Enterprise Strategy Group | Getting to the bigger truth.TM

Posts Tagged ‘IBM’

Cisco Financial Results Demonstrate Real Networking Competition — Finally

Thursday, February 10th, 2011

As of this writing, Cisco shares are down between 11% and 13% even though it beat the Street’s revenue and profit estimates. Why the dip?

  1. The competition is real. About 5 years ago, I visited a number of CIOs on Wall Street and asked them which vendor was their “second source” for networking equipment. I remember one saying something like, “We bought Amdahl mainframes to keep IBM honest and now we buy HDS storage to keep honest, but there isn’t a single networking vendor that we can count on as a true competitor to Cisco.” Times have changed. HP and Juniper are truly winning enterprise business–not because of any real weakness in Cisco’s portfolio, but because IT wants strong competition in networking just as it did in other areas.
  2. The economic recovery is uneven at best. IT purchasing is up and, according to ESG research, 46% of enterprise and SMB organizations will invest in networking equipment. That said, some industries like state and local government, transportation, and education are still really hurting. A few years ago, Cisco could schmooze budget-constrained customers or throw in additional products and still win the business. In today’s world, a $20k savings may win the business for Extreme Networks or HP. Unless Cisco matches prices, it will be difficult to compete in these financially-strapped industries.

Cisco is especially vulnerable in various network tiers. For example, some companies are passing on Cisco at the access layer in favor of others like Extreme and HP. Cisco maintains the profitable network core, but loses out on dozens, if not hundreds, of access switches per customer.

Cisco is a great company and will likely rebound with server sales, software, new acquisitions, and cost cutting measures. Nevertheless, I agree with John Chambers: this is a transition point for Cisco.

Death Of An Industry Giant: Ken Olsen

Tuesday, February 8th, 2011

By now you’ve read that Ken Olsen, founder of Digital Equipment Corporation, died this weekend at the age of 84.

Lots of people will chronicle Olsen’s life and career: MIT, Lincoln labs, DEC, the PDP-1, VAX, etc. I’m sure a lot will be written about how Digital missed the PC market, how the company lost its way in the early 1990s, and about Olsen’s famous “snake oil” speeches. Most of these things are true or at least based on facts, but there are a few things about Olsen (and Digital) that shouldn’t be forgotten:

  1. When Digital Equipment was founded in 1957, the only computer company that really mattered was IBM. Rather than control the system software like IBM did, Digital took a different approach, letting customers tinker with its systems, working with customers on technical improvements, and then adding them to new releases. In this way, Digital really pioneered the whole “geek culture” that is still with us today.
  2. Olsen fought against open systems in the 1980s and 1990s believing that he could deliver a better product by controlling all of the APIs and system integration. This was true–VAX clusters, a combination of systems, storage, networking, interconnects, and system software were way ahead of their time. Olsen lost this market battle even though he was completely right. Fast forward to 2010. At last year’s Oracle Open World, Oracle boasted about “hardware, software, together.” Ironically, Oracle was one of the companies waving the open systems flag against Digital.
  3. Current folklore tends to mock the Olsen/Digital “matrix management” model as too cumbersome and slow. Yes, this led to some bad market decisions but competing technology groups really pushed on innovation. DEC didn’t always capitalize on new products but the industry — and the world — eventually did.
  4. Many people say that Olsen should have brought in real business guys and stepped aside. In reality, he did. Lots of top DEC managers came from IBM, Olivetti, and other big firms. Rather than improve Digital, they brought in a sense of entitlement or a lack of real technical customer knowledge. This unfortunately was the beginning of the end.

It’s hard to underestimate the contributions of Olsen, Digital Equipment, and the people who worked there; I haven’t even mentioned networking, VMS, databases, systems management, etc., but they were all there as well. Olsen should be remembered for his unbelievable vision and how he shook the industry from 1957 through the late 1980s. This man was truly a founding father of the modern information technology.

Homegrown Software is Not Secure

Tuesday, January 11th, 2011

Ask 100 security professionals to name a weak link in the cyber security chain, and a majority will point to software vulnerabilities. This is especially true in two areas: 1) Internally-developed software where developers may lack the skills or motivation to write secure code, and 2) Web applications where rapid development and functionality trump security concerns.

How vulnerable are today’s web apps? Here’s how the IBM X-Force answered this question in its 2008 Trend and Risk Report:

“Web applications in general have become the Achilles Heel of Corporate IT Security. Nearly 55% of vulnerability disclosures in 2008 affect web applications, and this number does not include custom-developed applications (only off-the-shelf packages). Seventy-four percent of all Web application vulnerabilities disclosed in 2008 had no available patch to fix them by the end of the year.”

ESG Research looked further into software security in its recently published report, “Assessing Cyber Supply Chain Security Vulnerabilities Within the U.S. Critical Infrastructure” (note: this report is available for free download at the ESG website, www.enterprisestrategygroup.com). Security professionals working at critical infrastructure organizations were asked, “To the best of your knowledge, has your organization ever experienced a security incident directly related to the compromise of internally-developed software?” Alarmingly, 30% answered “yes.”

What does all this mean? IBM X-Force data clearly demonstrates an abundance of insecure web applications out in the market. ESG’s data shows that many critical infrastructure organizations are not only writing insecure code but are also being compromised as a result of these vulnerabilities. Yikes!

Insecure software is a problem that is too often swept under the rug because it isn’t easily addressed with a tactical threat management tool Du Jour. Yes, software security requires new skills and processes but unless we make these changes we will continue to be vulnerable. If your lights go out sometime soon, insecure software may be to blame.

The Smart-Fat and Smart-Thin Edge of the Network

Wednesday, November 17th, 2010

Take a look at ESG Research and you’ll see a number of simultaneous trends. Enterprises are consolidating data centers, packing them full of virtual servers, and hosting more and more web applications within them. This means massive traffic coming into and leaving data centers.

Yes, this traffic needs to be switched and routed, but this is actually the easiest task. What’s much harder is processing this traffic at the network for security, acceleration, application networking, etc. This processing usually takes place at the network edge, but additional layers are also migrating into the data center network itself for network segmentation of specific application services.

Think of it this way: There is a smart-fat network edge that feeds multiple smart-thin network segments.

The smart-fat network edge aggregates lots of network device functionality into a physical device, cluster of devices, or virtual control plane. This is the domain of vendors like Cisco, Crossbeam Systems, and Juniper Networks for security and companies like A10 Networks, Citrix (Netscaler), and F5 Networks for application delivery. These companies will continue to add functionality to their systems (for example,  XML processing, application authentication/authorization, business logic, etc.) to do more packet and content processing over time. It wouldn’t surprise me at all if security vendors added application delivery features and the app delivery crowd added more security.

Once the smart-fat network edge treats all traffic, packets and content will be processed further within the data center (i.e., smart-thin network edge). This will most likely be done using virtual appliances like the Citrix VPX. Why? Virtual appliances can be provisioned on the fly with canned policies or customized for specific workloads. They can also follow applications that migrate around internal data centers or move to public clouds.

A few other thoughts here:

  1. I’m sure we’ll see new startups focused on smart-thin virtual appliances but I don’t expect them to succeed. Existing vendors will simply deliver virtual appliance form factors and dominate this business.
  2. Legacy vendors have the best opportunity here as many users will want common command-and-control for the smart-fat edge and the smart-thin edge. Nevertheless, this further network segmentation does provide an opportunity for aggressive vendors to usurp customer accounts and marketshare.
  3. Smart-fat edge systems are delivered as physical devices today but this isn’t necessarily true for the future. I can see virtual appliances with horizontal scalability running on , HP, or IBM blade servers in the future.

The smart-fat, smart-thin architecture is already playing out in cloud computing and wireless carrier networks today and I expect it to become mainstream in the enterprise segment over the next 24 months. The technology is ready today but many users have no idea how to implement this type of architecture or capitalize on its benefits. Vendors who can guide users along with knowledge transfer, best practices, and reference architectures are most likely to reap the financial rewards.

Technology CEO Council’s Lightweight Federal IT Recommendations

Wednesday, November 3rd, 2010

Have you heard of the Technology CEO Council?  Neither had I until recently.  The council is made up of a strange mix of tech CEOs from organizations including Applied Materials, , , IBM, Intel, Micron, and Motorola.  Why this group and not Adobe, Cisco, HP, Juniper Networks, Microsoft, Oracle, and Symantec?  Beats me.

Anyway, the group published a paper in early October called, “One Trillion Reasons:  How Commercial Best Practices to Maximize Productivity Can Save Taxpayer Money and Enhance Government Services.”  The paper stresses the need to reduce federal spending and suggests some IT initiatives in support of this objective.  The initiatives include:

  1. Consolidate information technology infrastructure
  2. Streamline government supply chains
  3. Reduce energy costs
  4. Move to shared services
  5. Apply advanced business analytics to reduce improper payments
  6. Reduce field operations footprint and move to electronic self-service
  7. Monetize government assets

The paper is available at www.techceocouncil.org.

I agree with the spirit of this paper as there are plenty of ways to use IT costs savings to reduce overall federal spending.  That said, the paper is pretty weak and self-serving.  Specifically:

  • The Feds are already doing most of these things today.  Federal CIO Vivek Kundra is already driving data center consolidation.  Agencies were asked to submit initial input on June 30, 2010 and finalized plans are due on December 31.  Lots of federal agencies including CIA, DHS, DISA, and NASA are well along the road to cloud computing as well.  Perhaps the Feds should be more aggressive, but the same could be said of any organization.
  • The paper ignores legislative challenges.  The paper suggests things like consolidating common IT services like payroll, finance, and human resources.  Once again, this is nothing new as this type of consolidation was suggested in 2001 as part of Karen Evan’s Federal Enterprise Architecture.  Moving beyond inter-departmental cooperation toward a federal IT organization could indeed save money, but it would require overhauling (or at least tweaking) the Klinger-Cohen Act of 1996.  This could be a long arduous process.
  • What about security?  Federal IT spending is dominated by military and intelligence agencies with deep security requirements.  You can’t just consolidate around these.  Yes, security standards and regulations should be changed to keep up with the times–this is exactly what’s happening with FISMA 2.0 and the FedRAMP strategy to streamline cloud computing certification and accreditation (C&A).  Again, these things take time, thought, and care–not ideas and papers.

The CEOs also need to remember that their own internal IT organizations are far different than those in the federal government. When EMC executives mandate a massive VMware project, all of IT jumps into formation.  It doesn’t work that way in the public sector.

There were certainly some good points in the paper, but overall it is really a marketing piece put out by a lobbying organization.  In my humble opinion, there is some irony in this paper and organization–while the Technology CEO Council puts out a paper about how the federal government can save money on IT, companies like Dell, EMC, IBM, and Intel are happily wasting dough on a half-baked lobbying/PR organization.  Funny world.

The CIA and the Encrypted Enterprise

Friday, October 29th, 2010

The international horse show wasn’t the only event in Washington DC this week; I participated in the Virtualization, Cloud, and Green Computing event in our nation’s capital. One of the guest speakers was Ira “Gus” Hunt, CTO at the CIA. If you haven’t seen Gus speak, you are missing something. He is very strong on the technical side and extremely energetic and entertaining.

Gus focused on cloud computing activities at the CIA (I’ll blog about this soon), but I was intrigued by one of his slide bullets that referred to something he called the “encrypted enterprise.” From the CIA’s perspective, all data is sensitive whether it resides on an enterprise disk system, lives in a database column, crosses an Ethernet switch, or gets backed up on a USB drive. Because of this, Hunt wants to create an “encrypted enterprise” where data is encrypted at all layers of the technology stack.

The CIA is ahead here, but ESG hears a similar goal from lots of other highly regulated firms. When will this happen? Unfortunately, it may take a few years to weave this together as there are several hurdles to overcome including:

  1. An encryption architecture. Before organizations encrypt all their data, they have to understand where the data needs to be decrypted. For example, remote office data could be encrypted when it is sent to the corporate data center, but it needs to be decrypted before it can be processed for large batch jobs like daily sales and inventory updates. There is a balancing act between data security and business processes here demanding a distributed, intelligent encryption architecture that maps encryption/decryption with business and IT workflow.
  2. Key management. Most encryption products come with their own integrated key management system. Many of these aren’t very sophisticated and an enterprise with hundreds of key management systems can’t scale. What’s needed is a distributed secure key management service across the network. Think of something that looks and behaves like DNS with security built in from the start. The Key Management Interoperability Protocol (KMIP) effort may get us there in the future as it is supported by a who’s who of technology vendors including EMC/RSA, HP, IBM, and Symantec, but it is just getting started.
  3. Technical experience. How should I encrypt my sensitive Oracle database? I could use Oracle tools to encrypt database columns. I could encrypt an entire file system using Windows EFS or tools from vendors like PGP. I could buy an encrypting disk array from IBM, or I could combine EMC PowerPath software with Emulex encrypting Host-based Adapters (HBAs). Which is best? It depends on performance needs, hardware resources, and financial concerns like asset amortization. Since there is no “one-size-fits-all” solution here, the entire enterprise market is learning on the fly.

A lot of the technical limitations are being worked on at this point, so the biggest impediment may be based upon people and not technology. We simply don’t have a lot of experience here, so we need to proceed with research, thought, and caution. To get to Gus Hunt’s vision of the “encrypted enterprise,” we need things like reference architectures, best practices, and maturity models as soon as possible. Look for service providers like CSC, HP, IBM, and SAIC to offer “encrypted enterprise” services within the next 24 months.

Cisco’s “Kitchen Sink” Product Announcements

Thursday, October 7th, 2010

Did you see the series of announcements Cisco made this week? It was pretty impressive. This is the traditional season where Cisco announces products and new initiatives but this week’s announcements were very extensive — new switches, routers, security devices, wireless access points, WAN optimization equipment, etc.

In its marketing mastery, Cisco related all of these announcements to two core strategic initiatives, data center virtualization and borderless networks. In other words, Cisco is talking about the way IT applications and services are hosted (central data centers, virtualization, cloud), and the way they are accessed (wired and wireless networks, security, access control).

Cisco is clearly demonstrating that it plays in a different space then it used to. It’s all about industries, business processes, and enterprise IT now; the network simply glues all the pieces together. So why all these announcements at once? Doesn’t this water down the individual piece parts? I don’t think so. Cisco is actually doubling down on integration across its products with an overall strategy aimed at:

  1. Competing on all fronts. In one day, Cisco delivered a response to a spectrum of IT vendors like Aruba, Check Point, Juniper Networks, and Riverbed. Cisco may not have the “best-of-breed” product in each category but it is reinforcing the message that the whole is greater than the sum of its parts.
  2. Out-executing the big competition. Cisco is betting that it can deliver technology integration and enterprise IT initiatives faster than its primary competitors — HP and IBM. There is some precedent here–HP and IBM business units haven’t always worked together well so Cisco believes it can capitalize on its organizational structure and market momentum.

Now I realize that the “integrated stack” story has limited value today since customers have a history of buying servers from HP, wired networks from Cisco, Wi-fi from Aruba, storage from , etc. That said, IT is radically changing. For example, ESG Research indicates that server virtualization is driving a lot more cooperation across disparate functional IT groups. As these organizations come together, it’s only natural that they will look for common solutions from fewer vendors.

In the meantime, service providers and financially-strapped organizations (i.e.,  State/local government, higher education, real estate, etc.) will look for IT savings anywhere they can, even if it means moving away from some vendors with relatively stronger point products in the process.

Cisco also has a services opportunity in that it gets to play services Switzerland and partner with companies like Accenture, CSC, and Unisys in competition with IBM Global Services and HP/EDS.

Lots of people knock Cisco products and point to better, faster, cheaper alternatives. Maybe, but the overall Cisco story seems pretty strong to me. As of Tuesday, Cisco has a bunch of new products that support its corporate strategy and make its story even stronger.

Will IBM/Blade Networks Hurt Juniper? Nope.

Wednesday, September 29th, 2010

There must be a lot of junior people following the technology market these days — I’m really amazed at some of the stuff I read all the time. Back in the dark ages when I entered the Tech industry, we didn’t have e-mail, IM, blogs, tweets, etc., so you turned to industry rags like venerable Network World or Computerworld to get industry insider analysis. Now anyone with a keyboard and an opinion gets to speak. Good for free speech, bad for knowledge transfer.

Case in point–a friend forwarded me an article suggesting that the IBM/Blade Networks deal was a big blow to Juniper. With Blade Networks in hand, IBM would now package Blade Networks and IBM blade servers together to counter Cisco UCS featuring integrated networking and compute (note: the article failed to mention storage but that’s another point). While this wouldn’t kill Juniper, it would limit Juniper and others to the remaining laggards that want to buy separate networking and server boxes.

Now, full disclosure: Juniper is an ESG customer but so is Blade Networks, IBM, and just about every other tech vendor. That said, this article fails to recognize some very fundamental market realities:

  1. Cisco UCS just started shipping last year so Cisco is playing catch up to IBM, not the other way around.
  2. Buying Blade changes nothing as IBM was already reselling the network blades.
  3. While the concept of integrated compute, network, and storage sounds appealing, ESG Research indicates little market interest. Yes, this is a good approach for service providers but unless we are talking about a green field implementation, service providers still have legacy servers as well as Ethernet and Fibre Channel switches to replace.
  4. Blade Networks makes access switches. Yes, Juniper makes top-of-rack access switches that may compete on functionality, but Juniper’s real expertise is virtual switches and chassis-based aggregation and core switches. The most likely scenario is Blade at the Edge and Juniper in the core.

Finally, Blade isn’t really a networking vendor as it really only has one product — network blades. Does this help IBM with turnkey blade servers? Yes. Does this help IBM compete on big network-connected “smart planet” projects? No.

IBM Buys Blade Networks — An Obvious Marriage For Server Virtualization and Dynamic Data Centers

Monday, September 27th, 2010

Last week, 20-somethings on Wall Street were buzzing about self-serving rumors that IBM would buy Brocade Networks. Well that didn’t happen (and I don’t think it ever will), but IBM did make a networking acquisition when it scooped up Blade Networks today. Terms of this deal were not disclosed.

Why Blade and not Brocade? Several reasons:

  1. IBM anticipates increasingly dense blade server sales. ESG Research indicates a general trend from rack-mounted to blade servers. Why? Today, an average server hosts between five and ten VMs. As this ratio substantially increases over the next 2-3 years, IT managers will need blade server flexibility and manageability to cope with scale and complexity. Blade Networks provides another piece for tight integration between blades, virtual switches, and physical switches.
  2. Blade Networks runs JUNOS. I don’t think IBM cares about Blade’s top-of-rack switches. Rather than own this piece, it can now plug its dense blade servers into Juniper data center top-of-rack, aggregation, and core switches. Lots of form factors and the chance to leverage Juniper’s deep commitment toward flattening the network with its 3-2-1 initiative and the ultra-secret “Project Stratus.”
  3. The price was right. With 3Com and ProCurve in tow, HP has been pretty public about its intention to push Blade Networks aside. This really left IBM as the only logical place for Blade Network investors to turn. My guess is that the acquisition price was fair, but not overly generous.

IBM is also probably anticipating a technology change in the HPC market as 40 and 100 gigabit Ethernet replaces Infiniband. Once again, Blade Networks will provide a turnkey blade solution for scientific computing and smart planet analytics. Blade also provides port and device consolidation for the burgeoning trend toward Ethernet-based storage.

I really don’t think that IBM wants a stand-alone networking business again, so an acquisition of Brocade, Extreme, Force 10, or even Juniper seems unlikely. With Blade, IBM can deliver a data center unit–complete with memory, processors, and networking/storage IO–in a tightly-integrated can. My guess is that IBM will sell a ton of these.

Dario Zamarian

IBM To Buy Brocade And Other Stupid M&A Rumors

Thursday, September 23rd, 2010

I was at Oracle Open World yesterday when I heard the rumor that IBM was going to buy Brocade. At the time, I was meeting with a group that had collective industry experience of more than 100 years. We all laughed this off as hearsay.

The fact is that IBM already OEMs equipment from Brocade (as well as Juniper) so it is not lacking in engineering experience or alternatives. Does IBM want to start a stand-alone networking business? Does it want to OEM Fibre Channel switches to and HP? Does it want to bet on Brocade/Foundry Ethernet switches against the rest of the industry? No, no, and no.

This is not the only silly rumor we’ve heard lately. Last week, Microsoft was going to buy Symantec. Yeah sure, there are no antitrust implications there. And does Microsoft really want to buy a company that has about a dozen products that are redundant to its own?

How about Oracle buying HP? Larry may be spinning this up for fun, but it’s simply crazy talk. Oracle, a software company focused on business applications and industry solutions, wants to get into the PC and printer businesses? Yeah, I know, “What about servers and storage?” To which I answer, “What about Sun?”

These rumors are circulating because of the recent uptick in M&A activity, but my strong bet is that nothing remotely similar will happen. The rumors must then be coming from one of two sources:

  1. Wall Streeters executing a “pump and dump” play. Given the activity in Brocade’s stock yesterday, this is likely. I hope the SEC is all over this unethical practice.
  2. Bloggers and Tweeters trying to “stir the pot.” Maybe the Internet has become the great equalizer between intelligent discourse and ignorance.

Not all mergers make sense, but there tends to be some business logic inherent in most transactions. Let’s try and remember that before spreading rumors for personal or unethical gain.

Search
© 2011 Enterprise Strategy Group, Milford, MA 01757 Main: Fax:

Switch to our mobile site