Wednesday, September 16, 2009

Jericho Forum Aims to Guide Enterprises Through Risk Mitigation Landscape for Cloud Adoption

Transcript of a sponsored BriefingsDirect podcast on cloud security and the role of the Jericho Forum. Recorded live at The Open Group's 23rd Enterprise Architecture Practitioners Conference and 3rd Security Practitioners Conference in Toronto.

Listen to the podcast. Find it on iTunes/iPod and Podcast.com. Download the transcript. Learn more. Sponsor: The Open Group.

Dana Gardner: Hi, this is Dana Gardner, principal analyst at Interarbor Solutions, and you’re listening to BriefingsDirect.

Today, we present a sponsored podcast discussion coming to you from The Open Group’s 23rd Enterprise Architecture Practitioners Conference and associated 3rd Security Practitioners Conference in Toronto.

We're going to talk about security in the cloud and decision-making about cloud choices for enterprises. There has been an awful lot of concern and interest in cloud and security, and they go hand in hand.

We're going to find out about some early activities among several groups, including the Jericho Forum. They are seeking ways to help organizations and guide them through this process of approaching cloud with security in mind. You might consider it a journey toward safe cloud adoption.

Welcome with me, please, Steve Whitlock, a member of the Jericho Board of Management. Welcome, Steve.

Stephen Whitlock: Hi, it’s nice to meet you.

Gardner: We’ve seen an awful lot about cloud opportunity, but we haven’t seen a lot of practical steps that organizations can take to decide what goes to a cloud and what stays with internal IT. What is your organization doing up front to try to help organizations sort through what stays in and what goes out?

Whitlock: A lot of discussions around cloud computing get confusing, because cloud computing appears to be encompassing any service over the Internet. The Jericho Forum has developed what they call a Cloud Cube Model that looks at different axis or properties within cloud computing, issues with interoperability, where is the data, where is the service, and how is the service structured.

They've also coupled that with the layered model that looks at hierarchical layer of cloud services, starting at the bottom with files services and moving up through development services, and then full applications.

Gardner: The sense here, I think, is that you are offering an accordion -- not necessarily the organization, but the marketplace -- where there are security issues, cost, and risk, but there are also rewards. The approach to cloud seems to be how to best balance that accordion of options best suited to your organization. Is this something that’s going to be standardized or is this really a one-off approach for each organization?

Standards lacking

Whitlock: It would be nice if the cloud-computing providers had standards in this area. I don’t see them yet. I know that other organizations are concerned about those. In general, the three areas concerned with cloud computing are, first, security, which is pretty obvious. Then, standardization. If you invest a lot of intellectual capital and effort into one service and it has to be replaced by another one, can you move all that to the different service? And finally, reliability. Is it going to be there when you need it?

Gardner: This sounds familiar. We’ve gone through these sorts of cost-benefit analysis when it’s come to other aspects of IT over the past couple of decades. Is there anything fundamentally different about cloud?

Whitlock: In the IT historical sense, maybe not. It’s, "Is this the right model for your business?" From a technology sense, there are some differences.

The Jericho Forum made its name early on for de-perimeterization or the idea that barriers between you and your business partners were eroded by the level of connectivity you needed do the business. Cloud computing could be looked at the ultimate form of de-perimeterization. You no longer know even where your data is.

Gardner: I have seen some of the papers you have presented on the notion of a Cloud Cube Model. Could you dig into that a little bit, explaining what we mean by a Cloud Cube?

Whitlock: The Cube came with a focus on three dimensions: whether the cloud was internal

The in-source-outsource question is still relevant. That’s essentially who is doing the work and where their loyalty is.

or external, whether it’s was open or proprietary, and, originally, whether it was insourced or outsourced.

The current model focuses more on whether you’ve developed your cloud services in following the de-perimeterization guidelines that the Jericho Forum has issued, which really means how flexible it is and how your service is interacting with the cloud services. There are a couple of other dimensions to consider as well. The insource-outsource question is still relevant. That’s essentially who is doing the work and where their loyalty is.

Gardner: So, for an enterprise that is enticed by the economic benefits in cloud computing, how would they approach this model? Do you sort of plug yourself into this Cube somewhere and find that you are either high or low risk is-à-vis your use of insourced or outsourced? How do you use it practically?

Determining the viability

Whitlock: The combination of the axis -- and it gets problematic to represent more than three or four dimensions on paper -- may determine the viability of a specific cloud service. For example, if your organization has no skill in building a cloud service, but want to do it internally, then you may outsource the development to a cloud service provider that’s skilled at building those services.

If you don’t want internal infrastructure and want to leverage the agility of the cloud service, then you may find yourself in the external and outsourced services of leveraging one of the common commercial providers.

Gardner: This notion of your cloud model as a way of grasping the trade-offs and potentials around cloud is only about six months old. Some of these concepts been around for quite a while, but the packaging, at any rate, is fairly new. Have you yourself been impressed or surprised by the amount of interest in cloud computing in just the last six to 12 months?

Whitlock: It’s grown very fast. A part of me has been surprised, but I also see a relabeling of existing services as cloud services -- SOA and other services. The growth doesn’t surprise me too much, given the flexibility. I am worried about the accompanying risks.

Gardner: You mentioned service-oriented architecture (SOA). Is there a relationship between that and cloud? Is cloud perhaps an oversimplification or a simplification of some of the concepts that people have gotten a little too caught up with in terms of complexity when it came to SOA?

Whitlock: Cloud is a broader concept. There is still a lot of hype in this area. I believe there is something there that may not resemble all of the hype and the press we’ve seen about it.

Cloud is a broader concept. There is still a lot of hype in this area.

Similar to SOA, the idea of direct interactive services on demand is a powerful concept. I think the cloud extends it. If you look at some of these other layers, it extends it in ways where I think services could be delivered better.

Gardner: And, finding this right combination, in order to be secured to reduce risk but to avail yourself of the benefits, Jericho Forum is positioning itself, how? What role are you chunking off for yourselves?

Whitlock: As the Jericho Forum did with handling de-perimeterization -- which is not something we invented, but reacted to -- it’s writing a set of position papers, guidelines, and architecture to guide usage of cloud services. The Jericho Forum is also working with the Cloud Security Alliance on their framework and papers.

Gardner: And what is the relationship between the two? Is this a complementary effort or is one a subset of the other? How would you characterize these two organizations in their relationship to the evolution of cloud?

Formal relationship

Whitlock: It's very complementary. They arose separately, but with overlapping individuals and interests. Today, there is a formal relationship. The Jericho Forum has exchanged board seats with the Cloud Security Alliance, and members of the Jericho Forum are working on several of the individual working groups in the Cloud Security Alliance, as they prepare their version 2.0 of their paper.

Gardner: We have, of course, seen lots of service being relayed from some of the major providers, and that would include Amazon, Google, Salesforce.com, Microsoft, and others. Then, we’ve seen lots of interest on the buy side -- in the organizations and the enterprises. Is there a lot of communication going on between these, and would some organization like yours or the CSA perhaps fill a role as intermediary of some sort?

Whitlock: I haven’t seen any direct intermediary role, but I believe that both the buy

At a really crude level, the cloud providers are probably doing a better job than many of the small non-cloud providers and maybe not as good as large enterprises.

side and the vendors are reading the documents and getting influenced that way.

Gardner: Do you have a sense from the enterprises as to what they would like to see additionally from the cloud providers, even at this early stage?

Whitlock: There are concerns, as I mentioned before -- where the data is and what is the security around the data -- and I think a lot of the cloud providers have good answers. At a really crude level, the cloud providers are probably doing a better job than many of the small non-cloud providers and maybe not as good as large enterprises. I think the issue of reliability is going to come more to the front as the security questions get answered.

Gardner: We are going to be talking a little bit later at this conference about cloud and security, but I am curious, from your perspective, what can organizations do in moving toward cloud by deciding what’s most secure across this spectrum of sourcing options?

Are there any rules of thumb to get started, as to what you might not want to get in your cloud at all and some things that would be the “low lying fruit” of what should go to cloud?

The layered model

Whitlock: In addition to the cube model, there is the layered model, and some layers are easier to outsource. For example, if it’s storage, you can just encrypt it and not rely on any external security. But, if it’s application development, you obviously can’t encrypt it because you have to be able to run code in the cloud.

I think you have to look at the parts of your business that are sensitive to needs for encryption or export protection and other areas, and see which can fit in there. So, personally identifiable information (PII) data might be an area that’s difficult to move in at the higher application level into the cloud.

Gardner: Lastly, I wonder if you'd give us a little peek into the crystal ball in terms of the Jericho Forum. What initiatives are there? What interests you? What areas might you be moving toward in the future? I know you can’t talk in any great detail, but is this something that you are going to be expanding in terms of your contributions?

Whitlock: The focus on cloud computing was initially formed as a year-long effort. I think it will probably be more than a year. I think the interest in how to protect data, no matter

It’s very important to be able to withdraw from a cloud service, if they shut down for some reason. If your business is relying them for day-to-day operations, you need to be able to move to a similar service.

where it is, is what it really boils down to. IT systems exist to manipulate, share, and process data, and the reliance on perimeter security to protect the data hasn’t worked out, as we’ve tried to be more flexible.

We still don’t have good tools for data protection. The Jericho Forum did write a paper on the need for standards for enterprise information protection and control that would be similar to an intelligent version of rights management, for example.

Gardner: I'm also wondering. Is there a rule of thumb for organizations that are experimenting with cloud? Is it important for them to be able to reverse course, if that becomes necessary? I'm getting at this issue of portability. Is it essential to get portability clear and understood before any meaningful movement to cloud takes place, and then testing the waters, around security? Or, is that really not the case?

Whitlock: It’s very important to be able to withdraw from a cloud service, if they shut down for some reason. If your business is relying them for day-to-day operations, you need to be able to move to a similar service. This means you need standards on the high level interfaces into these services. With that said, I think the economics will cause many organizations to move to clouds without looking at that carefully.

Gardner: Very good. We’ve been discussing some of the movement in several organizations, including Jericho Forum, around safe cloud computing and how to get started and think about this thoughtfully to reduce risks, while empowering benefits around services and economics.

Helping us in this deep-dive discussion, we’ve been joined by Steve Whitlock, a member of the Jericho Board of Management. Thanks, so much, Steve.

Whitlock: Thank you very much, Dana.

Gardner: This is Dana Gardner, principal analyst at Interarbor Solutions. We are coming to you from the Open Group’s 23rd Enterprise Architecture Practitioners Conference and the associated 3rd Security Practitioners Conference in Toronto. Thanks for listening, and come back next time.

Listen to the podcast. Find it on iTunes/iPod and Podcast.com. Download the transcript. Learn more. Sponsor: The Open Group.

Transcript of a BriefingsDirect sponsored podcast on cloud security and the role of the Jericho Forum. Recorded live at The Open Group's 23rd Enterprise Architecture Practitioners Conference and 3rd Security Practitioners Conference in Toronto. Copyright Interarbor Solutions, LLC, 2005-2009. All rights reserved.

Tuesday, September 15, 2009

Economic and Climate Imperatives Combine to Elevate Green IT as Cost-Productive Priority

Transcript of a sponsored BriefingsDirect podcast on making progress toward Green IT and on what companies can do to improve energy efficiency, reduce carbon footprints and save money.

Listen to the podcast. Find it on iTunes/iPod and Podcast.com. Download the transcript. Learn more. Sponsor: Hewlett-Packard.

Dana Gardner: Hi, this is Dana Gardner, principal analyst at Interarbor Solutions, and you’re listening to BriefingsDirect.

Today, we present a sponsored podcast discussion on Green IT and the many ways to help reduce energy use, stem carbon dioxide creation, and reduce total IT costs -- all at the same time. We're also focusing on how IT can be a benefit to a whole business or corporate-level look at energy use.

We'll look at how current IT planners should view energy concerns, some common approaches to help conserve energy, and at how IT suppliers themselves can make "green" a priority in their new systems and solutions.

[UPDATE: HP named "most green" IT vendor by Newsweek.]

Here to help us better understand the Green IT issues, technologies, and practices impacting today's enterprise IT installations and the larger businesses they support, we're joined by five executives from HP: Christine Reischl, general manager of HP's Industry Standard Servers. Welcome, Christine.

Christine Reischl: Welcome to you.

Gardner: We're also joined by Paul Miller, vice president of Enterprise Servers and Storage Marketing at HP. Hello, Paul.

Paul Miller: Well, thank you.

Gardner: And Michelle Weiss, vice president of marketing for HP's Technology Services. Welcome Michelle.

Michelle Weiss: Hello.

Gardner: Also Jeff Wacker, an EDS Fellow. Welcome, Jeff.

Jeff Wacker: Thank you. Glad to be here.

Gardner: Lastly, Doug Oathout, vice president of Green IT for HP's Enterprise Servers and Storage. Welcome Doug.

Doug Oathout: Good afternoon. Thank you.

Gardner: Doug, let's start with you. Tell us a little bit about what the major concerns are for those who are creating and consuming IT and apparently trying to reduce the amount of energy that they're consuming as well.

Cost of energy

Oathout: The major issue that customers are wrestling with is the current cost of energy. The current cost of energy continues to rise. The amount of energy used by IT is not going down. It continues to rise. So, it's becoming a larger portion of their budget. They're very concerned with managing their expense and, therefore, want to look at energy use and how they can reduce it, not only from a data center perspective, but also from consumption of the monitors, printers, and desktop PCs as well. So, the first major concern is the cost of energy to run IT.

The second one they run into is that they want to extend the life of their data center. They don't want to have to spend $10 million, $50 million, or $100 million to build another data center in this economic environment. They want to extend the life of their data center. So, they want to know anything possible, from best practices to new equipment to new cooling designs, to help them extend the life of the data center.

Lastly, they're concerned with regulations coming in the marketplace. A number of countries already have a demand to reduce power consumption through most of their major companies. We have a European Code of Conduct, that's optional for data centers, and then the U.S. has regulations now in front of Congress to start a cap-and-trade system.

As regulations get passed around the world, clients and customers are going to have to react to them, and they're going to have to know how much energy they're using, as well as their carbon footprint, so they can act upon it to meet the regulatory environment.

Gardner: So, Doug, this is by no means just a "nice to have," this is pretty much a "must-do."

Oathout: This is a must-do. The business environment is saying, "You've got to reduce cost," and then the government is going to come in and say, "You're going to have to reduce your energy." So, this is a must-do.

Gardner: The role of IT is I suppose, fairly prominent, and not just a rounding error.

Oathout: No, it's a big opportunity for the clients, because they can use IT to fix their inefficient processes or to fix how things are running. They can use IT to put intelligence behind some of their processes to reduce the amount of energy and carbon they produce.

Gardner: That means that IT perhaps is more of a solution to the general energy problems than simply the amount of energy that it consumes as a department?

Backbone of digitization

Oathout: It's exactly that. IT can multiply the effects of intelligence being built into the system. IT is the backbone of digitization of information, which allows smart business people to make good, sound decisions.

Gardner: Let's go to Paul Miller now. What are some common issues that you're seeing among the users of your services and solutions at HP? What's the common thought around some of your infrastructure efficiency demands?

Miller: One of the key issues is who owns the problem of energy within the business and within the data center. IT clearly has a role. The CFO has a role. The data center facilities manager has a role. One of the key issues, when we go into a customer, is determining who owns the problem and who owns the decision to change the problem?

The other key element, and we talk about this, is that you can't manage what you can't see. There are very limited tools today to understand where energy is being used, how efficient systems are, and how making changes in your data center can help the end customer.

That's where HP has assembled a set of tools and services that can come in and help customers instrument their data centers. Our expertise in knowing where and how changes to different equipment, different software models, and different service models can drive a significant impact to the amount of energy that customers are using and also help them grow their capacity at the same time.

We recently introduced a product called our Environmental Edge, which instruments an entire data center from those to services to help customers deploy and build brand new data centers.

Technologies like our containers, which we call our Performance-Optimized Data Center (POD), have been designed specifically to enable customers to achieve the highest power utilization and lowest cost for building out a data center. Those are some of the options that we can bring to a customer that has infrastructure energy issues.

Gardner: When we factor in the cost of energy, it seems that the return on investment (ROI) equation moves quite a bit closer to a short-term calculation. Is there some sort of an energy arithmetic that you're seeing among folks, as they examine their spending?

Everyone needs rapid ROI

Miller: In today's economy, everyone needs an ROI that's as quick as possible. It's gone from 12 months down to 6 months. With our new ProLiant G6 servers, the cost and energy savings alone is so significant, when you tie in technologies like virtualization and the power and performance we have, we're seeing up to three months ROI over older servers by companies being able to save on energy plus software costs. It's just not focusing on the energy as energy's sake, but also looking at the efficiencies of the rest of the data center that we take into account.

Gardner: Does the general movement towards conservation across the corporation require a bit of an organizational shift? Do the folks in IT now need to relate to other groups in the organization that they perhaps didn't have to before?

Miller: Absolutely. As I mentioned earlier, typically, the energy costs come at an aggregate level of facilities organizations, and being able to communicate what changes we can make from an IT standpoint into those organizations is critical. It goes all the way up to energy utilization being a corporate issue in helping build the corporate brand by implementing technologies that help a corporation put on a green set of initiatives and help build the entire brand for the company.

Gardner: Let's go next to Christine Reischl. Christine, with millions literally of servers pouring off of assembly lines, what do you do in terms of bringing energy efficiency into the design? Is there a great deal being done across the life cycle of the products themselves?

Reischl: Yes. Energy efficiency is one of our critical design objectives for our product, and we have been innovating in power cooling and software for years now. We have quite a significant amount of HP Labs activity going on with process applications, and so forth. Our customers are benefiting from that hardware right now.

As an example, the G6 servers, the new generation of our x86 servers, which use 50 percent less power, are 50 percent more energy efficient and have 50 percent less power utilization than servers sold several years ago. In addition to that, there is a claiming capacity possibility, as well as extending the life of the data center.

How did we do that for our G6 servers? It was really coming with innovation. The first one, as an example, involves the Sea of Sensors, which are 32 smart thermal sensors across our servers that constantly optimize the energy use, the fan speed, and the acoustics.

Another example is the Dynamic Power Capping, where we have a safe way of limiting the power

Energy efficiency is one of our critical design objectives for our product, and we have been innovating in power cooling and software for years now

draw or power consumption without impacting performance, so that customers can really fill up their racks and up to triple their service in the data center.

Another example is the common power supply, which allows the power supply to run at efficiency levels of 92 percent and above, which again helps with the power consumption tremendously. Those are the examples of our G6, a broad new generation of x86 servers which came out end of March and is here, filling out the portfolio.

At the same time, we also have announced just recently a new product family, the SL product family, which allows for specific energy savings of 30 percent for a current generation of products. This is specifically, from a design objective, targeting a low-Watt environment per server.

Gardner: As we pointed out earlier, this whole ROI equation is so important, assuming that we're only getting a certain distance into what's potentially possible at energy savings. How far into this potential efficiency drive do you think we are?

Continuous innovation

Reischl: Well, we have been investing in that area for several years now. We will have an energy power cooling roadmap and we will continuously launch innovation as we go along. We also have an overall environment around power and cooling, which we call the Thermal Logic environment. Under this umbrella, we are not only innovating on the hardware side, but on the software side as well, to ensure that we can benefit on both sides for our customers.

In addition to that, HP ProCurve, for example, has switches that now use 40 percent less energy than industry average network switches. We also have our StorageWorks Enterprise Virtual Array, which reduces the cost of power and cooling by 50 percent using thin provisioning and larger capacity disks.

So, not only are we talking about servers, but we are also talking about storage and ProCurve

That is clearly a big benefit for winning deals and helping our customer to operate efficiency.

switches in this context. The greater HP environment around innovation is on those greater types of divisions and engagements.

Gardner: I've received questions about Energy Star ratings and what that means. Are there certain incentives in terms of whether you adopt an Energy Star-rated device or not, how does that work?

Reischl: The high-volume products or our G6 servers have the Energy Star rating. Clearly, what it documents and demonstrates is that we are the only ones in the industry who are able to certify for Energy Star, which again speaks to the fact of how power- and cooling-efficient our servers are. That is clearly a big benefit for winning deals and helping our customer to operate efficiency.

Gardner: Thank you so much. Michelle Weiss, when it comes to people and process, when we look at solutions level approaches to IT and overall energy conservation, what is HP doing? What are some of the general solution approaches to helping your customers get greener?

Weiss: Well, Dana, for us it's pretty simple, because it's really all about helping clients use their resources -- using what you've got more efficiently and effectively.

You can start with those infrastructure resources. We just heard Christine speak to those and Paul as well. We can help clients with things like consolidation, whether simple consolidation or all the way up to a big data-center consolidation, like HP did, going from 85 data centers down to 6 locations.

We could help with virtualization. We could also help with networking, a more efficient network design, or more efficient installation. Christine spoke about storage. We could certainly go to and help people profile their data to see if there is wasted space or if the data needs to be tiered or consolidated.

Obviously, we're talking about energy and energy-efficiency analysis. Paul was talking about the facilities and the IT person coming together and having a discussion.

Hands-on assessment

We can go in and do a hands-on assessment of the actual power use in the data center and provide people with a report that says, "Here's what you're using and here's our recommendation." We can go from a very low cost recommendation, like, "You should shut down an air conditioner," all the way up to a very extensive recommendation.

Let me talk for just a second about the human resources, because you spoke about that, and I think it's an often-overlooked area about getting more efficiency out of our human resources.

We have a lot of HP education, very much geared for IT personnel around getting them more capable and effective around technology areas like virtualization. But, we also have a lot of capability to help people with training in the use of things like videoconferencing with Halo technology, etc. So, it's all of those things together, using those resources more efficiently.

Gardner: Now, there is more than energy when it comes to being green. There is reducing

. . . by 2010, HP will have recycled over two billion pounds of product.

waste, recycling, and examining the lifecycle of a device from cradle to grave, and then also being mindful of how to properly dispose of those parts that can't be recycled. Tell us about the solutions are for how equipment gets sunset.

Weiss: This is a really interesting area. I don't know if you know this, Dana, but by 2010, HP will have recycled over two billion pounds of product. For someone that's always trying to lose weight, I think about that -- my God, that's a lot of product.

We've won a lot of recycling awards throughout the U.S. and abroad. We we’re the first computer company to actually have a recycling plant -- it's actually located near to me -- which we opened about a dozen years ago. So, we do a lot of that.

We also provide other options for disposal, other options to purchase recycled or refurbished products for our customers, and we also have HP Financial Services that come in and ensure that IT equipment that has passed its prime can actually be disposed of in a way that will help meet local environmental laws. We have a lot of work on asset recovery and a lot of work on that end stage of the lifecycle.

Gardner: Is there a great deal of education that needs to take place with IT? Are IT folks generally already thinking about life cycle and recycling, or is this an educational issue as well?

Thinking of a lifecycle

Weiss: It's both. IT tends to think in terms of a lifecycle. If you think about ITIL and all of the processes and procedures most IT people follow, they tend to be more process oriented than most groups. But, there is even more understanding now about that latter stage of the lifecycle and not just in terms of disposing of equipment.

The other area that people are really thinking about now is data -- what do you do at the end of the lifecycle of data? How do you keep the data around that you need to, and what do you do about data that you need to archive and maybe put on less energy-consuming devices? That's a very big area.

Gardner: Having high redundancy of data, of course, is basically wasted cycles, wasted electrons, and wasted money.

Weiss: Exactly. That footprint is very large when you really think about that entire supply chain of energy.

Gardner: Thanks so much. Let's go over to Jeff Wacker at EDS, an HP company. As a fellow there at EDS, Jeff, tell us a bit about what EDS, as a very large global hosting organization, is doing in regard to going green.

Wacker: We're a services play. We look for total solutions, as opposed to spot solutions, as we approach the entire ecology, energy, and efficiency triumvirate. It's all three of those things in one. It's not just energy. It's all three.

My colleagues have talked very eloquently about data centers and hardware. I'll mention a little more on data centers. One of the things I wanted to bring up was that we look from the origination all the way through the delivery of the data in a business process. Not only do we do the data centers, and run servers, storage, and communications, but we also run applications.

You may not have heard of green applications, but, indeed, applications are also high on the order of whether they are green or not. First of all, it means reconciling an application's portfolio, so that you're not running three applications in three different places. That will run three different server platforms and therefore will require more energy.

It's being able to understand the inefficiencies with which we've coded much of our application services in the past, and understanding that there are much more efficient ways to use the emerging technologies and the emerging servers than we've ever used before. So, we have a very high focus on building green applications and reconciling existing portfolios of applications into green portfolios.

How you use IT

Moving onto the business processes, the best data delivered into the worst process will not improve that process at all. It will just have extended it. Business process outsourcing, business process consulting, and understanding how you use IT in the business is continuing to have a very large impact on environmental and green.

Gardner: Now, given that you have high stakes in cutting your cost and reducing redundancy and waste, I'd think this goes right to your bottom line as an outsourcer. What metrics of success do you use, how do you measure, and how do you know when you're doing the right things?

Wacker: It's a good question. There are a lot of metrics out there, and a lot of them were built with the efficiency of buildings in mind, and some, directly with data centers in mind. The defense council on integration and efficiency has created a data-center infrastructure efficiency (DCIE). There is a power-usage effectiveness (PUE), or essentially an inverse of one over the other. What they do is ask, "How many Watts does it take for you to run the infrastructure of the data center in order to drive a watt of power at a server?"

These are traditional metrics. Quite frankly, right now we, as well as others in the industry, are looking at new metrics, because it's both sides of the equation. You want an efficient data center. You want efficient use of the watts that are going into the servers. So, you now have to consider how many partitions am I running, how smart are the power supplies and the fans on these servers, everything that's been talked about before.

Moving into the data center, we're looking at capabilities that are using, for example, air

. . . if you know where you're getting your IT from, you can ask that supplier how green is your IT, and hold that supplier to a high standard of green IT.

handling in the proper locations that allow you not to use compression. Anybody who runs their air conditioner during the summer knows that a lot of their electricity charges are running that compressor, which is actually creating the cooling capability for their house.

If we are locating some of our data centers in locations where the air is of a certain temperature that allows us to run data centers without compression 97 or 98 percent of the year, you can imagine that we have created quite a bit of savings for us.

Gardner: That's true, of course, for your data centers. Other organizations that are looking at how to place their data centers, I suppose, have more sourcing options. We've heard a lot about cloud computing recently. How impactful is this long-term decision about how many data centers? I suppose also at the architectural level of what sort of applications and architectures you want to support, is this top of mind for all the folks you're dealing with?

Wacker: Well, it is becoming top of mind, and you've already identified the major culprit in this. That is that the cost of energy is going to continue to accelerate, and to be higher and higher, and therefore a major component of your cost structure in running IT. So yes, everybody is looking at that.

One of the things about what has been called cloud or Adaptive Infrastructure is that you've got to look at it from two sides. One, if you know where you're getting your IT from, you can ask that supplier how green is your IT, and hold that supplier to a high standard of green IT. That's the type of a standard that HP seeks to meet at all times.

But, not everybody who is going to be running computing infrastructure within the cloud is going to meet that. So, one of the big challenges of cloud computing is how green are they. You, as a corporation, have to identify all of your green for cap-and-trade or for the regulations. You're going to have to know that. So there are going to be some interesting disclosures that will be coming up as we move down the road.

A two-sided sword

On the other hand, cloud is, by its definition, moving a lot of processes into a very few number of boxes -- ultra virtualization, ultra flexibility. So it's a two-sided sword and both sides have to be looked at. One, is for you to be able to get the benefits of the cloud, but the other one is to make sure that the cost of the cloud, both in terms of capabilities as well as the environment, are in your mindset as you contract.

Gardner: Unfortunately, we're asking even more of our beleaguered IT executives and strategists. They're being asked to do more for less now in terms of productivity, but we're going to be asking them to do less in terms of their energy use, and then thinking outside the box when it comes to the sourcing options and how to factor the green across an ecology of providers.

I'd like to take the question to both Paul and Michelle. How do these IT strategists get a handle on this? What are some first steps for them?

Weiss: Let me start and then I can turn it over to Paul. One of the really clear things we have seen in our experience is that taking a set of uncoordinated approaches to this whole area just doesn't work. You really are better off if you have a top-down view of what you're trying to do. So, always understand your strategy and build the plan around that.

Certainly, we've got services both from our Technology Services organization and from Jeff in

We can help make that case in business language, because this is all about business technology.

EDS about helping people make the case. As Paul was talking earlier today, many people are actually making the case to their CFO. It's no longer always a CIO concern.

We can help make that case in business language, because this is all about business technology. It's all about driving business outcomes. We can help make that case in plain business terms, either around energy efficiency that you can do, around adopting, for example, the G6 servers, or around a virtualization project. We can do that in business language.

Gardner: Paul, what sort of approaches won't work? The first thing that comes to my mind is doing nothing. It sounds like proactive is the message of the day.

Miller: Yeah, two things ... One is doing nothing. The other is jumping at a lot of claims out there. There are multiple claims out there. Every time I see a press release or I see an advertisement, it has a claim on energy efficiency. As Jeff pointed out, you need to have an approach on this that looks at it from a data center, from a PUE, standpoint, and just not jump on the claim of the day.

The other element is that the claim of the day is done a lot around a specific application or a specific setup that may not be appropriate for your business. So, take time to research. Look for companies like HP that have power calculators that you can plug your own unique configurations into, but then go beyond that.

Coordinated approach

One of the other things, and this goes to what Michelle was talking about, is a coordinated approach. A coordinated approach is not just about buying energy efficient equipment. It's about managing them very effectively.

We have our power capping tool, which enables you to set specific power limits within the data center, so that you can guarantee an outcome for your energy, an outcome for your power, an outcome for your performance that you're going to have from a service-level agreement (SLA). Building intelligence into them is critical for the long-term success and long-term savings of power for your environment.

Gardner: A last set of questions. Doug, at this point, what should we expect in the future? Are we undertaking a journey and we're only in the very first steps, now that energy and the environment have become so prominent?

Oathout: Dana, this is an ongoing process. This process of energy efficiency never ends. As Michelle and Paul pointed out, once you undertake a simple assessment of figuring out how much energy you're consuming, where it’s being consumed, then you develop a roadmap for virtualization, you develop a roadmap for consolidation, you develop a roadmap for application efficiency, then you start all over again.

It's an ongoing, continuous process improvement that you do every day, every week, every month. It's a journey that bears fruit. It can be a small project or it can be a large project, but the key is to have a snapshot of where you are today and then measure yourself on an ongoing basis on your progression.

The servers are more efficient than they were three years ago. Our storage is more efficient than

It's an ongoing, continuous process improvement that you do every day, every week, every month. It's a journey that bears fruit.

it was three years ago. Our networking is more efficient. There are all different kinds of projects based on technology, but there is also technology in software and services that can help you gain even more efficiencies. This is the beginning of a never-ending process, but it does bear fruit on an ongoing basis.

Gardner: I have to imagine that a lot of people feel pretty strongly about this, and the community approach could be quite powerful. Do we have avenues for how folks in the field who might have some ideas themselves about process, technology, and perhaps even other aspects of this equation can contribute?

Oathout: We have both an internal and an external green website that is continually taking questions and being monitored for ideas. Our internal sales team can go through our green website, and our external clients and consultants can take advantage of HP's knowledge, as well, through our external green website.

Gardner: Well, I'm afraid we're about out of time. We've been discussing green IT and the many ways that IT can help reduce energy and play a larger role in the "greenification" of enterprises at large.

We've been joined by a panel of five executives from HP. We've been joined by Christine Reischl, general manager of HP's Industry Standard Servers. Thank you, Christine.

Reischl: Thank you.

Gardner: Paul Miller, vice president of Enterprise Servers and Storage Marketing at HP. Thank you, Paul.

Miller: Thank you, Dana.

Gardner: Michelle Weiss, vice president of marketing for HP's Technology Services.

Weiss: It's been a pleasure.

Gardner: Jeff Wacker, an EDS Fellow. Thank you, Jeff.

Wacker: Thank you, Dana.

Gardner: And Doug Oathout, vice president of Green IT for HP's Enterprise Servers and Storage.

Oathout: Thank you, Dana.

Gardner: This is Dana Gardner. You have been listening to a sponsored BriefingsDirect podcast. Thanks for joining and come back next time.

Listen to the podcast. Find it on iTunes/iPod and Podcast.com. Download the transcript. Learn more. Sponsor: Hewlett-Packard.

Transcript of a sponsored BriefingsDirect podcast on making progress toward Green IT and on what companies can do to improve energy efficiency, reduce carbon footprints and save money. Copyright Interarbor Solutions, LLC, 2005-2009. All rights reserved.

Monday, September 14, 2009

Cloud and Security Join Boundaryless Information as Top-of-Mind Issues for The Open Group

Transcript of a sponsored BriefingsDirect podcast with Allen Brown, president and CEO of The Open Group, on the state of the organization. Recorded live at The Open Group's 23rd Enterprise Architecture Practitioners Conference in Toronto.

Listen to the podcast. Find it on iTunes/iPod and Podcast.com. Download the transcript. Learn more. Sponsor: The Open Group.

Dana Gardner: Hi, this is Dana Gardner, principal analyst at Interarbor Solutions, and you’re listening to BriefingsDirect.

Today, we welcome our listeners to a sponsored podcast discussion coming to you from The Open Group’s 23rd Enterprise Architecture Practitioners Conference in Toronto.

Our topic for this podcast, part of a series from the conference, centers on The Open Group itself. We're going to be talking with Allen Brown, president and CEO of The Open Group, about the organization and its recent fast growth. Welcome back to the show, Allen.

Allen Brown: Hi, Dana. It’s good to be talking to you again.

Gardner: Well, the last time you and I spoke, you were just unveiling the TOGAF 9 Framework, and from all indications, this has really become quite popular.

Brown: There have been more than 30,000 downloads of TOGAF 9, since we launched it, bringing us to about 125,000 TOGAF downloads in total. We've sold more than 21,000 hard copies of the TOGAF book, and certification is continuing to grow. We've passed the 10,000 number milestone for TOGAF certified practitioners. It has just been growing and taking off. It's fantastic.

Gardner: Of course, this has been happening during a difficult economic environment. Do we have some larger takeaways about enterprise architecture (EA) in general from these results?

Brown: I sometimes just think that we're very fortunate to be where we are, but there must be something more than that, I guess. We've been working on TOGAF for many, many years.

We started off in a situation where organizations recognized that they needed to break down the boundaries between their organizations. They're now finding that they need to continue that, and that investing in EA is a solid investment developing for the future. You're not going to stop that just because there is a downturn.

In fact, some of our members who I've been speaking to see EA as critical to ready their organization for coming out of this economic downturn.

Gardner: We've also seen a great deal of interest in security issues. I noticed at the previous conference, as well as this one, a significant devotion to security issues. How important are enterprise architects to the general health of an organization when it comes to security?

Brown: We're seeing more and more of that come along. We're seeing the merger of the need for EA with security. We've got a number of security initiatives in areas of architecture, compliance, audit, risk management, trust, and so on. But the key is bringing those two things together, because we're seeing a lot of evidence that there are more concerns about security.

As one CIO of a major organization in the U.S. explained to me, "We're using EA. We're using TOGAF. We've modified it. We've pretty much got the integration stuff down, but the biggest concern that I have is security."

Gardner: I've noticed also from some of the presentations here at the conference a rather dramatic increase in the global uptake in EA, and TOGAF is an indication of that. Perhaps you could give us a sense of where this is welling up in terms of growth around the world.

International growth


Brown: Well, it’s been quite dramatic. We've entered into agreements with organizations to represent us, in a franchise kind of way, in different countries. We've had an agreement with Japan for many years. We then went into South Africa. But, in this last quarter, we launched The Open Group China. We had a fantastic launch event in Beijing in May.

We had the first conference of The Open Group France in this quarter, with some brilliant presentations by people like Air France, KLM, showing how EA is used to benefit their merger. We've also entered into an agreement with an organization that is going to represent us in the Arabic speaking countries, as well.

Gardner: One of the things that’s impressed me in tracking TOGAF and The Open Group for the past several years is the emphasis you’ve put on Boundaryless Information Flow. A few years ago, that played a great role in services orientation and the movements around that, but now its also playing quite a role in what’s being referred to in many cores as cloud computing.

In cloud, there are various sourcing options, different approaches to the economics that support IT, but in doing so perhaps are even making IT and business processes more agile. How do you see this vision that The Open Group has had around "boundarylessness" relate to cloud computing.

Brown: We looked again at boundaries, because each year we review our strategy, and we were

You’ve got to be able to deliver it not as data, but as information to those cross-functional groups -- those groups within your organization that may be partnering with their business partners.

wondering about whether the vision was still sustainable. Obviously it came from our Customer Council, our end-user organization members in the first place, and driven again by that need for information to be integrated, aggregated, and delivered to those that were entitled to it whenever they needed it.

You've got situations now where information can flow within organizations and it can flow between organization, and we're breaking down the silos within departments in organizations. We've always had this challenge of how do we breakdown the silos in the IT function. As we're moving towards areas like cloud, we're starting to see some federation of the way in which the IT infrastructure is assembled.

As far as the information, wherever it is, and what parts of it are as a service, you've still got to be able to integrate it, pull it together, and have it in a coherent manner. You’ve got to be able to deliver it not as data, but as information to those cross-functional groups -- those groups within your organization that may be partnering with their business partners. You've got to deliver that as information.

The whole concept of Boundaryless Information Flow, we found, was even more relevant in the world of cloud computing. I believe that cloud is part of an extension of the way that we're going to break down these stovepipes and silos in the IT infrastructure and enable Boundaryless Information Flow to extend.

Gardner: The role of the enterprise architect seems also be benefiting from this abstraction to a variety of sourcing options. To just focus on the solution architecture, a technological or platform architectural approach, or technology set doesn’t get to that higher value of the top-down look, and bringing what could be a series of services in a process to the betterment of the business itself, the outcomes that the business is seeking.

Do you think that there is also some relationship? Now that we have more sources of compute applications data and infrastructure, we expect more. There's a relationship between the uptake in your framework and the architectural view and this added layer of complexity?

Raising competence

Brown: Absolutely. As the layer of complexity increases, we need more capability from enterprise architects. That’s why we're concerned, and our members are concerned, about raising the level of professional competence amongst enterprise architects, because they actually have to have the skills, not only technical, but also the people skills, the softer skills, to be able to bring this together.

One of the things that we found internally in moving from the business side of what our architecture is that the stakeholders understand to where the developers can understand, is that you absolutely need that skill in being able to be the person that does the translation. You can deliver to the business guys what it is you're doing in ways that they understand, but you can also interpret it for the technical guys in ways that they can understand.

As this gets more complex, we've got to have the equivalent of city-plan type architects, we've got to have building regulation type architects, and we've got to have the actual solution architect.

Many of us are responding to business demands for where architecture needs to go. So, it’s not architecture for architecture's sake. We're not doing EA because it sounds cool. We're doing it because we have real business concerns. Some of them are developing new product, but a lot of them are reducing risk -- operational risk and security risk.

So, as the organization does this, we've got to ensure that we find ways of bringing it back together into some sort of coherent whole. The real skill of the architect is to bring that all together.

Gardner: I've also noticed, sticking with the cloud topic a bit, that small and medium-sized businesses (SMBs) have been very interested in cloud. Perhaps they're early adopters even more so than large enterprises, and perhaps they've been getting used to cloud vis-à-vis their use of software-as-a-service (SaaS), certain applications coming across the Web. Is there a role for EA in these SMBs as well?

Brown: There absolutely is, because SMBs are becoming more complex themselves. They are

One of the reasons that SMBs go to the cloud is because it's more secure than they can do themselves.

looking at integrated applications and integrated solutions. So it is much more complex in a small organization than it used to be.

But, at the same time, you don't have the availability of the skills, and so one of the big challenges we have in serving SMBs effectively with EA is to provide ways of enabling them to get access to those skills.

Our members did a survey of Open Group Architecture Forum members, and one of the things that came out of that survey was that the average number of enterprise architects in an organization is between two and four percent of the IT organization. For small business, that's maybe two hours a week. Any more than that is not affordable, and it's out of scale with the large organizations. So we've got that challenge.

The other part is about outsourcing and using cloud effectively by small organization. I know that we've heard a lot about one of the issues with cloud being security. One of the reasons that SMBs go to the cloud is because it's more secure than they can do themselves. So, there is always that tradeoff.

But, we do need to provide ways in which they can have more available expertise on hand to help them with EA.

Sourcing issues

Gardner: For these SMBs and enterprises that are looking to the cloud to improve their productivity in general, perhaps by reducing costs and offloading some capital expenditures, that security issue seems to be coming up all the more often, as they really pursue these issues around sourcing and cloud.

What do you have in store for security? I know there are several activities out there. There is Jericho and the Cloud Alliance. I'm wondering what the next shoe to fall might be in terms of The Open Group and cloud security.

Brown: IT security continues to be a problem area for enterprise IT organizations. It's an area where our members have asked us to focus more. Besides the obvious issues, the move to cloud does introduce some more security concerns, especially for the large organizations, and it continues to be seen as an obstacle.

On the vendor side, the cloud community recognizes they've got to get security, compliance, risk, and audit sorted out. That's the sort of thing our Security Forum will be working on. That provides more opportunity on the vendor side for cloud services.

On the customer side, there is widespread recognition that getting security requirements expressed now is critical, so that the cloud-service vendors develop the right controls and processes to meet enterprise security requirements.

Gardner: Are there any working groups or activities that you're devoting specifically to cloud to ameliorate some of these security concerns, so that we get the best of both worlds?

Brown: We're working on a number of areas. One of the things that we've always done in The Open Group is to look to our customer members, the end user organizations that are our

On the customer side, there is widespread recognition that getting security requirements expressed now is critical, so that the cloud-service vendors develop the right controls and processes to meet enterprise security requirements.

members. We always look to them first. They were the people who came along 15 or 16 years ago and said, "We have to have standards for how to do EA." These are the people who came along and said, "We need access to integrated information and we need a Boundaryless Information Flow."

Right now, we're looking to them. On Wednesday morning, here in Toronto, we will be conducting what we call a "business scenario." Business scenarios are a method within TOGAF, which is itself a method.

We'll be conducting a business scenario to look at the customer requirements, pain points, challenges, and concerns with cloud computing. That's really an absolute catalyst for us, looking at what the customers actually want, because that drives the market.

We've also got activity within the Security Forum itself. They're focused on that security in Jericho. They're both focused on cloud activities. We're looking to announce -- tomorrow, I believe -- a cloud work group within The Open Group.

Working collaboratively

As with everything, The Open Group never believes that we have all of the answers or that we're going to solve everything. We have to work collaboratively with other standards organizations, other consortia, with the vendors and the customers, and we will define what we believe our role is to be. It's never the center of the universe. It's always a contributor to these part, and that's what we're going to be talking about on Tuesday.

On Wednesday evening, we're hosting a cloud camp, just trying to support that area of activity. Since we're in Toronto, we thought that was a good idea.

Gardner: As we work through the evolution of security for cloud activities and a comfort level develops around that, I think the next part of the discussion will be around neutrality or portability for data applications, run time environments, just general intellectual property. I know it's a bit early in the evolution of this, but is there any sense of what role The Open Group might play in terms of this portability and neutrality issue?

Brown: That takes me back a while. When I first joined The Open Group, too many years ago to remember, portability was what we were doing. We did the X/Open Portability Guide -- XPG4 was the one that really took off -- unifying the Unix operating platform.

We can see that there are concerns. We've come full circle. Now there are concerns about portability around the cloud platform opportunities. It's too early to know how deep the concern is and what the challenges are, but obviously it's something that we're well used to -- looking at how we adopt, adapt, and integrate standards in that area, and how we would look for establishing the best practices.

Gardner: We've been discussing the role of The Open Group since the beginning of the year. They had a very big roll out with TOGAF 9, and there are several prominent issues -- security and xloud not the least among them -- that are top of mind for architects moving forward. I want to thank our guest Allen Brown, president and CEO of The Open Group.

Brown: Well, thanks for talking to us, Dana.

Gardner: This is Dana Gardner, principal analyst at Interarbor Solutions. You've been listening to a special BriefingsDirect podcast coming from The Open Group's 23rd Enterprise Architecture Practitioners Conference in Toronto. We're here the week of July 20, 2009. Thanks for listening, and come back next time.

Listen to the podcast. Find it on iTunes/iPod and Podcast.com. Download the transcript. Learn more. Sponsor: The Open Group.

Transcript of a sponsored BriefingsDirect podcast with Allen Brown, president and CEO of The Open Group, on the state of the organization. Recorded live at The Open Group's 23rd Enterprise Architecture Practitioners Conference in Toronto. Copyright Interarbor Solutions, LLC, 2005-2009. All rights reserved.