Thursday, February 20, 2014

Istanbul-based Finansbank manages risk and security using HP ArcSight, Server Automation

Listen to the podcast. Find it on iTunes. Read a full transcript or download a copy. Sponsor: HP.

Governance, risk management and compliance (GRC) form a top-tier of requirements for banks anywhere in the world as they create and deploy applications. A close second nowadays is speed to market, and rapid responsiveness to changing customer expectations and demands.

So when Finansbank, an Istanbul-based bank, knew they had to better manage risk -- but not lose time-to-market advantages -- they did a thorough analysis of available IT products and services. The result was an impressive record of managed risk and deployments, with an eye to greater automation over time.

BriefingsDirect had an opportunity to learn first-hand at the recent HP Discover 2013 Conference in Barcelona how Finansbank extended its GRC prowess -- while smoothing operational integrity and automating speed to deployment -- using several HP solutions.

Learn how from a chat with Ugur Yayvak, Senior Designer of Infrastructure at Finansbank in Istanbul. The discussion is moderated by me, Dana Gardner, Principal Analyst at Interarbor Solutions.

Here are some excerpts:
Gardner: Tell us a bit about your organization and how you're keeping compliance and risk issues in check?

Yayvak
Yayvak: Finansbank is one of the largest banks in Turkey and it has more than 12,000 employees and 600 branches in the country. Banking is a competitive world in Turkey, and for compliance we have to be rapid. We have to do things faster. And security is a big deal for us.

Because we’re a bank, we need to obey the payment-card industry (PCI) and Sarbanes-Oxley (SOX) rules. To accomplish this, we had to create some scripts to check the data on our servers. It takes lots of time to do compliance reporting. Security is a must for the servers, because of attacks. We need to be compliant and secure, and we need to move fast.
 Gardner: And so as you began to look for solutions to these problems, how did you come up with a solution?

Compliance and integrity

Yayvak: First of all, we needed a compliance and integrity-check solution. We did a proof of concept (POC) with three different vendors and we checked for performance, compliance, tool support, ease of use, reporting tools, and the support that the vendor would give us. After all that, we chose HP Server Automation.

We’ve been using it for six months. Three months was for the implementation process, but during implementation, we created our first rules. We did some basic agent rollouts on the servers. Now, we have 90 percent coverage on all of our UNIX servers on the Server Automation site.
We’re also using Service Management and the ArcSight tool. We integrated Server Automation with the Service Management, ArcSight, and also Operations Orchestration to do our jobs in less time.
Gardner: What have been some of the results? What have you been gaining in terms of better control?
With the help of the Server Automation, it’s very simple and we can get the results in much less  time.

Yayvak: We’re creating monthly reports for our audit teams, and it takes less time. With the help of Server Automation, we’ve scheduled our jobs and the audit rules and reports that we want to share with our audit teams.

It takes much less time than it did before. Also, with the help of the scripts, the daily system administration tasks are very easy. Previously, we were doing everything by hand. With the help of the Server Automation, it’s very simple and we can get the results in much less  time.

Looking to the future

Gardner: What about the future? Do you have plans to move further, perhaps using ArcSight? Are there other security benefits that you have in mind?

Yayvak: One is to improve audit server automation, because there are some scripts that we’ve changed. Those changes that we’ve done on the servers must be audited. We also want to integrate Server Automation with ArcSight to track the changes that we’ve made. And if we’ve made an error, we will be alerted by the ArcSight server.

Right now, we’re using these solutions across our central data center, and also the disaster recovery site. But maybe later on, we can implement this for the branches to take care of the data servers there.
Gardner: What announcements or advances in the recent HP products capture your interest?

Yayvak: The new version of Server Automation came out this year, and we wanted to know what has changed. Also Finansbank will use lots of HP's products like Service Manager, Orchestration Manager, Operations Manager. This event was a good place to learn what has changed across these services.
Listen to the podcast. Find it on iTunes. Read a full transcript or download a copy. Sponsor: HP.

You may also be interested in:

at 3:40 PM 0 comments

Thursday, February 13, 2014

HP Access Catalog smooths the way for streamlined deployment of mobile apps

HP today announced HP Access Catalog, a SaaS-delivered mobile app and content store that allows corporations to quickly and securely deliver resources across mobile and desktop devices to their employees anywhere.

IT organizations are facing pressure to deliver a marketplace experience to employees who expect access to content and apps from their device of choice. But non-business controlled exchanges and app stores lack enterprise security and control. Companies must also protect their apps from access by outsiders.

So the new catalog from HP, which can be branded as the business's own store, offers organizations a secure, private “app store” for employees to browse, search and download mobile applications and digital content onto their devices, including mobile and tablets, as well as desktops. The catalog supports Android and iOS platforms, which make up close to 94 percent of the mobile-device market share in the third quarter of 2013.

Earlier this week HP launched the HP Vertica Marketplace, a hub for developers, partners and customers to create and share extensions, enhancements, and solutions that integrate with the HP Vertica Analytics Platform. Both the Vertica Marketplace and HP Access Catalog are powered by technology developed by Palm, which HP acquired in 2010.

Delivered via native mobile clients and a web interface, the HP Access Catalog is a pure software-as-a-service (SaaS) offering that helps organizations reduce the cost and complexity of managing applications on company-issued and bring-your-own-device (BYOD) mobile devices, said Tim Rochte, Director of Product Management at HP Software Web Services. [Disclosure: HP is a sponsor of BriefingsDirect podcasts.]

Streamlined deployment

Through the catalog’s native identity management system or seamless integration with enterprise identity systems, IT organizations ensure that users can find and download the right applications for their role, he said. Those organizations have 100% control over their content and apps.

In addition, the catalog allows IT organizations to drive updates to users to ensure they have the most current applications and data, increasing their mobile productivity and effectiveness without compromising security. Via a CDN, the delivery speed and global reach of the apps and content -- even large video objects and streams to remote branches -- is assured, something a home-grown app store may not be able to do, said Rochte.
As organizations embrace mobility, they need a simple, secure and reliable mechanism to manage the delivery of apps to their employees.

The Access Catalog uses HTML5 and single-sign-on authentication and authorization capabilities with SAML 2.0 integration. It coexists with "public" stores like iTunes and Google Play.

Hosted in HP’s PCI-compliant data center, the access catalog also is offered as an integrated component of the HP Anywhere enterprise mobility platform, enabling customers to manage all their mobile apps

While the HP Access Catalog is currently used for free content, an e-commerce element that allows selling and/or charge backs is in the offing, said Rochte. As applications developers go mobile-first, the store may become a primary way to distribute, track and manage all corporate applications. Or at least it will help manage the expected huge growth in mobile apps in businesses.

You could even say the Access Catalog marketplace model is the new intranet, for those of you that recall intranets.

HP Access Catalog will be available worldwide from HP and its channel partners in March. Pricing will be based on a simple per-user per month or annual subscription. The means the more content and apps per employee, the better the cost ratio -- and productivity.

Additional information is available at go.pronq.com/HP-Access-Catalog.

You may also be interested in:


at 1:35 PM 0 comments

Monday, February 10, 2014

HP adds new value to Vertica data analytics platform with community marketplace

HP today launched the HP Vertica Marketplace, a hub for developers, partners and customers to create and share extensions, enhancements, and solutions that integrate with the HP Vertica Analytics Platform.

These add-ons and solutions include connectors and third-party extensions, business intelligence (BI)  tools, exact transform load (ETL) and data transformation products, connectors and tools for HP HAVEn big-data analytics platform, as well as industry and other original equipment manufacturer (OEM) solutions.

In addition, the HP Vertica Marketplace includes the latest solutions from HP Vertica’s innovations incubation program, allowing users to create cutting-edge big-data applications. [HP is a sponsor of BriefingsDirect podcasts.]

“Our rapidly growing community of customers, partners and developers are building vertical and horizontal solutions on, and creating new add-on capabilities to, Vertica every day,” said Colin Mahony, vice president and general manager, Vertica, HP. “The HP Marketplace provides a place where our community can share and market their capabilities to help other organizations and developers fuel further innovation.”

New capabilities

With the HP Vertica Marketplace, developers and companies can:
  • Gain value from 100 percent of information -- spanning structured, semi-structured and unstructured data -- through connectors and extensions that store, manage and analyze big data. This includes integration with the Hadoop Distributed Filesystem (HDFS) and the HP Autonomy IDOL platform.
  • Get business insights from big data with flexible plug-ins and extensions to integrate and visualize users’ data, including BI and data-visualization tools and products.
  • Capitalize on shared intelligence by engaging developers via a social interface that allows users to pose questions, interact with subject matter experts, and review previous discussions, as all questions are cataloged and searchable.
    HP Vertica Marketplace members also will gain access to the latest innovations from HP Vertica through its incubation program.
HP Vertica Marketplace members also will gain access to the latest innovations from HP Vertica through its incubation program. These new technologies and solutions will be available for developers to evaluate and provide feedback, helping guide future development.

The current marketplace is geared toward free and open community sharing of extensions, connectors and tools, but I think this could easily blossom into a commerce hub for analytics apps and/or data enhancements. We'll have to keep an eye out for that. I also think some sort of vertical industry segmentation of analytics capabilities is in the offing. That would allow for ecosystem-defined solutions to emerge, either as open contributions or for-pay offerings. In any event, it's now quite a powerful destination for developers to showcase their big data analytics endeavors.


New innovations in the market include:
  • HP Vertica Distributed R, which helps data scientists overcome the scalability and performance limitations of R programming language and tackle problems not previously solvable by accelerating the analysis of large data sets by running R computations on multiple nodes.
  • HP Vertica Pulse, which helps organizations leverage an in-database sentiment analysis tool that scores short data posts, including social data, such as Twitter feeds or product reviews, to gauge the most popular topics of interest, analyze how sentiment changes over time, and identify advocates and detractors.
  • HP Vertica Place, which stores and analyzes geospatial data in real time, including locations, networks, and regions. This analytics pack provides Open Geospatial Consortium (OGC) standards–based functionality and integrates with third-party applications.
The HP Vertica Analytics Platform is a key component of the HP HAVEn big-data analytics platform, which enables HP customers and partners to create next-generation applications and solutions that accelerate the monetization of big data. HP HAVEn combines proven technologies including HP Autonomy IDOL, HP Vertica Analytics Platform, HP ArcSight Enterprise Security Manager and HP ArcSight Logger, as well as key industry offerings such as Hadoop.

HP Vertica Community Marketplace is currently availble at www.vertica.com/marketplace and can be accessed through the "Community" tab on www.vertica.com.

You may also be interested in:

at 2:50 PM 0 comments

Tuesday, February 4, 2014

Network virtualization eases developer and operations snafus in the mobile and cloud era

Listen to the podcast. Find it on iTunes. Read a full transcript or download a copy.

As developers are pressured to produce mobile and distributed cloud apps ever faster and with more network unknowns, the older methods of software quality control can lack sufficient predictability.

And as Agile development means faster iterations and a constant stream of updates, newer means of automated testing of the apps in near-production realism prove increasingly valuable.

Fortunately, a tag-team of service and network virtualization for testing has emerged just as the mobile and cloud era requires unprecedented focus on DevOps benefits and rapid quality assurance.

BriefingsDirect had an opportunity to learn first-hand how Shunra Software and HP have joined forces to extend the capabilities of service virtualization for testing at the recent HP Discover 2013 Conference in Barcelona.

Learn here how Shunra Software uses service virtualization to help its developer users improve the distribution, creation, and lifecycle of software applications from Todd DeCapua, Vice President of Channel Operations and Services at Shunra Software, based in Philadelphia. The discussion is moderated by me, Dana Gardner, Principal Analyst at Interarbor Solutions.

Here are some excerpts:
Gardner: There are a lot of trends affecting software developers. They have mobile on their minds. They have time constraints issues. They have to be faster, better, and cheaper along the apps lifecycle way. What among the trends is most important for developers?

DeCapua
DeCapua: One of the biggest ones -- especially around innovation and thinking about results, specifically business results -- is Agile. Agile development is something that, fortunately, we've had an opportunity to work with quite a bit. Our capabilities are all structured around not only what you talked about with cloud and mobile, but we look at things like the speed, the quality, and ultimately the value to the customers.

We’re really focusing on these business results, which sometimes get lost, but I try to always go back to them. We need to focus on what's important to the business, what's important to the customer, and then maybe what's important to IT. How does all that circle around to value?

Gardner: With mobile we have many more networks, and people are grasping at how to attain quality before actually getting into production. How does service virtualization come to bear on that?

Distributed devices

DeCapua: As you look at almost every organization today, something is distributed. Their customers might be on mobile devices out in the real world, and so are distributed. They might be working remotely from home. They might have a distribution center or a truck that has a mobile device on it.

There are all these different pieces. You’re right. Network is a significant part that unfortunately many organizations have failed to notice and failed to consider, as they do any type of testing.

Network virtualization gives you that capability. Where service virtualization comes into play is looking at things like speed and quality. What if the services are not available? Service virtualization allows you to then make them available to your developers.

In the early stage, where Shunra has been able to really play a huge difference in these organizations is by bringing network virtualization in with service virtualization. We’re able to recreate their production environments with 100 percent scale -- all prior to production.

When we think about the value to the business, now you’re able to deliver the product working. So, it is about the speed to market, quality of product, and ultimately value to your customer and to your business.

Gardner: And another constituency that we should keep in mind are those all-important operators. They’re also dealing with a lot of moving parts these days -- transformation, modernization, and picking and choosing different ways to host their data centers. How do they fit into this and how does service virtualization cut across that continuum to improve the lives of operators?
Service virtualization and network virtualization can benefit them is by being able to recreate these scenarios.

DeCapua: You’re right, because as the delivery has sped up through things like Agile, it's your operations team that is sitting there and ultimately has to be the owners of these applications. Service virtualization and network virtualization can benefit them by being able to recreate these in-production scenarios.

Unfortunately, there are still some reactive actions required in production today, so you’re going to have a production incident. But, you can now understand the network in production, capture those conditions, and recreate that in the test environment. You can also do the same for the services.

We now have the ability to quickly and easily recreate a production incident in a prior-to-production environment. The operations team can be part of the team that's fixing it, because again, the ultimate question from CIOs is, “How can you make sure this never happens again?”

We now have the way to quickly and confidently recreate incidents and fix it the first time, not having to change code in production, on the fly. That is one of the scariest moments in any of the times when I've been at the customer site or when I was an employee and had to watch that happen.

Agile iterations

Gardner: As you mentioned earlier, with Agile we’re seeing many more iterations on applications as they need to be rapidly improved or changed. How does service and network virtualization aid in being able to produce many more iterations of an application, but still maintain that high quality?

DeCapua: One of our customers actually told us that -- prior to leveraging network virtualization with service virtualization -- he was doing 80 percent of his testing in-production, simply because he knew the shortcomings, and he needed to test it, but he had no way of re-creating it. Now, let's think about Agile. Let's think about how we shift and get the proven enterprise tools in the developer’s hands sooner, more often, so that we can drive quality early in the process.

That's where these two components play a critical role. As you look at it more specifically and go just a hair deeper, how in integrated environments can you provide continuous development and continuous deployment? And with all that automated testing that you’re already doing, how you can incorporate performance into that? Or, as I call it, how do you “build performance in” from the beginning?

As a business person, a developer, a business analyst, or a Scrum Master, how is it that you’re building performance into your user scenarios today? How is it that you’re setting them up for understanding how that feature or function is going to perform? Let's think about it as we’re creating, not once we get two or three sprints into use and we have our hardening sprint, where we’re going to run our performance scenario. Let's do it early, and let's do it often.
Get the proven enterprise tools in the developer’s hands sooner, more often, so that we can drive quality early in the process.

Gardner: If we’re really lucky, we can control the world and the environment that we live in, but more often than not these days, we’re dealing with third-party application programming interfaces (APIs). We’re dealing with outside web services. We have organizational boundaries that are being crossed, but things are happening across that boundary that we can't control.

So, is there a benefit here, too, when we’re dealing with composite applications, where elements of that mixed service character are not available for your insight, but that you need to be able to anticipate and then react quickly should a change occur?

DeCapua: I can't agree with you more. It’s funny, I am kind of laughing here, Dana, because this morning I was riding the metro in Barcelona and before I got to the stop here, I looked down to my phone, because I was expecting a critical email to come in. Lo and behold, my phone pops up a message and says, “We’re sorry, service is unavailable.”

I could clearly see that I had one out of five bars on the Orange network, and I was on the EDGE network. So, it was about a 2.5G connection. I should still have been able to get data, but my phone simply popped up and said, “Sorry, cannot retrieve email because of a poor data connection.”

I started thinking about it some more, and as I was engaging with other folks today at the show, I asked them why is it that the developer of the application found it necessary to alert me three times in a row that it couldn’t get my email because of a poor data connection? Why didn’t it just not wait 30 seconds, 60 seconds, 90 seconds until it did, and then have it reach out and query it again and pull the data down?

Changing conditions

This is just one very simple example that I had this morning. And you’re right, there are constantly changing conditions in the world. Bandwidth, latency, packet loss and jitter are those conditions that we’re all exposed to every day. If you’re in a BMW driving down the road at 100 miles per hour, that car is now a mobile phone or a mobile device on wheels, constantly in communication. Or if you’re riding the metro or the tube and you have your mobile device on your hands, there are constantly changing conditions.

Network virtualization and service virtualization give you the ability to recreate those scenarios so that you can build that type of resiliency into your applications and, ultimately, the customers have the experience that you want them to have.

Gardner: Todd, tell us about so-called application-performance engineering solutions?

DeCapua: So, application performance engineering (APE) is something that was created within the industry over a number of years. It's meant to be a methodology and an approach. Shunra plays a role in that.

A lot of people had thought about it as testing. Then people thought about it as performance testing. At the next level, many of us in the industry have defined it is application engineering. It’s a lot more than just that, because you need to dive behind the application and understand the in’s and the out’s. How does everything tie together?
Understanding APE will help you to reduce those types of production incidents.

You’d mentioned some of the composite applications and the complexities there -- and I’m including the endpoints or the devices or mobile devices connecting through it. Now, you introduce cloud into the equation, and it gets 10 times worse.

Thinking about APE, it's more of an art and a skill. There is a science behind it. However, having that APE background knowledge and experience gives you the ability to go into these composite apps, go into these cloud deployments, and leverage the right tools and the right process to be able to quickly understand and optimize the solutions.

Gardner: Why aren’t the older scripting and test-bed approaches to quality control good enough? Why can't we keep doing what we've been doing?

DeCapua: In the United States recently, October 1 of 2013, there was a large healthcare system being rolled out across the country. Unfortunately, they used the old testing methodologies and have had some significant challenges. HP and Shunra were both engaged on October 2 to assist.

Understanding APE will help you to reduce those types of production incidents. All due to inaccurate results in the test environment, using the current methodologies, about 50 percent of our customers come to us in a crisis mode. They say, “We just had this issue, I know that you told us this is going to happen, but we really need your help now.”

They’re also thinking about how to shift and how to build performance in all these components -- just have it built in, have it be automatic, and get the results that are accurate.

Coming together

Gardner: Of course HP has service virtualization, you have network virtualization. How are they coming together? Explain the relationship and how Shunra and HP work together?

DeCapua: To many people's surprise, this relationship is more than a decade old. Shunra’s network-virtualization capability has, for a long time, been built in to HP LoadRunner, also is now being built into HP Performance Center.

There are other capabilities that we have that are built into their Unified Functional Testing (UFT) products. In addition, within service virtualization, we’re now building that product into there. It’s one that, when you think about anything that has some sort of distribution or network involved, network virtualization needs to come into play.

Some people have a hard time initially understanding the service virtualization need, but a very simple example I often use is an organization like a bank. They’ll have a credit check as you’re applying for a loan. That credit check is not going to be a service that the bank creates. They’re going to outsource it to one of the many credit-check services. There is a network involved there.

In your test environment, you need to recreate that and take that into consideration as a part of your end-to-end testing, whether it's functional, performance, or load. It doesn’t matter.
In your test environment, you need to recreate that and take that into consideration as a part of your end-to-end testing, whether it's functional, performance, or load.

As we think about Shunra, network virtualization and the very tight partnership that we've had with HP for service virtualization, as well as their ability to virtualize the users, it's been an OEM relationship. Our R and D teams sit together as they’re doing the development so that this is a seamless product for the HP customer to be able to get the benefit and value for their business and for their customers.

Gardner: Let's talk a little bit about what you get when you do this right. It seems to me the obvious point is getting to the problem sooner, before you’re in production, extending across network variables, across other composite application-type variables. But, I’m going to guess that there are some other benefits that we haven't yet hit on.

So, when you've set up you're testing, when you have virtualization as your tool, what happens in terms of paybacks?

DeCapua: There are many benefits there, which we have already covered. There are dozens more that we could get into. One that I would highlight, being able to pull all the different pieces that we've been talking about, are shorter release times.

TechValidate did a survey in February of 2013. The findings were very compelling in that they found a global bank was able to speed up their deployment or application delivery by 30 to 40 percent. What does that mean for that organization as compared to their competitor? If you can get to market 30 to 40 percent faster, it means millions or billions of dollars over time. Talk about numbers of customers or brands, it's a significant play there.

Rapid deployment

There are other things like rapid deployment. As we think about Agile and mobile, it's all about how fast we get this feature function out, leveraging service virtualization in a greater way, and reducing associated costs.

In the example that I shared, the customer was able to virtualize the users, virtualize the network, and virtualize the services. Prior to that, he would never have been able to justify the cost of rebuilding a production environment for test. Through user virtualization, network virtualization, and service virtualization, he was able to get to 100 percent at a fraction of the cost.

Time and time again we mention automation. This is a key piece of how you can test early, test often, ultimately driving these accurate results and getting to the automated optimization recommendations.

Gardner: What comes next in terms of software productivity? What should organizations be thinking in terms of vision?

Slow down

DeCapua: I see Agile, mobile, and cloud. There are some significant risks out in the marketplace today. As organizations look to leverage these capabilities to benefit their business and the customers, maybe they need to just slow down for a moment and not create this huge strategy, but go after “How can I increase my revenue stream by 20 percent in the next 90 days?” Another one that I've had great success with is, “What is that highest visibility, highest risk project that you have in your organization today?”

As I look at The Wall Street Journal, and I read the headlines everyday, it's scary. But, what's coming in the future? We can all look into our crystal balls and say that this is what it is. Why not focus on one or two small things of what we have now, and think about how we’re mitigating our risk of  looking at larger organizations that are making commitments to migrate critical applications into the cloud?

You’re biting off a fairly significant risk, which that there isn’t a lot there to catch you when you do it wrong, and, quite frankly, nearly everybody is doing it wrong. What if we start small and find a way to leverage some of these new capabilities? We can actually do it right, and then start to realize some of the benefits from cloud, mobile, and other channels that your organization is looking to.

Gardner: The role of software keeps increasing in many organizations. It's becoming the business itself and, as a fundamental part of the business, requires lots of tender love and care.
The more that we can think about that and tune ourselves and make ourselves lean and focused on delivering better quality products, we’re going to be in the winning circle more often.

DeCapua: You got it. The only other bit that I would add on to that is looking at the World Quality Report that was presented this morning by HP, Capgemini, and Sogeti, they highlighted that there is an increased spend from the IT budget, and a rather significant increase in spend from last year in testing.

It’s exactly what you’re saying. Organizations didn’t enter the market thinking of themselves as a software house. But time and time again, we’re seeing how people who treat what they do as a software house ultimately is improving not only life for their internal customers, but also their external customers.

So I think you’re right. The more that we can think about that and tune ourselves and make ourselves lean and focused on delivering better quality software products, we’re going to be in the winning circle more often.
Listen to the podcast. Find it on iTunes. Read a full transcript or download a copy.
Sponsor: HP.

You may also be interested in:

at 5:11 PM 0 comments
Subscribe to: Posts (Atom)