Wednesday, September 17, 2008

iTKO's John Michelsen Explains Roles and Methods for SOA Validation Across Complex Integration Lifecycles

Transcript of BriefingsDirect podcast with iTKO's John Michelsen on SOA testing and virtualization market trends.

Listen to the podcast. Download the podcast. Find it on iTunes/iPod. Learn more. Sponsor: iTKO.

Dana Gardner: Hi, this is Dana Gardner, principal analyst at Interarbor Solutions, and you’re listening to BriefingsDirect. Today, a sponsored podcast discussion about integration, validation, and testing for services-oriented architecture (SOA) and middleware -- particularly for business process management and to extend business processes more efficiently.

We’re going to be looking at how integration nowadays is really across multiple dimensions. We are talking about integrating technology, about various formats, and for extending frameworks, vendors, application sets, and specific application suites. There are also now enterprise service buses (ESBs) that are creating multiple types of integration across services -- from different hosting locations and from different technologies.

Not only that, we’re also dealing with traditional enterprise application integration (EAI) issues and middleware. And, of course, there’s more talk about cloud computing and software as a service (SaaS).

The whole notion of integration in the enterprise has exploded in terms of complexity -- but that puts more onus and importance on validation, testing and understanding what’s actually going on within these integration activities.

To help us understand more about integration, middleware and SOA validation and testing, we’re joined by John Michelsen, chief architect and founder of iTKO. Welcome to the show, John.

John Michelsen: Thanks, Dana, good to be here.

Gardner: We’ve talked several times in the past about the integration in SOA, and what’s been going on. How do you look at integration now among business applications and middleware? Is it, in fact, more onerous and complex than ever, and how would you characterize the current state of the market?

Michelsen: It really is, and it’s for a number of reasons. Most of us can surmise that, as soon as we look at it. We tend not to turn anything off. Existing systems don’t go away, and yet we bring in additional [IT] systems and new things all the time. We’re changing technologies, because we're always looking for the faster, cheaper, more effective way. That's great, and yet today, IT becomes legacy faster than before. In fact, you and I had a conversation a few weeks ago about that.

So, it gets more complex over time. And yet, to get real value out of IT you’ve got to think not from the perspective of these systems, but from the business’s processes, as they need to function. We have to do what you can, considering unreasonable gyrations in the systems, in order to make it reflect the way the business operates.

So there is a real mismatch here, and in order for us to accomplish value for the business, we’ve got to solve for it.

Gardner: Of course, at the same time, IT organizations are under pressure to reduce their complexity, reduce their maintenance and total cost of ownership (TCO). They’re dealing with long-term activities such as datacenter consolidation and application modernization. What is it that brings testing and validation into this mixture, in terms of end-to-end visibility?

Michelsen: Let’s say three or four systems are already interoperating in some way, and now you’ve become a part of a larger organization. You’ve merged into a large organization, or you’ve taken into your organization something you've acquired. You add another three or four end points, and now you’ve got this explosion of additional permutations. The interactions are so many that without good testing and validation, there’s just almost no hope of getting real visibility, and predictability out of these systems.

When things do fail, which unfortunately happens, you’ll have an extremely long recovery time without this test and validation capability, because knowing that something broke somewhere is the best you can do.

Gardner: I suppose we’re also looking now more at the lifecycle of these applications based on what’s going on at design time. Folks who are using agile development principles and faster iterations of development are throwing services up fairly quickly -- and then changing them on a fairly regular basis. That also throws a monkey wrench into how that impacts the rest of the services that are being integrated.

Michelsen: That’s right, and we’re doing that on purpose. We like the fact that we’re changing systems more frequently. We’re not doing that because we want chaos. We’re doing it because it’s helping the businesses get to market faster, achieving regulatory compliance faster, and all of those good things. We like the fact that we’re changing, and that we have more tightly componentized the architecture. We’re not changing huge applications, but we’re just changing pieces of applications -- all good things.

Yet, if my application is dependent upon your application, Dana, and you change it out from under me, your lifecycle impacts mine, and we have a “testable event,” even though I’m not in a test mode at the moment. What are we going to do about this? We've got to rethink the way that we do services lifecycles, we've got to rethink the way we do integration and deployment.

Gardner: There is, of course, a very high penalty if you don’t do this properly. If you don’t have that visibility, you lose agility, and the business outcomes suffer.

Michelsen: That’s right. And too often, we see customers where they’re in this dynamic of these highly interconnected systems. That frequency of change and the amount of failure that’s occurring because of those changes are actually having such a negative effect that they’re artificially reducing their pace of change -- which is, of course, not the goal for the business -- in order to try to accomplish some level of stability.

This means that we’ve gone through all this effort to provide this highly adaptable and agile platform and we’re doing all this work to get agile and integrated, but we have to then undo the benefit in order to accomplish stability.

Gardner: One of the basic principles of SOA is that you get benefit as a result of the “whole being greater than the sum of the parts,” but many of the parts come from specific vendors and/or open-source projects. They have management capabilities and insights built into them specifically. Yet when you rise up a bit more holistically, that’s where the issue comes in of how to get visibility across multiple systems.

Explain to us how you got started on this journey, and where your background and history comes in terms of addressing that higher abstraction of visibility.

Michelsen: Right, that’s a good point, because if the world were as simple as we wanted it to be, we could have one vendor produce that system that is completely self-contained, self-managed, very visible or very "monitorable," if you will. That’s great, but that becomes one box of the dozens on the white board. The challenge is that not every box comes from that same vendor.

So we end up in this challenge where we’ve got to get that same kind of visibility and monitoring management across all of the boxes. Yet that’s not something that you just buy and that you get out of the box.

This is exactly what pushed me into this phase throughout the 1990s. I had a company prior to founding this one that built mission-critical applications for lots of large companies, including some airlines and financial service companies; logistics, even database engines, and things like this.

The great thing was that I was able to put my little team together to build really cool stuff and deploy it really fast into an organization. They loved it. The challenge was that I was doing this in a very disruptive way to the rest of the IT organization. I'd come, bring in this new capability, and integrate it into the rest of the applications.

Well, in doing so, I’m actually causing this very same dynamic that we’re talking about now -- where all of a sudden my new thing, my new technology, integrated into a bunch of legacy, is causing disruption across all kinds of systems. We just didn’t have a sense for how to do this.

So I had to learn how to do this, how to transform these organizations into integration-based thinking, and put in test-and-validation best practices. That’s what caused us to end up building what we now call LISA.

Gardner: Unfortunately, a lot of organizations, when they face that disruption, their first instinct is probably just to put up a wall and say, “Okay, let’s sequester or isolate this set of issues.” But that, of course, aborts this business process level of innovation and value.

Michelsen: Exactly, and here's a classic example. A number of the types of systems that we built in the late 1990s were the e-commerce applications that were customer facing. The companies said, “I just don’t want to hear that this system can’t talk to that system. I want a Web-based presence that’s brain-dead simple, and that does things the way a customer wants to be able to do them. You’re going to interconnect all those back ends in order to get that to work. … You just do it for me. And if you won’t do it, I’m going to go find a vendor outside that will.”

The challenge is, no matter how it ends up there, now we've got to reckon with it. Frankly, even though those are sometimes difficult conversations the business is having with IT, the business needs those things, because the company that does it gains market share and increases the scope of their growth cycle. That obviously is something that every IT organization wants, because that leads to a bigger budget and a better company, and the success that we want to see.

Gardner: Now, we've certainly established that there is a problem, and that’s been evident for some time. We’ve underscored the fact that we want to get visibility, and offer new elements into an integrated environment, to take advantage of the technologies that are coming online, but not be in disruptive mode, or we certainly want to reduce the risk.

So we know there’s a problem, we know what we want to do. Now, how do you approach this technically, when you’re dealing with so many different vendors, so many variables?

Michelsen: Well, I’m the founder of a product company, and yet you don’t start by going and buying some software, installing it, and thinking you’re done. Let’s start with thinking around a new set of best practices for what this needs to look like. We frequently leverage a framework we call "the 3Cs" in order to accomplish this -- Complete, Collaborative and Continuous.

In a nutshell, we’ve got to be able to touch, from the testing point of view, all these different technologies. We have to be able to create some collaboration across all these teams, and then we have to do continuous validation of these business processes over time, even when we are not in lifecycles.

It’s a very high, broad-stroked approach to our solutions, but essentially, drilling down to the detail with the customer, we can show them how these 3 Cs establish that predictable, highly efficient, lots-of-visibility way to do these kinds of applications.

Gardner: There must be secret sauce? There must be technology in addition to the vision and methodological approach?

Michelsen: Right. In order to get that testability across all these technologies and collaboration among all the teams and, of course, continuous validation takes tooling and technology. Of course, we provide that, which is great. I personally like it, just as, from a professional point of view, I like the fact that the way we message to the market is: "These are the ways you’ve got to go about doing it." Once you see that that is an appropriate approach for you -- then you become a great candidate for using our products.

But let’s talk about making sure that this is right for you. Then we’ll talk about our product being useful, because that really is the way the things should work. I can’t tell you how many times I’ve seen a customer who has said, “Well, we've run out and bought this ESB and now we’re trying to figure out how to use it.” I've said, “Whoa! You first should have figured out you needed it, and in what ways you would use it that would cause you to then buy it.”

It’s the other way around sometimes. That’s why we’ll start with the best practices, even though we’re not a large services firm. Then, we’ll come in with product, as we see the approach get defined.

Gardner: Are there any specific types of enterprise companies -- whether in a particular maturity around IT or suffering from certain ills or ailments -- that pique your interest to say, “Well, this is a perfect candidate for our solution and product set?” What are some of the indicators that a company is ready for this level of validation and testing?

Michelsen: There are a couple. First, the large-scale, top-down SOA initiatives clearly need this, because this is the perfect example of … interconnecting things, wrapping legacy systems in modernization, creating business-process modeling environments, increasing the pace of change, and distributed development across many different teams. SOA does all of those things for you, and certainly scratches every one of those itches that we’ve been talking about.

The other is when you go into a large integration initiative. There are a lot of partner solutions -- from companies like TIBCO, WebMethods, Oracle Fusion and SAP NetWeaver, and forgive me for not naming all of our friends. When you’re going down this kind of path, you’re going down a path to interconnect your systems in this same kind of ways. Call it service orientation or call it a large integration effort, either way, the outcome from a system’s point of view is the same.

Then, traditionally, by the time a business has been large for many years, they just have this enormous amount of technology. A classic example is a large financial institution that does fixed-asset trades. In order for one trade to place, it takes Web services and EJBs, from Java Swing-based application into CORBA, into messaging, into C code, into two different databases, and out the other end of a Web application.

All of that technology, integrated together, is what the business thinks of the app. Of course, that takes hundreds of people across many different teams – U.S., Europe and Asia -- from an IT point of view. But, all of that technology together is the app. So that’s your reality. That’s where we really can sit and where these best practices really get to work.

Gardner: So when you went to enter into these organizations where there’s a pretty powerful need, what is it that they’re getting in terms of value and impact? How do they use these tools? Then, we’ll try to ask a little bit about validation examples of what the outcomes have been.

Michelsen: What they’re doing is adopting these best practices on a team level so that each of these individual components is getting their own tests and validation. That helps them establish some visibility and predictability. It’s just good, old-fashioned automated test coverage at the component level.

As these components start to orchestrate with each other in order to accomplish this higher-level objective -- where this component becomes a part of a larger solution -- then there’s a validation aspect to it. The application that is causing this component-to-component orchestration has a validation challenge to make sure that things continue to work over time, even in the face of change.

As these components come together, there’s a validation layer that’s put in place. At iTKO, we even have a virtualization capability that allows you to do these kinds of things in a very agile way and without some of the constraints that you typically have. At the very end of the process, we are near the glass, if you will, of the user screen. Then you’ve got business-process level validation or testing across the whole thing. So think of it as, “Here’s a business process model that I’ve modeled in a business process modeling (BPM) tool of choice."

The complement of that are one or more tests or validations of that particular business process, where I invoke the process and verify my technical outcomes. So that if placing an order means to do this, this, and this in these systems, you do that with a BPM tool. To validate the business process function as expected, you’ll invoke that business process with our product LISA and then make sure all of those expected outcomes occurred.

For example, the customer database is going to have an update in it, the order management systems is going to be creating a new order. The account activity system -- which might be completely independent -- the inventory system, or the shipping system, all of these things are going to have to have their expected outcomes verified in order for us to know that this system works as expected.

Gardner: This really sounds like a metaview of the integration, paths, occurrences, and requirements. It almost sounds as if you’re moving to what we used to refer to, and still do, as application lifecycle management (ALM). But, it sounds like you’re really approaching this additionally as “integration lifecycle management.”

Michelsen: That’s a great point. In fact, we’ve heard people say, “Wow, it sounds a little bit like also business activity monitoring (BAM), where you’re basically chasing all these transactions through the production system and making sure they are doing their thing.” Certainly, it's a valid point. But let’s be really clear. We must be capable of doing this as a part of our development cycles.

We can’t build stuff, throw it over the wall into the production system to see if it works, and then have a BAM-type tool tell us -- once it gets into the statistics -- "By the way, they’re not actually catching orders. You’re not actually updating inventory or your account. Your customer accounts aren’t actually seeing an increase in their credit balance when orders are being placed."

That’s not when you find out it doesn’t work, right? And the challenge is that’s what we do today. We largely complete these applications. We go into some user-acceptance test mode, where we have a people see if they can find any problems with this enormous amount of software, millions of lines of code. We give them a few weeks to see if they can find any bugs, and then we go to production.

We really can’t let that happen any more. These apps are too big, their connections are too many and the numbers of possible testable items are way too great. And, of course, tomorrow we invalidate all the work we just did in that human labor, when something changes somewhere.

So this is why, as a part of lifecycles, we have to do this kind of activity. In doing so, we drive into value, we get something for having done our work.

Gardner: Clearly from my observations, there’s a struggle now under way in the market to find better ways of relating, finding the relationship and dependencies between the design time activities and the run time activities -- and then creating more of a virtual feedback set of loops that allow for this to continue without that handing off; or waiting for the red light/green light value. Tell me how you think LISA provides a bridge, or maybe a catalyst, to increased feedback values between design time and run time, particularly in an SOA environment.

Michelsen: Great question, and I’m glad that you’re seeing that as well, Dana, because we think that it's an indication that things are maturing. When we see our customers asking us, “How do I essentially do that second C of yours, collaboration? How do I better collaborate?”… we know that they’re finally seeing the pain between a siloed-based lifecycle, and testing and operations being a disjointed activity. Development and test don’t talk to each other, or with project management. And the business analysts don’t really even know each other.

We know that when we’re hearing questions around collaboration, people are becoming aware that they really needed to accomplish it. This is great. Some specifics of how our products can help is by first being a test capability that every one of the teams I just mentioned can use to do their own part of the testing effort. Developers have a test responsibility. Certainly, quality assurance (QA) has one. Operations even has one, from a functional monitoring point of view.

The business analysts have this whole "validate the business process" activity they need to accomplish. Everyone has their part to play, and if we can provide a tool that helps all of them do their part with the same product, there’s an enormous amount of efficiency. More important, there’s a much more highly automated back channel through this lifecycle.

If a business process is not functioning as expected, that failing test case is consumable all the way back to that individual developer who can see the context in which my component is being exercised. [And that comes from seeing] the input and output, seeing the expected outcome, and seeing the unexpected actual outcome. Then I get a really good awareness of what my component is supposed to do in the context of the business process.

When we have this common tooling across the board -- instead of one way of doing it for development, one way of doing it for QA, one way for the business analyst and for operations and everything -- we get much greater collaboration.

One other important point here is that we also have an opportunity to introduce this continuous validation framework, where once we start these integration labs, those components are being delivered into that integration lab, and then into pre-production, performance labs and production. We need an infrastructure for all of this continuous validation that properly notifies whoever should be notified when failures occur.

So our application has lots of good technology for being able to do this as well.

Gardner: Well, of course, the proof of the pudding is in the eating. Can you give us some examples of organizations that have employed these methods, and then some of these tools? Start to think in terms of the 3 Cs that you’ve outlined. What sorts of results or paybacks are there in terms of return on investment (ROI) and TCO? What validates this?

Michelsen: A great example of this would be Lenovo, the ThinkPad guys, where they went through a major next generation of all of their customers and partner-facing order management systems. This is www.lenovo.com, and a number of the systems behind it. They went with a new vendor to bring in a new application and interconnected into all the existing back-end and legacy systems. It's a classic example, as I said a few minutes ago, of when this kind of activity becomes important.

Lenovo realized from their past experiences that they wanted to get better at doing this kind of activity because they didn’t want what happened to them sometime in the past, where application failures underneath the screens would be causing customer experience to degrade -- but you couldn’t even tell at the website.

They were not capturing the order, even though an order number was showing up on the Web page, and things like this. They realized this challenge was too great for them, and they brought our solution in, in order to validate all these individual components and then validate at the user’s business-process level.

They wanted to validate what it means to configure ThinkPads, to price them, to do all of the bundling, to make sure that I can place orders, check orders, verify shipping, and do all these different things. That takes a pretty significant amount of visibility. Of course, our product has some capability to give you that visibility, because you’re going to need it.

So you have this kind of capability, and Lenovo was able to move away from, "I hope this thing continues to run." What was very possible in the past was that the customer update occurred, but the order placement didn’t -- a partial commit.

Instead of having that reality, they now have a reality on a literally continuous basis. From seven different places all over the world, we’re continuously validating the performance and functional integrity of the entire system -- both for the component level, and at what I call this orchestration level.

In doing so, they have a whole lot more confidence that the thing actually performs the way they expect it to.

Gardner: There’s no question, John, that the organizations that are advancing, that are deeply into integration issues, are looking for this business process management value, at the orchestration level.

They've moved an abstraction up in terms of the approaches, and the accomplishments of what their IT departments and systems can deliver. But, of course, any time we move up an abstraction technologically into the functions of IT, that requires the company go up a level in validation testing and quality.

It makes sense now that you’re going to see a growing market. Is there any sense that you can give us from your business as to how these things are growing now? Are people really getting to that level where they want to bring together a lifecycle approach?

Michelsen: Well, hopefully the Lenovo example means, yes. By the way, a company partner of ours named i2 -- they see this. We all know there’s an amazing amount of effort to do a large-scale implementations of either a packaged applications or large-scale custom applications. I think we’ve done this long enough to realize that this has to be part of the way to do it.

I’m seeing that more and more. As a consequence, we are able to provide value to many customers. It’s just been thrilling. We brought our product to market in early 2003 with a single customer or two. If our growth rate is an indication -- as an IT discipline – the market has finally realized that we have to get this right, which is terrific. If you think about it, the evangelist in all of us wants to get this right, or wants to do the right thing. I’m seeing it more and more, and that’s certainly terrific.

Gardner: Great. Well, we've been discussing the issues around integration, middleware, and SOA, as well as the need to abstract value up to the integrations and into the business processes. We have talked about how these elements relate to one another, and, of course, explain the need for greater visibility, validation and testing in these environments.

We’ve been talking about LISA and iTKO with John Michelsen, the chief architect and founder of iTKO. I appreciate your input, and we look forward to learning more about how this market evolves. It is an exciting time.

Michelsen: Thanks a lot, Dana. I appreciate the time.

Gardner: This is Dana Gardner, principal analyst at Interarbor Solutions. You've been listening to a sponsored BriefingsDirect podcast. Thanks for listening, and come back next time.

Listen to the podcast. Download the podcast. Find it on iTunes/iPod. Learn more. Sponsor: iTKO.

Transcript of BriefingsDirect podcast with iTKO's John Michelsen on validation and testing in application integrations. Copyright Interarbor Solutions, LLC, 2005-2008. All rights reserved.

Thursday, September 11, 2008

Systems Log Analytics Offers Operators Valued Performance Insights While Setting Stage for IT Transformation Benefits

Transcript of BriefingsDirect podcast on IT systems log management and analysis with LogLogic.

Listen to the podcast. Download the podcast. Find it on iTunes/iPod. Sponsor: LogLogic.

Dana Gardner: Hi. This is Dana Gardner, principal analyst at Interarbor Solutions, and you’re listening to BriefingsDirect.

Today, a sponsored podcast discussion about improving the state of IT operations. We're going to be talking about the need for reducing costs, increasing security, and providing more insight, clarity, and transparency across multiple systems for IT organizations.

This is becoming increasingly important. As complexity is building, we're facing increased data loads or increased numbers of devices and types of devices. We're seeing a pretty impressive up-ramp in the use of virtualization technologies. And, we're also starting to see an interest in hybrid approaches to deployment, that is, receiving IT resources from a variety of sources, some of them perhaps from the cloud.

In order to better analyze what's going on in these IT organizations, despite this growing complexity, companies have began to resort to a number of different tools and approaches.

We are going to be talking with the folks at LogLogic, and also a user of some of their technologies. We'll try to uncover some of the trends in these tools and the novel ways that companies are starting to get a grip on greater productivity and lowering cost, particularly labor costs, when it comes to manual oversight into the systems.

Joining us here today, we have Pat Sueltz, the CEO at LogLogic. Welcome to the show, Pat.

Pat Sueltz: Thanks, Dana.

Gardner: We are also joined by Jian Zhen, who is the senior director, product management at LogLogic. Welcome, Jian.

Jian Zhen: Thanks, Dana, happy to be here.

Gardner: And last, we have Pete Boergermann. He is the technical support manager and also the IT security officer at Citizens & Northern Bank in Pennsylvania. Welcome to the show, Pete.

Pete Boergermann: Thank you, Dana.

Gardner: As I mentioned, there is a lot going on in IT organizations. We are just coming off a fairly robust period of compliance and regulation issues. Obviously, companies have had to increase the reports and the visibility into what goes on with their systems, but now we are at this point, where economics is starting to play a larger role, and we are seeing some technology trends.

First, I wanted to go to Pat. Tell us about the state of the art, when it comes to reducing cost across multiple IT systems, pretty much in near real-time.

Sueltz: Well, when I think of the state of the art in terms of reducing IT costs, I look at for solutions that can solve multiple problems at one time. One of the reasons that I find this interesting is that, first of all, you've got to be focused not just on IT operations, but also adjunct operations the firm offers out.

For example, security operations and controls, because of their focus areas, frequently look like they are in different organizations, but in fact, they draw from the same data. The same goes as you start looking at things like compliance or regulatory pieces.

If you can get a double off of one appliance, or get a triple or home run, then you really are working at answering some of the economic questions that an IT shop faces all the time.

Gardner: Right, and we need to look at information coming from a variety of devices. There is network, database, and a lot of servers, and putting this all in one place where it can be managed seems to be an important new trend. Perhaps not a new trend, but it's newly important.

Sueltz: You have to be able to do both. Clearly, when technologies get started, they tend to start in a disaggregated way, but as technology -- and certainly data centers -- have matured, you see that you have to be able to not only address the decentralization, but you have to be able to bring it all together in one point, as so many customers have done in their data center consolidations.

I've heard so many of the CIOs that I've talked to say, "You've got to make sure that I get the return on the software and the hardware that I have already purchased. I also have to get the best deal price performer, total cost of ownership in the present. And, I've also got to make sure that I get a return on investment going forward, or else I am not going to have this job very long."

So, it's all of those things, including the consolidation and the ability to preserve the legacy while moving forward. Of course, I haven't even got into talking about being green yet, how you save energy while you are doing this, as well as efficiency. All of those things undergird the need for a product or solution to be able to work in both environments, in the standalone environment, and also in the consolidated environment.

Gardner: I'm glad you brought up total cost of ownership (TCO) and return on investment (ROI) issues, because we're going to discuss the economics and larger trend issues today.

We're going to do a few more podcasts in the near future on, drilling down into the complexity that surrounds the virtualization trend. We're also going to look at the need for IT operations to act more like a business with IT shared services, perhaps adopting some of the Information Technology Infrastructure Library (ITIL) messages and approaches, and we are also going to take a deeper look at this hybrid deployment environment, where clouds and multiple sourcing of resources come into play.

Today we're going to stay at a fairly high level and try to determine a bit more about the economics of payback and some of the business drivers facing IT operations.

Let's go to Jian. From your perspective, when to try to define the problem set that we're addressing with log analytics, what's your elevator pitch, if you will, sense of the problems set?

Zhen: When it comes to log management, there are a couple of major issues, and Pat has mentioned them early on. One is the decentralization of IT environment, where there are remote offices or remote data centers where there is a subset of the IT infrastructure, and there is the core, where you have major data centers.

So there are a lot of logs and server systems sitting out in the various locations. One of the biggest issues is being able to have a solution to capture all that information and aggregate and centralize all that information, so that you can do them now.

The second thing is the volume. LogLogic did an analysis a while back, and approximately 30 percent of the data in the data centers is just log data, information that's being spewed out by our devices applications and servers. How you manage that, collect that, archive that, and analyze that is another big issue that all IT operators face today.

On top of that, how do you bring operational intelligence out and give the CIOs the picture that they need to see in order to make the right business decisions? Those three issues -- the wide variety in logs, decentralizing the volume, and being able to bring the intelligence out-- are the key issues in why log management is so important today.

Gardner: The bad news is that there is so much information. The good news is that it provides a fine granular approach to all of the different metrics and variables involved. Traditional systems management often comes from a fairly broad set of indicators -- red light, green light if you will -- but when you want to get down into the intricacies of forensics around, the root cause is, you really look at much more detail, perhaps with a common stamp across all these different systems with multiple levels of interdependency.

So, let's go to our user, Pete. Does this jibe with the problem set that you have been dealing with when you first looked into log analytics?

Boergermann: Definitely. We've got so many pieces of network gear out there, and a lot of that gear doesn't get touched for months on end. We have no idea what's going on, on the port-level with some of that equipment. Are the ports acting up? Are there PCs that are not configured correctly? The time it takes to log into each one of those devices and gather that information is simply overwhelming.

So, gathering it all together in a single location where it can be easily managed through a Web browser is essential in helping us get the information we need as quickly as possible to figure out network issues.

Gardner: Are you also finding that your complexity is growing, whether it’s through consolidation, modernization of applications, increase data loads? All these things come to bear. What are the larger trends that are affecting the organization?

Boergermann: Definitely, those things are coming to bear, and then compliance issues as well. Reviewing those logs is an enormous task, because there's so much data there. Looking at that information is not fun to begin with, and you really want to get to the root of the problem as quickly as possible.

Using LogLogic to weed out some of the frivolous and extra information and then alerting on the information that you do want to know about is -- I just can't explain in enough words how important that is to helping us get our jobs done a lot quicker.

Gardner: So, you mean you centralize and manage the log data, but it's the analytics that's the real pay off. Is that the case?

Boergermann: Yes.

Gardner: When you get reports, how do you like to view this data? Do you take some pains in slicing and dicing it, do you like it coming to you in some sort of a prepackaged template, or all the above?

Boergermann: We're doing it in a couple of different ways. We have some emails sent to us daily in a PDF format, and that's nice. Then, we actually log into the device itself and run some preconfigured reports, custom reports that we built.

Gardner: And, because you are also the security officer there at the bank, I imagine that there are some internal network benefits in terms of analysis of behaviors or patterns. Is that something you take advantage of?

Boergermann: To some degree, but also what I have done is I've turned over access to our internal IT auditors. They can log into the LogLogic device at any time and run any of the reports that they would like. So, they don't have to call me and ask me to run a report. They have that access right at their desktop anytime they want.

Gardner: One thing that has occurred to me as an analyst recently is the need for business intelligence (BI) for IT. We've seen great investments in the marketplace around BI for data, customer-facing data, internal business processes, and efficiencies around reports.

The IT department is a huge well of data, but the intelligence and analysis really is in sort of a catch-up mode. Do you think they're starting to cross over into BI for IT with some of these systems, Pete?

Boergermann: We're starting to get there, but we've got long way to go. A lot of the network gear provides reports in different formats. One piece of equipment gives you this information. The next piece of equipment gives you the same information, just in a little different format. Unless you are familiar with that, it can get rather confusing.

Gardner: Let's go back to Pat. With BI, we've seen in the last several years some pretty significant investments in the field in enterprises. Even at a time when they are under cost pressure, they're willing to spend to get those good analytics. I expect the same is about to happen in IT. How do you look at this notion of BI for IT?

Sueltz: First of all, when I think about BI, I think of taking control of the information lifecycle. And, not just gathering pieces, but looking at it in terms of the flow of the way we do business and when we are running IT systems.

So, the first thing is to collect the data. In our case, you drop in the appliance. You make sure that you are getting a 100 percent of the data from 100 percent of the sources. As we say, "No log left behind." You also provide identification of where that information is coming from on an automatic basis.

Then, of course, what you've got to do is analyze all that data. As Jian said earlier, 30 percent of an enterprise's data is generally coming from the log. For the BI piece, you’ve got to be able to collect it and then to be able to analyze it -- whether it's indexed for deep searches or even normalized -- so that you can do comparators very quickly, and you've got to be able to parse it.

Now, I'm talking at a technical level here, but this is really what underpins good BI structure. You've got to know what’s known and unknown, and then be able to assess that analysis -- what's happening in real-time, what's happening historically.

Then, of course, you've got to be able to apply that with what's going on and retain it. So, BI, as I look at it, is clearly something that's moving ahead. It's something that we can grab that quick history, for example, for logs, and analysis, but we've also got to be able to work with it just as the systems administrators and the IT and the CSOs want to see it.

That's the way it works. That's why we do it, not only forensic work for historical work, as you would get out of BI, but to look at it at real-time, slow motion, or replay, so you can get the value and the impact as it's happening, as well as the insight, and can remediate as it's going forward.

Gardner: You mentioned the notion that this needs to be a lifecycle approach. I've seen that you are involved with some framework activity on log collection. Maybe we should go to Jian on this. Could you explain what Open Lasso is, and what you guys are doing in terms of trying to create a framework or a larger context for this information that's generated by IT systems?

Zhen: Sure. There are a couple of questions there. One is, what is Open Lasso? As you may know, Project Lasso has been an open-source project sponsored by LogLogic for a couple of years now, and it has been a great success for us.

What we have done is created probably the first-ever centralized Windows event collector out there, and we made it available to essentially everybody. Internally, we've also done a lot performance, just to make it work for our customers, who usually have large, large deployments. We have customers who have been collecting thousands of window servers using Project Lasso. It's actually been a great success of ours.

Now, we come to being able to manage all the data that we collect. Pat already mentioned this a little bit with the life cycle --the collection, analysis, alerting, archiving, and destroying of that log data as it expires. That whole lifecycle is extremely critical from an IT perspective.

When you say BI for IT, I would like to use the term "operational intelligence," because that's really intelligence for the IT operations. Bringing that front and center, and allowing CIOs to make the right decisions is extremely critical for us.

Gardner: I would think that without that insight, without that intelligence, trying to undertake some of these larger activities like consolidation, modernization, energy efficiency, compliance, and some of the Payment Card Industry (PCI) Data Security Standard requirements, are much more difficult, if you don't have the ability to track this from a coordinated perspective.

Let's go back to Pete at the bank, have you found yourself moving towards more of a lifecycle mentality with the log data and information since you started using LogLogic?

Boergermann: Not that much. I know we need to get there, but we're just not there yet.

Gardner: What’s holding you back?

Boergermann: It's just the time involved in getting there. Right now, we are just analyzing data, looking for network issues, and our real focus -- being a financial institution -- is being compliant with regulations.

Gardner: Give me some examples of some of the paybacks you are getting from this insight at the level that you are requiring, particularly around security and compliance.

Boergermann: Huge. Actually, with some of the regulations that came out, we were able to quickly be in compliance with them. It was interesting. When the auditors came in and started asking, "Are you monitoring your logs? Are you reviewing them?" we could say, "Yup." We showed them exactly what we were doing. We showed them the emails that we were receiving from the LogLogic device, and it was just a real simple painless audit, because of this product being in place.

Gardner: And do you expect that you are going to be finding additional ways to exploit this information? Do you have, let's say, a virtualization activity that you are at least considering?

Boergermann: Oh, yes. We are using VMware quite a bit lately, and we'll be using LogLogic to monitor those servers as well. We're just not there yet. We got the VMware product and started building virtual machines (VMs), and it's just been incredible what we've been able to do with the product. Now, we're in catch-up mode, as far as collecting data and backing that information up.

Gardner: As I pointed out earlier, folks like you have an awful lot to bite off these days, but for organizations like LogLogic, they need to be looking a little bit further out. Let's go to the future a little bit, if we could, and I’ll throw this out to either Pat or Jian.

What do you see from a remote monitoring perspective, as we start to get into different hybrid approaches? With desktop-as-a-service (DaaS) types of activities, where more and more is happening on the server, delivery of services, maybe even the form of an application level, or the full desktop level to end users. For large enterprises, it's going to be customer-facing applications in some cases.

It seems like the whole notion of what's going on, on the server tier of that, with direct interactions with customers, with supply chain participants, and of course, with employees, becomes even more critical. What's the outlook for managing servers in this new services environment?

Zhen: I can speak to that a little bit. You mentioned server technology, and that's going to be really expanding in the IT environment. One is virtualization. The other one is a service kind of approach, with its DaaS and software-as-a-service (SaaS) kind of competing. All of these different things are really of taking a role in IT and becoming more popular quickly.

So, there are lot of challenges in these types of old environments, and we recognize that. LogLogic just came out with a virtualization, specifically for the VMware, a report package. We realize that aside from being able to collect the logs from just the VMs themselves, you have to treat the VMs as a separate machine. You collect the logs as you would be collecting from the regular machines.

Below that layer, there are the hypervisor logs, like VMware, ESX servers, VirtualCenter Logs. All these are still software, and they generate information that we can capture. We need to capture those and analyze them based on whether people are moving VMs around, whether people are migrating, whether people have stopped, and whether people are destroying them.

So, there is a whole new set of information with regards to virtualization that we now need to be able to analyze and provide some operational insight fort. They have SaaS and cloud. In some cases, it's a little bit more difficult to get the audit information out.

People are starting to realize that they need to be able to do the data audit, but if you look at some of the cloud-computing initiatives out there, a lot of them don't really provide enterprises with the type of logging and auditing that they really need.

Now, if the enterprises are really doing private clouds, they have a lot more control. Actually, that type of auditing and logging can be a lot more granular, but that's only when you have control of that cloud platform or an SaaS platform.

Gardner: Right.

Sueltz: Dana, I was just going to jump in and say that, when you started to allude to the hybrid environment, that's where LogLogic's value is such a help. For example, we have the Log Data Warehouse that basically can suck information from networks, databases, systems, users, or applications, you name it. Anything that can produce a log, we can get started with, and then and store it forever, if a customer desires, either because of regulatory or because of a compliance issues with industry mandates and such.

That's an excellent way to go forward, and we think that it sets the stage for us also to work with SaaS environments, because we can add that physical piece, if someone is running as a managed service provider (MSP) or if someone is running on VMware, and also wants to catch the logs as they are being deployed in this decentralized environment.

So, I think there is a whole new way coming, relative to the software that we produce, if one considers an appliance, or if you are looking at on-demand or in the cloud. There are lot of places that the logs play, and that provides terrific capture, as well as the analysis, and the retention for the information. So, there are some great opportunities for us going forward.

Gardner: What I hear is that there are a number of really important tactical entry points for this value -- compliance, security, reduced cost, manageability across multiple systems, distributed systems, consolidation, and modernization. Ultimately, those tactical steps put you in a position to start embarking on this information lifecycle around IT, and operational intelligence.

That will play a very important role in these organizations' ability to absorb and exploit some of these larger trends, like virtualization, SAP, and the cloud. So, it sounds like an important stepping-stone approach, and I am glad we have had a chance to get into that.

Let's just go round the table one last time for some takeaways on the economics here. Let's start with you Pat. Are you an ROI-oriented sales organization, and what are the basics of how that ROI works?

Sueltz: Well, let me talk in terms of payback. We want to add value to the enterprise. So, I'm always looking for a payback, because I know, from when I was in IT, that you've got to demonstrate something that's pretty near in, or folks will think that you are just hyping the future here. You've got to be able to simplify the IT infrastructure, for example.

We would eliminate the number of logs that are out there, that have been home grown, or what have you to reduce compliance cost, to be able to save hours on things that use to take weeks or months to do, and to provide the controls and reporting on them in an automated way, without requiring a secondary audit, to have faster forensics.

Instead of doing that like we did when I got into the business about when Abraham Lincoln was president, where it took 50 hours or more for an inquiry, we can reduce that to less than two hours.

It's all about getting that improved service delivery, so that we can eliminate downtime due to, for example, mis-configured infrastructure. That's what I think of in terms of the value that our sales folks need to be thinking about every time they call on a customer.

Gardner: And, Jian, from your perspective, what is the return of values that you see the market demanding.

Zhen: I think Pat has described that very well. From a market perspective it’s being able to get to what they are trying to troubleshoot first, so that they can get to the thing fast.

The other thing that we have seen is that people have been doing a lot of integration, taking essentially LogLogics information, and integrating it into their portals to show a more holistic view of what's happening, combining information from system monitoring, as well as log management, and putting it into single view, which allows them to troubleshoot things a lot faster.

We have seen a lot of that trend happening --the integration of data, and integration of information to provide a holistic view.

Gardner: Back to you, Pete. Do you see the return here as a major differentiator for you in your organization? Is it something that is a minor or a major payback from your perspective?

Boergermann: I would say a huge payback. The amount of timed saved by going into one interface and being able to pull back the logs of multiple devices, and get the information quickly is an enormous amount of time saved by having a product like this in our environment.

Gardner: Well great. I want to thank you all of for joining us. We have been talking about the datacenter and IT operation's efficiency through the analytic supplied to log data. Joining us has been Pat Sueltz, CEO of LogLogic. Thank you Pat.

Sueltz : Thank you, Dana. I have enjoyed it.

Gardner: We have also been talking with Jian Zhen, senior director of product management at LogLogic, thank you sir.

Zhen: Thank you Dana.

Gardner: And also Pete Boergermann, technical support manager and IT security officer at Citizens & Northern Bank. I really appreciate your input, Pete.

Boergermann: Thank you, Dana

Gardner: This is Dana Gardner, principal analyst at Interarbor Solutions. You have been listening to a sponsored BriefingsDirect podcast. Thanks for listening, and come back next time.

Listen to the podcast. Download the podcast. Find it on iTunes/iPod. Sponsor: LogLogic.

Transcript of BriefingsDirect podcast on log management and analysis with LogLogic Copyright Interarbor Solutions, LLC, 2005-2008. All rights reserved.

Tuesday, September 02, 2008

Interview: HP's Virtualization Services Honcho John Bennett on 'Rethinking Virtualization'

Transcript of BriefingsDirect podcast with Hewlett-Packard's John Bennett on virtualization and its role in the enterprise.

Listen to the podcast. Download the podcast. Find it on iTunes/iPod. Sponsor: Hewlett-Packard.

Dana Gardner: Hi, this is Dana Gardner, principal analyst at Interarbor Solutions, and you're listening to BriefingsDirect. Today, a sponsored podcast interview about rethinking virtualization. [See news from HP on virtualization, panel discussion, IDC white paper.]

Virtualization in information technology (IT) has become a very hot topic in the last several years, and we're approaching a tipping point in the market, where virtualization's adoption and acceptance is really rampant, and it's offering some significant benefits in terms of cost and performance.

So, we're going to talk about rethinking multiple tiers of virtualization for applications, infrastructure, desktop, and even some other types of uses.

We're also going to look at this through the lens of a contextual approach to virtualization, not simply a tactical standalone benefit, but in the context of larger IT transformation activities. These include application modernization, data center consolidation, next generation datacenter (NGDC) architectures, energy considerations, and of course, trying to reduce the total cost of IT as a percent of revenues for large organizations.

To help us sort through these issues of context and strategy for virtualization, as well as to look at a number of initiatives that Hewlett-Packard (HP) is now embarking upon, we're joined by John Bennett. John is the worldwide director of data center transformation solutions, and also the HP's Technology Solutions Group (TSG) lead for virtualization. Welcome to the show, John.

John Bennett: Thank you very much, Dana. It's a pleasure to be with you today.

Gardner: When we talk about virtualization as a red-hot trend, just how big a deal is virtualization in the IT market right now?

Bennett: Virtualization is certainly one of the major technology-oriented trends that we see in the industry right now, although I'm always reminded that virtualization isn't new. It's been available as a technology going back 30-40 years.

We see a great deal of excitement, especially around server virtualization, but it's being extended to many other areas as well. We see large numbers of customers, certainly well over half, who have actively deployed virtualization projects. We seem to be at a tipping point in terms of everyone doing it, wanting to do it, or wanting to do even more.

Gardner: Are they doing this on a piecemeal basis, on a tactical basis? Is it being done properly in the methodological framework across the board? What sort of a market trend are we looking at in terms of adoption pattern?

Bennett: In terms of adoption patterns, especially for x86 server virtualization, we see virtualization being driven more as tactical or specific types of IT projects. It's not uncommon to see customers starting out, either to just reduce costs, to improve the efficiency in utilization of the assets they have, or using virtualization to address the issues they might have with energy cost, energy capacity or sometimes even space capacity in the data center. But, it's very much focused around IT projects and IT benefits.

The interesting thing is that as customers get engaged in these projects, their eyes start to open up in terms of what else they can do with virtualization. For customers who've already done some virtualization work, they realize their interesting manageability and flexibility options for IT. "I can provision servers or server assets more quickly. I can be a little more responsive to the needs of the business. I can do things a little more quickly than I could before." And, those clearly have benefits to IT with the right value to the business.

Then, they start to see that there are interesting benefits around availability, being able to reduce or eliminate planned downtime, and also to respond much more quickly and expeditiously to unplanned downtime. That then lends itself to the conversation around disaster recovery, and into business continuity, if not continuous computing and disaster tolerance.

It's a very interesting evolution of things with increasing value to the business, but it's very much stepwise, and today tends to be focused around IT benefits. We think that's kind of missing the opportunity.

Gardner: So we've been on this evolution. As you say, virtual machines, hypervisors, this approach to isolating activity at a level above the actual metal, the binaries, has been around for some time. Why is this catching on now? Is it not just economics, and, if you're talking about a business outcome, why are they important and why is virtualization being applied to them now?

Bennett: It really did start with economics, but the real business value to virtualization comes in many other areas that are much more critically important to the business.

One of the first is having an IT organization that is able to respond to dynamically changing needs in real-time, increasing demands for particular applications or business services, being able to throw additional capacity very quickly where it's needed, whether that's driven by seasonal factors or whether it's driven by just systemic growth in the business.

We see people looking at virtualization to improve the organization's ability to roll out new applications in business services much more quickly. We also see that they're gaining some real value in terms of agility and flexibility in having an IT organization that can be highly responsive to whatever is going on in the business, short term and long term.

We also see, as I highlighted earlier, that it really does connect into business continuity, which we see in many of the market research surveys we do year after year. It continues to be a top-of-mind concern for CEOs and CIOs alike.

Gardner: Perhaps we're at this point in time where IT has become so essential to so many aspects of how businesses operate -- the ability of making IT dynamic and responsive, of having redundancy and failover and many of the mission critical aspects that we expect of perhaps certain transactional systems -- we're now able to extend almost anything we do with IT, if it's being supported to a virtualized environment.

Bennett: Well, it's actually being supported through any environment, and it's why we at HP have such a strong focus on business technology. There are very few modern enterprises, whether they're private or public entities, that really could address their mission and business goals without IT.

It is just a completely fundamental fabric of the business today. And, having that environment be responsive, protected, reliable, and delivering quality of service are key attributes of that environment.

This is why we see, next-generation data centers and adaptive infrastructure from HP as being key to that, and it's why we speak about the idea of data center transformation. If that's the IT environment you want, including virtualization, how do you get there from wherever you are at?

Gardner: I suppose it's also important to point out that we're not just talking about virtualization, but we're also talking about mixtures, where there are going to be plenty of physical infrastructure and technology in place, but increasingly virtualized instances here and there. I suppose it's managing these together that is the most important discussion at this point in time.

Bennett: It certainly is one of the more topical points right now. What we see is that customers start to deploy virtualization more broadly, and, as they want to run more and more of their applications in virtualized environments, two challenges arise.

One of them is want of diversity. Customers are accustomed to diversity of the infrastructure, but now we have diversity with the virtualization base. The virtual machines that they're using, the number of suppliers involved in it, and diversity brings complexity, and complexity brings increased risk usually.

One aspect of that diversity is controlling management. You have different virtual machines, each with their own management tools and paradigms. How do you manage from an applications, quality of service, or service-level agreement point of view, across physical and virtual resources and infrastructure that are being used to deliver those services to the business? And, how do you deal with managing physical infrastructure from different manufacturers, and virtual resources from different manufacturers.

Another complication that comes up from a control and management point of view, as customers strive to use virtualization more pervasively in the data center, is that you have to deal with the skill sets of the people you have in the IT organization, as well as the resources available to you to help implement these projects.

One of the virtues of looking at virtualization more comprehensively is that you're actually able to free up resources to focus more on business services and business priorities and less on management and maintenance.

If you look at virtualization more strategically, you say it's not just the servers, but it's my storage and network environment around them. It's my management tools and processes. It's how I do everything together.

When I look at it comprehensively, I not only have a very clean set of controls and procedures in place for running and managing the data center, but now I have the opportunity to start making significant shifts in resources, away from management and maintenance and into business priorities and growth.

Gardner: So we are faced with a potential tipping point, but I suppose that also brings about a new level of risk, because you're moving from a tactical implementation into a variety of implementations, at the application, the infrastructure, and the server levels. Increasingly we're seeing interest in desktop virtualization, but we're also seeing a mixture of suppliers and technologies, and we're also seeing this in the context of other initiatives, with the goal being transformation.

It seems that if you don't do this all properly with some sort of a framework, or at least a conscious approach of managing this from beginning to end in a lifecycle mentality, there could be some serious pitfalls. You could actually stumble and subvert those benefits that you're looking to enjoy.

Bennett: Yes, we see both pitfalls, i.e., problems that arise from not taking a comprehensive approach, and we see missed opportunities, which is probably the bigger loss for an organization. They could see what the potential of virtualization was, but they weren't able to realize it, because their implementation path didn't take into account everything they had to in order to be successful.

This is where we introduce the idea of rethinking virtualization, and we describe it as rethinking virtualization in business terms. It means looking at maximizing your business impact first by taking a business view of virtualization. Then, it maximizes the IT impact by taking a comprehensive view of virtualization in the data center. Then, it maximizes the value to the organization by leveraging virtualization for client implementations, where it makes sense.

But, it's always driven from a business perspective -- what is the benefit to the business, both quantitative and qualitative -- and then drilling down. It's like unpeeling an onion, if I can borrow the analogy from the "Shrek" movie. You go from, "Okay, I have this business service. This business service is delivered through virtual and physical resources, which means I need management in control and governance of both physical and virtual resources."

And then, underneath that I want to be able to go from insight and control, into management and execution. I want to be able to drill down from the business processes and the business service management and automation tools into the infrastructure management, which in turn drills down into the infrastructure itself.

Is the infrastructure designed to be run and operated in a virtualized environment? Is it designed to be managed from an energy control point of view for example? Is it designed to be able to move virtual resources from one physical server to another, without requiring an army of people?

So, part of the onus is on HP in this case to make sure that we're integrating and implementing support for virtualization into all of the components in the data center, so that it works and we can take advantage of it. But, it's up to the customer also to take this business and data center view of virtualization and look at it from an integration point of view.

If you do virtualization as point projects, what we've seen is that you end up with management tools and processes that are outside of the domain of the historical investments you've made, whether it's an IT service management in Information Technology Infrastructure Library (ITIL), or in business service management.

We see virtual environments that are disconnected from the insight and controls and governance and policy procedures put in for IT. This means that if something happens at a business-services level, you don't quite know how to go about fixing it, because you can't locate it. That's why you really want to take this integrated view from a business-service's point of view, from an infrastructure and infrastructure management point of view, and also in terms of your client architectures.

Gardner: Now, as we are rethinking infrastructure, and in the context of virtualization, we also are looking for these business outcomes. Are we at the point yet where the business leaders are saying, "We need virtualization?" Have they connected the dots yet, or do they just know what they want from business outcomes and really don't care whether this virtualization gets there or not?

Bennett: From a business leader's point of view, they don't care about virtualization. Whether it's a CEO, a line of business manager, even a CFO their focus is on, "What are the business priorities? What is our strategy for this business or this organization? Are we going to be trying to grow the business organically, grow it through acquisitions, are we going to be driving a lot of product or service innovation? I need an organization that is going to be responsive to rolling those out."

And, of course, there is always the pressures to reduce cost and reduce risk that apply throughout the business, including to IT. They will not tell you that virtualization is what you have to do if you're in IT.

IT wants to deliver these kinds of benefits, to be able to do things quickly, to be able to dynamically put resources where they're needed, mitigate the risks in the data center environment, whether the risk is related to power and cooling, to the capacity of individual server and its ability to support a particular application, or the risk associated with people and processes that can cause downtime.

Those are IT projects, and for IT, virtualization is a fascinating technology, which allows them to address multiple sets of data center issues and provide the benefits that the business is looking for. It's revolutionary in that sense. It's pretty cool.

Gardner: This is not another "silver bullet," is it? We're really talking about something that's fundamental and that is transformative.

Bennett: Oh, absolutely. We believe that virtualization is a very important attribute of an NGDC. It's been an instrumental part of our adaptive infrastructure, which defines our view of an NGDC for a quite a while, and we see virtualization projects as core to successful transformational initiatives as well.

Gardner: Nowadays, and actually for several years, incremental improvements in IT don't get the funding or the attention. We really need some dramatic improvements in order to get the investment and the move through the inertia. Even on the tactical level, what sort of benefits are some organizations that you're familiar with enjoying and getting returns on from their virtualization activities?

Bennett: It really depends on whether you're looking at it from a business point of view or from an IT point of view.

Gardner: Let's look at it both ways.

Bennett: From an IT point of view, it's clear that they can decrease capital costs, and they can decrease operating expenditure (OPEX) costs associated with depreciation of assets by getting much better utilization of the assets they have. They can either get rid of excess equipment or, as they do modernization projects, they can acquire less infrastructure to run the environment, when they have it effectively virtualized.

When they blend it with integrated management, they can manage the physical and virtual resources together and build an IT environment that really supports the dynamics of virtualization.

They can lower the cost of IT operations implicitly by reducing the complexity of it and explicitly by having very standardized and simple procedures covering virtual and physical resources, which in conjunction with the other cost savings, frees up people to work on other projects and activities. Those all also contribute to reduce costs for the business, although they are secondary effects in many cases.

We see customers being able to improve the quality of service. They're able to virtually eliminate unplanned downtime, especially where it's associated with the base hardware or with the operating environments themselves. They're able to reduce unplanned downtime, because if you have an incident, you are not stuck to a particular server and trying to get it back up and running. You can restart the image on another device, on another virtual machine, restore those services, and then you have the time to deal with the diagnosis and repair at your convenience. It's a much saner environment for IT.

Gardner: Do you have any examples of companies that have moved through this sufficiently that they can look back and determine a return on investment (ROI) or total cost of ownership (TCO) benefit, and what sort of metrics are we seeing in those cases?

Bennett: Certainly, we are looking to do ROI types of benefits. I must confess I don't have any that are explicitly quantified, but we do have customers able to articulate some of the tangible and intangible benefits. One good example is Mitel Corporation, which went through a project of infrastructure modernization, but especially virtualization, in order to address the business needs. They had to both reduce costs and be more responsive to the business.

They were able to drive about $300,000 annually out of their IT budget. That's a significant amount, because they are organized by individual business units there. I love the quote from the datacenter manager with regard to the relationship with the business, "We can now just say, yes."

So it addresses that flexibility and agility type of question. If you get engaged in larger transformational projects, where virtualization is the key element, we have Alcatel-Lucent, which is expecting to reduce their IT operational cost by 25 percent from virtualization and other transformational projects.

In the case of HP IT, we actually have reduced our operational costs by 50 percent, and virtualization is very much a key factor in being able to do that. It can't take full credit, of course, because it was part of a larger set of transformational projects. But, it was absolutely critical to both lowering costs, improving quality of service, improving business continuity, and especially helping the organization to be much more flexible and agile to meeting changing needs.

Gardner: And, as you pointed out earlier, we are able to shift the ratio from ongoing maintenance and support costs into the ability for innovation, new systems, new approaches, investments, and productivity.

Bennett: Absolutely. We see a large number of customers spending less than 30 percent of their IT budget on business priorities, and growth initiatives, and 70 percent or more on management and maintenance. With virtualization and with these broader transformational initiative, you can really flip the ratio around. HP has gone to, I think, 80-20, and I know that that's an area that Alcatel-Lucent has also focused on changing substantively.

Gardner: When you say 80-20, you mean 80 percent for new initiatives?

Bennett: Yes, 80 percent for new initiatives in business priorities, and 20 percent on management and maintenance.

Gardner: That is significant.

Bennett: Yeah.

Gardner: Well, obviously HP has been rethinking virtualization. Of course, it has been rethinking infrastructure as well for some time, given its NGDC activities and some of the things that it has done internally in terms of reducing the number of data centers, and reducing the number of applications. More than that, HP has new go-to-market initiatives in its Sept. 2 announcements.

Can you run through some important aspects of these announcements, and tell us which ones will help people understand the rethinking of virtualization, the strategic approach to virtualization, and also the business outcomes that they should be enjoying from virtualization?

Bennett: Certainly. The first thing that I would like to highlight is that all of the products and services that we are announcing reflect the fact that we are not just encouraging customers to rethink virtualization, but that we at HP have as well. In particular, we realize that it's critically important that the products and hardware, software, and services that we provide need to embrace the virtual and the physical world together.

The customers are going to be able to implement this successfully. They need the expertise. They need the products that will actually let them do it, and that's a lot of what this set of announcements in September is about.

It starts with a new HP ProLiant BL495c virtualization blade, which is really designed and optimized for the virtualization environment. What we have seen impacting the ability of servers to effectively increase the number of virtual machines they can support or support growth of virtual machines is not so much CPU power as it is memory, network bandwidth, and connectivity.

So, we have doubled the memory capacity of the environment, and we have increased the number of network connections that are possible on a single blade, and that will provide much more headroom for these kind of customer's environments at the infrastructure level.

At the business service management level, what we are introducing is a number of enhancements to the HP software portfolio for business service management and automation. The tools that we provide in what is today the industry's leading portfolio for business service management and automation work with both physical resources for insight and control and management and governance purposes, and also with virtual resources, supporting applications and services being delivered through virtual machines provided by VMware, Citrix, or Microsoft.

This is the first wave of announcements from HP software, basically building in integrated and comprehensive support for the virtual environment, as well as the physical environment. That's complemented by new services capabilities. We recognized that not everyone wants to have custom service projects, or expertise helping them with virtualization.

We have some new services that are much more tactically and specifically oriented. They very clearly articulate what the outcomes of the project are, what the time frames are, and also what the costs project are.

We're augmenting our capabilities. I think we are the leading platform provider for all of the key virtualization vendors out there. We are also the leading training vendor for virtualization and we are announcing new offerings in both of those portfolios -- for support and for education services around these virtual environments and virtual capabilities.

Integrated support is really key. When customers experience difficulties in their data centers with a business service or application running in the environment, they don't want finger pointing across vendors. Since we are able to support the virtual machine software, as well as our operating environments, including Microsoft, and of course, the HP servers underneath them, we can provide an integrated approach to dealing with corrective issues and get them fixed on the customer's behalf.

On the desktop side, we have had a portfolio of virtual desktop infrastructure (VDI) services in place already for VMware. We are announcing a new set of capabilities there for Citrix XenDesktop, both for products and for services for client virtualization. Just as important, the work we are doing in those offerings also lays the foundation for supporting Microsoft's Hyper-V when that becomes available in the marketplace as well.

In addition to those capabilities, we have a new storage offering. If you look at the architecture of the data center, you clearly need to move away from direct-attached storage, and move to network shared storage.

We have a new product that integrates our enterprise virtual array, which is a leading self optimizing storage solution for virtualized environments, with PolyServe NAS, which augments the virtualized environment with a clustered file system, making it easy for customers to move to a network attached or a shared storage model, as they make virtualization a more foundational technology in the data center.

Then, in addition to the investments in the data center environment itself, we are announcing a new family of thin clients, some new blade workstations, which articulates the point of that, when it comes to client virtualization, it's really key to have a portfolio of desktop choices, so that customers can get the right solution on the right desktop.

In many cases. it might be thin clients, but in other cases, it might be blade PCs or workstations, depending on the end user's needs. We support all of those, and we support them in different kind of environments.

We also recognize that even if thin clients meet most of the functional needs, people sometimes still want to have either a strong multimedia or 3D performance on some of these desktops. We're announcing a new remote-graphic software offering, which will allow customers to provide a rich multimedia or 3D experience, even to a client environment not equipped with that hardware.

This is the first wave, if you will, of announcements that we are making. It builds on some announcements we made last March, especially with Insight Dynamics VSE for infrastructure management, as well as the blades announcements with an Integrated Lights-Out (ILO) capabilities that we announced a year or so ago. So, we're continuing to build out this portfolio to make this real for customers, and provide the foundation for them to really exploit virtualization for their business benefits.

Gardner: You mentioned VDI, and for those folks who might not be too familiar with desktop virtualization, what we are talking about is bringing back onto the servers the whole presentation of the entire desktop, not just an application or two, but the entire experience.

Therefore, every time a user starts up a client device, they are actually getting a fresh new instance of the operating system, which means it could be updated, it could be patched, it could be serviced entirely without the impacting the client device. There are a number of other benefits to desktop virtualization. Is there anything I've missed in terms of those people who are just getting their feet wet around desktop virtualization?

Bennett: Well, the real driver for desktop virtualization initiatives that we see are organizational concerns around management and security of the client environment. You articulated that what they get is a nice, clean desktop environment whenever they start up the PC. What you didn't say was that it's not uncommon for end users to visit sites they shouldn't have, or open mail they shouldn't have, and get their environment infected by spyware, malware, viruses or anything else.

Client virtualization solutions can really give you a strong handle on management and security, and reducing the cost of both, while increasing the control of both. Also, in environments where customers have a lot of knowledge workers, one goal for corporate risk protection is the protection of end-user data that's on the desktop. In a client virtualization environment, you are able to do much better control of protecting end user data. And/or by the way, if the end users move around, either to different offices or different locations, they still have access to their data no matter where they connect from.

Gardner: So, when we look at virtualization in this larger context, we're seeing that the applications can be virtualized. It's bringing everything back into a server and datacenter infrastructure, but that has a lot of benefits in terms of control, manageability, doing things on a productive level of utilization and continuity.

It's almost going back to the future. Are we, in a sense, enjoying the best of the era 30 or 40 years ago around mainframes and control, with the best of the latest iterations of IT around flexibility, applications and services, Internet, and browser activities? Am I overstating it by saying we get the best of the older and the newer aspects of IT, now that we are doing this contextually?

Bennett: I'm glad that you stated this as combining the best of both worlds. While the world we had 30-40 years ago with mainframes, and indeed with mini computers, was still one of the centralized control of environments that were not necessarily responsive to changing needs of the business, or individual departmental of business unit needs.

That clearly is seen as a great attribute of the modern data center and modern IT environment, but it was an environment that was able to really control, manage, and secure that environment in all the areas that that managed. So, yes, we're combining the two, having the agility and flexibility that people want, having the control and discipline that people want, and also providing access to the innovation that's taking place in the outside world.

We bring them the best of all these worlds, but if a customer is going to realize this, they are not going to get those benefits just by doing server virtualization projects.

Gardner: So, we've seen how virtualization does have an economic benefit. It can bring control, security, and manageability back into a managed approach, a professional approach, for the IT people. At the same time, it's providing some of these business outcomes -- agility, flexibility and responsiveness -- that are so important now in a global economy, and in a fast moving marketplace. Of course, as you mentioned, this is a wave of announcements on Sept. 2, but there are much more to come in a not to distant future.

Bennett: Oh, yes. You will see us continuing to do enhancements and innovation in the infrastructure, server storage, networking, and the input-output fabrics that link them all together. You will see us continuing to innovate and drive more capability and value to the people, whether it's in the support or education side, or in the project and strategy side. You will see us continuing to invest in enhancements in the software portfolio to really provide a comprehensive view of everything going on in the data center.

We continue to be a leading innovator on the client side, both in the devices that sit on the desktop themselves -- whether they are standalone or client virtualization -- and with the software and tools that make client virtualization work. This is just really the first wave of what are the pretty serious investment area for HP.

Gardner: And, clearly has the opportunity to accommodate a lot of the needs of IT, but still give them the opportunity to do that almost important and impossible task, which is to do more for less.

Bennett: We all have that task, and the challenge is how you crack that nut. When we talked about data center transformation last spring, we introduced the concept of “Spend to Save, to Spend to Grow.” The key is finding a way to bootstrap yourself into this, and that's why we look at these things not from a fork lift perspective, because nobody is going to do that frankly, but rather what are the kind of projects you can undertake, and then link the projects together over time for transformational purposes, and also realize benefits from them. So, it becomes self-funding after a while.

An example that I like to use for that is that consolidation is a best practice in data centers today. It's a way of life, but if you really want to significantly change the outcome of some consolidation, which can be substantial, it's worthwhile investing in a virtualization initiative, because when you do that you can consolidate to even less infrastructure.

But before you invest in virtualization, or after you have done it, you might look at investing in an applications modernization project, because the more applications that can be virtualized, the more you can virtualize, the more you consolidate.

So you get savings from the individual projects, but you're kind of multiplying the results together overtime, and that's when it gets really interesting for a customer.

Gardner: So, we have these overlaps, these interdependencies that make it complex, and it needs to be thought through in a total contextual framework, but, as you say, the end result is true transformation.

Bennett: Right, and the easiest way to think it through is from a business perspective. If you look at it from the bottom up, there are so many interconnections and possible paths forward that it's easy to get lost in the weeds. And, if you start popping down, you'd say, "What are the business services I am providing? What are the applications I am running for the business? What are the characteristics that we need to have in place for these, from a business perspective?"

Now, what does that mean in terms of what I do in IT and what I do in the data center? It doesn't make sense to virtualize it or not. If not, carve it aside, manage it on its own. If it does, what am I going to do to effectively both implement virtualization, and manage it from a business perspective? There's a much, much smaller pool of applications business services being provided, than there are of servers and storage devices.

Gardner: Well great, I think we will have to leave it there. We have been talking about rethinking virtualization and putting it in the context of business outcomes, as well as IT transformation. We have been discussing this also in the context of a number of new initiatives and announcements that HP has made, and we have been joined by John Bennett. He is the worldwide director of data center transformation solution, and the HP TSG lead for virtualization. Thank you so much, John, it was very interesting and edifying.

Bennett: Thank you very much, Dana, for this opportunity. We think there is so much promise in virtualization, and we think by rethinking it in business terms, one can maximize the potential for your own organization.

Gardner: Great. This is Dana Gardner, principal analyst at Interarbor Solutions. You have been listening to a BriefingsDirect podcast. Thanks and come back next time.

Listen to the podcast. Download the podcast. Find it on iTunes/iPod. Sponsor: Hewlett-Packard.

Transcript of BriefingsDirect podcast with Hewlett-Packard's John Bennett on virtualization and its role in the enterprise. Copyright Interarbor Solutions, LLC, 2005-2008. All rights reserved.