Category: Akamai
February 6th, 2010
ISM3 brings greater standardization to security measurement across enterprise IT
Listen to the podcast. Find it on iTunes/iPod and Podcast.com. Read a full transcript or download a copy. Sponsor: The Open Group.
Security may be the hottest topic in IT. But it’s also one of the least understood.
So BriefingDirect assembled a panel this week to examine the need for IT security to run more like a data-driven science, rather than a mysterious art form.
Rigorously applying data and metrics to security can dramatically improve IT results and reduce overall risk to the business. By employing and applying more metrics and standards to security, the protection of IT becomes better, and the known threats can become evaluated uniformly.
Standards like Information Security Management Maturity Model (ISM3) are helping to not only gain greater visibility, but also allowing IT leaders to scale security best practices repeatably and reliably.
With standards and greater reliance on data, security practitioners can understand better what they are up against, perhaps gaining close to real-time responses. They can know what’s working — or is not working — both inside and outside of their organization.
The security metrics panel and sponsored podcast discussion are coming to you from The Open Group’s Enterprise Architecture Practitioners Conference in Seattle on Feb. 2, 2010. The goal is to determine the strategic imperatives for security metrics, and to discuss how to use them to change the outcomes in terms of IT’s value to the business.
Our panel consists of a security executive from The Open Group, as well as two experts on security who are presenting at the consortium’s Security Practitioners Conference: Jim Hietala, Vice President for Security at The Open Group; Adam Shostack, co-author of The New School of Information Security, and Vicente Aceituno, director of the ISM3 Consortium. The discussion is moderated by Dana Gardner, principal analyst at Interarbor Solutions.
Here are some excerpts:
Hietala: We think there’s a contribution to make from The Open Group, in terms of developing the ISM3 standard and getting it out there more widely. [Being a data-d
riven security organization means] using information to make decisions, as opposed to what vendors are pitching at you, or your gut reaction. It’s getting a little more scientific about gathering data on the kinds of attacks you’re seeing and the kinds of threats that you face, and using that data to inform the decisions around the right set of controls to put in place to effectively secure the organization.
A presentation we had today from an analyst firm talked about people being all over the map [on security practices]. I wouldn’t say there’s a lot of rigor and standardization around the kinds of data that’s being collected to inform decisions, but there is some of that work going on in very large organizations. There, you typically see a little more mature metrics program. In smaller organizations, not so much. It’s a little all over the map.
… The important outputs of a good metrics program can be that it gives you a different way to talk to your senior management about the progress that you’re making against the business objectives and security objectives.
That’s been an area of enormous disconnect. Security professionals have tended to talk about viruses, worms, relatively technical things, but haven’t been able to show a trend to senior management that justifies the kind of spending they have been doing and the kind of spending they need to do in the future. Business language around some of that is needed in this area.
Shostack: We have an opportunity to be a heck of a lot more effective than we have been. We can sa
y, “This control that we all thought was a really good idea — well, everyone is doing it, and it’s not having the impact that we would like.” So, we can reassess how we’re getting real, where we’re putting our dollars.
The big change we’ve seen is that people have started to talk about the problems that they are having, as a result of laws passed in California and elsewhere that require them to say, “We made a mistake with data that we hold about you,” and to tell their customers.
We’ve seen that a lot of the things we feared would happen haven’t come to pass. We used to say that your company would go out of business and your customers would all flee. It’s not happening that way. So, we’re getting an opportunity today to share data in a way that’s never been possible before.
Aceituno: The top priority should be to make sure that the things you measure are things that
are contributing positivity to the value that you’re bringing to business as a information security management (ISM) practitioner. That’s the focus. Are you measuring things that are actually bringing value or are you measuring things that are fancy or look good?
Because metrics are all about controlling what you do and being able to manage the outputs that you produce and that contribute value to the business … you can use metrics to manage internal factors.
I don’t think it brings a bigger return on investment (ROI) to collect metrics on external things that you can’t control. It’s like hearing the news. What can you do about it? You’re not the government or you’re not directly involved. It’s only the internal metrics that really make sense.
Basically, we link business goals, business objectives, and security objectives in a way that’s never been done before, because we are painfully detailed when we express the outcomes that you are supposed to get from your ISM system. That will make it far easier for practitioners to actually measure the things that matter.
Business value approach
Shostack: Vicente’s point about measuring the things you can control is critical. Oftentimes in security, we don’t like to admit that we’ve made mistakes and we conceal some of the issues that are happening. A metrics initiative gives you the opportunity to get out there and talk about what’s going on, not in a finger pointing way, which has happened so often in the past, but in an objective and numerically centered way. That gives us opportunity to improve.
Hietala: There’s some taxonomy work to be done. One of the real issues in security is that when I say “threat,” do other people have the same understanding? Risk management is rife with different terms that mean different things to different people. So getting a common taxonomy is something that makes sense.
The kinds of metrics we’re collecting can be all over the map, but generally they’re the things that
would guide the right kind of decision making within an IT security organization around the question, “Are we doing the right things?”
Today, Vicente used an example of looking at vulnerabilities that are found in web applications. A critical metric was how long those vulnerabilities are out there before they get fixed by different lines of business, by different parts of the business, looking at how the organization is responding to that. We’re trying to drive that metric toward the vulnerabilities being open for less time and getting fixed quicker.
Shostack: We’ve seen over the last few years that those security programs that succeed are the ones that talk to the business needs and talk to the executive suite in language that the executives understand.
We’ve seen over the last few years that those security programs that succeed are the ones that talk to the business needs and talk to the executive suite in language that the executives understand.
The real success here and the real step with ISM3 is that it gives people a prescriptive way to get started on building those metrics.
You can pick it up and look at it and say, “Okay, I’m going to measure these things. I’m going to trend on them.” And, I’m going to report on them.”
As we get toward a place, where more people are talking about those things, we’ll start to see an expectation that security is a little bit different. There is a risk environment that’s very outside of people’s control, but this gives people a way to get a handle on it.
Aceituno: The main task of the ISM3 Consortium so far was to manage the ISM3 standard. I’m very happy to say that The Open Group and ISM3 Consortium reached an agreement and, with this agreement, The Open Group will be managing ISM3 from here on in. We’ll be devoting our time to other things, like teaching and consulting services in Spain, which is our main market. I can’t think of anything better than for ISM3 to be managed from The Open Group.
Hietala: You have metrics and control approaches in various areas and you can pick a starting point. You can come at this top-down, if you’re trying to implement a big program. Or, you come at it bottoms-up and pick a niche, where you know you are not doing well and want to establish some rigor around what you are doing. You can do a smaller implementation and get some benefit out of it. It’s approachable either way.
Listen to the podcast. Find it on iTunes/iPod and Podcast.com. Read a full transcript or download a copy. Sponsor: The Open Group.
February 3rd, 2010
CERN’s evolution toward cloud computing could portend next revolution in extreme IT productivity
Listen to the podcast. Find it on iTunes/iPod and Podcast.com. Read a full transcript or download a copy. Sponsor: Platform Computing.
What are the likely directions for cloud computing? Based on the exploration of expected cloud benefits at a cutting edge global IT organization, the future looks extremely productive.
In this podcast we focus on the thinking on how cloud computing — both the private and public varieties — might be used at CERN, the European Organization for Nuclear Research in Geneva.
CERN has long been an influential bellwether on how extreme IT problems can be solved. Indeed, the World Wide Web owes a lot of its usefulness to early work done at CERN. Now the focus is on cloud computing. How real is it, and how might an organization like CERN approach cloud?
In many ways CERN is quite possibly the New York of cloud computing. If cloud can make it there, it can probably make it anywhere. That’s because CERN deals with fantastically large data sets, massive throughput requirements, a global workforce, finite budgets, and an emphasis on standards and openness.
So please join us, as we track the evolution of high-performance computing (HPC) from clusters to grid to cloud models through the eyes of CERN, and with analysis and perspective from IDC, as well as technical thought leadership from Platform Computing.
Join me in welcoming our panel today: Tony Cass, Group Leader for Fabric Infrastructure and Operations at CERN; Steve Conway, Vice President in the High Performance Computing Group at IDC, and Randy Clark, Chief Marketing Officer at Platform Computing. The discussion is moderated by BriefingsDirect’s Dana Gardner, principal analyst at Interarbor Solutions.
Here are some excerpts:
Conway: Private cloud computing is already here, and quite a few companies are exploring it.
We already have some early adopters. CERN is one of them. Public clouds are coming. We see a lot of activity there, but it’s a little bit further out on the horizon than private or enterprise cloud computing.
Just to give you an example, we at IDC just did a piece of research for one of the major oil and gas companies, and they’re actively looking at moving part of their workload out to cloud computing in the next 6-12 months. So, this is really coming up quickly.
CERN is clearly serious about it in their environment. As I said, we’re also starting to see activity pick up with cloud computing in the private sector with adoption starting somewhere between six months from now and, for some, more like 12-24 months out.
Clark: At Platform Computing we have formally interviewed over 200 customers out of our installed base of 2,000. A
significant portion — I wouldn’t put an exact number on that, but it’s higher than we initially anticipated — are looking at private-cloud computing and considering how they can leverage external resources such as Amazon, Rackspace and others. So, it’s easily one-third and possibly more [evaluating cloud].
Cass: At CERN we’re a laboratory that exists to enable, initially Europe’s and now the world’s, physicists to study fundamental questions. Where does mass come from? Why
don’t we see anti-matter in large quantities? What’s the missing mass in the universe? They’re really fundamental questions about where we are and what the universe is.
We do that by operating an accelerator, the Large Hadron Collider, which collides protons thousands of times a second. These collisions take place in certain areas around the accelerator, where huge detectors analyze the collisions and take something like a digital photograph of the collision to understand what’s happening. These detectors generate huge amounts of data, which have to be stored and processed at CERN and the collaborating institutes around the world.
We have something like 100,000 processors around the world, 50 petabytes of disk, and over 60 petabytes of tape. The tape is in just a small number of the centers, not all of the hundred centers that we have. We call it “computing at the terra-scale,” that’s terra with two R’s. We’ve developed a worldwide computing grid to coordinate all the resources that we have with the jobs of the many physicists that are working on these detectors.
If you look at the past, in the 1990’s, we had people collaborating, but there was no central management. Everybody was based at different institutes and people had to submit the workloads, the analysis, or the Monte Carlo simulations of the experiments they needed.
We realized in 2000-2001 that this wasn’t going to work and also that the scale of resources that we needed was so vast that it couldn’t all be installed at CERN. It had to be shared between CERN, a small number of very reliable centers we call the Tier One centers and then 100 or so Tier Two centers at the universities. We were developing this thinking around the same time as the grid model was becoming popular. So, this is what we’ve done.
Grid sets stage for seeking greater efficiencies
[Our grid] pushes the envelope in terms of the scale to make sure that it works for the users. We connect the sites. We run tens of thousands of jobs a day across this and gradually we’ve run through a number of exercises to distribute the data at gigabytes a second and tens of thousands of jobs a day.
We’ve progressively deployed grid technology, not developed it. We’ve looked at things that are going on elsewhere and made them work in our environment.
The grid solves the problem in which we have data distributed around the world
and it will send jobs to the data. But, there are two issues around that. One is that if the grid sends my job to site A, it does so because it thinks that a batch slot will become available at site A first. But, maybe a grid slot becomes available at site B and my job is site A. Somebody else who comes along later actually gets to run their job first.
Today, the experiment team submits a skeleton job to all of the sites in order to detect which site becomes available first. Then, they pull down my job to this site. You have lots of schedulers involved in this — in the experiment, the grid, and the site — and we’re looking at simplifying that.
We’re now looking at virtualizing the batch workers and dynamically reconfiguring them to meet the changing workload. This is essentially what Amazon does with EC2. When they don’t need the resources, they reconfigure them and sell the cycles to other people. This is how we want to work in virtualization and cloud with the grid, which knows where the data is.
… We’re definitely concentrating for the moment on how we exploit effective resources here. The wider benefits we’ll have to discuss with our community.
Conway: CERN’s scientists have earned multiple Nobel prizes over the years for their work in particle physics. CERN is where Tim Berners-Lee and his colleagues invented the World Wide Web in the 1980s.
More generally, CERN is a recognized world leader in technology innovation. What’s been driving this, as Tony said, are the massive volumes of data that CERN generates along with the need to make the data available to scientists, not only across Europe, but across the world.
For example, CERN has two major particle detectors. They’re called CMS and ATLAS. ATLAS alone generates a petabyte of data per second, when it’s running. Not all that data needs to be distributed, but it gives you an idea of the scale or the challenge that CERN is working with.
In the case of CERN’s and Platform’s collaboration, the idea is not just to distribute the data but also the applications and the capability to run the scientific problem.
Showing a clear path to cloud
CERN is definitely a leader there, and cloud computing is really confined today to early adopters like CERN. Right now, cloud computing services constitute about $16 billion as a market.
February 3rd, 2010
BriefingsDirect analysts discuss ramifications of Google-China dust-up over corporate cyber attacks
Listen to the podcast. Find it on iTunes/iPod and Podcast.com. Read a full transcript or download the transcript. Charter Sponsor: Active Endpoints.
The latest BriefingsDirect Analyst Insights Edition, Volume 50, focuses on the fallout from the Google’s threat to pull out of China, due to a series of sophisticated hacks and attacks on Google, as well as a dozen more IT companies. Due to the attacks late last year, Google on Jan. 12 vowed to stop censoring Internet content for China’s web users and possibly to leave the country altogether.
This ongoing tiff between Google and the Internet control authorities in China’s Communist Party-dominated government have uncorked a Pandora’s Box of security, free speech and corporate espionage issues. There are human rights issues and free speech issues, questions on China’s actual role, trade and fairness issues, and the point about Google’s policy of initially enabling Internet censorship and now apparently backtracking.
But, there are also larger issues around security and Internet governance in general. Those are the issues we’ll be focusing on today. So, even as the U.S. State Department and others in the U.S. federal government seek answers on China’s purported role or complicity in the attacks, the repercussions on cloud computing and enterprise security are profound and may be long-term.
We’re going to look at some of the answers to what this donnybrook means for how enterprises should best protect their intellectual property from such sophisticated hackers as government, military or, quasi-government corporate entities and whether cloud services providers like Google are better than your average enterprise, or especially medium-sized business, at thwarting such risks.
We’ll look at how users of cloud computing should trust or not trust providers of such mission-critical cloud services as email, calendar, word processing, document storage, databases, and applications hosting. And, we’ll look at how enterprise architecture, governance, security best practices, standards, and skills need to adapt still to meet these new requirements from insidious world-class threats.
This periodic discussion and dissection of IT infrastructure related news and events with a panel of industry analysts and guests, comes to you with the help of our charter sponsor Active Endpoints, maker of the ActiveVOS business process management system.
So, join me now in welcoming our panel for today’s discussion: Jim Kobielus, senior analyst at Forrester Research; Jason Bloomberg, managing partner at ZapThink; Jim Hietala, Vice President for Security at The Open Group; Elinor Mills, senior writer at CNET, and Michael Dortch, Director of Research at Focus. The discussion is moderated by BriefingsDirect’s Dana Gardner, principal analyst at Interarbor Solutions. [Disclosure: The Open Group is a sponsor of BriefingsDirect podcasts.]
Here are some excerpts:
Mills: We now have a huge first public example of a company coming out and
saying, not only that they’ve been attacked — companies don’t want to admit that ever and it’s all under the radar — but also they’re pointing the fingers. Even though they’re not specifically saying, “We think it’s the Chinese state,” but they think enough of it that they’re willing to threaten to pull out of the country.
It’s huge and it’s going to have every company reevaluating what their response is going to be — not just how they’re going to do business in other countries, but what is their response going to be to a major attack.
Bloomberg: It’s not as big of a wakeup call as it should be. You can ask yourself, “Is this an
attack by some small cadre of renegade hackers or is this attack by the government of the People’s Republic of China? That’s an open question at this point.
Who is the victim? Is it Google, a corporation, or the United States? Is it the western world that is the victim here? Is this a harbinger of the way that international wars are going to be fought down the road?
We’ve all been worried about cyber warfare coming, but we maybe don’t recognize it when we see it as a new battlefield. It’s the same as terrorism. It’s not necessarily clear who the participants are.
When you place the enterprise into this context, well, it’s not necessarily just that you have a business within the context of a government subject to particular laws of particular government, you have the supernational, where large corporations have to play in multiple jurisdictions. That’s already a governance challenge for these large enterprises.
We already have this awareness that every single system on our network has to look out for itself and, even then, has levels of vulnerability.
Now, we have the introduction of cyber warfare, where we have concerted professional attacks from unknown parties attacking unknown targets and where it’s not clear who the players are. Anybody, whether it’s a private company, a public company, or a government organization is potentially involved.
That basically raises the bar for security throughout the entire organization. We’ve seen this already, where perimeter-based security has fallen by the wayside as being insufficient. We already have this awareness that every single system on our network has to look out for itself and, even then, has levels of vulnerability. This just takes it to the national level.
Kobielus: I don’t see anything radically or fundamentally new going on here. This is just a big,
powerful, and growing world power, China, and a big and growing world power on a tech front Google, colliding. … There has always been corporate espionage and there’s always been vandalism perpetrated by companies against each other through subterfuge, and also by companies or fronts operating as the agent of unseen foreign power. … This is international real-politic as usual, but in a different technological realm.
Hietala: In terms of the visibility it’s gotten and the kinds of companies that were attacked, it’s
a little bit game-changing. From the information security community perspective, these sorts of attacks have been going on for quite a while, aimed at defense contractors, and are now aimed at commercial enterprises and providers of cloud services.
I don’t think that the attacks per se are game-changing. There’s not a lot new here. It’s an attack against a browser that was couple of revs old and had vulnerability. The way in which the company was attacked isn’t necessarily game-changing, but the political ramifications around it and the other things we’ve just been talking about are what make it a little game-changing.
Dortch: This puts Google in the very interesting position of having to decide. Is it a
politically neutral corporation or is it a protector of the data that its clients around the world, not just here, and not just from governments but corporations? Is it a protector and an advocate of protection for the data that those clients have been trusted to it? Or, is it going to use the fact that it is a broker of all that data to sort of throw its muscle around and take on governments like China’s in debates like this.
The implications here are bigger than even what we’ve been discussing so far, because they get at the very nature of what a corporation is in this brave new network world of ours.
February 2nd, 2010
Security, simplicity and control ease make desktop virtualization ready for enterprise uptake
Listen to the podcast. Find it on iTunes/iPod and Podcast.com. Read a full transcript or download a copy. Learn more. Sponsor: Hewlett-Packard.
The growing interest and value in PC desktop virtualization strategies and approaches has its roots in both technology and economics. Recently, a lot has happened technically that has matured the performance and economic benefits of desktop virtualization and the use of thin-client devices.
At the same time as this functional maturity improved, we are approaching an inflection point in a market that is accepting of new clients and new client approaches like desktop virtualization.
Indeed, the latest desktop virtualization model empowers enterprises with lower total costs, greater management of software, tighter security, and the ability to exploit low-cost, low-energy thin client devices. It’s an offer that more enterprises are going to find hard to refuse.
In desktop virtualization, the workhorse is the server, and the client assists. This allows for easier management, support, upgrades, provisioning, and control of data and applications. Users can also take their unique desktop experience to any supported device, connect, and pick up where they left off. And, there are now new offline benefits too.
Here to help us learn more about the role and outlook for desktop virtualization, we’re joined by Jeff Groudan, vice president of Thin Computing Solutions at HP. The BriefingsDirect interview is conducted by Dana Gardner, principal analyst at Interarbor Solutions.
Here are some excerpts:
Groudan: There certainly are some things in the market that are sure driving a potential
inflection point [for client virtualization]. The market-driven things coming out of the recession are opening a lot of customers up to re-looking at some deployments that they may have delayed or specific IT projects that they have put on hold.
Just to put it into context, there was recently some data from Gartner. They feel like there are well over 600 million desktop PCs in offices today. Their belief is that over the next five years, upwards of 15 percent of those could be replaced by thin clients. So that’s quite a number of redeployments and quite an inflection point for client virtualization.
In addition, there has been an ongoing desire to increase security and a lot of new compliance requirements that the customers have to address. In addition, in general, as they are looking for ways to save on costs, they are consistently and constantly looking for different ways to more efficiently manage their distributed PC environments. All of these things are driving the high level of interest in virtualizing PCs.
One of the key benefits of client virtualization is the ability to keep all the data behind the firewall in the data center and deploy thin clients to the edge of the network. Those thin clients, by design, don’t have any local data.
You’re also seeing better performance on the hardware side and the infrastructure side. It’s really also helping bring the cost per seat of the client virtualization deployment down into ranges that are lot more interesting for large deployments. Last, and near and dear to my heart, you’re seeing more powerful, yet cost-effective, thin clients that you can put on the desk and that really ensure those end-users get the experience that you want them to get.
Not an IT panacea
Our general coaching to customers is that client virtualization is not necessary for everyone, for every user group, or every application set. But, certainly, for environments where you need to get them more manageable, you need more flexibility.
When you think about the cost savings of client virtualization, usually the costs come from some of the long-term acquisition costs.
You need higher degrees of automation in order to manage a high number of distributed PCs with the benefits from centralized control, reduced labor costs, and the ability to manage remote or hard to get at locations — things like branches, where you don’t have a local IT. Those are great targets for early client virtualization deployments.
All of a sudden, the data-center guys need to be thinking about the end-user. The end-user guys need to be thinking about the data center. Roles and responsibilities need to be hammered out. How do you charge the capital expense versus operational expense? What gets budgeted where? My advice is: as you’re thinking about the technical architecture and all of the savings end-to-end, you need to also be thinking about the internal business processes.
We look at this market in two ways, in the context of client virtualization and in the broader context of thin computing. Just zeroing in on client virtualization, we call it Client Virtualization HP. It’s desktop virtualization. It’s the same animal.
We look it as a specific set of technologies and architectures that dis-aggregate the elements of a PC, which allows customers to more easily manage and secure their environment. What we’re really doing is taking advantage of a lot of the new software capabilities that matured on the server side, from a server virtualization and utilization perspective. We’re now able to deploy some of those technologies, hypervisors, and protocols on the client side.
The first is that you don’t want to have customers having to figure out how to architect the stuff on their own. If you think about PCs 20-25 years ago, customers didn’t know how to architect a distributed PC environment. In 25 years, everybody has gotten good at it. We’re still at the early stages on client virtualization.
Our specific objective is figuring out how to simplify virtualization, so that customers get past the technology, and really start to deliver the full benefit of virtualization, without all the complexity.
So our focus is to deliver more complete integrated solutions, end to end from the desktop to the data center, lay it all out, and reference designs so customers can very comfortably understand how to go build out a deployment. They certainly may want to customize it. We want to get them 80-90 percent there just by telling them what we have learned.
Wide applicability across industries
There are opportunities for just about every industry. We’ve seen certain verticals on the cutting edge of this. Financial services, healthcare, education, and public sector are a few examples of industries that have really embraced this quickly. They have two or three themes in common. One is an acute security need. If you think about healthcare, financial services, and government, they all have very acute needs to secure their environments. That led them to client virtualization relatively quickly.
We certainly have some very exciting launches coming up in the next couple of months where we’re really focused on total cost per seat. How do we let people deploy these kinds of solutions and continue to get further economic benefits, delivering better tighter integration across the desktop to the data center?
The ease of deployment of these solutions can get easier-and-easier, and then ease of use and manageability tools. They allow the IT guys to deploy large deployments of client virtualization with as little touch and as little complexity as we can possibly make it. We’re trying to automate these kinds of solutions. We’re very excited about some of the things we’ll be delivering to our customers in the next couple of months.
Listen to the podcast. Find it on iTunes/iPod and Podcast.com. Read a full transcript or download a copy. Learn more. Sponsor: Hewlett-Packard.
November 18th, 2009
HP offers slew of products and services to bring cost savings and better performance to virtual desktops
Hewlett-Packard (HP) this week unleashed a barrage of products aimed at delivering affordable and simple computing experiences to the desktop.
These include thin-client and desktop virtualization solutions, as well as a multi-seat offering that can double computing seats. At the same time, the company targeted the need for data security with a backup and recovery system for road warriors. [Disclosure: HP is a sponsor of BriefingsDirect podcasts.]
The thin-client offerings from the Palo Alto, Calif. company include the HP t5740 and HP t5745 Flexible Series, which feature Intel Atom N280 processors and an Intel GL40 chipset. They also provide eight USB 2.0 ports and an optional PCI expansion module for easy upgrades.
The Flexible Series thin clients support rich multimedia for visual display solutions, including 
the new HP LD4700 47-inch Widescreen LCD Digital Signage Display, which can run in both bright and dim lighting while maintaining longevity, and can be set in either a horizontal or vertical position. With the new HP Digital Signage Display (DSD) Wall Mount, users can hang the display on a wall to showcase videos, graphics or text in a variety of commercial settings where an extra-large screen is desired.
The HP t5325 Essential Series Thin Client is a power-efficient thin client with a new interface that simplifies setup and deployment. All new HP thin clients include intuitive setup tools to streamline configuration and management. These include the ThinPro Setup Wizard for Linux and HP Easy Config for Microsoft Windows.
In addition, HP thin clients also include on-board utilities that automate deployment of new connections, properties, low-bandwidth add-ons, and image updates from one centralized repository to thousands of thin clients.
Client virtualization
Three new client virtualization architectures combine Citrix XenDesktop 4, Citrix XenApp or VMware View with HP ProLiant servers, storage and thin clients to provide midsize to large businesses with a range of scalable offerings.
HP ProLiant WS460c G6 Workstation Blade brings centralized, mission-critical security to workstation computing and allows individuals or teams to work and collaborate remotely and securely. This solution meets the performance and scalability needs for high-end visualization and handling of large model sizes demanded by enterprise segments such as engineering and oil and gas.
HP Client Automation 7.8, part of the HP Business Service Automation software portfolio allows customers to deploy and migrate to a virtual desktop infrastructure environment and manage it through the entire life cycle with a common methodology that reduces management costs and complexity. Customers also capture inventory and usage information to help size their initial virtual client deployment and reoptimize as end-user needs change over time.
The HP MultiSeat Solution stretches the computing budgets of small businesses and other resource-constrained organizations by delivering up to twice the computing seats as traditional PCs for the same IT spend.
HP MultiSeat uses the excess computing capacity of a single PC to give up to 10 simultaneous users an individualized computing experience. This is designed to help organizations affordably increase computing seats and provide a simple setup, as well as reduce energy consumption by as much as 80 percent per user over traditional PCs.
Data protection and backup
To address the problem of mobile workers — now estimated at 25 percent of the workforce — potentially losing company data, HP is offering HP Data Protector Notebook extension, which can back up and recover data outside the corporate network, even while the worker is working remotely and offline.
With the Data Protector, data is instantly captured and backed up automatically each time a user changes, creates or receives a files. The data is then stored temporarily in a local repository pending transfer to the network data vault for full backup and restore capabilities. With single-click recovery, users can recover their own files without initiating help desks calls.
De-duplication, data encryption, and compression techniques help to maximize bandwidth efficiency and ensure security. The user’s storage footprint is reduced by deduplication of multiple copies of data. All of the user’s data is then stored encrypted and compressed and the expired versions are cleaned up.
HP introduced HP Backup and Recovery Fast Track Services, a suite of scalable service engagements that help ensure a successful implementation of HP Data Protector and HP Data Protector Notebook Extension.
Workshops and services
To help companies chart their way to client virtualization, HP is also offering a series of workshops and services:
- The Transformation Experience Workshop is a one-day intensive session to help customers build their strategy for virtualized solutions, identify a high-level roadmap, and get executive consensus.
- The Business Benefit Workshop allows customers to identify, quantify and analyze the business benefits of client virtualization, as well as set return-on-investment targets prior to entering the planning stage.
- An Enhanced HP Solution Architecture and Pilot Service ensures the successful integration of the client virtualization solution into the customer’s infrastructure through a clear roadmap, architectural blueprint, and phased implementation strategy.
Products that are currently available include the t5740 Flexible Series Thin Client, $429; the t5745 Flexible Series Thin Client, $399; and is currently available, the LD4700 47-inch Widescreen LCD Digital Signage, starting at $1,799; and the ProLiant WS460c G6 Blade Workstation, starting at $3,044.
The t5325 Essential Series Thin Client starts at $199 and is expected to be available Dec. 1.
October 30th, 2009
Internet performance management makes data center consolidation possible
Listen to the podcast. Find it on iTunes/iPod and Podcast.com. View a full transcript or download a copy. Learn more. Sponsor: Akamai Technologies.
Data-center consolidation and modernization of IT systems helps enterprises reduce cost, cut labor, slash energy use, and become more agile.
Infrastructure advancements, standardization, performance density, and network services efficiencies are all allowing for bigger and fewer data centers and strategically architected and located facilities that can efficiently carry more of the total IT requirements load.
But to gain the benefits of these large and strategic infrastructure undertakings, the impact on the network beyond the firewall has to be considered. User expectations for performance and IT requirements for reliability need to be maintained, and even improved.
Fewer data centers means longer distances between servers and users. Network services and Internet performance management therefore need to be brought considered to produce the desired effect of topnotch applications and data delivery to enterprises, consumers, partners, and employees at far lower cost.
Here to help us better understand how to get the best of all worlds — that is, high performance and lower total cost from data center consolidation — we’re joined by James Staten, Principal Analyst at Forrester Research; Andy Rubinson, Senior Product Marketing Manager at Akamai Technologies, and Tom Winston, Vice President of Global Technical Operations at Phase Forward, a provider of integrated data management solutions for clinical trials and drug safety. The panel is moderated by me, BriefingsDirect’s Dana Gardner, principal analyst at Interarbor Solutions.
Here are some excerpts:
Staten: Oftentimes, the biggest reason to do [consolidation] is because you have sprawl in the data center. You’re running out of power, you’re running
out of the ability to cool any more equipment, and you are running out of the ability to add new servers, as your business demands them.
If there are new applications the business wants to roll out, and you can’t bring them to market, that’s a significant problem. This is something the organizations have been facing for quite some time.
As a result, if they can start consolidating, they can start moving some of these workloads onto fewer systems. This allows them to reduce the amount of equipment they have to manage and the number of software licenses they have to maintain and lower their support costs. In the data center overall, they can lower their energy costs, while reducing some of the cooling required.
… Most applications actually end up consuming on average only 15-20 percent of the server. If that’s the case, you’ve got an awful lot of headroom to put other applications on there.
We were isolating applications on their own physical systems, so that they would be protected from any faults or problems with other applications that might be on the same system and take them down. Virtualization is the primary isolating technology that allows us to do that.
… More and more applications are being broken down into modules, and, much like the web services and web applications that we see today, they’re broken into tiers. Individual logic runs on its own engine, and all of that can be spread across some more monetized, consistent infrastructure. We are learning these lessons from the dot-coms of the world and now the cloud-computing providers of the world, and applying them to the enterprise.
… On average, across all the enterprises we have spoken to, you can realistically expect to see about a 20 percent cost reduction from doing this. But, as you said, if you’ve got 5,000 servers, and they’re all running at 5 percent utilization, there are big gains to be had.
Rubinson: I focus mainly on delivery over the Internet. There are definitely some challenges, if
you’re talking about using the Internet with your data center infrastructure — things like performance latency, availability challenges from cable cuts, and things of that nature, as well as security threats on the Internet.
It’s thinking about how can you do this, how can you deliver to a global user base with your data center, without having to necessarily build out data centers internationally, and to be able to do that from a consolidated standpoint.
… From the cost perspective, we’re able to eliminate unnecessary hardware. We’re able to take some of that load off of the servers, and do the work in the cloud, which also helps reduce them.
… In terms of responsiveness, by using the Internet, you can deploy a lot more quickly. It allows us to give that same type of performance, availability, and security that you would get from having a private WAN, but doing it over the much less expensive Internet.
This is really important, as we have seen more and more users that are going outside of the corporate [networks]. People are connecting to suppliers, to partners, to customers, and to all sorts of things now.
… By optimizing the cloud, we’re able to speed the delivery of information from the origin as well. That’s where it’s benefiting folks like Tom, where he is able to not only cache information, but the information that is dynamic, that needs to get back from the data center, goes more quickly.
Winston: When I joined [Phase Forward], it had two different data centers — one on the East Coast an
d one on the West Coast. We were facing the challenge of potentially having to expand into a European data center, and even potentially a Pacific Rim data center.
By continuing to expand our virtualization efforts, as well as to leverage some of the technologies that Andy just mentioned … Internet acceleration via some of the Akamai technologies, we were able to forgo that data center expansion. In fact, we were able to consolidate our data center to one East Coast data center, which is now our primary hosting center for all of our applications.
So it had a very significant impact for us by being able to leverage both that WAN acceleration, as well as virtualization, within our own four walls of the data center.
We run electronic data capture (EDC) software, and pharmacovigilance software for the largest pharmaceutical and clinical device makers in the world. They are truly global organizations in nature. So, we have users throughout the world, with more and more heavy population coming out of the Asia Pacific area.
… We have a very large, diverse user base that is accessing our applications 24×7x365, and, as a result, we have performance needs all the time for all of our users.
… Our primary application, our flagship application, is a product called InForm, which is the main EDC product that our customers use across the Internet. It’s accelerated using Akamai technology, and almost 100 percent of our content is dynamic. It has worked extremely well.
Staten: … Users are all over the place. Whether they are an internal employee, a customer, or a business partner, they need to get access to those applications, and they have a performance expectation that’s been set by the Internet. They expect whatever applications they are interacting with will have that sort of local feel.
That’s what you have to be careful about in your planning of consolidation. You can consolidate branch offices. You can consolidate down to fewer data centers. In doing so, you gain a lot of operational efficiencies, but you can potentially sacrifice performance.
You have to take the lessons that have been learned by the people who set the performance bar, the providers of Internet-based services, and ask, “How can I optimize the WAN? How can I push out content? How can I leverage solutions and networks that have this kind of intelligence to allow me to deliver that same performance level?” That’s really the key thing that you have to keep in mind. Consolidation is great, but it can’t be at the sacrifice of the user experience.
… The right location [for data centers] has to be optimized for a variety of factors. It has to be optimized for where the appropriate skill sets are. It has to be optimized for the geographic constraints that you may be under.
We’re able to take some of that load off of the servers, and do the work in the cloud, which also helps reduce them.
You may be doing business in a country in which all of the citizen information of the people who live in that country must reside in that country. If that’s the case, you don’t necessarily have to own a data center there, but you absolutely have to have a presence there.
Winston: … We had users in China who, due to the amount of traffic that had to traverse the globe, were not happy with the performance of the application. Specifically, we brought in Akamai to start with a very targeted group of users and to be able to accelerate for them the application in that region.
It literally cut the problem right out. It solved it almost immediately. At that point, we then began to spread the rest of that application acceleration product across the rest of our domains, and to continue to use that throughout the product set.
Rubinson: … We recently commissioned a study with Forrester, looking at what is that tolerance threshold [for a page to load]. In the past it had been that people had tolerance for about four seconds. As of this latest study, it’s down to two seconds. That’s for business to consumer (B2C) users. What we have seen is that the business-to-business (B2B) users are even more intolerant of waiting for things.
It really has gotten to a point where you need that immediate delivery in order to drive the usage of the tools that are out there.
… Just putting yourself in the cloud doesn’t mean that you’re not going to have the same type of latency issues, delivering over the Internet. It’s the same thing with availability in trying to reach folks who are far away from that hosted data center. So, the cloud isn’t necessarily the answer. It’s not a pill that you can take to fix that issue.
… For Akamai, it’s really about how we’re able to accelerate. How we are able to optimize the routing and the other protocols on the Internet to make that get from wherever it’s hosted to a global set of end users.
We don’t care about where they are. They don’t have to be on the corporate, private WANs. It’s really about that global reach and giving the levels of performance to actually provide an SLA. Tell me who else out there provides an SLA for delivery over the Internet? Akamai does.
Listen to the podcast. Find it on iTunes/iPod and Podcast.com. View a full transcript or download a copy. Learn more. Sponsor: Akamai Technologies.
October 21st, 2009
Global study: Hybrid model rules as cloud heats up, SaaS adoption blazing
“Cloud” is the game and “hybrid” is the name. A recent global study has encouraging news for cloud-computing enthusiasts, revealing a sharp uptick in the adoption, as well as consideration, of cloud computing. The same study also indicates that those who are adopting cloud aren’t going whole hog, but are taking a hybrid approach — mixing external and internal clouds.
The study, commissioned by global IT consultancy Avanade, showed a surprising increase in the 
interest in cloud computing, even from a similar study conducted in January of this year. In January, 54 percent of respondents said they had no plans to adopt cloud computing. By September, that percentage had shrunk to 37 percent.
At the same time, the percentage of companies planning or testing cloud computing increased three-fold, going from 3 percent of respondents to 10 percent.
What’s significant in the report is that less than 5 percent of companies are using an all-cloud model. The rest are relying on a hybrid approach, and report security concerns as the chief factor for being cautious.
Nine months ago, 61 percent of respondents indicated that they were using only internal IT systems and today, that number has dropped to 41 percent. At the same time, those using a combined approach on a global level have increased to 54 percent from 33 percent nine months earlier.
The report says it not clear whether the hybrid model will lead to a pure-play adoption at some point.
SaaS is taking off
One aspect of cloud computing that’s finding wide adoption is software as a service (SaaS), with more than half of the respondents worldwide — and 68 percent in the US — reporting that they have adopted SaaS at some level. Despite extremely high satisfaction — more than 90 percent — reliability is still an issue. About 30 percent of respondents said they had lost more than a day of business due to a service outage.
Still, the reliability concerns haven’t dampened users’ enthusiasm for SaaS, and 62 percent of respondents reported that they had plans to move into more SaaS within the next year. However, similar to their experience with cloud, users tend to deliver SaaS applications internally, rather than from the third-party provider.
On a global basis, those who deliver SaaS application internally outnumber those who used a third party by a ratio of 2 to 1. In the US, that increases to 4 to 1. Also, those who do use SaaS often rely on multiple providers, with one third using three or more providers. This leads the report to conclude that there is opportunity in the SaaS market.
Other conclusion from the report:
- Cloud will continue to make significant inroads for the next year, although there won’t be a migration to a full cloud environment.
- The gap is closing between companies with plans to adopt and those without. Avenade sees those curves intersecting in 2011 or 2012.
- Despite the widespread adoption of cloud, there will be some applications that should remain on-premises.
- SaaS adoption will continue to spread and is spreading faster than other technologies have in the past.
The study was conducted by Kelton Research and surveyed 500 C-level and IT executives worldwide.
BriefingsDirect contributor Carlton Vogt provided editorial assistance and research on this post.
October 7th, 2009
Successful data center transformation usually requires overdue rethinking of the network
Listen to the podcast. Find it on iTunes/iPod and Podcast.com. View a full transcript or download the transcript. Learn more. Sponsor: Hewlett-Packard.
Special Offer: Gain insight into best practices for transforming your data center by downloading three new data center transformation whitepapers from HP at www.hp.com/go/dctpodcastwhitepapers.
Most enterprise networks are the result of a patchwork effect of bringing in equipment as needed over the years to fight the fire of the day, with little emphasis on strategy and the anticipation of future requirements. That’s why it’s necessary to reevaluate network architectures in light of newer and evolving IT demands, and overall moves to next-generation data centers.
Nowadays, we see that network requirements have, and are, shifting as IT departments adopt improvements such as virtualization, software as a service (SaaS), cloud computing, and service-oriented architecture (SOA).
The network loads and demands continue to shift under the weight of Web-facing applications and services, security and regulatory compliance, governance, ever-greater data sets, and global-area service distribution and related performance management.
It doesn’t make sense to embark upon a data-center transformation journey without a strong emphasis on network transformation as well. Indeed, the two ought to be brought together, converging to an increasing degree over time.
I recently interviewed three thought leaders at HP on network transformation to help explain the evolving role of network transformation and to rationalize the strategic approach to planning and specifying present and future enterprise networks. They are Lin Nease, director of Emerging Technologies, HP ProCurve; John Bennett, worldwide director, Data Center Transformation Solutions, and Mike Thessen, practice principal, Network Infrastructure Solutions Practice in the HP Network Solutions Group.
Here are some excerpts:
Bennett: Data-center transformation is really about helping customers build out a next-generation data center, an adaptive infrastructure, that is designed to not only meet the current business needs, but to lay the foundation for the plans and strategies of the organi
zation going forward.
In many cases, the IT infrastructure, including the facilities, the servers, the network, and storage environments can actually be a hindrance to investing more in business services and having the agility and flexibility that people want to have, and will need to have, in increasingly competitive environments.
When we talk about that, very typically we talk a lot about facilities, servers, and storage. For many people, the networking environment is ubiquitous. It’s there. But, what we discover, when we lift the covers, is that you have an environment that may be taking lots of resources to manage and keep up-to-date.
… The networking infrastructure becomes key, as an integration fabric, not just between users in business services, but also between the infrastructure devices in the data center itself.
That’s why we need to look at network transformation to make sure that the networking environment itself is aligned to the strategies of the data center, that the data center infrastructure is architected to support those goals, and that you transform what you have and what you have grown historically over decades into what hopefully will be a “lean, mean, fighting machine.”
Nease: The network has basically evolved as a result of the emergence of the Internet and all forms of co
mmunications that share the network as a system. The server side of the network, where applications are hosted, is only one dimension that tugs at the network design in terms of requirements.
You find that the needs of any particular corner of the enterprise network can easily be lost on the network, because the network, as a whole, is designed for multiple constituencies, and those constituencies have created a lot of situations and requirements that are in themselves special cases.
In the data center, in particular, we’ve seen the emergence of a formalized virtualization layer now coming about and many, many server connections that are no longer physical. The history of networking says that I can take advantage of the fact that I have this concept of a link or a port that is one-to-one with a particular service.
That is no longer the case. What we’re seeing with virtualization is challenging the current design of the network. That is one of the requirements that are tugging at a change or provoking a change in overall enterprise network design.
… Too often people are compelled by a technology approach to rethink how they are doing networking. IT professionals will hear the overtures of various vendors saying, “This is the next greatest technology. It will maybe enable you to do all sorts of new things.” Then, people waste a lot of time focusing on the technology enablement, without actually starting with what the heck they’re trying to enable in the first place.
Thessen: In years past, you were effectively just providing local area network (LAN) and wide
area network (WAN) connectivity. Servers were on the network, and they got facilities from the network to transport their data over to the users.
Now, everything is becoming converged over this network — “everything” being data storage, and telephony. So, it’s requiring more towers inside of corporate IT to come together to truly understand how this system is going to work together.
Nease: [Service orientation] is the only way out. With the new complexity that has emerged, and the fact that traditional designs can no longer rely on physical barriers to implement policies, we have reached a point, where we need an architecture for the network that builds in explicit concepts of policy decisions and policy enforcement.
The only way out is to regard the network itself as a service that provides connectivity between stations — call them logical servers, call them users, or call them applications. In fact, that very layering alone has forced us to think through the concept of offering the network as a service.
Bennett: … In parallel with that, we see an increasing drive and demand for virtualizing storage to have it both be more efficiently and effectively used inside the data center environment, but also to service and support the virtualized business services running in virtualized servers. That, in turn, carries into the networking fabric of making sure that you can manage the network connections on the fly.
Virtualization is not only becoming pervasive, but clearly the networking fabric itself is going to be key to delivering high quality business services in that environment.
Thessen: … Networks need to be prepared for the convergence of the communication paths for data and storage connectivity inside the data center. That’s the whole conversion — enhance, Ethernet, Fiber Channel over Ethernet. That’s the newest leg of the virtualization aspect of the data center.
Bennett: Fundamentally, convergence is about better integration across the technology stacks that help deliver business services. We’re saying that we don’t need separate, dedicated connections between servers for high availability from the connections that we use to the storage devices to have both a high-volume traffic and high-frequency traffic accesses to data for the business services or that we have for the network devices and the connections between them for the topology of the networking environment.
Rather, we are saying that today we can have one environment capable of supporting all of these needs, architected properly for particular customer’s needs, and we bring into the environment separate communications infrastructures for voice.
So, we’re really establishing, in effect, a common nervous system. Think about the data center and the organization as the human body. We’re really building up the nervous system, connecting everything in the body effectively, both for high-volume needs and for high-frequency access needs.
Thessen: … The
Without understanding who is talking to whom, how applications communicate, and how applications get access to other IT services, such as directory services and so forth, it’s really difficult to secure them appropriately.
most important thing is really still the brutal standardization — network modularity, logical separation, utilizing those virtualization techniques that I talked about a few minutes ago, and very well-defined communications flows for those applications.
Additionally, you need those communication flows especially in these SaaS or cloud-computing, or convergence environments to truly secure those environments appropriately. Without understanding who is talking to whom, how applications communicate, and how applications get access to other IT services, such as directory services and so forth, it’s really difficult to secure them appropriately.
… What we focus on is really developing a good strategy first. Then, we define the requirements that go along with business strategy, perform analysis work against the current situation and the future state requirements, and then develop the solutions specific for the client’s particular situation, utilizing perhaps a mix of products and technologies.
Listen to the podcast. Find it on iTunes/iPod and Podcast.com. View a full transcript or download the transcript. Learn more. Sponsor: Hewlett-Packard.
Special Offer: Gain insight into best practices for transforming your data center by downloading three new data center transformation whitepapers from HP at www.hp.com/go/dctpodcastwhitepapers.
October 1st, 2009
Private clouds: A valuable concept or buzzword bingo?
This guest post comes courtesy of Ronald Schmelzer, senior analyst at Zapthink.
Take the BriefingsDirect middleware/ESB survey now.
By Ronald Schmelzer
Every once in a while, the machinery of marketing goes haywire and starts labeling all manner 
of things with inappropriate terminology. The general rationale of most marketers is that if there’s a band wagon rolling along somewhere and gaining some traction in the marketplace, it’s best to jump on it while it’s rolling.
After all, much of the challenge of marketing products is getting the attention of your target customer in order to get an opportunity to pitch products or services to them. Of course, if it doesn’t work with one band wagon, as the old adage goes, try, try again. This is why we often see the same products marketed with different labels and categories applied to them. Sure, the vendors will insist that they have indeed developed some new add-on or tweaked a user interface to include the new concept front and center, but at the very core of it, the products remain fundamentally unchanged.
Now, I don’t want to sound overly pessimistic about product marketing and the state of IT research and development, since the industry couldn’t exist without innovations that are truly new and disruptive and change the very face of the market. However, this sort of innovation often comes not from the established vendors in the market (who have customer bases to grow and defend), but rather from small upstarts that have nothing to lose. It is in this context that we need to evaluate some of the marketing terminology currently coming to the fore around the cloud computing concept.
ZapThink has had many positive things to say about cloud computing, and we do believe that as a business model, technological approach, and service-oriented domain it will have significant impact on the way companies large and small procure, develop, deploy, and scale their applications. Indeed, we’re starting to see hundreds of companies that develop whole products and services without procuring a penny of internal IT hardware or software resources. This is the bonanza that is cloud computing.
Yet, we’re now starting to see the emergence of a more perplexing concept called “private clouds.” If the benefit of the cloud is primarily loosely coupled, location-independent virtualized services (implemented in a service-oriented manner, of course), and we’re doing this with the intent of reducing IT expenditures, then is there any value in a new concept called private clouds? How does the addition of this word “private” add any value to the sort of service-oriented cloud computing that we’ve been now talking about for a handful of years? Is this a valuable term, or mere marketing spin?
To attempt to gain some clarity around this issue, ZapThink reached out to a number of pundits and opinion-leaders in the space to get their thoughts and definitions on private cloud, and to no surprise, the definitions all varied significantly. Let’s explore these definitions and see what additional value (if any) they contribute to the cloud computing discussion.
Private cloud concept #1: Company-owned and operated, location-independent, virtualized (homogeneous) service infrastructure
My colleague, Jason Bloomberg, is of the opinion that a private cloud consists of infrastructure owned by a company to deploy services in a virtualized, location-independent manner. What differentiates private clouds from simply implementing clustered applications or servers, is that the cloud is not built for a specific service or application in mind.
Rather, it is an abstracted, virtualized environment that allows for deployment of a wide range of disparate services. It is important to note that in practical terms, companies will most likely not implement this vision of private clouds using a diversity of heterogeneous infrastructure. Indeed, it is in their best interests to control costs and complexity of support, training, and administration by implementing their private clouds using a single vendor stack.
So, this vision of private clouds is often a single-vendor (homogeneous) cluster of virtualized infrastructure that enables location-independent service consumption. Of course, implementing any sort of homogeneous stack reduces the need for loosely-coupled services, and thus weakens the service-oriented cloud computing value proposition as a whole for that company.
Private cloud concept #2: Virtualization plus dynamic provisioning (elasticity)
In a response to a Facebook post, Jean-Jacques Dubray comments that the above definition doesn’t go far enough. Rather, in order for the company-owned and implemented infrastructure to be considered a private cloud, it must include the concept of “elasticity.” Specifically, this means that the hardware and software resources must be provisioned in a dynamic manner, scaling up and down to meet changes in demand, thus enabling a more responsive and cost-sensitive approach to IT provisioning.
This idea of private clouds sounds a lot like the utility computing concept sold as part of IBM’s decade-old vision of on-demand computing. From this perspective, a private cloud is company-owned on-demand utility computing implemented with services instead of tightly coupled applications.
Private cloud concept #3: Governed, virtualized, location-independent services
In a response my Tweet on the subject, David Chappell comments that the private cloud is really a response to some of the security and governance issues raised by the (public) cloud. Specifically, he states that a “private cloud (equals) more control over what and how.”
Reading between the 140 character lines, I can guess that his perspective is that a private cloud is a governed cloud that enables virtualized, governed, location-independent services. For sure, there has been a lot of consternation over the fact that the most popular “public” clouds share infrastructure between customers and require that data and communications cross the company firewall.
This stresses out a lot of IT administrators and managers. So in response, these folks insist that they want all the technological benefits of cloud computing, but without the governance risk of having it reside in someone else’s infrastructure. Basically, they want the virtualization, loose coupling, and location-independent benefits of cloud computing without the economic benefits of leveraging someone else’s costs and investments. Basically, they would rather own a version of the Amazon EC2 than use it, solely for reasons of governance.
Many people are indeed concerned about those supposed governance and security draw-backs of cloud computing. However, rather than simply dismissing the economic benefits of the public clouds, why can’t we simply approach private clouds as a veneer that we place on top of the public clouds?
Couldn’t companies impose their governance and security requirements on third-party infrastructure, using company-owned governance tools and approaches to manage remote services? Couldn’t we simply demand that the public clouds provide greater governance and security control?
Basically, does the addition of the term private provide the same sort of value as it does in the context of the virtual private network (VPN)? We didn’t throw out the Internet because it was insecure and create a private Internet. So, why should we do the same with cloud computing and create private clouds?
Private cloud concept #4: Internal business model for pay on demand consumption of location-independent, virtualized resources
JP Morgenthal takes an entirely different perspective on the private cloud concept and insists that the primary value of any cloud, whether implemented privately or acquired from a public vendor, is the business model of pay-as-you-go service consumption.
From this perspective, a private cloud is an internal business model that enables organizations to consume and procure internal, virtualized, loosely coupled services using a pay on-demand model similar to a charge-back mechanism. Rather than an IT organization paying for and supporting the costs of the business users in an aggregate fashion, they can provide those resources using the same business models employed by Amazon, Google, Salesforce.com and others in their public clouds.
In order to realize this vision of private clouds, companies need a means to enable transactional service purchases, auditing of service usage, and organizational methods for enabling such inter-departmental charges. At the most fundamental level, this vision of the private cloud treats IT as a business and a service provider to the rest of the organization.
Private cloud concept #5: Marketing hype, pure and simple
TechTarget offers the most cynical view of the private cloud. In their words, a private cloud is a “marketing term for a proprietary computing architecture that provides hosted services to a limited number of people behind a firewall.”
“Marketing media that uses the words “private cloud” is designed to appeal to an organization that needs or wants more control over their data than they can get by using a third-party hosted service. …” Basically, they opine that the term has marketing value only. Where does this place IT practitioners? Reading between the lines, they encourage us to ignore the usage of the term.
More fodder for pundits
Thomas Bittman from Gartner recently posted a rather snarky blog post that says that if we don’t get private clouds, we’re basically silly people who are missing the boat. In that article, he states, “Can you find a better term? Go ahead.”
Yes, we can. “Service-oriented cloud computing” adequately defines an architectural and infrastructure approach to develop location-independent, loosely coupled services, in a manner that virtualizes and abstracts the implementation of these services. What additional value does the term “private” add to that? It’s not entirely clear, and as we can see from the discussion above, there’s no consensus.
Adding more fuel to the fire, a well-publicized video of Oracle’s Larry Ellison and follow-up audio post is now making the rounds where he (humorously or embarrassingly, depending on your perspective) pokes holes in the cloud computing concept as a whole and chastises IT marketing efforts.
Regardless of where you stand on the cloud computing discussion, the video sheds some light on Oracle’s perspective on this whole mess. While it would be hard to say if Ellison speaks for all of Oracle (although you would think so), it indicates that even vendors are starting to strain at the marketing hype that threatens to devalue billions of dollars of their own product investment over the prior decades.
The ZapThink take
The fact that there’s no single perspective on private cloud might indicate that none of the definitions really warrant separating the private cloud concept from that of cloud computing as a whole — especially the service-oriented sort of clouds that ZapThink espouses.
One reasonable perspective is that the definitions discussed above are simply differing infrastructural and organizational approaches to implementing service-oriented cloud computing. However, those approaches should not warrant a whole new term and certainly not millions more in infrastructure expenditure.
Trying to create a new concept of private clouds from any of a number of perspectives — architectural, infrastructural, organizational, governance, business model — seems to introduce more confusion than clarification. After all, shouldn’t all clouds, private or not, have many of the benefits described above? Doesn’t the concept of a private, company-owned cloud in some ways weaken the cloud value proposition? Who really benefits from this private cloud discussion — IT practitioners or vendors with products to sell?
The point of any new term should be to clarify and differentiate. If the term does neither, then it is part of the problem, not the solution. However, when vendors start pitching their warmed-over middleware stacks and now-dull enterprise service buses (ESB) as “private cloud” infrastructure stacks – ask yourself: Does this change what you are doing now, or is this the beating of the band wagon’s marketing drum?
The goal is not to buy more stuff – the goal is to provide the business increasing value from their existing IT investments. This is the purpose and goal of enterprise architecture and the reason why IT exists in the first place.
This guest post comes courtesy of Ronald Schmelzer, senior analyst at Zapthink.
Take the BriefingsDirect middleware/ESB survey now.
SOA and EA Training, Certification,
and Networking Events
In need of vendor-neutral, architect-level SOA and EA training? ZapThink’s Licensed ZapThink Architect (LZA) SOA Boot Camps provide four days of intense, hands-on architect-level SOA training and certification.
Advanced SOA architects might want to enroll in ZapThink’s SOA Governance and Security training and certification courses. Or, are you just looking to network with your peers, interact with experts and pundits, and schmooze on SOA after hours? Join us at an upcoming ZapForum event. Find out more and register for these events at http://www.zapthink.com/eventreg.html.
September 29th, 2009
Akamai joins industry push for rich and fast desktop virtualization services
Call it a trend – and not just a virtual one. Akamai Technologies is the latest tech firm to join the effort to push desktop virtualization into the mainstream with the salient message of swift return on investment (ROI) and lower total costs for PC desktop delivery.
Akamai joins HP, Microsoft, VMware, as well as Citrix, Desktone and a host of others in the 
quest to advance the cause of desktop virtualization (aka VDI) in a sour economy. Better known for optimizing delivery of web content, video, dynamic transactions and enterprise applications online, Akamai just introduced a managed Internet service that optimizes the delivery of virtualized client applications and PC desktops.
Akamai isn’t starting from scratch. The company is leveraging core technology from its IP Application Accelerator solution to offer a new service that promises cost-efficiency, scalability and the global reach to deliver applications over virtual desktop infrastructure products offered by Citrix, Microsoft and VMware. [Disclosure: Akamai is a sponsor of BriefingsDirect podcasts.]
“We see the desktop virtualization market poised for significant growth and believe that our unique managed services model allows us to work with enterprises on large, global deployments of their virtual desktop infrastructure,” says Willie Tejada, vice president of Akamai’s Application and Site Acceleration group, in a release.
Since Akamai launched its IP Application Accelerator, Tejada reports good traction beyond browser-based applications. Now, he’s betting Akamai’s new customized offering will make room for the company to focus even more on virtualization. He’s also betting enterprise customers will appreciate the new pricing model. With IP Application Accelerator targeted for VDI, Akamai is rolling out concurrent user-based pricing and customized integrations through professional services to virtual desktops.
Significant growth
Tejada is right about one thing: the expected and significant growth of virtual desktop connected devices. Gartner predicts this sector will grow to about 66 million by the end of 2014. That translates to 15 percent of all traditional professional desktop PCs. With these numbers on hand, it’s clear that enterprises are rapidly adopting virtualization as a key component of cost-containment efforts.
I think we’re facing an inflection point for desktop virtualization, fueled by the pending Windows 7 release, pent-up refresh demand on PCs generally, and the need for better security and compliance on desktops. Add to that economic drivers of reducing client support labor costs, energy use, and the need to upgrade hardware, and Gartner’s numbers look conservative.
Device makers are hastening the move to VDI with thin clients (both PCs and notebooks) that add all the experience of the full PC but in the size of a ham sandwich and for only a few hundred dollars. Hold the mayo!
But there are yet challenges to guaranteeing the performance and scale of VDI across wide area networks. Akamai points out three in particular. First, is the user’s proximity from a centralized virtualization environment. It has a direct impact on performance and availability. Second, virtual protocols consume large amounts of bandwidth. Third, there is traditionally a high cost, as well as uptime issues, associated with private-WAN connections in emerging territories where outsourcing and off-shoring are commonplace.
We see the desktop virtualization market poised for significant growth and believe that our unique managed services model allows us to work with enterprises on large, global deployments of their virtual desktop infrastructure.
Akamai is not only promising its service will overcome all those challenges, it’s also suggesting that working with its solution on the virtualization front may eliminate the need to build out or upgrade costly private networks limited by a preset reach and scale. How does Akamai do this? By allowing for highly scalable and secure virtual desktop deployments to anyone, anywhere, across an Internet-based platform spanning 70 countries.
According to Akamai, its technology is designed to eliminate latency introduced by
Internet routing, packet loss, and constrained throughput. The company also says that performance improvements can be realized through several techniques including dynamic mapping, route optimization, packet redundancy algorithms, and transport protocol optimization.
The story for Akamai’s IP Application Accelerator targeted for VDI. We’ll have to wait and see the case studies of customers relying on the new solution, but the promises are, well, promising. If you have a lot of PCs in calls centers or managing a lot of remote locations, give VDI a look. It’s time has come from a technology, network performance, cost and long-term economics perspective.
BriefingsDirect contributor Jennifer LeClaire provided editorial assistance and research on this post. She can be reached at http://www.linkedin.com/in/jleclaire and http://www.jenniferleclaire.com.
Dana Gardner is principal analyst of Interarbor Solutions. For disclosures on Dana's industry affiliations, click here or to view his full profile click here.
Subscribe to BriefingsDirect via Email alerts or RSS.
Link to BriefingsDirect podcast. Subscribe to the podcast Feed. Subscribe with iTunes.
SponsoredWhite Papers, Webcasts, and Downloads
- Service Management Resource Center IBM Corp. This buyer's guide provides assistance in evaluating identity and access ... Download Now
- Critical Connections: Leveraging Technology to Improve Healthcare Qwest Communications The American Recovery and Reinvestment Act allocates more than $20 billion ... Download Now
- Volume Activation Planning Guide Microsoft Volume Activation helps Volume Licensing customers automate and manage the ... Download Now
Essential Topics 
- Top-ranked Novell support for Red Hat at 50% less
- Get top-ranked Novell support for Red Hat when you switch
- Move to SUSE Linux Enterprise. Get 3 years of Red Hat support
- More interoperability, plus 3 years. Red Hat support, only from Novell
- Red Hat support, patches, updates with the interoperability of Novell
- Unrivaled Red Hat support now available from Novell
Recent Entries
- AmberPoint finally gets acquired as Oracle fills in more remaining stack holes
- Converged infrastructure approach paves way for improved data center productivity, private clouds
- BriefingsDirect analyst panelists peer into crystal balls for latest IT growth and impact trends
- ISM3 brings greater standardization to security measurement across enterprise IT
- ArchiMate gives business leaders and IT architects a common language to describe how the enterprise works best
Blogs From Our Sponsors
Most Popular Posts
- Apple and Oracle on way to do what IBM and Microsoft could not: Dominate entire markets
- Oracle's Sun Java strategy: Business as usual
- Security skills provide top draw across still challenging U.S. IT jobs landscape
- Time to give server virtualization's twin, storage virtualization, a top place at IT efficiency table
- BriefingsDirect analysts discuss ramifications of Google-China dust-up over corporate cyber attacks
- Security, simplicity and control ease make desktop virtualization ready for enterprise uptake
Top Rated
- Time to give server virtualization's twin, storage virtualization, a top place at IT efficiency table+4 votes
- Is Google the best candidate to create a good, customer-focused cloud banking service portfolio?+4 votes
- Apple and Oracle on way to do what IBM and Microsoft could not: Dominate entire markets+4 votes
- Security skills provide top draw across still challenging U.S. IT jobs landscape+3 votes
- The march of Progress Software: Savvion provides latest entry in BPM consolidation parade+2 votes
- Oracle's Sun Java strategy: Business as usual+2 votes
- ISM3 brings greater standardization to security measurement across enterprise IT+2 votes
- CERN’s evolution toward cloud computing could portend next revolution in extreme IT productivity+2 votes
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
Archives
Favorite Links
Favorite Links
- BriefingsDirect Podcasts
- BriefingsDirect Transcripts
- Chet Kapoor’s Edge of the Cloud
- Complex Event Processing
- Dana Gardner’s del.icio.us Tags
- Dana Gardner’s Tweets
- Dana’s FriendFeed
- Dave Linthicum’s Real World SOA Blog
- Designing the cloud
- Dion Hinchcliffe
- Download BriefingsDirect Podcast Transcripts
- James Kobielus Blog
- Joe McKendrick
- Making Sense of SOA
- Mary Jo Foley’s All About Microsoft Blog
- Sam Whitmore
- Sandy Kemsley
- Secure Observations
- Seeking Alpha Software
- Todd Biske Blog–Outside the Box
- Tony Baer’s OnStrategies Perspectives
- VOSibilities
ZDNet Blogs
- A Developer's View
- All About Microsoft
- The Apple Core
- Between the Lines
- BriefingsDirect
- Collaboration 2.0
- Dev Connection
- Digital Cameras & Camcorders
- Ed Bott's Microsoft Report
- Emerging Tech
- Enterprise Web 2.0
- Forrester Research
- Googling Google
- GreenTech Pastures
- Hardware 2.0
- Home Theater
- iGeneration
- Irregular Enterprise
- IT Project Failures
- Laptops & Desktops
- Lawgarithms
- Linux and Open Source
- Managing L'unix
- The Mobile Gadgeteer
- On Sustainability
- The Semantic Web
- Service Oriented
- Smartphones and Cell Phones
- Social Business
- Social CRM: The Conversation
- Software & Services Safari
- Software as Services
- Storage Bits
- Team Think
- Tech Broiler
- Technology and the Global Supply Chain
- Tom Foremski: IMHO
- The ToyBox
- Virtually Speaking
- The Web Life
- ZDNet Education
- ZDNet Government
- ZDNet Healthcare
- Zero Day
White Papers, Webcasts, and Downloads
- Software Trial: AdminStudio(r) Migrates MSIs to Windows(r) 7 and App-V(r) Fast Flexera Software AdminStudio? allows IT to quickly prepare reliable virtual and MSI ... Download Now
- Unlocking Hidden Value from Investments in SAP NetWeaver Business Warehouse IBM Find out how IBM Cognos 8 software and solutions can drive maximum value from your current investment in SAP NetWeaver Business Warehouse. Download Now
- A Case Study in Scientific Application Streaming at the Harvard School of Engineering and Applied Sciences Intel The School of Engineering and Applied Sciences (SEAS) serves as the ... Download Now
SmartPlanet
- Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
- More from IBM
-
- How to Drive Better Business Outcomes with Exceptional Web Experiences Download the eBook
- Driving Business Agility through SOA Connectivity & Integration Read the White Paper from IBM
- Linking Decisions and Information for Organizational Performance Read the Tom Davenport study
