Whatever happened to virtualization security? Back in the day, everyone was talking about blue pills and red pills, about sideways attacks and DOM-0 threats, about security profiles and isolation policies, about perimeter defense and security embedded in the hypervisor. Then, all of a sudden, the buzz seemed to disappear. It really seems like organizations simply don’t have the time, money, desire, or otherwise to pursue dedicated virtualization security. Indeed, it seems like most of the pure-play virtualization security vendors have folded, been sold, or reworked their strategy. For example: Blue Lane ended up being sold to VMware, reputedly at a bargain price, after failing to get any traction. Third Brigade was rolled up into Trend Micro, and now offers a solution for combined ‘physical, virtual and cloud’ protection. Reflex and Catbird have repositioned to highlight their...
Read more »

I am hearing a lot about the rise of a concept called ‘devops’ – a mashup of ‘development’ and ‘operations’. I am not at all an expert in this area, but from what I can tell, devops is aimed at streamlining rapidly iterative application delivery to allow for greater development and business agility. Devops aims to achieve this by breaking down the barriers – human, process, and technology – between application development and system operations. Interestingly, the concept is new enough that, as I write this, there is not even an entry for it in Wikipedia yet. I did find a blog by Damon Edwards (on Twitter – @damonedwards) very useful though, as he explains the age-old disconnects between application developers ‘throwing software over the wall’, and ops who are painfully resistant to change. James Urquhart (@jamesurquhart ) blogged very recently on the concept too , and again provided some...
Read more »

I read recently a good blog post from Thomas Bittman (@tombitt) of Gartner Group, about how sometimes close enough is good enough. Talking specifically about private cloud, he talked about how an ‘imperfect’ cloud deployment – one that does not have all five essential characteristics, for example – might be enough for some organizations. I especially appreciated how he highlighted some very specific, real-world examples to sustain his advice. As he shows, sometimes you don’t need a ‘100%’ implementation, and for very good business reasons. Not every IT organization needs a fully self-service interface, and many smaller organizations see no value in usage metering. They simply want to deliver services faster. For them, a 70% private cloud is absolutely good enough … it all comes down to business requirements, return on investment, and future strategy. How far you go is your ...
Read more »

I have a request. I hope it is not too onerous, because something is really starting to grind my gears. Can we in IT please all stop claiming that any technology is going to kill another? The latest I am reading, for example, is that NoSQL (for want of a better term) will kill off SQL. No, it won’t. My hyperbole aside, I know this with complete and utter certainty,  even though I am barely conversant in database technologies. Seriously, SQL hasn’t even killed off VSAM – first released in 1974 – which is still the foundation for a huge volume, perhaps even the majority, of our daily financial, logistics, retail, and government business. In fact, not only are we still storing data in VSAM, we are still programming in COBOL, and even doing it on 20 year old mainframes. So realistically, an upstart like NoSQL has no chance of...
Read more »

For those who have asked, and others who may care to know – the rumours are indeed true. After many happy years leading the fantastic systems and storage management team at one of the very best IT industry analyst and consulting firms, Enterprise Management Associates (EMA), I have moved on to take up an exciting new opportunity.
Read more »

There is a growing chatter about the idea that businesses should provide staff with a free choice of PC technology (including Windows, Mac, Linux, or other devices), and indeed that staff should be given a cash allowance (at Citrix, for example, the allowance is $2100) to purchase and use their own PC for company and personal use. Many claims are made to support this so called Bring Your Own PC (BYOPC) approach – although they seem mostly, if not only, to originate from vendors (notably desktop virtualization and application virtualization vendors) that have a vested commercial interest in its success. I disagree with many of these claims (especially the questionable claims of cost reduction), but I do agree that BYOPC can have some benefits. However, one of the many claims in support of BYOPC is that it will help organizations to attract and retain an important demographic of young, technologically sophisticated...
Read more »