Craig Burton, KuppingerCole
Martin Kuppinger, KuppingerCole
April 19, 2012 14:00
KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Craig Burton, KuppingerCole
Martin Kuppinger, KuppingerCole
April 19, 2012 14:00
Craig Burton, KuppingerCole
Martin Kuppinger, KuppingerCole
April 19, 2012 14:00
Okay. The first session today, or it's afternoon, not today. This afternoon is one on virtualization. So from virtualization to the cloud and beyond, and like many of these sessions, it's an hour's split to two pieces. The first half of the hour will be a presentation done by me and Craig, which is around exactly this topic. The second one will then be a panel which focuses much more on virtualization security. There will be in two persons, one from CA I think it's so terribly bad in keeping names. It's guy buzz, Han BK angle from VMware. So we will have a panel afterwards.
And so that's what we will do. And I think it looks like also our moderator is arriving, which is great. So he can take over after my part of the presentation. So he has still 25 minutes left sort of, but that's my birthday way. Burst birthday, present to him, sort of getting, knowing that he's got 38 today. Okay. So let's start. I have lost it somewhere here. Virtualization, I think is a very important topic in this entire context. We're talking about when we are talking about information security, we have to talk about virtualization.
When we are talking about cloud computing, we have to talk about virtualization. So virtualization is something which is sort of the, one of the, the important underlying techniques we have to look at and something we have to sort of keep under control. So what are we talking about today?
I think there are, there are the main topic today is really what we're looking at is mainly server virtualization, which means simply that we have some guest operating systems, which don't run directly on the hardware, but we have a host operating system and the hypervisor or mix of them, or whatever you do is I think there are different approaches, but something in between. And it's very logical. I think also, I think that will be a very important topic for the panel afterwards.
If you look at architectures, the more layers you have, the merge, the security risks you have simply said because the tech surface is getting bigger. We don't touch that much. The auto tops of virtualization, which is desktop virtualization, storage, virtualization, application virtualization. So the sandboxing of things, a little bit outta scope of what I wanna talk about right now. And when we look at what happened around virtualization and probably Greg, who is in the industry, even a little longer than me, started at the very left side of the things.
So virtualization and mainframe environments, which is a quite old topic or high end Unix environments. I think this interesting thing sometimes is to see, Hey, some things are out there for a long time. I will talk later on about the topic of dynamic authorization management. So how to externalize authorization out of applications. And the funny thing is, if you look at things like rag or the counterparts from CA technologies, they are around since the mid six seventies or the early eighties. So the topic of some of these things are out for a very long time.
I think however, and the same thing is true. They have been focused on a very specific environment right now, things are changing and we are looking at what happened then was things around, especially VMware becoming quite popular for 86 based virtualization for at the beginning, thinking what I've seen was a lot of things in the development and test area. So I started pretty, pretty early was the, myself was the Weber workstation, honestly, because I, when I, when I were back these days, I remember I, I think the maximum of PCs I had on my seller were I think 24 right now in the same room.
I have exactly one PC, which is my old IBM PCT, which I just keep sort of as a memory. And all the other PCs I had in my test environment are gone.
So it's, everything is virtualized, have some files boxes there. So these simple things, but that's it. And I think that has really changed over time. And then we ended up with the enterprise virtualization in that space where it's really become mainstream then. And there's a second stream of virtualization where we sort of have within this enterprise level virtualization we have, from my perspective, three waves of things, the first wave of mass adoption, it here is winter server.
So the first thing was really load optimization, winter server for standard workloads like exchange and other things, load optimization, plus some deployment and management right now, I think we are more and more facing the second wave, which is what virtually all the vendors are telling me that things are really changing here. So business systems with high workloads where it's not that much about reducing the number of servers, but really getting a better grip on the environments, managing them in a better way, standardizing the entire environments.
A lot of other things so much more focused on deployment and management. And I think there's a third wave of mass adoption, which is really around a sort of load enablement where it's about load balancing, for example, between your on-premise and your private cloud environment, which is still not that easy given that you have to move around sometimes a pretty big amount of data and other things, but overall, given that, that you have a lot of areas where you can run the same VMs. I think that's the third wave of things which is happening.
So when looking at our, again at our it paradigm, then I think there it's, it becomes pretty important when I look at the, the lower levels. So on premise cloud and allowing me to switch things over there that can happen at a, let's say at pretty different level. So I could look at it very high level from say, okay, if I have the same API in both environments, it helps me. I could also look at it very down there and say, okay, the cost grain approach is really to move a VM around in that area.
And overall from, from when I look at this paradigm, maybe I back then, one of the things I really look at currently is how can I make the on-premise it better? And I think that's one of the areas where really this virtualization thing comes in. So it's really about supporting flexibility in it, service production, and what I see theres optimized resource, moving peak loads to private, or even public clouds, a simplified use of different types of clouds. So really being better able to move between different providers, simplified management of it, environment, ization of based technologies.
In fact, I think it's, you know, when we look at the reality of cloud providers, they are virtually, let's say sort of heavily virtualized. And, and I think if we want to get better in our, in our on-premise it, and that's very much about acting like a cloud provider, like M S P, then it makes a lot of sense to follow the same paradigm. So how do we really get better there?
And so, so it's really my view on these things on how to make it. So look, Craig, maybe you, you, what your, your history on, I remember you back in the early days of network and other things.
So, so you also looking at this, this part of it and OnPrem and so on, what is your on that? The, the ability to virtualize machines and then actually virtualize operating systems is so powerful in not in, in, let me say it another way I had, we were talking the other day about how to generate the, you know, doing testing and so on and presenting to companies the way that they're going to do external APIs and, and open up their systems. And they say, well, you know, we wanna do this in a way that our legal department, isn't going to shut this down and prevent that.
And I said, well, just think if you, if you take a small group and go off and do this on the side and make it work as a real prototype and, and show that what you're doing can really work before you put it out in the wild, as it were, that, that it's opening Pandora's box and gonna let you get all the constituents within your company or organization to, to get an alignment and wanting to do the new and innovative things that need to be done.
And virtual virtualization of the hardware and the operating system and the cloud itself with these products is a very powerful tool for stepping to towards reality. So I'm really excited about it.
So, so what you're saying in fact is sort of without virtualization, we probably wouldn't do a lot of those things. We are, we can do non what we are talking about at a conference.
So, so looking at things like how to really change it. And I think that's really the point. We can't do it without virtualization. We can't do it. I think that's the other part of the story. We can't do everything this virtualization, I think that's also very obvious, but it's also, especially through the other way around. And so I'm getting better in this area becoming more flexible and supporting things like the open API economy won't touch too much because I've talked a lot about it. I think that's really something that relies on this.
And, but when I compare this idea of virtualization versus the open I economy, I think they're, these are really two levels. It's not that the one us the good on the other is the bad. I think it's, I think this more that are interdependent on each other. So the virtualization is the course gray, simple to use thing focused on one episode, one VM approach approach, sort of it's little bit more it T centric, but it's an enabling thing we need.
And on the other hand, we have the open IP API economy approach for more fine grain needs, some integration on the other hand, focus on consuming tailoring many apps to new services. So business-centric, and I think it's more that they are building on each other. And as Greg, in fact, that I think you couldn't do the other things without an environment, which is flexible enough to do it. And so I think it's about understanding what you do with which technology and how to move forward on that. I think that's really the point what it is about.
So sort of thinking in a virtualization layer where you virtualize for maximum infrastructure, flexibility and AP layer, where you expose for maximum service flexibility, I think that's where it tried to, to nail down this a little bit, that it really needs both approaches in that area. And from a survey we did some time ago together with CA technology and which CA technology ask us to do I have just taken out some numbers. And I think it's, it's really important to see a little bit what also, even while they're some months old, these numbers, I think they're still well in what they're saying.
So when asking people why you need virtualization, I think it's interesting to see that one area is increasing it agility and responsiveness, which is in relatively as a relatively important one as a major driver overall of it, operational efficiency and agility in that area. But on the other hand, I think that's something I might have to point on with this. I don't have one. The other thing is, for example, one of the topics which is relatively at the right end is the meet green it targets. So is one of the formally very public over a popular aspects is not really irrelevant.
Interestingly, it's, it's interesting to see that at that point of time, a large number of people said preparation for cloud. It is not really the point, but what you need to do. And that's a very important aspect. I think you need to understand it's an important thing. So you never will be able to move to the cloud without your home work done in virtualization sufficiently. You never will be able to fulfill what we have in mind with our call it paradigm to move your it to the next level without that.
Oh, I okay. So yeah. Thank you. Okay. The other thing is then when I look at this and if you don't, if you're not able to do this, you're not able to do the next step. So I think that's really the logical thing. So without doing your homework, you'll fail in other things. And these things are much tighter related. I think then many, see maybe that's a problem of our I've talked about is of our siloed.
Its, you know, who cares for virtualization? Who cares for, let's say the service model and all these things for the it organization and who cares for the API economy? If you're realistic, I would say at least one different party per area, isn't it? Yeah. And I think exactly, that's one of the points. The other thing is looking at virtualization security.
We, we just ask for, you know, what are the different challenges around this? And so how do these things compare how to physical environments? And also also there are some, I think interesting answers and one of these answers is really question was how important is it to secure your production virtualization environment? And it's interesting to see that the respectable number that it's more important than physical environment. So the Sierra side, I sort of said, if you have have more layers, you have more, more aspects to cover regarding security.
And the question was how secure are virtual environments in general? It's a mixed answer there if you look at it. So if you look at this numbers, it's a little bit, so half of the people roughly said, okay, it's oops, it's the same. And the other half was split in between or it's worst or better my perspective. And maybe we'll learn about this more in the upcoming panel than with the people from VMware and CA technologies. I think the point is if you don't do nothing or if you do nothing, it's probably worse if you do it right, it might become better.
I think that's what in a very simplified way I would say around this. So, but one thing is clear, virtualization security is a concern for organizations, but you know, also when I go back in your history of introducing new things, I think that the security concerns pretty quickly popped up. So you were run off the guys behind the first network operating systems and probably security was also thing from the very beginning. Isn't it? Yeah.
And which leads to the thinking also the really cool about thing about virtualization is the ability to provide scalability, which was very difficult when you had to do it server by server. And with this, you can, you know, farm put 'em in a farm and let them do scale as needed and spawn new servers on demand as it were. And also the reliability of something fails.
You know, Noel spent millions of dollars in time trying to figure out how two servers could do failover and with virtualization, it's, it's a, it's a configuration issue. It's all these things get resolved. Oh Yeah. It reminds me really of my days looking at all those things, which were there on failover and high availability and how complex it was and was you started struggling with the network cards you could use in these early days.
And I think virtualization really made a lot of things much easier starting from the fact that you don't care about a network card, which I always did when working with network, I remember, oh, do you have an any 2000 cards? This was always the answer using any 2000, everything will work, not very fast, but it will work sort of things. Yeah. So really it was one of the things we had there at that point of time.
And I think we have a lot of other results and I think it's still very, very interesting to have a look at the survey, but because I really like to look at again and then look at some figures and I think it doesn't didn't change really fundamentally. So when looking at which type, which things in virtualization and why virtualization is most important.
So server virtualization is really the hot topic because it really enables a lot of things and that's really the point it helps in there, but, and really it ends up in the conclusion of, if you don't have virtualization, you won't be ready for the cloud. You won't be ready for the chemical it paradigm and you won't be ready for the API economy.
And for other of other things that when I look at all the talks we we had during the last sessions, it simply means without virtualization, you will fail in agility at the end of the day and failing in agility, failing in specialization, failing, and really become a more modern. It, I think is a bad thing to do so how to move forward. My perspective is virtualization has to be a standard approach, standardization of infrastructure management deployment. I think it's important really helps a lot, not to deal with these issues anymore, not to have to deal with these issues anymore.
And I really remember how horrible it was for many, many years to get things up and running. And these non-standardized environments, I had a, and I think many of you have been in the it for quite a while. Know it it's the concept for the cloud. So you need a concept for cloud. So you need to define how to make use of private and public clouds for your virtualized environment. I think there's an opportunity you have, and there are a lot of offerings there and management is getting better.
I'm maybe it's not every in every area where I would like to see it, but at least things are moving forward. I still like to see more things in virtualization security and maybe in the next session, we will learn some interesting points around that. That would be very good. You need virtualization strategy and roadmap and, and implemented. So ensure that it's done in the secure way. I think that's always my concern, you know, and that is discussion for, for many years right now. And I think things are getting better.
But I remember when I go back in this, in these days, and then, then I had discussions about what is, what about the security? And I think I liked your, your keynote.
Yes, sir. From, from VMware, which was very much about virtualization security, which I, I would say it like this, going back some two, three years compared to deaths, it was a real, real big step forward.
You know, so really I think that it really, the topic of security has a fundamentally different relevance right now for these ones. I think it's, it's normal. I think that's the bad thing with, with it that it usually invents something and then starts about thinking about security. I always like things where security is a topic from the very beginning.
However, my experience in most cases, security is more something which is done afterwards and go beyond virtualization. That CR thing think beyond it. So virtualization is and infrastructure it's important. You need it, but you need to do, do more things around it. So I think that was my last slide. If I know it wasn't, I didn't remember, right. What are the read business benefits make your on premise it service production more efficient, very important in our view, better distribution of workloads, standardization of infrastructure, and become really more flexible and agile at that level.
And thus enable agility at the other levels, both foundation for acting as a server service provider on premise. So you need your on premise. It needs to act like a service provider. And when the service providers do virtualization for a good reason, you should do it as well. And you could achieve even bigger benefits by doing those things at other levels as well. So these were some of my, and our thoughts from, from Greg and me. I think we have some time left, but we have a moderation. So it's moderator. So it's time now. Okay. It's your turn.
Yeah, Absolutely. So virtualization really became an integral part of everything we do in it today. Would you have thought that like a few years from what you were doing with all that it administration stuff, you would just download some, some sort of software and run a whole lab on your mobile computer, like have a whole set of servers virtually running on your little laptop, right in front of you.
You know, everybody who worked in, in presales, they all had a hard time presenting enterprise demos because it was just not possible today. Everybody has a small data center on their laptops and that really shows how groundbreaking virtualization technology has changed the way we in it do business. Now it's really time to focus on how virtualization can change the way we do business. And it already started a few years ago and whole new business models was selling it. Computational power on demand has become a large industry.
And we're all here to hear how this will further impact us, how the security implications are for the next few years. And I'm very happy that we had that first introductory discussion. Ask if there any Question yeah. With our two specialists here up on stage, and I'd like to open up for questions from the audience. If there are, If there are any, I just wanted to add one more thing. And that is that one of the core themes of this whole conference is that it needs to consider is faced that it's gonna have to change radically to deal with what's happening in the market.
And virtualization is a great way to, how should I put this gently? Don't be gentle.
Well, of course I, I can't. So to, to enable the change of it, despite it's resistance, We, we heard yesterday that resistance is futile and everybody who has not yet adopted virtualization in, in any flavor today still keeps up that resistance. And those guys really need to stop. They need to embrace that change instead of being reluctant.
And well, maybe, maybe it's just an intrinsic thing that they are still shying away from it because it radically, drastically changes how we do business. You, you cannot just retreat as it and say, yeah, it's gonna take us half a year planning. And then another half a year of integrating into our environment. And then probably next year in summer, we can have the first implementation up and running. That's bullshit today. You just need a little bit computational power.
If you don't have it, just order it online at some of the providers and click together your demo environment, your, your servers, they are deployed in a matter of minutes. It departments that today take months to deliver you a server. That's so 1990, But interesting thing is sometimes I, when I, when I'm at a customer, they say, okay, it'll take a long time until my virtualized new virtual server is ready. That's still, still a situation we have, oh, for this proof of concept we need some weeks until we have our virtualized environment up and running.
That's something we also need to change over time because I think it's not well answering what we could do. Okay. So thank you. Thanks for the guys on stage.