Cloud Heresy

I’m about to commit a bit of cloud heresy as a technology guy writing about cloud and claiming that it’s really not all about hypervisors, automation and orchestration. Sure, you need a measure of these components in order to be able to deliver on the cloud vision and model efficiently, but does that really solve the problems that are driving the consumers of IT to try and skirt enterprise IT and give their dollars to the public cloud? I think the number of services being consumed that are called cloud but really aren’t and the amount of cloud washing going on in the marketplace clue us in on the fact that it’s not the technology per se that is driving the consumption of cloud. The key thing I am hearing from my customers, and more importantly their customers, is that what is driving people to consume these services, some of which are actually inferior from a service management stand point to what is already offered internally, is the ease of consumption. Consumers are voting with their dollars for quick provisioning, knowing what they’ll pay and the levers that effect that cost, and transparency around what they are getting and using. Continue reading Cloud Heresy

Share

Why Information is like Cognac

Nectar of the godsWith apologies to Chuck Hollis at EMC and James Governor at RedMonk I decided to take a crack at this whole “Why Applications are like fish and Data is like Wine” meme by extending it to posit that Information is like Cognac. Now, I’m not usually one to kick a dead horse but I think that all the talk of Big Data has maybe obscured something that I view as a problem with Big Data: knowledge workers don’t consume data, they consume information. I see Big Data as a problem quite frankly, and the IDC Digital Universe Study put it in context. If Big Data is the problem, Big Information is the goal, and to get there we need automation and analytics. So if you’ll bear with me I’ll share how I think Information is like cognac.
Continue reading Why Information is like Cognac

Share

The ever expanding Digital Universe

IDC Released their 2011 Digital Universe Study and the results are pretty amazing: data is doubling every two years! This is the fifth year that the IDC has released this study and each year I continue to be surprised by the results, just when I think things have started to reach terminal velocity around data growth they accelerate more. Currently data growth is outpacing Moore’s Law, suddenly the phrase Big Data just doesn’t seem to cut it any more. There are all sorts of findings in the study and the repercussions for our industry will require many changes.

I recently wrote here about the need for automation in security, and Christopher Hoff has suggested some practical ways to get started here and has started an initiative around Security Automata here. This is one of the ways that the growth of data is impacting security, the very framework for how we approach protecting assets needs to change in light of the deluge of data. Continue reading The ever expanding Digital Universe

Share

Security needs Automation

"Automation in Industry"Recently there’s been some chatter about the role of automation in Security and whether it is appropriate or not as a business strategy much less a security strategy. Jeffrey Carr states that EMC’s wrong that automation is an efficiency and security necessity and that you shouldn’t automate because “An automated solution will never stop a customized attack because the attack was designed to circumvent it!” (his emphasis). First, if there’s one thing I’ve learned over the last twenty years you should avoid absolutes when talking about security. Second, not automating something because someone may develop a solution to defeat it is like not brushing your teeth because it may not prevent all cavities. This seems like cutting off your nose to spite your face. Jeffrey seems to conflate EMC recommending automation in security as a necessity for efficiency’s sake and abandoning all other security policies and methods. It certainly makes for good headlines, but I don’t think that people would read the three articles/whitepapers quoted and really think that EMC is going with an “automation is everything” approach. Continue reading Security needs Automation

Share

Join Us!

I’ve mentioned in the past just how much I enjoy working at EMC and since posting that I’ve been privileged to be able to continue hiring outstanding consultants and architects for EMC Consulting.  In addition to the satisfaction of having happy customers, being able to continue to grow the ranks of our talented organization is a real point of pride.  The Cloud and Virtual Data Center practice within EMC Consulting is currently hiring in North America and we are looking for flexible, creative subject matter experts who can help our customers achieve their aspirations while growing their careers within EMC.  I truly believe that EMC Consulting is the place for you if you are looking to help large companies plan and implement their next iteration of IT.  Please check out the positions listed below, or feel free to drop me a line at edward dot newman at emc dot com.

Southeast:
•    Sr. Practice Consultant – 61302   (4 open positions)
•    Practice Team Lead – 61306   (1 open position)
•    Practice Manager – 61301   (1 open position)
West:
•    Sr. Practice Consultant – 61314  (1 open position)
•    Practice Manager – 61315  (1 open position)
Central:
•    Practice Team Lead – 61316  (1 open position)
Northeast:
•    Sr. Practice Consultant – 60655 (3 open positions)
•    Practice Manager – 50999  (1 open position)

Applying to a position with EMC:
1.    Click on the following link – http://www.emc.com/about/jobs/index.htm
2.    Click on the “Apply Now”
3.    Enter the five digit req. number into “Requisition ID “ box
4.    Hit Search
5.    Check of the box and submit to position
6.    Candidates will need to register if they are not already in the system

Share

Trusted Cloud

More and more I’m hearing that it is no longer a matter of ‘if’ clients will use cloud computing in some way but a matter of ‘how’ and ‘when’.  Security is often listed as the number one concern regarding cloud adoption in surveys of EMC and VMware customers, and an informal poll at VMWorld reflected that as well.  Why the need for a Trusted Cloud?  Well by now people have figured out the benefits of cloud computing outside just the evangelist ranks and are looking to use it within their enterprises, authorized or not.  The “consumers” within the enterprise really want the provisioning, management and reporting promised by the cloud and they are willing to go around IT to get it in some instances.  So if “consumers” are already using cloud, and more and more of them want to be, we need to figure out a way to inject security and compliance into those services.  VMware’s been doing their part with the launch of the vShield security portfolio last week, but that is only part of the equation.  So what is the Trusted Cloud?  It’s a cloud that assures that the right people have access to the right services, applications and information via a secured infrastructure.

I’ll be hosting an EMC Live! webcast tomorrow on the topic and some best practices for beginning the implementation of the Trusted Cloud.  You’ve got to start with an analysis and rationalization of your application portfolio in order to understand how and where trust needs to be incorporated in your transformed environment.  The rationalized application portfolio feeds into your service portfolio analysis:  what are the appropriate application or service architectural models for your environment?  This is the basis for your cloud strategy and cloud sourcing model:  what are the services that I need to provide my customers and where can they be sourced from?  From here you define your services, policies and controls via ITIL or whatever framework you prefer, document them in your Service Catalog, and then publish them via a Service Portal.  The goal is to provide an end-to-end unified look and feel across the different delivery models with the trust attributes integrated into the environment.

Building the Trusted Cloud

If you’re interested in learning more please join me on September 9th at 11:00am EST for the EMC Live! webcast:

The GRC-Enabled Cloud

As cloud computing becomes more pervasive, one of the most important business questions concerns governance, risk, and compliance (GRC).

How can you achieve business agility and lower costs, while still ensuring that security and compliance issues are resolved?

Attend this webcast and you will:

Understand how to incorporate GRC considerations into the IT services provided by private cloud

Learn best practices from recent private cloud customer deployments by EMC Consulting

See how you can take advantage of private cloud initiatives to meet future requirements for GRC

Find out how defining IT services can help you incorporate public cloud capabilities into your private cloud without compromising security and compliance

Share

What a View!

It’s been a great VMWorld so far, and today’s announcements only add to all the buzz amongst the attendees.  I’ve always seen VDI and application virtualization as a way to extend the security, compliance, and availability of the data center out to the end users and VMware’s announcement of VMware View 4.5 with enhancements to security, “check in/check out” and an improved user experience helps further that vision.  Security and compliance has long been a key driver for the adoption of virtualized desktops and VMware delivers with the ability to combine RSA enVision, SecurID and DLP with guidance from an updated RSA SecurBook into your desktop solution.  I think that a ubiquitous and consistent end user experience is vital to the realization of Private Clouds regardless of whether the user is  on campus or not.  It’s not just about a product of course, although EMC and VMware together provide a very robust stack to build upon, you’ve got to approach your virtual desktop infrastructure as a transformation of the desktop, taking the design of the desktop, the virtual infrastructure acting as the delivery mechanism, deployment and migrations, application virtualization, security and systems management all into consideration for your solution.

Desktops have been a growing nightmare for IT organizations, so many different hardware profiles, OS builds, application portfolios, user communities, deployment methods, sprawl, process confusion and dubious security, not to mention spotty backup and recovery capability.  Security has long focused on the end-points as a way to control risk, I’m willing to bet we’ve got more laptops and desktops than we do routers.  And we hire very smart people and give them tools that may or may not meet their needs, a recipe for disaster really.  Desktop and application virtualization affords us the opportunity to do a global reset on a lot of that, pulling back data, applications, and profiles to the virtualized data center or Private Cloud giving your users a secure and compliant set of tools to do their work.  You’ve got to provide an environment that’s not only trusted, but also predictable, IT needs to understand the performance, scalability and interoperability of their virtual environment and application portfolio.

Layer into all of this the fact that many organizations are looking to move to Windows 7 and want that process to be easier than Vista and XP iterations were.  A holistic approach to desktop virtualization can leverage VMware View 4.5 to provide an easier upgrade path for the OS and the opportunity to do security right, building it in from the design of the solution rather than as a bolt-on after deployment.  The number of remote and mobile users is growing every year: security, compliance, systems management and performance concerns are growing along with them.  VMware View 4.5 and the tight integration with RSA’s security products running on top of EMC Proven Solutions for intelligent information infrastructure goes a long way in providing the foundation for an engaging, secure, and compliant end user experience, one of the key promises of cloud computing.

Taking a targeted approach for the implementation of a virtual desktop infrastructure to the most sensitive or highest change environments, like app/dev, is a good way to make use of the enhanced capabilities of VMware View 4.5 and the integration with RSA.  Providing access to a dev/test environment via VDI is a great way to amp up security and compliance if you’ve got a lot of development initiatives always underway or you’re working with offshore resources.  You can extend the security and compliance of a cloud service by making it accessible only via a VDI client, all data now lives in the cloud, secure and available.  Developers, or consultants, working on multiple projects?  Multiple VDI sessions rather than multiple laptops or desktops.  Gain successes and efficiencies and continue to expand the deployment of your VDI solution on their strength and ever important word of mouth.  At EMC we’ve talked about the concept of Information Lifecycle Management for a long time: get the right information, to the right people, at the right time, with an optimized cost structure.  Well RSA takes that concept and extends it with their integration with VMware View 4.5: allow the right people access to the appropriate data via a trusted infrastructure.

Share

EMC World 2010

The first two days of EMC World 2010 have been that familiar and welcome mix of hectic and inspiring. This is my fourth EMC World and I continue to get to increase my level of participation year after year. I started with on presentation, then a presentation and a BoF session, then added participation in the analysts section and the inaugural blogger’s lounge and this year all of that plus the media session and the executive track. I am continually amazed by the level of participation of our executives, customers and partners. This year I’m lucky enough to share in the experience of having the area I spend the most amount of my time and energy on, the Private Cloud, be the organizing theme for the entire conference. Talk about feeling front and center. I’ve heard from analysts, the press present, customers and our partners that our messaging this year has incredible cohesiveness and vision. I certainly can’t take credit for that but am happy to hear that it is enabling those attending to get even more out of the event. The continued integration of our social media efforts into the conference as a whole is really paying off from what I can tell, an incredible number of hits to the micro sites, tons of Twitter traction, live blogging and even Joe taking part in a video blog from the Cube! Very cool stuff.

It would seem that having the conference in Boston has really amped up the media and analyst coverage, which I think is great. I had so many good, thoughtful conversations with the media this afternoon and am grateful for all the time they dedicated to my little corner of EMC. We really had some top notch reporters and thought leaders engaged with us from the press, I’m looking forward to seeing the output from the sessions this afternoon.

I’ll be dedicating a future post to some of the key announcements soon, I’m really excited about the possibilities they open up for cloud enablement and how our portfolio continues to grow. All in all I think this has been the best EMC World yet and I hope to get to run into you at the remaining sessions or to get your feedback via the comments or Twitter.

Share

Strategies for Private Cloud Initiatives

Later this week I’ll be presenting as a part of our EMC Live! webcasts on Building Strategies for Private Cloud Initiatives. I’ve been thinking more about what EMC’s Private Cloud vision means and how it is being implemented by our customers.¬† The initial idea of Private Cloud being a destination, part of a linear progression does a bit of a disservice to the whole concept of cloud computing and the control and choice offered by these new models.¬† Many companies are already thinking about Private Cloud as an approach to balancing their IT Service portfolio across internal and external resources based on criteria like cost and risk.¬† In my opinion, and I think EMC’s strategy and approach on Private Cloud bears this out, Governance, Risk Management and Compliance (GRC) is what makes the Cloud private.

Organizations have had a portfolio approach to IT for quite some time, now the various components within that portfolio might have started out as Mainframe, Open Systems and x86 in their own data center, or it could’ve been App Dev/Test and Pre-Prod in their data centers and Production at a hosting facility, and many, many other permutations.¬† Until recently there have always been pretty significant differences between those IT Services in the Portfolio and usually different management interfaces, organizations, reporting, etc. associated with each of them.¬† I posit that an integrated GRC framework with a Unified Service Portal not only bind the portfolio together and provides commonality in terms of how IT’s customers provision, manage and report on their services, but that they provide the framework for efficiency, control and choice which are the hallmarks of EMC’s Private Cloud vision.¬† This allows, as the portfolio matures and the GRC framework becomes more integrated, the CIO to deliver against the CEO’s expectations of cost reduction, the CISO/CLO’s expectation of a secure and compliant environment and his or her own expectation for more automation and transparency.¬† The goal then becomes not having only one method of computing achieved via a linear transformation of IT, but rather a portfolio of services delivered via several methods that is balanced for cost and risk with the ease of consumption and transparency of the public cloud and all the security and compliance associated with the data center.

I’ve geared my presentation for Thursday to address some tactical approaches to implementing such a strategy with achievable early successes to build momentum for the adoption of the model.¬† I’d welcome discussion, questions, another perspective via the comments, engagement via Twitter or on the webcast session.

Please feel free to register here and join in the conversation:

EMC Live Webcast:
Create an Architecture and Roadmap for Your Private Cloud

Thursday, May 6, 2010
8:00 am PT / 11:00 am ET / 15:00 GMT

Register Today!

The private cloud vision has captured the attention of enterprise IT leaders and strategists because it promises unprecedented economies of scale and dramatically improved business agility.

EMC Consulting experts can help you find the best path to the private cloud by leveraging virtualization, pooling enterprise resources, and adopting a service-oriented model.

Attend this webcast and learn how to:

  • Identify the key attributes of a private cloud architecture
  • Establish a business case for private cloud
  • Develop a high-level architectural plan for private cloud
  • Transform operations into a service-oriented, self-service model
Share

Private Cloud is the new paradigm

Everybody’s talking about Private Cloud these days, and I think that’s great. There have been a number of really good posts and articles about it lately and I think the more people writing and thinking and implementing Private Cloud strategies and ideas the better. An informative and frankly tactically -in the best sense of the word-focused article I’ve enjoyed is A Private Cloud is Called IT by Mike Fratto over at Network Computing.

Mike, thankfully, begins by defining terms stating that a Private Cloud is one which is “wholly hosted in your data center”. I think this is the most realistic definition at the moment and my hope is that soon we will be able to extend that to be one that is managed, provisioned, secured and is compliant as if it was wholly hosted in your data center. I think he’s underestimating some of the benefits of the Private Cloud at this point versus an IaaS solution primarily because I’ve yet to see an apples to apples IaaS offering. The service levels, availability, performance, etc. just don’t exist to compete against a Private Cloud. The cost savings associated with Private Cloud are dramatic when done at scale, and I certainly haven’t seen many organizations doing IaaS at similar scales, it’s just not realistic at the moment. That being said the savings disparity between the solutions is a temporary one, the Public Cloud solutions will catch up, as will the bandwidth capabilities to allow massive migrations to them. In the meantime, the next 18 to 36 months in my opinion, Private Cloud certainly is the way to go, better savings, better security, better compliance, and more easily implemented and more importantly more easily migrated to. Let me add the caveat again, at scale! Taking 1 application, a set of call center users, a dev environment, etc. is not at scale. I’m talking entire lines of business, entire data center, or class of applications. Mike is absolutely on in regards to the steps required to get you to an automated data center, or Private Cloud and nails the reason for doing so: “leaving you with more time to work on more interesting tasks”. Or to put in my vernacular: allowing your engineers and architects to work on innovation and new offerings for the business rather than keeping the lights on. There are many studies out there that show that IT spend is focused mostly on keeping the lights on, some estimates are as high as 75%, and not on innovation and new services for the business.

Private Cloud is the new paradigm of IT, it’s not a sea-change, or a bolt from the blue, but I believe the next evolution of enterprise IT. Mike does a great job listing out several key steps specific to his realization of an automated data center that help enable the Private Cloud. His are very focused on the Infrastructure component of the transformation required. I think that there are two other key components in the transformation to Private Cloud: Applications, what is my right-sized Application Portfolio, what is my cloud sourcing strategy for those rationalized Applications, and how can I develop new Applications that benefit from the new paradigm; and Governance, what are the policies and processes required to manage the new paradigm, what do I automate, how do I secure the environment, what is the fewest number of IT controls I can implement to be compliant and what is the unified console that provides be the transparent insight into my environment from resource management, risk and compliance perspectives. It’s important to make progress against the Application, Infrastructure and Governance components in a relatively lock step fashion, getting too far out ahead in the maturation and implementation of one of the components leads to poor benefits realization efficiency and can actually cause the other areas to regress.

Share