Clearly seeing a sweet spot amid complex and costly applications support for Microsoft Exchange, SharePoint and SAP R/3 implementations, HP on Monday delivered a CloudStart package of turnkey private cloud infrastructure capabilities with a self-service, SasS portal included.
Delivered at the VMworld conference in San Francisco, HP is taking a practical approach for creating cloud and shared services deployment models that make quick economic sense by targeting costly and sprawling server farms that support seas of Microsoft, SAP and other "out of the box" business applications as services. [Disclosure: HP is a sponsor of BriefingsDirect podcasts.]
In doing so, HP is moving quickly to try and carve out a leadership position for the fast (30 days, they say) set-up of private clouds, coupled with the ease of a SaaS-based deployment, maintenance and ongoing operations portal that implements and supports the clouds and the applications they support. The targeting of costly and often inefficient Microsoft Exchange and SharePoint farms also points to the creeping separation of Microsoft's and HP's infrastructure -- and cloud -- strategies.
At the same time, HP's cloud hardware, software and services packaging via CloudStart exploits HP's product strengths while setting the stage for enterprise application stores, service catalogs of metered apps as services, more choices of moving to hybrid clouds, and easy segues to multiple sourcing and hosting options, all of which play into HP's Enterprise Services (nee EDS) on the hosting side.
CloudStart is also what I believe is only the opening salvo in a comprehensive private cloud initiative and strategy drive that HP aims to win. Expect more developments through the fall on HP Cloud Service Automation (CSA) and applications lifecycle management products, services and professional services support offerings.
HP's VMworld news today also comes on the heels of a slew of private cloud product and services offerings last week.
Partners form ecosystem approach
The HP CloudStart package -- with third-party partner ecosystem players like Intel, Samsung, VMware and Carnegie Mellon -- combines the features of HP BladeSystem Matrix, Converged Infrastructure, Cloud Service Automation stack, StorageWorks, and other governance and management offerings. That on top of the globally available HP server hardware and networking hardware portfolios. HP says, however, that CloudStart is designed to integrate well with an enterprises's existing heterogeneous platforms, any hypervisor, and third-party and open source middleware.
Such mission-critical aspects as disaster recovery, security, storage efficiency, governance, patches support, compliance and audits support, and use metering and charge-backs billing are also included in the CloudStart offerings and road map, HP said.
HP also announced Cloud Maps for use with apps and solutions from VMware, SAP, Oracle and Microsoft to significantly speed application deployment via tested, cloud-ready app configurations. Cloud Maps are imported directly into private cloud environments, enabling them to develop a catalog of cloud services.
The combination of the cloud elements could lead to a "standardized" approach for creating and expanding private clouds throughout an enterprise, said Paul Miller, vice president, Solutions and Strategic Alliances, Enterprise Servers, Storage and Networking at HP. The solution is designed to be deployed on-premises but uses an HP-operated, off-premises and SaaS setup and operations portal.
And that SaaS, self-service aspect could be a key to the practical deployment of enterprise clouds, which HP sees as rapidly growing in interest in a "multi-source IT world," even if enterprises are not quite sure how to begin. HP recognizes that moving from a non-cloud problem set of complexity and sprawl to a cloud-based world of complexity and sprawl sort of defeats the purpose and economics.
IT leaders need cloud road map
"When CIOs have a simplified way to map their path to the private cloud, including all the necessary components from infrastructure and applications to services, they are more likely to identify a comprehensive and realistic deployment scenario for their organization," said Matt Eastwood, group vice president, Enterprise Platform Group, IDC, in a release. "With the HP CloudStart solution, clients now have a way to accelerate the adoption of service-oriented environments for a private cloud that matches the speed, flexibility and economies of public cloud without the risk or loss of control."
So CloudStart works to consolidate, integrate, and converge the cloud support elements -- and in doing so creates a compelling alternative to IT infrastructure as usual. And maybe a standard on-ramp to the use of heterogeneous private clouds?
The HP CloudStart solution is offered now in Asia-Pacific and Japan and expected to be available globally in December.
I see the self-service portal as a critical differentiator, and could also lead to what we think of the "app stores" model for consumer and entertainment uses moving to the enterprise apps space. Because once a private cloud has been deployed, and if managed via a HP portal, applications in a service catalog via the portal could be then chosen and deployed in a common manner, all with a managed pay-as-you go metered model or other SLAs. Indeed, other apps within the enterprise could also be brought into the cloud to also be metered and charged back by usage to the business users.
Kind of reminds me of getting the values of SOA but having someone else build it out.
Accountants love this model, as it helps move IT from a cost center into an SLA-driven service center. Over time a variety of hybrid cloud offerings -- perhaps leveraging the standardized CloudStart deployment model and common billing model -- could be explored and transitioned to. That is, HP could then go the enterprises using CloudStart and via the management portal, offer to run those or other apps on its data centers -- perhaps substantially cutting the total costs of apps delivery.
This way, the enterprise app store and service catalog becomes the interface between the IT managers and the service vendors. IT becomes a procurement and brokering function, amid -- one hopes -- a vibrant market of cloud services offerings. It makes IT into more like any other mature business function ... like materials, logistics, supply chain, HR, energy, facilities, etc.
Future of IT?
Here's where the future of IT is headed. Whatever vendor/supplier/service provider (and its ecosystem) gets to IT as a service first and best, and then offers the best long-term value, support, management and reliability ... wins.
HP clearly wants to be on the short list of such winning providers.
You may also be interested in:
Monday, August 30, 2010
Friday, August 27, 2010
Platform Computing steps up with easy-entry solution for building private clouds
Platform Computing has paved the way to faster private cloud adoption with a low-risk, low-cost way for companies to evaluate their use of cloud computing. The Platform ISF Starter Pack, announced this week, will enable architects and IT managers to get a cloud sandbox environment up and running in less than 30 minutes, the company says.
The $4,995 Starter Pack announcement comes as a slew of vendors are focused on the adoption path for private clouds. More private cloud developments are expected at next week's VWworld conference.
Platform ISF manages application workloads across multiple virtual machine (VM) technologies and provisioning tools. I
t includes self-service, automated provisioning and chargeback capabilities. It supports multiple VM technologies, including ESX, Xen, KVM and Hyper-V, as well as popular provisioning tools, such as Red Hat Satellite, IBM xCAT, Symantec Altiris, and Platform Cluster Manager. [Disclosure: Platform Computing is a sponsor of BriefingsDirect podcasts.]
“Organizations have plenty of toolkits to choose from as they evaluate private cloud, but they require multiple tools that users must string together themselves,” said James Pang, Vice President Product Management for Platform. “What’s more, these toolkits can cost $50,000 or more, and require 30-plus days of onsite consulting to build and customize an evaluation environment. We wanted to provide a cheap and easy way for users to get up and running quickly with a single product."
Software and best practices
The ISF Starter Pack, which costs $4,995, includes software, best practices advice and help to set up private cloud and includes:
The $4,995 Starter Pack announcement comes as a slew of vendors are focused on the adoption path for private clouds. More private cloud developments are expected at next week's VWworld conference.
Platform ISF manages application workloads across multiple virtual machine (VM) technologies and provisioning tools. I
t includes self-service, automated provisioning and chargeback capabilities. It supports multiple VM technologies, including ESX, Xen, KVM and Hyper-V, as well as popular provisioning tools, such as Red Hat Satellite, IBM xCAT, Symantec Altiris, and Platform Cluster Manager. [Disclosure: Platform Computing is a sponsor of BriefingsDirect podcasts.]“Organizations have plenty of toolkits to choose from as they evaluate private cloud, but they require multiple tools that users must string together themselves,” said James Pang, Vice President Product Management for Platform. “What’s more, these toolkits can cost $50,000 or more, and require 30-plus days of onsite consulting to build and customize an evaluation environment. We wanted to provide a cheap and easy way for users to get up and running quickly with a single product."
Software and best practices
The ISF Starter Pack, which costs $4,995, includes software, best practices advice and help to set up private cloud and includes:
- One-year Platform ISF term license for 10 sockets, including support
- Half-day orientation training
- Half-day cloud building consultation
- Integration advice for Platform ISF with your internal tools
Thursday, August 26, 2010
Trio of cloud companies collaborate on new private cloud platform offerings
A trio of cloud ecosystem companies have collaborated to offer an integrated technology platform that aims to deliver a swift on-ramp to private and hybrid cloud computing models in the enterprise.
No cloud-in-a-box
From my perspective, cloud solutions won’t come in a box, nor are traditional internal IT technologies and skills apt to seamlessly spin up mission-ready cloud services. Neither are cloud providers so far able to provide custom or "shrink-wrapped" offerings that conform to a specific enterprise’s situation and needs. That leaves a practical void, and therefore an opportunity, in the market.
This trio of companies is betting that self-service private and hybrid cloud computing demand will continue to surge as companies press IT departments to deliver on-demand infrastructure services readily available from public clouds like Amazon EC2. Since many IT organizations aren’t ready to make the leap, they don’t have the infrastructure or process maturity to transition to the public cloud. That’s where the new solution comes in.
Incidentally, you should soon expect similar cloud starter packages of technology and services, including SaaS management capabilities, from a variety of vendors and partnerships. Indeed, next week's VWworld conference should be rife with such news.
The short list of packaged private cloud providers includes VMware, Citrix, TIBCO, Microsoft, HP, IBM, Red Hat, WSo2, RightScale, RackSpace, Progress Software, Platform Computing and Oracle/Sun. Who else would you add to the list? [Disclosure: HP, Progress, Platform Computing and WSO2 are sponsors of BriefingsDirect podcasts].
Well, add Red Hat, which this week preempted VWworld with news of its own path to private cloud offerings, saying only Red Hat and Microsoft can offer the full cloud lifecycle parts and maintenance. That may be a stretch, but Red Hat likes to be bold in its marketing.
Behind the scenes
Here’s how the newScale, rPath and Eucalyptus Systems collaboration looks under the hood. newScale, which provides self-service IT storefronts, brings its e-commerce ordering experience to the table. newScale’s software lets IT run on-demand provisioning, enforce policy-based controls, manage lifecycle workloads and track usage for billing.
rPath will chip in its automating system development and maintenance technologies. With rPath in the mix, the platform can automate system construction, maintenance, and on-demand image generation for deployment across physical, virtual and cloud environments.
For its part, Eucalyptus Systems, an open source private cloud software developer, will offer infrastructure software that helps organizations deploy massively scalable private and hybrid cloud computing environments securely. MomentumSI comes in on the back end to deliver the solution.
It's hard to imagine that full private and/or hybrid clouds are fully ready from any singe single vendor. And who would want that, and the inherent risk of lock-in, a one-stop cloud shop would entail? Best-of-breed and open source components work just as well for cloud as for traditional IT infrastructure approaches. Server, storage and network virtualization may make the ecosystem approach even more practical and cost-efficient for private clouds. Pervasive and complete management and governance are the real keys.
My take is that ecosystem-based solutions then are the first, best way that many organizations will likely actually use and deploy cloud services. The technology value triumvirate of newScale, rPath and Eucalyptus—with solution practice experience of MomentumSI—is an excellent example of the ecosystem approach most likely to become the way that private cloud models actually work for enterprises for the next few years.
newScale, rPath and Eucalyptus Systems are combining their individual technology strengths in a one-two-three punch that promises to help businesses pump up their IT agility through cloud computing. [Disclosure: rPath is a sponsor of BriefingsDirect podcasts.]
The companies will work with integration services provider MomentumSI to deliver on this enterprise-ready platform that relies on cloud computing, integrating infrastructure for private and hybrid clouds with enterprise IT self-service, and system automation.No cloud-in-a-box
From my perspective, cloud solutions won’t come in a box, nor are traditional internal IT technologies and skills apt to seamlessly spin up mission-ready cloud services. Neither are cloud providers so far able to provide custom or "shrink-wrapped" offerings that conform to a specific enterprise’s situation and needs. That leaves a practical void, and therefore an opportunity, in the market.
This trio of companies is betting that self-service private and hybrid cloud computing demand will continue to surge as companies press IT departments to deliver on-demand infrastructure services readily available from public clouds like Amazon EC2. Since many IT organizations aren’t ready to make the leap, they don’t have the infrastructure or process maturity to transition to the public cloud. That’s where the new solution comes in.
Incidentally, you should soon expect similar cloud starter packages of technology and services, including SaaS management capabilities, from a variety of vendors and partnerships. Indeed, next week's VWworld conference should be rife with such news.
The short list of packaged private cloud providers includes VMware, Citrix, TIBCO, Microsoft, HP, IBM, Red Hat, WSo2, RightScale, RackSpace, Progress Software, Platform Computing and Oracle/Sun. Who else would you add to the list? [Disclosure: HP, Progress, Platform Computing and WSO2 are sponsors of BriefingsDirect podcasts].
Well, add Red Hat, which this week preempted VWworld with news of its own path to private cloud offerings, saying only Red Hat and Microsoft can offer the full cloud lifecycle parts and maintenance. That may be a stretch, but Red Hat likes to be bold in its marketing.
Behind the scenes
Here’s how the newScale, rPath and Eucalyptus Systems collaboration looks under the hood. newScale, which provides self-service IT storefronts, brings its e-commerce ordering experience to the table. newScale’s software lets IT run on-demand provisioning, enforce policy-based controls, manage lifecycle workloads and track usage for billing.
rPath will chip in its automating system development and maintenance technologies. With rPath in the mix, the platform can automate system construction, maintenance, and on-demand image generation for deployment across physical, virtual and cloud environments.
This trio of companies is betting that self-service private and hybrid cloud computing demand will continue to surge
For its part, Eucalyptus Systems, an open source private cloud software developer, will offer infrastructure software that helps organizations deploy massively scalable private and hybrid cloud computing environments securely. MomentumSI comes in on the back end to deliver the solution.
It's hard to imagine that full private and/or hybrid clouds are fully ready from any singe single vendor. And who would want that, and the inherent risk of lock-in, a one-stop cloud shop would entail? Best-of-breed and open source components work just as well for cloud as for traditional IT infrastructure approaches. Server, storage and network virtualization may make the ecosystem approach even more practical and cost-efficient for private clouds. Pervasive and complete management and governance are the real keys.
My take is that ecosystem-based solutions then are the first, best way that many organizations will likely actually use and deploy cloud services. The technology value triumvirate of newScale, rPath and Eucalyptus—with solution practice experience of MomentumSI—is an excellent example of the ecosystem approach most likely to become the way that private cloud models actually work for enterprises for the next few years.
BriefingsDirect contributor Jennifer LeClaire provided editorial assistance and research on this post. She can be reached at http://www.linkedin.com/in/jleclaire and http://www.jenniferleclaire.com.You may also be interested in:
Tuesday, August 17, 2010
Modern data centers require efficiency-oriented changes in networking with eye on simplicity, automation
Listen to the podcast. Find it on iTunes/iPod and Podcast.com. Read a full transcript or download a copy. Sponsor: HP.
As data center planners seek to improve performance and future-proof their investments, the networking leg on the infrastructure stool can no longer stand apart. Advances such as widespread virtualization, increased modularity, converged infrastructure, and cloud computing are all forcing a rethinking of data center design.
And so the old rules of networking need to change because specialized, labor-intensive and homogeneous networking systems need to be be brought into the total modern data center architecture. The increasingly essential role of networking in data center transformation (DCT) needs to stop being a speed bump and instead cut complexity while spurring on adaptability and flexibility.
Networking must be better architected within -- and not bolted onto -- the DCT future. The networking-inclusive total architecture needs to accomplish the total usage pattern and requirements for both today and tomorrow -- and with an emphasis on openness, security, flexibility, and sustainability.
To learn more about how networking is changing, and how organizations can better architect networking into their data centers future, BriefingsDirect assembled two executives from HP, Helen Tang, Worldwide Data Center Transformation Solutions Lead, and Jay Mellman, Senior Director of Product Marketing in the HP Networking Unit. The discussion is moderated by BriefingsDirect's Dana Gardner, Principal Analyst at Interarbor Solutions.
Here are some excerpts:
Listen to the podcast. Find it on iTunes/iPod and Podcast.com. Read a full transcript or download a copy. Sponsor: HP.
You may also be interested in:
Special Offer: Gain insight into best practices for transforming your data center by downloading three whitepapers from HP at www.hp.com/go/dctpodcastwhitepapers.
As data center planners seek to improve performance and future-proof their investments, the networking leg on the infrastructure stool can no longer stand apart. Advances such as widespread virtualization, increased modularity, converged infrastructure, and cloud computing are all forcing a rethinking of data center design.
And so the old rules of networking need to change because specialized, labor-intensive and homogeneous networking systems need to be be brought into the total modern data center architecture. The increasingly essential role of networking in data center transformation (DCT) needs to stop being a speed bump and instead cut complexity while spurring on adaptability and flexibility.
Networking must be better architected within -- and not bolted onto -- the DCT future. The networking-inclusive total architecture needs to accomplish the total usage pattern and requirements for both today and tomorrow -- and with an emphasis on openness, security, flexibility, and sustainability.
To learn more about how networking is changing, and how organizations can better architect networking into their data centers future, BriefingsDirect assembled two executives from HP, Helen Tang, Worldwide Data Center Transformation Solutions Lead, and Jay Mellman, Senior Director of Product Marketing in the HP Networking Unit. The discussion is moderated by BriefingsDirect's Dana Gardner, Principal Analyst at Interarbor Solutions.
Here are some excerpts:
Tang: As we all know, in 2010 most IT organizations are wrestling with the three Cs-- reducing cost, reducing complexity, and also tapping the problem of hitting the wall with capacity from a base, space, and energy perspective.
The reason it's happening is because IT is really stuck between two different forces. One is the decades of aging architecture, infrastructure, and facilities they have inherited. The other side is that the business is demanding ever faster services and better improvements in their ability to meet requirements.
The confluence of that has really driven IT to ... a series of integrated data center projects and technology initiatives that can take them from this old integrated architecture to an architecture that’s suited for tomorrow’s growth.
DCT ... includes four things: consolidation, whether it's infrastructure, facilities or application; virtualization and automation; continuity and sustainability, which address the energy efficiency aspect, as well as business continuity and disaster recovery; and last, but not least, converged infrastructure.
Networking involves common problems, solutions
Networking actually plays in all these areas, because it is the connective tissue that enables IT to deliver services to the business. It's very critical. In the past this market has been largely dominated by perhaps one vendor. That’s led to a challenge for customers, as they address the cost and complexity of this piece.
[With DCT] we've seen just tremendous cost reduction across the board. At HP, when we did our own DCT, we were able to save over a billion dollars a year. For some of our other customers, France Telecom for example, it was €22 million in savings over three years -- and it just goes on and on, both from an energy cost reduction, as well as the overall IT operational cost reductions.
Mellman: Today’s architecture is very rigid in the networking space. It's very complex with lots of specialized people and specialized knowledge. It's very costly and, most importantly, it really doesn’t adapt to change.
The kind of change we see, as customers are able to move virtual machines around, is exactly the kinds of thing we need in networking and don’t have. So there has been a dramatic change in what's demanded of networking in a data center context.
Within the last couple of years ... customers were telling us that there were so many changes happening in their environments, both at the edge of the network, but also in the data center, that they felt like they needed a new approach.
Look at the changes that have happened in the data center just in the last couple of years -- the rise of virtualization and being able to actually take advantage of that effectively, the pressures on time to market in alignment with the business, and the increasing risk from security and the increasing need for compliance.
Rapid rise in network connections
For example, there's the sheer number of connections, as we went from single large servers to multiple racks of servers, and to multiple virtual machines for services -- all of which need connectivity. We have different management constructs between servers, storage, and networking ... that have been very difficult to deal with.
Tie all these together, and HP felt this is the right time [for a change]. The other thing is that these are problems that are being raised in the networking space, but they have direct linkage to how you would best solve the problem.
We've been in the business for 25 to 30 years and we are successfully the number two vendor in the industry selling primarily at the edge. ... We can now do a better job because we can actually bring the right engineering talent together and solve [networking bottlenecks] in an appropriate way. That balances the networking needs with what we can do with servers, what we can do with storage, with software, with security and with power and cooling, because often times, the solution may be 90 percent networking, but it involves other pieces as well.
There are opportunities where we go from more than 210 different networking components required to serve a certain problem down to two modules. You can kind of see that's a combination of consolidation, convergence, cost reduction, and simplicity, all coming together.
We saw a real requirement from customers to come in and help them create more flexibility, drive risk down, improve time to service and take cost out of the system, so that we are not spending so much on maintenance and operation, and we can put that to more innovation and driving the business forward.
Need for simplicity that begets automation
A couple of these key rules drive simplicity. The job of a network admin needs to be made as simple and have as much automation and orchestration as the jobs of SysAdmins or SAN Admins today.
The second is that we want to align networking more fully with the rest of the infrastructure, so that we can help customers deliver the service they need when they need it, to users in the way that they need it. That alignment is just a new model in the networking space.
Finally, we want to drive open systems, first of all because customers really appreciate that. They want standards and they want to have the ability to negotiate appropriately, and have the vendors compete on features, not on lock-in.
Open standards also allow customers to pick and choose different pieces of the architecture that work for them at different points in time. That allows them, even if they are going to work completely with HP, the flexibility and the feeling that we are not locking them in. What happens when we focus on open systems is that we increase innovation and we drive cost out of the system.The traditional silos between servers and storage and networking are finally coming down. Technology has come to an inflection point.
What we see are pressures in the data center, because of virtualization, business pressures, and rigidity, giving us an opportunity to come in with a value proposition that really mirrors what we’ve done for 25 years, which is to think about agility, to think about alignment with the rest of IT, and to think about openness and really bringing that to the networking arena for the first time.
For example, we have a product called Virtual Connect, which has a management concept called Virtual Connect Enterprise Manager. It allows the networking team and the sever teams to work off the same pool of data. Once the networking team allocates connectivity, the server team can work within that pool, without having to always go back to the networking team and ask for the latest new IP address and new configurations.
HP is really focused on how we bring the power of that orchestration, and the power of what we know about management, to allow these teams to work together without requiring them, in a sense, to speak the same language, when that’s often the most difficult thing that they have to do.
When we look at agility and ability to improve time-to-service, we are often seeing an order of magnitude or even two orders of magnitude [improvement] by churning up a rollout process that might take months -- and turning it into hours or days.
With that kind of flexibility, you avoid the silos, not necessarily just in technology, but in the departments, as requests from the server and storage teams to the networking team. So, there are huge improvements there, if we look at automation and risk. I also include security here.
It's very critical, as part of these, that security be embedded in what we're doing, and the network is a great agent for that. In terms of the kinds of automation, we can offer single panes of glass to understand the service delivery and very quickly be able to look at not only what's going on in a silo, but look at actual flows that are happening, so that we can actually reduce the risk associated with delivering the services.
Cost cuts justify the shift
Finally, in terms of cost, we're seeing -- at the networking level specifically -- reductions on the order of 30 percent to as high as 65 percent by moving to these new types of architectures and new types of approaches, specifically at the server edge, where we deal with virtualization.
HP has been recognizing that customers are increasingly not being judged on the quality of an individual silo. They're being judged on their ability to deliver service, do that at a healthy cost point, and do that as the business needs it. That means that we've had to take an approach that is much more flexible. It's under our banner of FlexFabric.
Tang: The traditional silos between servers and storage and networking are finally coming down. Technology has come to an inflection point. We're able to deliver a single integrated system, where everything can be managed as a whole that delivers incredible simplicity and automation as well as significant reduction in the cost of ownership.
[To learn more] a good place to go is www.hp.com/go/dct. That’s got all kinds of case studies, video testimonials, and all those resources for you to see what other customers are doing. The Data Center Transformation Experience Workshop is a very valuable experience.
Mellman: There are quite a few vendors out there who are saying that the future is all about cloud and the future is all about virtualization. That ignores the fact that the lion's share of what's in a data center still needs to be kept.
You want an architecture that supports that level of heterogeneity and may support different kinds of architectural precepts, depending on the type of business, the types of applications, and the type of pressures on that particular piece.
What HP has done is try to get a handle on what is that future going to look like without prescribing that it has to be a particular way. We want to understand where these points of heterogeneity will be and what will be able to be delivered by a private cloud, public cloud, or by more traditional methods and bring those together, and then net it down to architectural things that makes sense.
We realize that there will be a high degree of virtualization happening at the server edge, but there will also be a high degree of physical servers for especially some big apps that may not be virtualized for a long time, Oracle, SAP, some of the Microsoft things. Even when they are, they are going to be done with potentially different virtualization technologies.
Physical and virtual
Even with a product like Virtual Connect, we want to make sure that we are supporting both physical and virtual server capabilities. With our Converged Network Adaptors, we want to support all potential networking connectivity, whether it’s Fibre Channel, iSCSI, Fibre Channel over Ethernet or server and data technology, so that we don’t have to lock customers into a particular point of view.
We recognize that most data centers are going to be fairly heterogeneous for quite a long time. So, the building blocks that we have, built on openness and built on being managed and secure, are designed to be flexible in terms of how a customer wants to architect.
It’s best having the customer just step back and say, "Where is my biggest pain point?" The nice thing with open systems is that you can generally address one of those, try it out, and start on that path. Start with a small workable project and get a good migration path toward full transformation.
Special Offer: Gain insight into best practices for transforming your data center by downloading three whitepapers from HP at www.hp.com/go/dctpodcastwhitepapers.
Listen to the podcast. Find it on iTunes/iPod and Podcast.com. Read a full transcript or download a copy. Sponsor: HP.
You may also be interested in:
HP buys Fortify, and it's about time!
This guest blog post comes courtesy of Tony Baer’s OnStrategies blog. Tony is a senior analyst at Ovum.
By Tony Baer
What took HP so long? Store that thought.
As w
e’ve stated previously, security is one of those things that have become everybody’s business. Traditionally the role of security professionals who have focused more on perimeter security, the exposure of enterprise apps, processes, and services to the Internet opens huge back doors that developers unwittingly leave open to buffer overflows, SQL injection, cross-site scripting, and you name it. Security was never part of the computer science curriculum.
But as we noted when IBM Rational acquired Ounce Labs, developers need help. They will need to become more aware of security issues but realistically cannot be expected to become experts. Otherwise, developers are caught between a rock and a hard place – the pressures of software delivery require skills like speed and agility, and a discipline of continuous integration, while security requires the mental processes of chess players.
At this point, most development/ALM tools vendors have not actively pursued this additional aspect of quality assurance (QA); there are a number of point tools in the wild that may not necessarily be integrated. The exceptions are IBM Rational and HP, which have been in an arms race to incorporate this discipline into QA. Both have so-called “black box” testing capabilities via acquisition – where you throw ethical hacks at the problem and then figure out where the soft spots are. It’s the security equivalent of functionality testing.
Raising the ante
With the mating ritual having predated IBM’s Ounce acquisition last year, buying Fortify was just a matter of time. At least a management interregnum didn’t stall it.
Last year IBM Rational raised the ante with acquisition of Ounce Labs, providing “white box” static scans of code – in essence, applying debugger type approaches. Ideally, both should be complementary – just as you debug, then dynamically test code for bugs, do the same for security: white box static scan, then black both hacking test.
Over the past year, HP and Fortify have been in a mating dance as HP pulled its DevInspect product (an also-ran to Fortify’s offering) and began jointly marketing Fortify’s SCA product as HP’s white box security testing offering. In addition to generating the tests, Fortify's SCA manages this stage as a workflow, and with integration to HP Quality Center, autopopulates defect tracking. [Disclosure: HP is a sponsor of BriefingsDirect podcasts.]
We’ll save discussion of Fortify’s methodology for some other time, but suffice it to say that it was previously part of HP’s plans to integrate security issue tracking as part of its Assessment Management Platform (AMP), which provides a higher level dashboard focused on managing policy and compliance, vulnerability and risk management, distributed scanning operations, and alerting thresholds.
In our mind, we wondered what took HP so long to consummate this deal. Admittedly, while the software business unit has grown under now departed CEO Mark Hurd, it remains a small fraction of the company’s overall business. And with the company’s direction of “Converged Infrastructure”, its resources are heavily preoccupied with digesting Palm and 3Com (not to mention, EDS).
The software group therefore didn’t have a blank check, and given Fortify’s 750-strong global client base, we don’t think that the company was going to come cheap (the acquisition price was not disclosed). With the mating ritual having predated IBM’s Ounce acquisition last year, buying Fortify was just a matter of time. At least a management interregnum didn’t stall it.
Finally!
This guest blog post comes courtesy of Tony Baer’s OnStrategies blog. Tony is a senior analyst at Ovum.
You may also be interested in:
Subscribe to:
Posts (Atom)
