an organization like our medical school, where they have choices and they don’t have to use the systems.

We have people who want to just come in and put in systems, buy a rack of stuff and put it under the lab bench, and then they are surprised when the power and cooling isn’t there to meet the requirement.



... As IT leaders, we all know that there is now a marketplace. The public cloud is available to folks. People can get on Amazon EC2. They can get on to these various clouds and they can start to use them. That forces us to have compelling cloud offerings that are more cost effective than what they can go get out in the public sector.

... We view the public cloud as an extension of the private cloud to the degree that there is consistency of virtual machine definitions and to the degree that we can make a node on the public cloud look exactly like a node on the private cloud and make the same databases available there.

If someone has the money, they want the capabilities, say 10,000 processor hours or 100,000 processor hours, whatever it might be, between now and this deadline three weeks from now, and they are willing to spend the money, wouldn’t it be great if transparent to them, they just spend up to $100,000, $200,000, whatever their budget is, and let this stuff go from our private cloud out to the public cloud. What a great solution that would be for folks.

... So, having this balance of bringing in an IT specialist, the enterprise architect, to define the requirements in joint-step -- back to the dance with the customers -- was really what allowed us to be successful.

A new question

Skilton: The portfolio needs to be put in place, but it also needs another set of service management investment tools to control data distribution, compliance, or access and security control, and things like that.

I detect a worry about whether I can outsource that. Do I need to do something in-house? What do I need to spend money on? Because that's a block, and people need to understand that.

... What we are seeing with clients now is that they are over the initial infrastructure as a service (IaaS), platform as a service (PaaS), SaaS, and business process as a service-sort of conversation. They're now asking, "What cloud services do you do?"

What they mean by that is that they need to see your cloud security reference model. They need to see your cloud services model. They need to understand the type of services that you can offer into a portfolio and then the types of service catalogs that you can interact with them.

They then make a decision. Does that need to be on-premise, can it be out in the cloud, or is there something as a hybrid? They're on that page now, and there is a strategic planning process starting to evolve around that.

Flexible vision


Athanasoulis: You want to iterate and you have to have a vision of where you are going.

If you're taking a car trip and you're going to drive from here to Ohio tomorrow, we know where we're going, we have our map, we start to drive, but we might along the way find, that the highway is clogged with traffic. So, we're going to go around over here, or we are going to take a detour.

Perhaps, somewhere along the way you say, "You know what, now that we have been learning more, Ohio isn't really where we wanted to go. We actually want to keep on going. We're heading right out to Colorado, wherever it may be." But, you have to have a vision of where you are going.

Then, to keep things from spinning out of control along the way, it's really important to know the potential factors that might lead to things starting to fall apart or fray at the edges. How do you monitor that you have the right capacity in place? You don't want to sell something to everyone and then find six months into it that you're way oversubscribed and everyone is bitter and unhappy, because there isn't the capability that they expected.

Isom: The IT department should be more focused now on providing information technology as a service. It’s not just a cloud figure of speech. They are truly looking at providing their capabilities as a service and looking at it from an end-to-end perspective.

That includes that service catalog and includes some of the things you were talking about, how to make it easier for consumers to actually consume the services, and also making sure that the services that they do provide will perform, knowing that the business consumers will go somewhere else if we don't. The services are just that available now. You really have to think about that. That shouldn’t be the driving force for us, providing IT as a service, but it should be a consideration.

The IT department should be more focused now on providing information technology as a service. It’s not just a cloud figure of speech.



Peyret: What I wanted to recommend is that you should evangelize your IT person to act as an IT service. What does that mean? That means that you should recommend to them to contractualize their service, to express and establish, through the business service catalog, including some pricing aspects. Within the enterprise, where you have some funding and no problem about funding, you should contractualize. That’s absolutely key to make the adoption of cloud, any type of cloud, easier. That would be more or less transparent.

Risk mitigation

Isom: The cloud can be a risk mitigator. ... We talked about how we can help mitigate the risk of losses in product, sales and services, because capabilities are now made faster. There is also that infrastructure to try things out. If you don’t like it, try something else, but that infrastructure is more readily adaptable with cloud.

Also, there's the fact that there is the mitigation of the proliferation of licenses and excess inventory that you have with respect to products, software, and things like that. We can help mitigate that with the cloud, with the pooling of licensing and things like that, so you can reach cloud from that respect.

Skilton: From the business side, I would recommend to go out and look at best practices. Go and look at examples of where SaaS is already being used.

The number of case studies are growing by the month. So, for businesses, go out and learn about what's out there, because it is real. It’s not a cloud.



It constantly amazes me how many blue-chip Fortune 500 companies are already doing this.

From an IT point of view, as we have heard from Marcos, go and learn. Try it, pilot it in your organization. I'll go further and say, practice what you preach. Test it out on one of your own business processes.

From my own experience in my own company, we do use what we preach in the cloud. That way, you learn what it means internally to yourself to transform, and you can take that learning and build on it. You can't get it in a book. You can’t just read it. You have to do it.

Athanasoulis: I will think of four words that begin with P to describe where I would emphasize. One, pilot, as we have already been saying. Two, participation. You have to get buy-in and participation across the entire group. Three, obviously produce results. If you don’t produce results, then it’s not going anywhere. And then, promotion. At the end of the day, you also have to be out there promoting this service, being an advocate and an evangelist for it, and then, once the snowball gets going, there is no stopping it.
Listen to the podcast. Find it on iTunes/iPod and Podcast.com. Read a full transcript or download a copy. Sponsor: The Open Group.

You may also be interested in:

WSO2 offerings add zest to Carbon 3.0 platform for BPM, cloud construction

WSO2 kicked its Carbon 3.0 Apache-based middleware platform up a notch today with the announcement of five new releases that take advantage of Carbon 3.0's process-oriented components and building blocks for cloud computing.

Among the new offerings from the Mountain View, Calif. company are Business Process Server (BPS) 2.0, Data Services Server (DSS) 2.5, Business Activity Monitor (BAM) 1.1, Gadget Server 1.1, and Mashup Server 2.1. All are designed to aid users in customizing IT application and Web service deployments across servers -- and in private and public clouds. [Disclosure: WSO2 is a sponsor of BriefingsDirect podcasts.]

Based on the componentized OSGI-compliant Carbon platform, all five inherit the functionality that was added to Carbon 3.0 in June. This includes:
  • Component Manager, which provides an interface that lets developers simply point-and-click to extend the capabilities of the middleware. It then acquires, installs, and provisions the runtime automatically

  • Web Services Dynamic Discovery (WS-Discovery) support to automate the detection and configuration of Web service endpoints

  • Enhanced integration with the WSO2 Governance Registry, facilitating large clustered deployments and cloud implementations.
“The lean approach of our WSO2 Carbon platform means enterprise IT teams can quickly deliver projects using just the functionality they need, and over the long term they benefit from a clean, interoperable and effective enterprise architecture,” said Paul Fremantle, co-founder and CTO. “Our newest products based on Carbon 3.0 continue that commitment with a wealth of new functionality that can be customized to an IT project’s needs.”

Business processes

BPS enables developers to easily compose and orchestrate business processes using WS-BPEL. Version 2.0 adds support for two emerging open source human-centric process specifications, which are currently under OASIS standardization review. Additional new features include Scheduled instance cleanup, Java Message Service (JVM) API support, and XML Path extension support.

DSS enables database administrators and database programmers to create and manage WS-* style Web services and REST-style Web resources using enterprise data. Version 2.5 adds several features to offer greater flexibility and efficiency in creating and managing data services, including:
  • Contract-first data service creation in which developers start with XML schema and WSDL definitions to create their data services.

  • Batch mode for insert, update and delete operations

  • Boxcarring support, meaning developers now "boxcar" a number of service requests into a single database transaction

  • Data validation logic

  • Support for additional data types including array, binary input/output, and Carbon data sources
BAM provides real-time visibility into service-oriented architecture (SOA) processes, transactions and workflows. Version 1.1 adds support for the widely adopted Oracle relational database management system (RDBMS), as well as support for deployment on the JBoss, Apache Tomcat and WebLogic application servers.

Our newest products based on Carbon 3.0 continue that commitment with a wealth of new functionality that can be customized to an IT project’s needs.



Gadget Server lets users implement and modify a true Web-based portal that can be accessed anywhere via a browser. Enhancements to version 1.1 include inter-gadget communication support, a gadget editor, and support for i18n.

Mashup Server provides the reusability, security, reliability and governance required for an SOA. Version 2.1 makes it easier to share mashups by providing the ability to upload a mashup together with all the required resources in a ZIP folder.

BPS 2.0, DSS 2.5, BAM 1.1, Gadget Server 1.1, and Mashup Server 2.1 are available today as software downloads and as WSO2 Cloud Virtual Machines running on the Amazon Elastic Computing Cloud (EC2), Linux Kernel Virtual Machine (KVM), or VMware ESX. As fully open source solutions released under the Apache License 2.0, the products do not carry any licensing fees. WSO2 offers a range of additional service and support options.

You may also be interested in: