Like a canvas the blank page stares back waiting to be filled with vibrant colors to create a picture perfect view of how the artist views their world. Although many pictures have been painted of the Client, Cloud and Virtualization with vibrant variation they are still a bit blurred by vendor bias.
The journey I set out a year ago was to create the picture of the Client, Cloud, and Virtualization painted through the clarity of the eyes of the customer. For those that truly know me - I will always be the first to admit that although my opinions may be interesting they are not as relevant as the customers I serve as they are the ones that are the true unsung heroes. The architects, IT Admins, CIOs, CTOs, FTEs, Audit and Security teams that keep our technology dependent world humming.
For those of us that have been around as our society has become more dependent on technology we have seen the sleepless nights, long weekend upgrades, countless hours missed from our families, and problems solved. For those that think it is not critical - think about it the next time you are in the hospital. Look around - see how dependent we are on technology and not just the inventors of it but those that are supporting what we create.
Like so many journeys, mine has been filled with surprises, twists, turns, and mini-destinations along the way. I originally set out to publish a vendor neutral guide for Universal Clients (connecting Client, Cloud, and Virtualization) for and by customers.
Detour: Visible Ops Private Cloud
Suffice to say while I was busy on my journey - I was asked to take a slight detour to work with some old friends and colleagues on creating the next book in the Visible Ops series. Being a big fan of Visible Ops and IT Process Institute, Andi Mann, and Kurt Milne (my co-authors) - it was a worth while detour to explore.
I have rather enjoyed working with Andi and Kurt on creating what we hope to be a culmination of collective customer and implementer feedback on the challenges and lessons learned from some of the leading IT people we know. Visible Ops Private Cloud: From Virtualization to Private Cloud in 4 Practical Steps - was a joy to work on because it was for customer by customers. We stopped at Private Cloud because there appears to be a bifurcation in the market currently. Meaning that public clouds are largely being consumed by Small to Medium Businesses that lack the internal IT, are less regulated, and complicated than their larger Enterprise counterparts. The SMB is full force on public clouds because it provides agility and ability to implement services at a fraction of the costs.
However the Enterprise is proceeding with caution at the moment because neither the Software Producers nor Cloud Providers have all the kinks worked out to provide compliant, cost effective systems for Cloud Bursting and utilization of Public Clouds for highly regulated environments. It is not to say that they are not testing the waters with test and development. They are just not jumping in full force...yet...
Visible Ops Private Cloud captures the much needed foundation of people, processes and technology to enable IT to build to the next level: Cloud Bursting/Hybrid Cloud and eventually Universal Clients.
Final Destination: I Speak Client, Cloud, & Virtualization Series Coming Soon...
Suffice to say..prior to writing the Visible Ops Private Cloud, I logged quite a bit of time with customers, conducting interviews, research and writing about the next major paradigm shift that is currently under way: Desktop Transformation to Universal Clients (Client, Cloud, and Virtualization). Although the heavy lifting is done...there are still promises to keep and miles to go before it comes out into the wild.... but rest assured it is not too far off.
With a little help from former colleagues and family expect to see the "I Speak Client, Cloud, and Virtualization" series coming soon. We are working on details of publication. Stealth is about "I Speak Series" created for customers by customers. The series will provide small "bytes" of clarity around people, processes, and technology to help IT cut through the chaos surrounding Desktop Transformation from static systems to Universal Clients in the Cloud. Stay Tuned....
Showing posts with label Virtual Desktops. Show all posts
Showing posts with label Virtual Desktops. Show all posts
Monday, April 11, 2011
Friday, July 3, 2009
The Evolution of the Cloud
Beyond the Cloud Hype
The "cloud" may be new to some but for many of us that have been in the systems management space - today's cloud is just an evolution of innovative distribution approaches that have been around for nearly a decade - companies like Electronic Arts, Music Match, and Intuit for example all have delivered some form of service and/or content over the interent leveraging a scalable backend infrastructure.
What's Different?
Technology has evolved to help shift the focus to more of a user driven paradigm. Key usability capabilities that exist in virtualization (application independance), dynamic provisioning (reduces latency), enhanced capacity (for servers, networks, and clients alike), regulations (HIPAA, PCI, SOX) and more sophisticated users are driving a change in the paradigm from IT to User Focused. While the devil may be in the details the fact is companies are forced to learn balance and how to cut costs in this new era.
Why Now?
Forester recently bucked traditional thinking with their statement that contrary to general belief many large enterprises are looking to deploy in the cloud. This comes as no surprise for those of us that have been in this space for quite awhile. Server consolidation was fueled by many CIOs realizing that rising power and space was quickly becoming a significant concern for the datacenter. Server virtualization made complete sense given that many reported having 10% utilization or less. The costs to maintain, power, and cool the datacenter were more than the actual loss of the servers and costs of deploying server virtualization technology.
Infrastructure as a Service (IAAS- such as Amazon EC2) and Platforms as a Service make more sense now then ever before for 2 reasons:
1) Hard to justify buying more hardware for growth in a down economy - a perfect example of this - a large MSP opted to leverage an IAAS solution in lieu of purchasing, building, and maintaining a new data center to support their growing customer base. By combining newer technologies such as virtualization with IAAS provider they significantly cut their costs and increased their overall margins.
2) Companies are becoming more dependant on technology. Enterprises know that they will need to think about how they scale and/or contract in these turbulent times where companies are either merging, acquiring or laying off to weather the storm. It is too hard to plan and justify when one could select a solution that is fairly low costs to provide the same service.
External and Hybrid clouds are panning out to be more than just technology looking for a solution but as a cost effective way for the Enterprise to shrink and grow their costs with tide of demand for additional applications and resources.
The "cloud" may be new to some but for many of us that have been in the systems management space - today's cloud is just an evolution of innovative distribution approaches that have been around for nearly a decade - companies like Electronic Arts, Music Match, and Intuit for example all have delivered some form of service and/or content over the interent leveraging a scalable backend infrastructure.
What's Different?
Technology has evolved to help shift the focus to more of a user driven paradigm. Key usability capabilities that exist in virtualization (application independance), dynamic provisioning (reduces latency), enhanced capacity (for servers, networks, and clients alike), regulations (HIPAA, PCI, SOX) and more sophisticated users are driving a change in the paradigm from IT to User Focused. While the devil may be in the details the fact is companies are forced to learn balance and how to cut costs in this new era.
Why Now?
Forester recently bucked traditional thinking with their statement that contrary to general belief many large enterprises are looking to deploy in the cloud. This comes as no surprise for those of us that have been in this space for quite awhile. Server consolidation was fueled by many CIOs realizing that rising power and space was quickly becoming a significant concern for the datacenter. Server virtualization made complete sense given that many reported having 10% utilization or less. The costs to maintain, power, and cool the datacenter were more than the actual loss of the servers and costs of deploying server virtualization technology.
Infrastructure as a Service (IAAS- such as Amazon EC2) and Platforms as a Service make more sense now then ever before for 2 reasons:
1) Hard to justify buying more hardware for growth in a down economy - a perfect example of this - a large MSP opted to leverage an IAAS solution in lieu of purchasing, building, and maintaining a new data center to support their growing customer base. By combining newer technologies such as virtualization with IAAS provider they significantly cut their costs and increased their overall margins.
2) Companies are becoming more dependant on technology. Enterprises know that they will need to think about how they scale and/or contract in these turbulent times where companies are either merging, acquiring or laying off to weather the storm. It is too hard to plan and justify when one could select a solution that is fairly low costs to provide the same service.
External and Hybrid clouds are panning out to be more than just technology looking for a solution but as a cost effective way for the Enterprise to shrink and grow their costs with tide of demand for additional applications and resources.
Friday, June 12, 2009
Enlightened - Virtual Reality
Many write about the myths, facts, and fiction of virtualization. Some espouse that it is a revolution that is sure to take over the current desktop and server paradigm. This week I was blessed to spend time getting a good solid dose of reality from the only view that really counts - the architects and engineers that use technology every day to solve real world problems.
As vendors we can learn far more by spending a couple of days with key users of products to determine what the next best steps are, where the market is really going and what matters most to the ones that use our products and sign the checks. In this hardened economy - it is time that we start to listen more and hype less.
Virtualization is a tool like other technology that will add benefit and unplanned complexity to current processes, systems, and workers. It is not until technologist solve real world solutions that the paradigm will really start to shift.
Routes to Virtual Reality
1) Start with a problem - like a problem application that has compatability issues, needs to support a legacy version of .Net or Java, etc. From the problem - determine which virtualization applies (Server, Desktop, or Application)
2) Cut the the Chase - Understand EXACTLY what is being sold. There are many different types of architectures and solutions that are often overshadowed by marketing fluff. Know the different types, pros and cons of each approach, true costs and then decide.
For example there are 3 different distinct application virtualization architectures:
As vendors we can learn far more by spending a couple of days with key users of products to determine what the next best steps are, where the market is really going and what matters most to the ones that use our products and sign the checks. In this hardened economy - it is time that we start to listen more and hype less.
Virtualization is a tool like other technology that will add benefit and unplanned complexity to current processes, systems, and workers. It is not until technologist solve real world solutions that the paradigm will really start to shift.
Routes to Virtual Reality
1) Start with a problem - like a problem application that has compatability issues, needs to support a legacy version of .Net or Java, etc. From the problem - determine which virtualization applies (Server, Desktop, or Application)
2) Cut the the Chase - Understand EXACTLY what is being sold. There are many different types of architectures and solutions that are often overshadowed by marketing fluff. Know the different types, pros and cons of each approach, true costs and then decide.
For example there are 3 different distinct application virtualization architectures:
- Agent Based - Agent connected directly into the OS kernal
- Individual Bubble Base - Agent embedded into the virtual application
- Hybrid - Virtual Agent that lives in memory and manages the virtual bubbles
3) Don't believe the hype - there is a lot of misinformation because of the "hype" around virtualization, cloud computing and the market in general.
- Application virtualization is NOT running an application inside a virtual machine. It IS isolating the application from the underly OS just as machine virtualization isolates the OS from the Hardware.
- Desktops and Servers are vastly different. Servers are many users to a single system while desktops are single users to single applications. Each have unique requirements and require a different approach.
- Evolution not Revolution. This is not the time to support the rip and replace approach. The physical tools, paradigms etc will be alive and kicking for quite some time - customers want a single pane of glass - not multiple agents, interfaces, and added complexity that will increase the work load of already overstretched IT Staff.
- Hybrid is the ONLY way to go - Hardware & Network can't dictate business continuity- Desktop users are highly mobile and will have little patience or time to deal with large downloads, increased network costs, or not being able to do their job due to technology failure. User based targetting is key to addressing the mounting challenges, regulations and risks facing IT today.
Wednesday, May 13, 2009
In the Clouds
Travelling from coast to coast in the “clouds” really started to think about knowledge workers in the context of clouds. Fat pipes, adoption of clean processes, etc have lead to pretty predictable user stories for “connected” users working within a cloud – but what about the road warrior (Doctor, Lawyer, Poll Climber, UPS Truck Driver, Sales rep, or CEO)?
Managing always connected users is not a new feat – many solved it back in the day with mainframes and dumb terminals. Pulling the unmanaged PC into the mix of the managed PC is nirvana for many companies. How can you lock down a user while still providing enough flexibility to support them while they are “disconnected”.
Network access from a virtual CAFÉ or even datacard is not a guarantee that the user will have access to backend environments. Issues with VPNs, Authentication, Network Latecny and general access issues can rear their ugly head at the most opportune time (before the demo, big movie presentation, during an exam).
There are many approaches that can be taken such as Hybrid application & desktop virtualization (such as InstallFree) that enables checking applications out. Some ideas to extend the deployment is to leverage virtual clients.
Travelling from coast to coast in the “clouds” really started to think about knowledge workers in the context of clouds. Fat pipes, adoption of clean processes, etc have lead to pretty predictable user stories for “connected” users working within a cloud – but what about the road warrior (Doctor, Lawyer, Poll Climber, UPS Truck Driver, Sales rep, or CEO)?
Managing always connected users is not a new feat – many solved it back in the day with mainframes and dumb terminals. Pulling the unmanaged PC into the mix of the managed PC is nirvana for many companies. How can you lock down a user while still providing enough flexibility to support them while they are “disconnected”.
Network access from a virtual CAFÉ or even datacard is not a guarantee that the user will have access to backend environments. Issues with VPNs, Authentication, Network Latecny and general access issues can rear their ugly head at the most opportune time (before the demo, big movie presentation, during an exam).
There are many approaches that can be taken such as Hybrid application & desktop virtualization (such as InstallFree) that enables checking applications out. Some ideas to extend the deployment is to leverage virtual clients.
Friday, May 1, 2009
Virtual Reality - Compliance, Desktops, and Cloud
This week a fellow blogger on the Cloud posed some interesting questions around compliance this week that highlighted this area is not very well understood when it comes to the cloud and virtualization - across desktops, apps, and to some degree servers.
Compliance is an interesting element in it's own right with many twists and turns depending on the industry (healthcare, financial services, manufacturing, etc), type of company, what technology is in place, whether it is actually used in a way that adhere's to COBIT and for outsourcing the controls the outsourcer has placed and if they adhere to pass a SAS70 Audit.
Yes - SOX does say that the CXO will go to jail if they do not adhere to proper controls and conform to the standards identified by NIST to do so. Truth be told very few have actually gone to jail although several companies (527 in the first year according to IT Governance Institute) have had material discrepancies - their CXOs have not seen much in the way of jail time. The real teeth around SOX is having to post in a public place like the Wall Street Journal and the impact on the stock etc is a much bigger driver. Companies typically have time to clean up their act and fix the material discrepancy. The actual act itself is very ambigious and doesn't actually define all the components but leaves that up to NIST and COBIT (not to mention additional flexibility for auditors) to deem whether a company is in compliance. It is the system, manual or automated - that enables compliance not technology.
Having said that who has ownership, how do you determine compliance for the cloud? Many of the compliance factors whether SOX, HIPAA, PCI, GLB, etc have been factored into MSP and outsourcing models and are part of SAS70 audit controls - at least for physical systems. Else companies like Salesforce.com, Amazon, etc would have a difficult time maintaining their service given the sensitive data.
The real gap that needs to be thought of for the cloud is what newer technologies that enable the cloud - like virtualization do to traditional Controls used to maintain compliance and how the lack of understanding about those technologies - impact companies ability to deploy them fully. In my previous company - ITPI and I worked on research in this area across several different companies - interviewing CXOs to operations to really understand the GAPs.
We recorded an introductory webcast on this topic:
http://www.vmware.com/a/webcasts/details/139
ITPI is targetted to release the overall study - Kurt Milne copied here can provide more insight on the details. I must say it is a real eye opener and a significant area that quite a bit of work needs to be done. www.itpi.org
The real concern is around the standards such as COBIT, Common Information Model (CIM, Smash, Dash, etc ) are based off of the physical world and were created void of virtualization. DMTF is adding virtualization to CIM but there is still quite a bit to be done from a backend systems perspective around virtual apps, desktops, and servers to ensure maintaining compliance.
In some ways virtualization poses more risks to existing controls particularly around security and in other ways it makes possible new controls. The key is understanding what those risks are, the architecture - not all are created equal - ways to work around them, and what can be deployed versus what can not based on the application, oversight required, etc. Companies work around this today - so it is also possible in the Cloud.
They key here is while everyone is trying to define this new market - it is critical to understand the current physical paradigm, processes, controls and how we impact them before creating the solution. Clearly as with all new paradigms and markets - there is quite a bit for all of us to define, educate each other on and understand before jumping.
Compliance is an interesting element in it's own right with many twists and turns depending on the industry (healthcare, financial services, manufacturing, etc), type of company, what technology is in place, whether it is actually used in a way that adhere's to COBIT and for outsourcing the controls the outsourcer has placed and if they adhere to pass a SAS70 Audit.
Yes - SOX does say that the CXO will go to jail if they do not adhere to proper controls and conform to the standards identified by NIST to do so. Truth be told very few have actually gone to jail although several companies (527 in the first year according to IT Governance Institute) have had material discrepancies - their CXOs have not seen much in the way of jail time. The real teeth around SOX is having to post in a public place like the Wall Street Journal and the impact on the stock etc is a much bigger driver. Companies typically have time to clean up their act and fix the material discrepancy. The actual act itself is very ambigious and doesn't actually define all the components but leaves that up to NIST and COBIT (not to mention additional flexibility for auditors) to deem whether a company is in compliance. It is the system, manual or automated - that enables compliance not technology.
Having said that who has ownership, how do you determine compliance for the cloud? Many of the compliance factors whether SOX, HIPAA, PCI, GLB, etc have been factored into MSP and outsourcing models and are part of SAS70 audit controls - at least for physical systems. Else companies like Salesforce.com, Amazon, etc would have a difficult time maintaining their service given the sensitive data.
The real gap that needs to be thought of for the cloud is what newer technologies that enable the cloud - like virtualization do to traditional Controls used to maintain compliance and how the lack of understanding about those technologies - impact companies ability to deploy them fully. In my previous company - ITPI and I worked on research in this area across several different companies - interviewing CXOs to operations to really understand the GAPs.
We recorded an introductory webcast on this topic:
http://www.vmware.com/a/webcasts/details/139
ITPI is targetted to release the overall study - Kurt Milne copied here can provide more insight on the details. I must say it is a real eye opener and a significant area that quite a bit of work needs to be done. www.itpi.org
The real concern is around the standards such as COBIT, Common Information Model (CIM, Smash, Dash, etc ) are based off of the physical world and were created void of virtualization. DMTF is adding virtualization to CIM but there is still quite a bit to be done from a backend systems perspective around virtual apps, desktops, and servers to ensure maintaining compliance.
In some ways virtualization poses more risks to existing controls particularly around security and in other ways it makes possible new controls. The key is understanding what those risks are, the architecture - not all are created equal - ways to work around them, and what can be deployed versus what can not based on the application, oversight required, etc. Companies work around this today - so it is also possible in the Cloud.
They key here is while everyone is trying to define this new market - it is critical to understand the current physical paradigm, processes, controls and how we impact them before creating the solution. Clearly as with all new paradigms and markets - there is quite a bit for all of us to define, educate each other on and understand before jumping.
Subscribe to:
Posts (Atom)
