Enterprise Strategy Group | Getting to the bigger truth.TM

Posts Tagged ‘Dell’

The Smart-Fat and Smart-Thin Edge of the Network

Wednesday, November 17th, 2010

Take a look at ESG Research and you’ll see a number of simultaneous trends. Enterprises are consolidating data centers, packing them full of virtual servers, and hosting more and more web applications within them. This means massive traffic coming into and leaving data centers.

Yes, this traffic needs to be switched and routed, but this is actually the easiest task. What’s much harder is processing this traffic at the network for security, acceleration, application networking, etc. This processing usually takes place at the network edge, but additional layers are also migrating into the data center network itself for network segmentation of specific application services.

Think of it this way: There is a smart-fat network edge that feeds multiple smart-thin network segments.

The smart-fat network edge aggregates lots of network device functionality into a physical device, cluster of devices, or virtual control plane. This is the domain of vendors like Cisco, Crossbeam Systems, and Juniper Networks for security and companies like A10 Networks, Citrix (Netscaler), and F5 Networks for application delivery. These companies will continue to add functionality to their systems (for example,  XML processing, application authentication/authorization, business logic, etc.) to do more packet and content processing over time. It wouldn’t surprise me at all if security vendors added application delivery features and the app delivery crowd added more security.

Once the smart-fat network edge treats all traffic, packets and content will be processed further within the data center (i.e., smart-thin network edge). This will most likely be done using virtual appliances like the Citrix VPX. Why? Virtual appliances can be provisioned on the fly with canned policies or customized for specific workloads. They can also follow applications that migrate around internal data centers or move to public clouds.

A few other thoughts here:

  1. I’m sure we’ll see new startups focused on smart-thin virtual appliances but I don’t expect them to succeed. Existing vendors will simply deliver virtual appliance form factors and dominate this business.
  2. Legacy vendors have the best opportunity here as many users will want common command-and-control for the smart-fat edge and the smart-thin edge. Nevertheless, this further network segmentation does provide an opportunity for aggressive vendors to usurp customer accounts and marketshare.
  3. Smart-fat edge systems are delivered as physical devices today but this isn’t necessarily true for the future. I can see virtual appliances with horizontal scalability running on , HP, or IBM blade servers in the future.

The smart-fat, smart-thin architecture is already playing out in cloud computing and wireless carrier networks today and I expect it to become mainstream in the enterprise segment over the next 24 months. The technology is ready today but many users have no idea how to implement this type of architecture or capitalize on its benefits. Vendors who can guide users along with knowledge transfer, best practices, and reference architectures are most likely to reap the financial rewards.

Technology CEO Council’s Lightweight Federal IT Recommendations

Wednesday, November 3rd, 2010

Have you heard of the Technology CEO Council?  Neither had I until recently.  The council is made up of a strange mix of tech CEOs from organizations including Applied Materials, , , IBM, Intel, Micron, and Motorola.  Why this group and not Adobe, Cisco, HP, Juniper Networks, Microsoft, Oracle, and Symantec?  Beats me.

Anyway, the group published a paper in early October called, “One Trillion Reasons:  How Commercial Best Practices to Maximize Productivity Can Save Taxpayer Money and Enhance Government Services.”  The paper stresses the need to reduce federal spending and suggests some IT initiatives in support of this objective.  The initiatives include:

  1. Consolidate information technology infrastructure
  2. Streamline government supply chains
  3. Reduce energy costs
  4. Move to shared services
  5. Apply advanced business analytics to reduce improper payments
  6. Reduce field operations footprint and move to electronic self-service
  7. Monetize government assets

The paper is available at www.techceocouncil.org.

I agree with the spirit of this paper as there are plenty of ways to use IT costs savings to reduce overall federal spending.  That said, the paper is pretty weak and self-serving.  Specifically:

  • The Feds are already doing most of these things today.  Federal CIO Vivek Kundra is already driving data center consolidation.  Agencies were asked to submit initial input on June 30, 2010 and finalized plans are due on December 31.  Lots of federal agencies including CIA, DHS, DISA, and NASA are well along the road to cloud computing as well.  Perhaps the Feds should be more aggressive, but the same could be said of any organization.
  • The paper ignores legislative challenges.  The paper suggests things like consolidating common IT services like payroll, finance, and human resources.  Once again, this is nothing new as this type of consolidation was suggested in 2001 as part of Karen Evan’s Federal Enterprise Architecture.  Moving beyond inter-departmental cooperation toward a federal IT organization could indeed save money, but it would require overhauling (or at least tweaking) the Klinger-Cohen Act of 1996.  This could be a long arduous process.
  • What about security?  Federal IT spending is dominated by military and intelligence agencies with deep security requirements.  You can’t just consolidate around these.  Yes, security standards and regulations should be changed to keep up with the times–this is exactly what’s happening with FISMA 2.0 and the FedRAMP strategy to streamline cloud computing certification and accreditation (C&A).  Again, these things take time, thought, and care–not ideas and papers.

The CEOs also need to remember that their own internal IT organizations are far different than those in the federal government. When EMC executives mandate a massive VMware project, all of IT jumps into formation.  It doesn’t work that way in the public sector.

There were certainly some good points in the paper, but overall it is really a marketing piece put out by a lobbying organization.  In my humble opinion, there is some irony in this paper and organization–while the Technology CEO Council puts out a paper about how the federal government can save money on IT, companies like Dell, EMC, IBM, and Intel are happily wasting dough on a half-baked lobbying/PR organization.  Funny world.

First Impressions from Oracle Open World

Wednesday, September 22nd, 2010

I’m here in San Francisco for Oracle Open World. Just arrived, but I already have some first impressions.

  1. There are signs, billboards, and brochures boasting about Oracle’s commitment to integrated hardware and software. This is the ultimate irony to an industry old-timer like me as Oracle led the open systems charge in the 1990s, lambasting Digital Equipment and IBM for its autocratic systems control. I’ll have to poke around for some old Oracle ads and compare them to its new integrated stack mantra.
  2. VMware is here and if I stop by its booth, I get a free espresso. Funny thing is that as far as I know, Oracle doesn’t support its apps or databases running on top of VMware. Based upon ESG Research, I believe that within two years or so, large organizations will run Oracle virtualization infrastructure to run Oracle workloads next to VMware, Xen, or Hyper-V workloads. When this happens, I can’t imagine VMware will be very visible at Oracle Open World, let alone spring for coffee.
  3. Rumor has it that Oracle will either announce its own Ethernet switch or buy one of the remaining independents. Personally, I hope Oracle doesn’t go down this road and decides to work with everyone else.
  4. I fully expect Oracle to jump much deeper into the security waters. This is becoming a requirement for being in the systems business.
  5. Michael Dell spoke this morning about virtualization in the data center. Application and database folks used to refer to this stuff as “plumbing.” Why do they care now? Because distributed applications with huge Hadoop backends need to be tuned with virtual servers, networks, and storage IO in mind.
  6. I’m looking for Oracle to be one of the leaders that transform today’s monolithic enterprise-focused identity management technology to a more Web-friendly democratic model.
  7. It’s funny that after Larry ripped apart cloud computing as nothing but industry hype, many vendors are here at OOW preaching, you guessed it, cloud computing.

More soon, time to walk the floor and get indoctrinated.

Dell’s Security Opportunity

Friday, July 30th, 2010

This week, announced its entry into the SMB security market with a portfolio of products and services. The initial portfolio is fairly simple, with Dell partnering with others for endpoint security, network security, and security services.

There is no shortage of vendors in the security space, but I believe Dell has an opportunity here. Security issues don’t discriminate by organizational size — small companies have to have the same type of protection that larger ones do. That said, security is complex and grows more difficult daily. Dell has the opportunity to help SMBs simplify security by providing tightly packaged and configured end-to-end security solutions. Yes, others can do this too but most security vendors have wide gaps in their portfolios. Dell can sell systems, storage, networks and the whole security enchilada.

In the short-term, Dell will really be another point products security provider so its presence is likely to hurt network security players like Fortinet and SonicWall and the army of endpoint security vendors. In the longer-term, as it adds to its portfolio, broadens its services, and starts to understand security best practices and methodologies like the Consensus Audit Guideline (CAG), Dell can truly be an SMB security partner.

Security provides Dell with a unique opportunity to help customers overcome complex security challenges and increase its value. In this way, security may be even more valuable than its existing hardware portfolio.

Dell Warns of Malicious Code on Server Motherboards

Thursday, July 22nd, 2010

A recent Network World article stated that is warning customers that a small number of PowerEdge server motherboards sent out through service dispatches may contain malware.

Dell is doing the right thing by alerting potentially impacted customers, but questions remain:

  1. How did the malware get there?
  2. Were the motherboards assembled in a certain place or by a specific manufacturer?
  3. What processes does Dell (and other server vendors) have in place to ensure that this doesn’t happen?

I could go on and on.

To me, the Dell incident demonstrates an important but relatively unknown concept called cyber supply chain assurance. Servers, software, and other IT equipment are made up of millions of lines of code, a potpourri of components, and hundreds or even thousands of specialized electronic gear. If any one of these elements is compromised, the whole enchilada could be a ticking time bomb. Malware on a server motherboard is just the beginning.

A bit of a tangent: back in 2004, the U.S. federal government issued a report stating that only 21% of semiconductor manufacturing remained in the United States while the bulk of capacity was migrating to China. This caused great concern in the Department of Defense as most our weapons systems, communications, and logistics all depend upon IT. This led to the creation of the Trusted Foundry program, a DOD/industry initiative to ensure microprocessor domestic microprocessor design and manufacturing capabilities.

I bring up this example to illustrate a point. DOD realized that it was dependent upon technology and thus vulnerable to a breach of the cyber supply chain. Outside of the defense community, however, cyber supply chain risk management is nearly invisible. While the Dell incident is minor and seems contained, it is a further warning about the risk we all face. Let’s hope it wakes up some security professionals outside of the Pentagon.

The Future of Endpoint Security

Wednesday, May 19th, 2010

If you do some research on endpoint security you’ll quickly read one analyst or another’s claim that antivirus software is dead and that there is a pressing need for some new model like cloud security services, white listing, black listing, virtual desktops, etc.

Antivirus is dead? Hmm, I wonder if these analysts have been following the financial results of Kaspersky, McAfee, Symantec, Trend Micro or a host of others who continue to make money on endpoint security software.

As you can tell by my sarcasm, I don’t subscribe to this theory but I do believe that endpoint security is going through massive changes in order to best address new threats and new requirements. Now and into the future, endpoint security will:

  1. Follow a hybrid model. Yes, you will still install bits on your PC but resident software will be increasingly supported by cloud services. This will break the endpoint security reliance on signature downloads, minimize the device-based footprint, and help alleviate patching fire drills. Additionally, the hybrid nature of endpoint security will vary by device. Androids and iPhones will have thin agents and rely mostly on the cloud while PCs will continue to leverage local disk, memory, and processors.
  2. Fatten the feature set. Antivirus became endpoint security as vendors added anti-spyware, HIPS heuristics, and whitelisting to their code. Look for more web threat integration as well as products that throw in full-disk encryption.  PC backup will also become a “must have” –Symantec is ahead here.
  3. Feature identity protection. For the average consumer, it is probably worth a few extra bucks to get an identity protection service like LifeLock, TrustedID, or IDWatchdog. Look for these services to be commodified and offered as a feature in products from folks like Panda and Sophos.
  4. Feature consolidated pricing. Like most geeks, I have numerous PCs and consumer devices that need protecting. Pricing models will change to accommodate this increasingly typical use case. One user, one price, multiple devices, common reporting.
  5. Leverage common agents. Check Point and Symantec are already talking about one agent for multiple endpoint security functions. Cisco is going a different way with its AnyConnect client that consolidates Scansafe, TrustSec, and VPN clients. We’ll see more of this as vendors bundle additional functionality for WAN optimization, PC configuration management, backup, etc.
  6. Provide PC tuning. TV ads for services like “finallyfast.com” may be prosaic, but any money going to these fly-by-night services is not going to McAfee and Trend.

Aside from market demand, security vendors will go down this path for defensive reasons. Free AV software from AVG and Microsoft is plenty good for casual users.

Will all of these features mean an uber fat client application? No. Like hybrid threat protection, vendors will offer a lot of these features as cloud services and rely on a lightweight agent to orchestrate the process. Finally, users will choose what they want and how much they want via a pricing calculator. Think online PC sales as an analogue.

Security purists may claim that endpoint security changes mean giving up control but the business case is too attractive for both users and vendors to pass up. Broad based solutions that cover requirements like threat management, performance management, backup, identity protection, and configuration management across multiple devices per user are simply the next phase of an evolutionary life cycle.

The Branch Office Network Form Factor Debate

Thursday, May 13th, 2010

There is an interesting debate happening in the networking industry that centers around branch office equipment. ESG Research points out that branch office servers and applications are moving to the data center and this move is driving more investment in WAN optimization technologies from Blue Coat, Cisco, Citrix, and Riverbed. At the same time, cheap bandwidth and cloud services are changing the network infrastructure. Large organizations are moving away from back-hauling all traffic through the data center and setting up a real network perimeter at the branches themselves.

While networking changes continue, there is also another trend happening. Lots of legacy networking and IT functionality (WAN optimization, firewall, IDS/IPS, file servers, print servers, domain controllers, etc.) is now available as a virtual machine. A single device can now take on multiple functions.

The debate centers on the “hybridization” of networking and server functionality at the branch office. Should branches deploy edge networking devices packaged with Intel processors for running VMs, or should they simply implement Intel blade servers from , HP, and IBM at the network perimeter and then use VMs for all networking and server needs?

The answer to this question could really impact the industry. For example, Fortinet is the king of UTM devices for branch offices but what if these appliances are suddenly replaced with standard Intel servers and virtual appliance software? Obviously this wouldn’t be good news for Fortinet.

For the most part, leading vendors are not pushing one model or another. Cisco WAAS equipment comes packaged with a Windows server while the Riverbed Service Platform (RSP) can run a Check Point firewall, a Websense gateway, an Infoblox DNS/DHCP server, or basic Windows services.

So which model wins? Both (Yeah, I know it is a cop out, but I truly believe this). It’s likely that smaller branches go with Intel servers and VMs while larger remote offices stick with networking gear. Large organizations will also lean toward their favorite vendors. Cisco’s networking dominance means it wins either way while Riverbed will likely do well in its extensive installed base and succeed at the expense of second-tier WAN optimization guys like Silver Peak.

In truth, there is no right or wrong way at the branch office network, but the vendor debate ought to be very entertaining.

Forensics, Litigation, and Full Disk Encryption

Wednesday, March 31st, 2010

A few years ago, I boldly predicted that PC encryption would go through a technical transition. My instincts told me that software-based encryption from companies like PGP, McAfee (SafeBoot), and Check Point Software (PointSec) would be usurped by laptops and desktops with standards-based (i.e., TCG standards) Self-Encrypting Drives (SEDs).

This seemed like a “no brainer” based upon industry history. For years new Intel chips would include new functionality, as did each Windows release. If encryption came as a standard feature on Seagate, Hitachi, Fujitsu, and Western Digital drives, it was logical that this would become the default configuration. Besides, SEDs are faster and more secure than software, so regulatory compliance activity was sure to add fuel to the SEDs fire.

Fast forward to 2010 and I readily admit that my timing was off. Check Point, McAfee, PGP, and others continue to sell tons of software encryption licenses while few have adopted self-encrypting drive-based systems. Why?

  1. The standard took too long to gain critical mass. Seagate came out with its own SED based upon a pre-ratified TCG standard but others lagged behind. As a result, Seagate, a company in the widget business, had to champion a mindset change. Seagate just didn’t have the marketing chops for this.
  2. System vendors could care less. Ask a Dell salesperson about encryption and he or she will show you a list of options including software and SEDs. In other words, no one is pushing SEDs at the point of sale.
  3. Software hasn’t caught up. If I have 20 thousand PGP licenses, I probably have a pretty robust management infrastructure behind them. Unless SEDs can be easily migrated into this environment, it is probably not worth the effort.

So does all this mean that SEDs are dead? Not at all. In fact there may be a SEDs renaissance any time now. The reason is simple. Some software-based encryption doesn’t protect data if PCs are in “sleep” or “hibernate” mode. Given the start-up time of Windows, many users take full advantage of sleep/hibernate modes, so this is a serious hole. Combine this with the fact that many organizations provide users with administrator access to their PCs and you’ve got a real problem — you can’t claim that a lost or stolen PC was actually protected if this loophole — and user behavior — exists.

Since SEDs overcome this issue, lawyers, auditors, and compliance officers may demand that new PCs come with self-encrypting drives onboard. Sounds extreme, but security-oriented purchasing behavior is already pretty pervasive.

From a security perspective, SEDs are a great option. Combine this with regulatory and litigation pressure and they may gain momentum after all. Software vendors take note, you may be dragged into supporting SEDs sooner than you think.

The Cisco Squeeze

Monday, November 2nd, 2009

Cisco Systems (CSCO) has long had a unique competitive position in the enterprise market. In the glory days of the mainframe, IBM still competed with HDS and Amdahl, but Cisco has had the enterprise networking market to itself for a number of years.

This monopoly seems to be at its greatest risk ever — ESG calls this market phenomenon the Cisco squeeze. Think of Cisco in the middle of a big triangle with the competition closing in on Cisco from three distinct fronts:

1. Innovation. Juniper’s (JNPR) Trio chipset and 3-D architecture set a new plateau for networking performance that Cisco can’t match. Yes, this is probably a bigger threat in the service provider market than the enterprise, but large enterprises like DISA and NYSE are buying into Juniper innovation. Beyond Juniper, companies like F5 Networks (FFIV), Citrix (CTSX), and Riverbed (RVBD) are out innovating Cisco in strategic areas as well. Finally, small enterprises are looking longer at innovative and affordable alternatives like Extreme Networks (EXTR), Force10, and even 3Com (COMS) to get better end-to-end functionality at a lower price point.

2. Commodification. While aggressive innovators hurt Cisco at the high margin data center and core network, commodification hurts Cisco at the edge. The best example here is HP. Low-cost edge and wiring closet switches with lifetime warranties are increasingly “good enough” for many Cisco customers. If history repeats itself and the low end scales to eat the high end, HP (HOQ), Dell (DELL), and other commodity networking vendors will continue to gain share at Cisco’s expense.

3. Server vendors. With its introduction of UCS (aka: California), Cisco effectively alienated major partners Dell, HP, and IBM (IBM). Publicly each of these companies say that they will continue to work with Cisco but privately they are mobilizing the troops. Both Dell and IBM now OEM networking equipment from Brocade (BRCD)and Juniper while HP is bolstering its ProCurve offerings with new products and partners. The rumor is that HP will no longer pay its sales reps commission on selling Cisco gear — that will certainly change selling behavior.

Cisco is a huge successful company with good products, great support, and some of the best sales and marketing in the industry. It also has done a great job diversifying into new areas like Telepresence, consumer electronics, unified messaging, and yes, even servers. Cisco is a machine that will continue to flourish but it clearly faces greater competitive and market pressures today than ever before.

Here are a few things I’ll be watching for over the next few quarters:

1. Layoffs or budget cuts in sales, marketing, or field support. This will tell me that margins are eroding, existing field skills are no longer useful, or Cisco is losing strategic battles.

2. “Back to basics” messages from John Chambers. If the ever-visionary Cisco CEO starts speaking to Wall Street in cliches like, “we took our eye off the ball,” or “we need to get back to basic blocking and tackling,” things are way worse than most people think.

3. Big acquisitions. If Cisco goes out and buys an F5 Networks, Riverbed, or ArcSight (ARST), it tells me that internal innovation can no longer keep up with the market.

4. Server deals. If Cisco wins large UCS deals, everything else will come along for the ride. If not, everything else will be challenged.

5. HP. If HP develops or acquires high-end networking equipment and new enterprise boss Dave Donatelli can instill an EMC-like sales culture at HP, Cisco will have its hands full.

Innovation, comodification, and competition are at the heart of the tech industry. Most industry leaders face these challenges from day one but Cisco through a combination of skill, luck, and lack of true competitors was able to tap dance around these pressures for a long time but no longer. Over the next few years, Cisco will be challenged like never before. It will certainly be interesting to see how it all unfolds.

Search
© 2010 Enterprise Strategy Group, Milford, MA 01757 Main: Fax:

Switch to our mobile site