To put that in perspective, that’s ten times faster than the speeds provided by Internet service providers and 50,000 times faster than the average iPhone connection, according to a DOE statement.

The new DOE network links scientists working at the National Laboratories of Lawrence Berkeley (in California), Argonne (Illinois) and Oak Ridge (Tennessee). Called the Advanced Network Initiative (ANI), it was unveiled this week at SC11, the annual shindig for the supercomputing/high-performance computing community.

ANI is just the first stage of a wider DOE initiative to roll out 100 Gbps services across ESnet, the national network that links thousands of government researchers at more than 40 different facilities in the US as well as research partners in other countries. Other data-intensive laboratories will be the next beneficiaries, with all DOE national lab sites to be integrated into the 100 Gbps infrastructure by the end of 2012.

The new network at HHMI’s Janelia Farm Research Campus, meanwhile, is based on technology from networking company Brocade, which claims it is the “world’s largest single-site deployment of 100 GB Ethernet” and will “significantly increase operational efficiency” for some 250 biomedical research scientists.

“We have 200 Gigabits connections to each of our network wiring closets,” said Spartaco Cicerchia, director of network infrastructure systems for the Janelia Farm Research Campus in Ashburn, Virginia. “Then we have 10 GbE connections going directly down to researchers’ systems in order to support the massive volumes of data they have collected. This new infrastructure enables our research team to obtain results 10 times faster than before. This performance advantage will allow us to set a new standard for research process cycles.”

Of course, both networks cater for a rather niche audience. High-performance computing is a highly specialised area that has grown up around the need of scientists and researchers working on advanced computation problems, involving massive data sets and often performed across large clusters or grids of machines.

For example, ESnet is used today by physicists who need access to data generated by the Large Hadron Collider in Switzerland; by climate scientists, to interrogate some of the world’s largest databases of meteorological information; and by biofuels experts, to access genomic data on energy-relevant microbes and plants.

But the DOE also claims that the launch of ANI, which uses new optical technology to reduce the number of routers needed on the network, will accelerate “by several years” the commercialisation of 100 GbpS network technologies. In other words, regular IT teams will eventually have access to this technology, too.

“With the establishment of this high speed network, the United States is once again blazing a path for the future of Internet innovations,” said US Secretary of Energy Steven Chu. “Initially, this breakthrough will make sharing information between our labs much more efficient and pave the way for new discoveries, but it also holds the potential to change and improve our lives much like the original commercialisation of the Internet did in the mid-90s.”

That may sound like hyperbole, but it’s worth remembering that the World Wide Web originated with physicists at CERN who needed to share data with colleagues worldwide – and that several DOE laboratories were among its earliest pioneers.

For now, however, 10Gbps connectivity is the goal for most commercial organisations – the speed that ESnet already offers today. In a report released this week by IT market analyst firm Dell’Oro Group, quarterly shipments of 10Gbps Ethernet controllers and adapters – which connect servers to these networks – grew 47 percent year-on-year, to 1.3 million in 3Q11.

“We are still in the early stage of 10 Gbps server adoption and we expect that Intel’s Romley platform will fuel even more migration towards 10 Gbps in 2012,” said Dell’Oro Group analyst, Sameh Boujelbene. Romley is Intel’s new workstation/server platform, originally expected in 2011 but now likely to appear in 2012.

The announcement was made after what BT described as “a successful summer” of London 2012 testing events, staged as part of LOCOG’s overall operational testing programme, London Prepares.

BT said it successfully delivered hosted voice services to the several competitions held during this period, in sailing, road cycling and basketball, among other sports.

BT’s testing effort will continue until May 2012, ahead of the Opening Ceremony on 27 July, the company said.

BT is the official communications services partner for London 2012, with responsibility for delivering a converged voice, video and data network for the event. This will be based on Cisco’s Hosted Unified Communications Services platform and will provide LOCOG with a tool to monitor their live usage of the hosted network in what was billed by BT Central Government and London 2012 vice president Stuart Hill as the “most connected Games ever”.

More than 16,500 handsets will be deployed across all the 94 LOCOG and London 2012 sites that will be up and running during the course of the Games, providing essential coverage, with “follow-me” numbers to support communications across the organisation.

With the hosted voice system, LOCOG can add and remove contacts and mailboxes quickly, as well as access conferencing and the service will also connect all National Olympic Committees attending the Games to LOCOG.

During the Games, BT networks will carry images and TV pictures from the Games, along with millions of calls, emails and texts, said Hill.

At IP EXPO 2011, Olympic silver medallist and former world champion Roger Black, the Team GB ambassador for London 2012, told attendees that the Games represent a huge opportunity to get young people involved in technology, through sport.

“The athletes can do real-time coaching via video link to their trainers, and get all sorts of stats on their performance. And they can share their experiences with the world on social media as each event takes place,” he said.

“The difference from 15 to 20 years ago when I was racing, and now, is huge in terms of IT. I’d love to have had all these opportunities.”

Black spoke alongside Neil Crockett, Cisco UK and Ireland’s MD for London 2012. Crockett told the IP EXPO attendees how the company will be supporting the legacy of London 2012 after the games, with the development of the British Innovation Gateway (BIG).

BIG is the focus of a five-year programme of investment at Cisco, through which the company aims to “discover and develop a generation of innovative hi-tech companies to create new economic growth in the UK.” BIG will include two new Tech Innovation Centres in East London, connected with other innovation centres to allow collaborative working.

Countless vendor-sponsored surveys speak of big benefits, and in particular, happier, more productive workers. These make interesting reading, certainly, but for empirical, scientific data to back up these claims, managers might want to take a look at a recent field experiment conducted by researchers from Stanford University in California.

These researchers were recently offered an ideal opportunity to benchmark the performance of home-based employees versus their office-based counterparts across a statistically meaningful pool of employees working for a single, billion-dollar firm. It came in the form of a former Stanford economics PhD student, who had since returned to China to establish online travel service Ctrip.com. He wanted to know if it made sense for at least some of the company’s 12,000 staff to work from home, starting with agents based in the company’s airfare and ticketing office in Shanghai.

To date, the results that the researchers have published are preliminary and awaiting peer review, but they can be accessed here. Overall they show that among agents allowed to work from home, productivity went up, as did hours worked, and home-based employees reported higher levels of job satisfaction.

So far, so standard – but this group was selected carefully and results were benchmarked against a control group. The process is described by the researchers as follows: The invitation to participate in a homeworking trial  – which would involve them working from the house for four of their five weekly shifts over an eight-month span starting near the end of 2010 – was extended to some 1,000 employees at Ctrip with their own rooms at home and six months’ experience with the company.

In total, 255 employees – a little more than half of those who were eligible – chose to participate. Of these, those with even-numbered birthdays got to work from home. Those with odd-numbered birthdays, meanwhile, had to remain office-based and thus provided the control group.

Looking at the data, it seems it didn’t take long for telecommuters to out-perform their office-based colleagues. Over the duration of the experiment, Ctrip’s home workers answered 15 percent more calls, partly because each hour was 4 percent more productive, and partly because home-based employees (who took fewer breaks and sick days, arrived more punctually at their desks and had fewer distractions) spent 11 percent more time answering phone calls.

It’s perhaps the most convincing study we’ve seen to date – but it also throws up a few questions and a few surprises. For a start, how can we be sure that the employees who volunteered for the homeworking study, but were confined to the office instead because their birthdays fell on an odd-numbered day, where not demoralised and demotivated by the knock-back?

More seriously, it seems astonishing that, of the 500-plus employees that qualified for inclusion in the study, little more than one-half agreed to go ahead. And many of those involved in the original experiment, we learn, decided to work from the office again after it concluded. Perhaps most importantly, the employees involved in this study are engaged in measurable, task-oriented work that reaps easily calculated revenue results – making and receiving phone calls and taking travel bookings. That does not necessarily reflect the jobs of many potential candidates for homeworking.

That said, the Ctrip.com CEO was sufficiently convinced of the findings that the company has since rolled out home-working to the experiment’s control group, and is now planning to extend it to other groups in its Shanghai office and then to groups in a larger office in Nantong.

This tricky issue was addressed by Gartner analysts Carolina Milanesi and Nick Jones at the company’s recent customer conference in Barcelona. As the lines blur between our working and personal lives, they pointed out, there is more and more crossover between the technologies we use in and outside of the workplace.

Employees now behave more like consumers, demanding a wider choice of devices and using consumer devices and applications downloaded from online app stores for business uses, they say.

In response, most IT teams will need to formulate a strategy for mobile device management. Broadly speaking, Milanesi and Jones believe these management styles will fall into four broad categories:

1. Control-oriented

Primary goal: To guarantee quality of service, security, support and cost. In this approach, all aspects of devices, mobile-service contracts and applications are strictly controlled and supported by corporate IT. In most cases, employees are expected to use only company-approved and owned devices for work purposes.

2. Choice-oriented

Primary goal: User satisfaction, typically in cases where users demands a greater choice of devices but have relatively undemanding application and service needs. Undemanding needs are a “necessary consequence” of greater choice, because it’s usually prohibitively expensive to support complex requirements on a wide range of platforms, according to Gartner’s analysts. “User satisfaction cannot imply excessive risk, so the business won’t abandon all management responsibility, but will instead exert lightweight control over devices and the service portfolio, often by limiting the range of services provided and choosing inherently safe architectures, such as a thin client,” they write. Such control tends to be more in the cloud than on the device and support is typically much more limited than in the control-oriented regime.

3. Innovation

Primary goal: To empower users who want substantial autonomy and are often in roles over which IT has little or no control. Here, users want to experiment with applications and services and to develop new techniques and processes. They are in charge, and no reasonable device, application or service request can be refused. The IT organisation won’t abandon responsibility for critical issues such as data privacy and corporate risk; however, the controls will likely be more policy-oriented than technology-oriented. Typical users are independent, often technically sophisticated, and may not want support (even where it can be provided), but may accept advice and training.

4. Hands-off

Primary goal: To take the minimum level of responsibility for mobile devices and services, typically by not providing them. “This regime is not about avoiding responsibility, but finding approaches that mean it’s not necessary to take responsibility,” according to Gartner’s analysts.  It includes concepts such as employee-owned devices and BYO (Bring Your Own) IT. In these scenarios, IT has little or no support responsibility for devices and many relinquish responsibility for many services (for example, by requiring users to provide their own mobile email or by adopting hosted services.) Any controls that are necessary will be applied in the cloud, in applications or by policies.

“CIOs must be ready for the BYO programmes sooner than they realise,” said Nick Jones. “BYO is a principle that most organisations will adopt and they must prepare for this change.”

At the same time, global businesses should be prepared to support at least three smartphone platforms by 2012, and some will expect to support four or even five. The decision will vary, depending on geography and whether the applications are business to employee (B2E) or business to consumer (B2C) apps.

“Regardless of your current approach, the reality is that consumerisation is here to stay and will have an enormous impact on the management of corporate mobility for many years to come,” said Milanesi.

Most panelists agreed that, as a term, Big Data is in many ways too broad to be truly meaningful. “If you ask five people what Big Data is, you’ll get seven definitions,” joked Rob Anderson, chief technology officer in EMEA for Isilon Systems (part of information management company EMC).

Generally, however, he favours the Wikipedia definition: “Datasets that grow so large that they become awkward to work with using on-hand database management tools”.

Independent industry analyst Claus Egge said he would prefer a different term altogether. Perhaps “savage data”, he suggested, would alert end-user companies to the sheer scale of the challenge at hand.

From the start of the debate to its end, however, what WAS clear is that Big Data isn’t only about analytical tools like Hadoop, Cassandra and MongoDB, although these are an important part of the equation, as panelist Alex Housley of Rummble Labs explained.

It’s also about the storage capacity required to accommodate data characterised by its volume, variety, variability and the velocity at which it arrives – and here, companies are increasingly looking to cope with petabytes, said Gurdip Kalley, business development manager at Solid State Solutions (S3).

Bringing analytical and storage management skills together – or to be more precise, even sourcing them in the first place – may be one of the biggest challenge that companies will face. “There are not a lot of data architects out there who fully understand Big Data – and they’re about to get scarcer and much more expensive,” warned Rob Anderson of Isilon. “And people who DO know about the analytics side of Big Data don’t know anything about buying storage, about the need for sequential performance, about how to cope with gigabytes per second of throughput.”

But companies with the skills and technology resources to do Big Data well, he continued, “will have a whopping advantage over their competitors in years to come.”

That was a point underscored by Michael Natusch of Cumulus Analytics, who described network optimisation work conducted by his company on behalf of a leading UK mobile phone network operator with 2 million customers. The network optimisation data, he said, enables the client to get better visibility into “who calls who, who text who, from what locations and at what times of day.” That’s certainly useful, he continued, “but when you use a Big Data approach to combine that information with other information about individual customers – their average spend, how long they’ve been with the provider, how long their contract has to run and so on – then things get really interesting.”

In conclusion, it was agreed that the biggest risk that Big Data poses may be to the companies that don’t have the skills and technologies in-house to exploit it – but there is a growing consensus that, in such cases, third-party cloud solutions may fill the gaps.

If these assertions prove correct, smaller companies won’t need an on-team Hadoop genius or an on-site massively scalable storage architecture to tap into Big Data – they’ll just need a cloud provider willing to supply the skills and infrastructure resources on a pay-as-you-go basis. This is a subject we’ll be returning to in a forthcoming edition of the IP EXPO Online bulletin.

View the presentation from IP EXPO here

At IP EXPO 2011, the company announced a rewrite of its AppQoS software, which it claims, “solves the APM issues associated with correlating data across disparate networked environments”.

That’s a big promise, so IP EXPO Online took the opportunity to meet with Graham Wood (business development director) and Frank Puranik (product director) at the show, to find out a little more.

The AppQoS product, according to Wood and Puranik, has undergone a “complete rewrite” in this latest version, to deliver real-time network monitoring, analysis and reporting for every network transaction over every monitored network segment.

That involves shining a light on issues such as bandwidth contention and end-user experience, but at a price point (around £10,000) that they say puts this kind of technology in reach of small and medium-sized companies for the first time. Comparable products from high-end enterprise APM vendors cost between four and ten times as much, says Wood.

To add some context, iTrinegy is operating in an annual APM market that analysts at IT market research company Gartner recently valued at around $2 billion and calculate is growing at around 15 per year. The heavy-hitters here, they say, are companies such as CA Technologies, Compuware, HP, IBM and OpNet.

However, it’s not in the APM field that iTrinegy is best known, but rather in network emulation. The company sells and rents out a type of ‘black box’ device, capable of creating a virtual model of an entire network infrastructure. This provides IT teams with a laboratory environment in which they can simulate different network conditions and test application performance prior to real-world implementations. Here, iTrinegy competes against companies such as Anue Systems, Apposite Technologies and Shunra Software.

“End-user organisations are reporting that the accuracy of simulated network environments created by these technologies is around 95% and that, somewhat quickly, these solutions pay for themselves,” noted Bojan Simic, an analyst at Trac Research, in a late 2010 blog on the network emulation market.

New application deployments have historically been the primary use-case for iTrinegy Network Emulator (INE) products, says Wood, because “deploying an application and then rolling it back because of performance problems is always more expensive than emulating the network environment upfront.”

But transformation projects – such as cloud deployments, hosting centre moves and data centre consolidation efforts, for example – are fast catching up as reasons to invest in these products, he says. “We help companies to figure out, before they even embark on a proposed project, why it may not work in network performance terms, and what they can do about it before it’s too late and they have to retroactively deal with glitches,” says Puranik.

With its APM and network emulation products, iTrinegy has its feet in two closely-related camps. In both cases, the company is addressing real-world needs that will resonate with a wide swathe of IT professionals, if it can overcome considerable competition to get its name in front of IT decision-makers in the first place.

In its favour, iTrinegy can already count as customers the UK Home Office and professional services companies such as Capita Business Services and Xchanging and it has already established US operations in Reno, Nevada. This company’s progress is definitely worth watching.

He speaks from experience – and at IP EXPO 2011, he explained a recent project with systems integrator Logicalis that he says proves the viability of the hybrid cloud model as an IT service delivery platform.

With help from Logicalis consultants, Richards and his team are now able to shift both virtualised and non-virtualised workloads between Loughborough’s on-campus private cloud and Logicalis’ hosted cloud in data centres 200km away in Slough. The backbone for moving these workloads, meanwhile, is provided by JANET, the UK academic community’s own dedicated network backbone.

“If it sounds groundbreaking, it should do,” says Richards. In essence, the hybrid cloud project has enabled him to side-step two pressing problems.

The first, was a much-needed refurbishment of Loughborough’s “legacy 1970s” data centre, populated by older systems such as 40-year old ICL mainframes, and with a PUE [power usage effectiveness] rating of around 2.3. [PUE is a widely-used rating system, developed by industry consortium The Green Grid, for how efficiently a data centre uses power. An ideal PUE is 1.0]. “It’s no secret that a lot of universities are in a similar position,” Richards comments.

The second problem was the proliferation of what Richards characterizes as ‘Distributed Data-Centres Under Desks’ or DDUDs – stacks of computing equipment amassed in offices and laboratories by faculty members who felt that the University’s centralized computing services weren’t sufficiently responsive to their needs. As Richards points out, this doesn’t fit well with notions of ‘Green IT’ and involves considerable back-up and recovery risks.

Richards identified three possible solutions: first, a complete like-for-like refurbishment of the data centre, costing around £2.5 million even before any hardware, software or networking was purchased; second, a managed hosting service, which would have come with the risk of no clear exit strategy and at costs that would quickly match that of a complete data-centre overhaul; or third, a ‘middle way’, involving a mixture of new in-house systems and those of a cloud provider.

That third option proved the most appealing. Today, Richards oversees what he describes as a ‘minipod’ – a garden-shed sized data centre, located in a roof space at the University, and boasting a PUE of 1.5. Some applications run here; others are pushed onto Logicalis’ Cooperative Cloud platform via JANET.

The minipod, based on Cisco’s unique Unified Computing System (UCS), NetApp Storage platforms, and CA Technologies’ automation and orchestration tools, cost around £20,000. This approach gives Richards the freedom to decide, on an application-by-application basis, which apps should run locally and which should run in the cloud – and to make only the bare minimum of on-premise hardware investment over the next few years.

Loughborough University – along with other academic institutions and the UK Research Councils– is lucky to have JANET at its disposal. As Richards points out, “Running a few cloud services doesn’t trouble JANET – it’s like our sector’s own National Grid”.  Moving a virtualized workload from Loughborough to Slough, he says, takes at most 10 minutes.

“The vision and hard work of Loughborough and Logicalis, and the willingness of JANET to support and encourage innovation in the sector has created a totally new IT provisioning model,” he continues. “Loughborough is proud to be at the forefront of ICT transformation in the higher education sector and beyond.”

To view the presentation from IP EXPO 2011 please click here

It was no surprise, then, that Wozniak’s keynote speech at IP EXPO 2011 drew a record-breaking crowd, with numbers up 30 percent on 2010. Drawing on four decades of experience in the technology business, he had advice to share with attendees about the nature of innovation and his experience of business.

What were the key lessons that IP EXPO Online took away from Wozniak’s keynote?

• Ignore your detractors. People are often quick to dismiss new ideas. That was certainly true in the early days of Apple, said Wozniak.  He and Jobs were frequently told “It’s just not done this way,” he recalled. “Especially when we came up with the Macintosh… All of the business users who liked to type in formulas on their computers to get things done said, “Oh, it’s a toy. It can’t do the big jobs, because it has pictures.” Eventually, Apple won them over.  “You can [have] the right formula, with everyone denying you and saying that it’s not the way to go – but if you’re right, eventually, they’ll all [be] on your side. You’ve got to hold out.”

• Challenge the status quo. Opposition can be particularly fierce when a new idea threatens established technologies and existing ways of doing things. In the case of Fusion-io, the company proposes replacing traditional spinning disks with solid-state flash memory, to vastly increase the speed and efficiency of enterprise storage systems. “A lot of people said it doesn’t meet the standard of disk drives and it doesn’t fit into our management software and our big arrays of devices that cost hundreds of thousands of dollars,” said Wozniak. Today, he says, big companies such as IBM and EMC are saying “this heart that plugs right into the server, this is the way to go.”

• Marketing counts. Without it, how will your technology reach customers? “I come from the engineering field, but one thing I learnt, when we started Apple, is that marketing is extremely important: understanding the customer, understanding the price points, the competition, how you place your product and how you present it to get it accepted,” said Wozniak. “Fusion-io’s done a great job – I’m proud to be a part of it.”

• Innovation needs a practical application. What is innovation? “Everyone says it’s just doing something different – but artists can do different things, and if doesn’t come down to earth, feet on the ground, have some practical reality, it may never get recognised for its creativity and innovation,” said Wozniak. Innovation, he said, needs to deliver something that “might be a lot cheaper, might be simpler, might get a lot more done for people.” It’s not just about doing what the rest of the world does, but better, he told attendees. Instead, it’s about saying, “I’m going to do it all different – the way it should have been done to begin with.”

• Trust your own instinct. In order to go in a completely different direction from the herd, you’ve got to trust your own feelings, according to Wozniak. “It takes a lot of guts to stand by that, and usually, [innovation] doesn’t work well if you have a committee deciding things. It’s better if there’s one mind to keep things going in the direction it visualised.”

• Write your own story. Success is self-authored, according to Wozniak. “When you develop stuff with this idea of innovation, you aren’t reading somebody else’s book, telling you how to do things. You are writing the book yourself,” he said. “You don’t necessarily have to have done what you’re doing ever before. Maybe no-one has ever done it before. But you sit down and you’re smart about using what’s available to you today: the components, the people, the route to getting where you want to go.”

Today’s IT systems were designed with complete control in mind. Control is now a very different thing in the world of cloud computing and cloud delivery. Those that embrace and look to take advantage of this change will retain better talent and make their organizations more effective.

Watch the video, The Rise of the Digital Native and its Impact, from the HP Cloud Summit, June 2011 in London, England. To learn more about the Rise of the Digital Native and its Impact, visit the HP Experience Lounge at IP EXPO 2011.

Ovum analyst Laurent Lachal has forecast that, over the next five years, sales of public-cloud services will almost quadruple “as uptake soars worldwide”, from £11.4 billion in 2011 to £42 billion by 2016.

Software-as-a-service currently dominates the market, accounting for 87 percent of public cloud services, but Lachal expects this share to drop to 62 percent as infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS) offerings gain in popularity.

Whether your company opts for public-cloud services like these, chooses to build its own private cloud, or perhaps adopts a ‘hybrid’ approach that incorporates both models, you’ll find lots of information and guidance at IP EXPO 2011.

If it’s the public cloud approach that your company is pursuing, then Bob Tarzey, analyst and director at IT research company Quocirca, has words of advice on identifying and procuring services in his presentation, ‘Cloud Readiness’.

“Despite the hype, few businesses are in a position to move their IT requirements wholesale to the cloud any time soon. However, this does not mean that there are not benefits to be had from embracing such services,” he says. By sourcing certain enterprise applications and infrastructure resources, provided by third parties, companies can free IT staff from mundane system-support tasks.

He’ll also look at the ‘dark side’ of public cloud services – the threat posed when end-users sidestep IT and start using cloud services they’ve chosen and procured themselves, leading to a dangerous loss of control over corporate data.

The private cloud, meanwhile, is the subject of a presentation by two Symantec employees: Jason Dowzell, the company’s UK information management practice head, and Simon Wallace, its EMEA strategy and technical lead. The title of their presentation, ‘Get the Private Cloud You Want, From the Infrastructure You’ve Got’, suggests a thrifty approach that will appeal to cost-conscious attendees with an eye on preserving their employers’ existing IT investments.

Finally, it’s that ‘third way’ – the hybrid cloud – that provides the focus of a presentation by Liam Farrell, senior systems engineer at VMware, ‘Building Your Cloud’. Farrell will guide attendees through the decisions that will need to be made within IT departments that intend to build a private cloud environment of their own that can also make use of public infrastructure offerings.

Charlie Smith, technical consultant at CA Technologies, will be speaking on hybrid cloud infrastructures too. The hybrid on/off premise model, as he will explain in his presentation, is one that he believes will allow companies “to evolve to the cloud at their own pace.”

That’s why, despite the vendor hype, IT decision-makers need to sit up and pay attention, according to Brian Hopkins, an analyst with IT market research company Forrester Research.

In a recent blog on the subject, he claims that big data “has the potential to shape your market’s winners and losers”. From time to time, he continues, a company comes along with an idea that rapidly elevates it to the top of its market. “In this information age, the firms that best turn information to their advantage will dominate their competition.”

By contrast, most organisations today effectively utilise less than 5 percent of available data, by Forrester’s reckoning, because “the rest is simply too expensive to deal with.” That’s why big data is important, because it focuses on enabling companies to dip into that other 95 percent. “If you are not thinking about how to leverage big data to get the value from the other 95%, your competition is,” says Hopkins.

With that in mind, big data will be a hot topic at this year’s IP EXPO. In particular, there’s a real focus on the storage infrastructures needed to accommodate growing data volumes.

It’s the main theme, for example, of the ‘Big Data‘ presentation to be given by Rob Anderson, chief technology officer at Isilon Systems, on both days of the show. He’ll guide attendees through some of the breakthroughs in storage technology that are allowing companies to create and process vast quantities of data in a cost-effective way.

Tony Reid, chief technology director at Hitachi Data Systems, meanwhile, will deliver an address on ‘The Rise of the Information Centre’. This presentation aims to deliver “strategic insights and tactical tips to manage the huge diversity of information that your business uses and generates.”

And for the end-user perspective on information management issues, we are lucky to have two Dell customers join us during the conference to talk about the way they’re handling data today, in ‘Five Ways Fluid Data Grows My Business’. They are Martin Murphy, chief technology officer at Galway University Hospitals, who will speak on Wednesday, and Jonathan Humphrey, IT director of Codemasters Software, on Thursday.

The company, which operates out of military-grade ‘fortresses’ in Berkshire and Kent, has signed a deal with Brocade Communications that builds on an existing relationship with the networking supplier. The addition of Brocade MLX Series routers to its infrastructure, it’s claimed, will enable The Bunker to deliver 10 Gigabit Ethernet (GbE) performance, better handle bandwidth-intense applications such as high-definition streaming media, and ease its transition to IPv6 networks.

“The increase in bandwidth requirements caused by live streaming, HD content and mobile working applications shows no sign of slowing down and has led to networks becoming clogged up with data,” said Mark Hemsley, head of core network and solutions for The Bunker, in announcing the deal. “We have noticed this growing demand with many of our customers and, as such, it became necessary to upgrade our network if we were to maintain the high standards we have set over the last seven years.”

“In addition, there is the issue of IPv6 transition looming large on the horizon,” he added. “With the majority of our clients based in the financial sector, the demand for reliability and minimum network downtime during this transition is paramount.”

Not every organisation needs to optimise its networking environment as thoroughly as The Bunker does – but the pressures are there for most IT teams and are growing all the time.

“As enterprise networks assume an increasingly critical role in assuring business performance, the pressure on network management teams is escalating,” says Puni Rajah, research director at the Governance Board.

At IP EXPO 2011, Rajah will provide attendees with a useful overview of network optimisation that aims to equip them “to make changes without drama” in her presentation, ‘Zen and the Art of Optimisation’.

Network optimisation, she says, is often viewed by IT professionals as the consequence of deploying better management tools – but there’s far more to it than that. “This path begins with good governance and cascades through realistic targets and pervasive communications,” she says. Rajah’s seminar will focus on how roles, staffing levels and relationships between IT and the business are critical in getting networking right.

The Bunker’s networking supplier, Brocade Communications, also appears on the IP EXPO agenda, with the presentation, ‘Blue Skies and Clouds: Trends and Challenges in Business IT Today’. In this seminar, the company’s EMEA marketing director David Silke will examine how companies can maximise their existing network investments while preparing for a future that, for the majority of companies, looks set to include traffic travelling around and between private, public and hybrid clouds.

In fact, network optimisation should be a prerequisite for every company’s journey to the could, as Richard Blanford, managing director of Fordway Systems will argue in his seminar, ‘Network Optimisation as the First Step Towards Cloud’.

At many organisations today, he says, IT infrastructures are unnecessarily complex, “the result of successive business decisions taken over many years, which limits performance, scalability and the ability to adapt to meet changing business requirements.” Optimising that infrastructure can save a company in excess of 25 percent of its annual IT infrastructure budget, he says.

In a recent IP EXPO survey among IT professionals intending to visit the show, respondents were asked to rank various security scenarios in order of risk. According to one in four (24 percent), the loss of mobile devices such as smartphones, laptop and tablet computers by employees is the greatest data risk that their organisation faces. One in five (21 percent), meanwhile, believe that mistakes made by staff and compounded by technical error (for example, failed computer back-ups) pose the greatest risk.

The theft of corporate data using portable storage devices such as memory sticks – a crime that is most frequently committed by employees (particularly those departing for a new job elsewhere) but also trusted outsiders such as contract staff – was cited as the number-one threat by 19 percent of respondents, while seven percent cite intentional sabotage of hardware/software by employees.

By contrast, the actions of unknown outsiders or external forces seem to cause far less concern. One in ten believe that malicious hacking and industrial espionage pose the greatest risk; the same proportion rank natural disaster, such as fire or flood within the data centre in first place; and only 6 percent cite poor security processes at cloud providers as the top threat.

With those findings in mind, there’ll be plenty of information and advice for IT decision-makers looking to tackle the data-security threats posed by insiders, more frequently through unintentional mistakes and negligence, but sometimes wrong-doing.

Losing a mobile phone, after all, is notoriously easy to do – but few companies today are prepared to compromise employees’ productivity and most want them to be able to access key applications, even when they’re on the move. On the first day of IP EXPO 2011, Vodafone pre-sales consultant Tarik Reid will address this issue in his presentation ‘Improving Productivity Through Secure Mobile Working‘. As he will explain, traditional approaches to data security have often involved ‘locking down’ corporate data – but in a world of mobile workers, this is no longer workable. In his session, Reid will talk attendees through a more open approach to security, where productivity is allowed to thrive, not compromised.

That said, there are some types of confidential data that organisations simply don’t want to be accessible from laptops in coffee bars, regardless of who’s in control of that laptop – customers’ credit-card details, for example. Here, access control technologies can be a help, enabling IT security teams to apply careful rules that dictate how certain applications are accessed, depending on the user’s location and the device that they are using.

This will be the subject of a presentation by Peter Silva, technical marketing manager of F5 Networks: ‘The Context of Access Security‘. In a world where employees use numerous computing devices from a wide range of remote locations, “context is key,” says Silva and fine-grained rules need to be applied in order to achieve the appropriate levels of access control.

Whether an organisation’s IT security priority is giving appropriate levels of access to authorised users or keeping outsider out, however, we anticipate much interest in a presentation by Nigel Stanley, practice leader at IT analysis firm Bloor Research, which will be running on both days of the conference.

In ‘Information Security as a Business Enabler’, Stanley will paint a picture of the current information security landscape from an “objective, dispassionate viewpoint”. His overview will cover both insider and outsider threats, touching on mobile device risks, cybercrime and the protection of intellectual property.

Better still, he aims to provide attendees “with the key questions to ask suppliers”, in an industry “alive with jargon, fear-inducing stories and excitable vendors.”

Meaning of life

How do your internal customers view IT, and how is that likely to change? The bad news here is you are not in control. Consumerisation and direct exposure to rapid apps deployment has already started the wave of ‘expect more’. Your business leaders will respond to competititors exploiting more agile computing resources, and the meaning of life for internal IT will change. But should it? This will be the first area of debate.

Investment and returns

Expanding computing resources no longer requires large upfront capital outlay. The option to pay-as-you-go is one of the more attractive attributes of cloud computing. Organisations heading down this path have the opportunity to change the way they demonstrate value for money. Line of business managers have more flexibility to re-allocate operating expenses to help pay for new functionality. Our debate will explore what progressive IT dashboards will carry in future.

Design for adoption

Architecture matters. Enterprise architects are custodians of blueprints that define current or desired environment. Often these are also termed ‘baseline’ and ‘target’ environments, and allow stakeholders to introduce all available options. By deploying frameworks like a “sequencing plan” architects enable transitions from the baseline environment to the target environment. Our panel CTOs and their architects report high participation in business strategy and resource planning meetings to provide them the necessary context for requirements. By offering IT options, they are able to influence business choices. And by understanding business priorities, they are able to design for usability, therefore assuring high user adoption.

Service attitude

Arguably the largest change in the enterprise IT dashboard will be the operations metrics. What used to matter in an asset based delivery models is less important in a service delivery environment. For example, as A new look at IT Security discusses, though ops professionals need to be comfortable they have deployed the best available protection, this needs to be communicated in terms of how business risks have been mitigated.

Join us at The Big Debate session at IP EXPO to drill down into just how much change is ahead for internal IT teams. This session will be held in the Big Debate (Whitehall) Room at Earls Court 2.

As part of the report, A Clearer Horizon: Do CIOs Have More Clarity About Cloud Computing?, Xantus commissioned research specialists Pollab to survey 51 UK-based CIOs about their spending plans for cloud computing.

Almost all CIOs (86 per cent) felt that vendors are using the term ‘cloud’ generically to sell products and services without being specific about what it means and almost half (45 per cent) appealed for greater differentiation in products.

While the research draws on the responses of a relatively small pool of respondents, the accompanying report includes plenty of first-hand commentary from several high-profile UK technology leaders from both the private and public sectors, which offers some interesting insight into their real-life experiences of assessing and sourcing cloud services.

“Personally, I think cloud computing will be big in the market in future, but it’s one of the most over-hyped words I’ve come across in IT for at least 10 years,” says Mike Naden, IT director at United Utilities. “[Vendors have] tried to take some of the confusion away by sub-naming it ‘public’ and ‘private’ cloud, but if you lift the lid, they’re just naming a hosting service and putting a cloud name around it.”

Meanwhile, Peter Scott, head of information and technology architecture at the Ministry of Justice, sees considerable risk in any cloud procurement activity that seeks to circumvent the IT department. “There is a danger of businesses seeing cloud as a way to implement technology without IT. To buy cloud services with a credit card is fraught with danger – in fact, I can’t emphasise enough how dangerous it is, particularly in opening up cloud solutions as a panacea and creating many ‘software as a service’ information issues.”

On a positive note, Drew Whitehead, head of UK technology architecture at insurance company Aviva, sees cloud as an opportunity to forge closer links with IT suppliers. “I absolutely expect that in the next 12 to 24 months, we will find ways to leverage our cloud-based services to work more effectively with our partners. Being able to make use of emerging capabilities (through the cloud) and adopting increasingly flexible ways of working will generate competitive advantage,” he says. “Companies that can’t do this will be disadvantaged,” he adds.

And at Royal Mail, head of infrastructure management Adrian Steel reports significant and clear-cut economic wins from his approach to cloud services procurement. “When we signed our cloud collaboration services [agreement], we were at the dizzy heights of 31,000 IT users. Two years later, we’re now down [to] 27,500 and will drop further,” he says.

The agility that cloud offers has enabled the Royal Mail to flex its services downwards accordingly. “Under a traditional model, we’d have written out a capex for 31,000 users and that would have been a relatively easy business case [to make], but you’re overpaying for licenses and hardware. The cloud solution meant that, instead of paying for a 15 percent  overhead, we embarked on the journey with a tiny amount of upfront capital spend and, as users left, we’ve now reduced our opex by 15 percent.”

The forecast is cloudy and the waters are choppy, it seems. For now, IT leaders are just tentatively feeling their way and remain circumspect. “I feel good about cloud,” says Julian Burnett, chief technology officer of supermarket chain Sainsbury’s. “But the ramifications of feeling good are significant when I look at the division I help lead, because of the people, process and cultural challenges that need to be overcome as a consequence of adopting this new model of service delivery.”

To others, he’s the man behind Rational Survivability, a witty yet informative blog that casts a cynical eye over the myths and marketing that surround cloud security.

To his colleagues at Juniper Networks, Hoff is the company’s Chief Security Architect, a relatively recent recruit poached from market leader Cisco Systems, where he served as director for cloud and virtualisation solutions for two years until June 2011.

So why did he defect? Juniper and Cisco are fierce rivals: over the past decade, the two companies have battled over the core router market, in a series of bouts sometimes referred to as the ‘Core Wars’. While Juniper has landed some impressive blows along the way, it is tiny in comparison, with annual revenues of $4 billion compared to Cisco’s $40 billion.

For Hoff, the move to Juniper was guided by what he calls the ‘holy trinity’ for information security professionals: people, processes and technology. The key attractions, according to that thinking, were the calibre of Juniper’s people (among them many former Cisco colleagues), its approach to the market as “the scrappy number two compared to the 800-pound gorilla that is Cisco”, and its track record in bringing to market new technologies.

“I was intrigued by the interesting problems that Juniper is trying to solve and by a culture that encourages the sort of development, investment and innovation needed to solve them,” he says.

Hoff’s main interests are the emergence of next-generation data centres, virtualisation, cloud computing and mobility. These, he says, are the four topics that dominate his conversations with colleagues and customers, as well as his hectic public-speaking schedule.

Cloud computing, he says, is “still in diapers” – an analogy for which he apologises, but one that is perhaps excusable from a father of four whose youngest child is just five months old. The sales and marketing effort poured into cloud computing may seek to persuade IT decision-makers that they’re dealing with a more mature market, he says, but really, “we’re still at the beginning, it’s early days.”

That said, he does see a slow change in customer thinking. “In the past six months to one year, conversations have thankfully turned from ‘What is cloud?’ to ‘How can I use this?’,” he says. “Customers are asking how cloud differs from what they’re accustomed to using and how their operational models need to change. The industry as a whole is moving towards a greater crispness of definition, of business benefits, of deployment schedules.”

As a founder member of the Cloud Security Alliance (CSA), Hoff has played a part in the industry’s development. For him, the CSA has been about giving end-user customers the tools, research and guidance they need “to challenge cloud providers, to get them to understand the problems they’re facing and the solutions they’re looking for,” he says. “It’s about giving customers a greater level of comfort in exploring this new world.”

That’s important to him. In fact, what’s most noticeable about a conversation with Hoff is his calm, steady focus on the pragmatic application of technology to solve business problems. There’s no hype and no horror stories – he’s been a chief information security officer himself, so he presumably understands what a distraction these can be. There’s no overt corporate agenda – both his blog and Twitter stream helped him to get hired at Cisco and Juniper, he says, but he’s never used them to promote his employer. He speaks his mind and he’s funny with it. He looks like a great hire for Juniper.

While the amount of random work (IOPS) a hard drive can deliver in the enterprise has only doubled since 1999, capacity has grown almost 2,000 times and the price of this capacity has become comparatively trivial. Add in the need for high availability and business continuity, and the amount of data quickly reaches epic proportions.

Gartner analysts currently estimate that data volume in the enterprise will grow by 800% over the next five years. Whilst capacity growth will undoubtedly be a challenge for businesses, it’s just the tip of the iceberg. A more pressing priority is increasing the speed at which we can transform data into information that businesses can use.

From an IT point of view, data in a business is simply 1’s and 0’s with no value until an application, usually combined with some human intervention, turns it into information that can be used to forward the aims of that business. The real issue then is this: How fast can we turn that data into information that is useful to modern enterprise?

The challenge of turning data into information doesn’t come from any limit in compute power, since the CPU [central processing unit] and its abilities have roughly doubled every 18 months, in accordance with Moore’s Law. The challenge comes from keeping the CPU fed with enough data.

The growing gulf between CPU processing capabilities and the data storage subsystem’s ability to feed the CPU have been widening in direct proportion to Moore’s Law. This is only going to get worse unless we think about architectures differently.

Take the example of a report generated from trading that allows a company to understand its risk and profit position. Its value is only useful and tangible as long as it represents the true position of the company. As companies interact on wider and wider planes, the amount of data that needs to be processed through the CPU grows beyond the capabilities of the storage subsystem, which in turn cannot provide data to the CPU in a timely and efficient manner.

The issue has been offset for the last few years with caches on the CPU complex, then DRAM in the server and then on disk array. However, the cost, density and heat production of DRAM is limiting its ability to shield us from the growing data processing Armageddon. So how can we move forward?

The overall solution to deal with the data ‘explosion’ will come from a number of directions and levels, but at the most fundamental level, we need to augment the compute model to add a new persistent storage tier after DRAM and before legacy storage subsystems.

Why? In simple terms, it is the latency gulf between the CPU and the persistent storage tiers that is holding applications back. Only by driving this latency value as low as possible can the true compute power of modern CPUs be unleashed.

Here’s the science bit to explain further… Whilst under more than around 60% utilisation, even the most expensive and capable disk arrays equipped with SSDs [solid-state disks] start to have read response times of 10 milliseconds (ms) and higher (write response is usually around 1ms as serviced from write cache). This is an order of magnitude slower than DRAM and is what starves the CPU, keeping utilisation rates low and application performance restricted.

If we added a layer of persistent storage that had high IOPS capability and a response time measured in microseconds between DRAM and the legacy storage subsystems, that would enable us to make the CPU the bottleneck again. These changes are already in motion among some of our innovative IT departments in both the private and public sector. Organisations deploying these technologies often see application performance jump by x 3-5 with no other change.

People once believed the sound barrier couldn’t be broken. Now it’s time to break the sub-one-millisecond latency barrier. The explosion of data leaves us no other choice.

Fusion-io’s chief scientist Steve Wozniak and chief marketing officer Rick White will deliver a keynote presentation, ‘Today’s Science Fiction, Tomorrow’s Science Fact’, at IP EXPO on 20 October 2011.

At Zycko, we are strong advocates of the shift from microcell to virtualised wireless LANs (wLANs). Virtualised wireless is based on the same principles as technology leaders will have seen in their server or storage virtualisation projects: the aim is to gather resources and present them to end-users as one single pool of resource.

When it comes to wireless networking, virtualisation pools radio signal across virtual ports. This means that, once a port has been assigned to a device, the device can move freely around the network with no signal interruption, while still transmitting data at an optimum rate.

That’s a big change from legacy wireless networks, which use microcells running on different channels to offer enterprise or campus-wide coverage. In a virtualised wLAN, by contrast, all wireless access points use the same channel.

In our experience, organisations that typically make the shift to a virtualised wLAN are looking to provide a secure, robust wireless connection that can be more closely regulated and managed and is more able to cope with a variety of next-generation mobile devices.

But for those IT decision-makers that are not yet convinced to take that step, there are a number of questions to consider:

1. Is all wireless is born equal? The latest standard is 802.11n, which allows for speeds up to 300 megabits per second (Mbps) – but make sure this is what’s actually provided, as discrepancies of up to 40Mbps can be found in supposedly equal offerings from different manufacturers. That said, there’s no need to worry about older kit, as virtualised wireless should be backwards-compatible and supports both 802.11a/g and 802.11b.
2. What’s our network density? Microcell networks rely on a lot of access points to provide complete enterprise coverage. However, when one access point is used by more than five devices, it struggles. Virtualised wireless requires around 30 percent fewer access points and can handle many more devices as it dedicates a virtual port to each device. Zycko’s office of around 100 employees uses 3 virtualised access points, for example.
3. What are our current and future networking costs? A wired network requires hundreds of miles of cables (typical in enterprise environments) that cost a lot to install and maintain – plus they mean employees are tied to their desks by Ethernet. Virtualised wireless offers the same level of service but without the same cost – take advantage of it. Microcell networks incur higher CapEx and OpEx, due to the increased number of access points and personnel required to manage them, and it’s because of this that virtualised wireless has proved popular in schools and colleges; it’s robust, secure and presents excellent value for money in a sector that constantly works within limited budgets.
4. What are our security concerns? Wireless networks don’t stop at the office wall and can spill out into the public domain. This means they’re susceptible to security breaches. Regardless of the network type, the diligent CIO needs to make sure that their network technology incorporates physical layer security. There are also dedicated heterogeneous network security focussed vendors that specialise in bespoke bolt-on security, designed to meet specific levels of compliance (in the education or financial services sectors for example), or just provide additional peace of mind.
5. How do we plan to build out our network? Wireless networks rely on three radio channels: 1, 6 and 11. These channels have to be deployed in a fashion that means they don’t overlap, otherwise they’ll interfere with each other. In order to manage interference in a microcell network, you decrease the power in the access point, which decreases its range. But that means you’ll need to buy more access points and indulge in expensive and time-consuming site surveys and channel planning. As soon as you need to scale up, you’ll go through all of this again. This isn’t an issue with virtualised wireless, which provides a switch-like experience as specific channels can be assigned to data/VoIP etc. Expansion is simple and additional access points can be added with no configuration required.
6. How will our business use IT in the future? The enterprise environment is all about roaming network reliability. Virtualised wireless offers the necessary seamless mobility and QoS for future technologies to be implemented now. Devices on microcell networks are always searching for the best connection, but virtualised wireless means there is no roaming – the device just sees one virtual network making it perfect for any LAN-based business technology that requires mobility and constant availability.

Council leaders claim the project will make it the first major public sector organisation in the UK to provide email service via the public cloud. “The council will be at the forefront of smarter working among ourselves, our partners and our residents.  We are proud of our commitment to act as a pioneer to enable agencies across the public sector to make efficiency savings with their ICT,” said Councillor David Wright, portfolio holder for finance, governance and IT at Warwickshire County Council.

It’s a bold move for a local government organisation – but it’s one that more and more technology decision-makers are weighing up. according to Angela Ashenden, an analyst at a specialist European IT advisory firm, MWD Advisors.

“There is a growing sense that email is approaching a fork in the road, both in terms of the level of investment that organisations are prepared to commit to managing email, as well as regarding the perspective businesses have on email as the primary vehicle for online collaboration and communication,” she writes in a new report, Perceptions and Reality: The Truths of Cloud Email Adoption.

As the title suggests, her research – based on a survey of 57 organisations worldwide – found that the reality of this kind of service does not always meet with expectations.

For example, while there’s clearly improvements in information management to be had – more than two-thirds of respondents that had already deployed cloud email services report “significant improvements” in flexibility and scalability, as well as gaining access to broader collaborative environments (as seen in Warwickshire’s selection of Google) – the cost advantages are less clear. Only half of organisations reported that they had achieved reduced licence costs, while 15 percent reported no cost reduction at all.

“Part of this imbalance may be due to misconceptions about where the cost savings are focused in a move to the cloud,” says Ashenden. “Although organisations no longer need to buy server licences as they would in an on-premise scenario (and can make cost savings in storage, support and maintenance, and server administration), user-based subscription licence costs are often largely comparable to client software licenses for on-premise solutions.”

A similar mismatch was found between the concerns of organisations yet to deploy cloud email and the challenges experienced by those that have already done so.

For those still considering cloud email, the availability and reliability of the service is the primary concern, cited by 57 percent. That’s understandable, following a spate of outages this year at data centres providing the infrastructure for cloud email services.

But cloud-outage horror stories are a potential red herring, says Ashenden, distracting would-be users from the most significant issue experienced by early adopters: the challenge of integrating cloud email with on-premise systems such as LDAP [lightweight direct access protocol] directories, human resources (HR) and customer relationship management (CRM) systems. This was cited by one-third of organisations that have already deployed cloud email services or are currently in the implementation process.

What is most clear from the research is that organisations are unclear about the future of email – and that’s not likely to be resolved in the short term. Around 40 percent of those surveyed believe email will outlive other collaboration tools such as instant messaging, web conferencing and social software – but a similar proportion (38 percent) believe these newer technologies will reach a par with email in terms of use for collaboration within enterprises. One in five, meanwhile, believe that business email will be almost entirely replaced by modern collaboration tools.

In the meantime, from an information management perspective, on-premise email systems are increasingly viewed as more trouble than they’re worth – which is good news for the cloud email providers. But it’s not without a broad appraisal of the hidden challenges of shifting email to the cloud that customers can expect to make that move successfully – and nor should they rely on the promises of prospective suppliers to build a robust business case for cloud email.

MWD Advisors’ 15-page report, Perceptions and Reality: The Truths of Cloud Email Adoption, can be purchased and downloaded for £150 here.

Like every hospital, Liverpool Women’s Hospital Foundation Trust is concerned with providing patients with the best possible healthcare, which means pioneering new diagnosis and treatment techniques and adopting the very best working practices. Both place significant extra demands on the network, as Dr Zafar Chaudry, CIO at Liverpool Women’s Hospital NHS Foundation Trust, explains.

“Every clinical device, from heart rate monitors to MRI scanners and microscopes, is starting to become a network device,” he says. “We not only have to store the massive amounts of data they generate but, to be effective, we have to deliver the information to the point of need, whether that be a consultant on his rounds or a nurse in the outpatient clinic.”

In addition to handling this explosion in data, hospital networks are increasingly called upon to handle voice and video traffic, which puts further pressure on bandwidth. And, of course, with sensitive data patient being accessed all the time, the very best security is absolutely paramount.

When he arrived at Liverpool Women’s Hospital Foundation Trust, Dr Chaudry very quickly realised that the network he inherited needed to be replaced. “It just wasn’t adequate for the Trust’s requirements,” he says. “So I wrote a new IT vision and strategy that led me to scour the market for the best network we could have for the provision of the next generation of hospital care.”

Dr Chaudry’s vision was an intelligent network that would not only adapt to individual’s requirements within the hospital, but would also allow secure remote and wireless access. After carefully assessing the market he chose a Juniper Networks solution designed and implemented by Scalable.

“We needed a reliable infrastructure that would be capable of handling data, voice and video services and applications without interruption or breaches,” says Dr Chaudry. “Working with Scalable and Juniper, that is what we got.”

The network Scalable recommended and implemented is an end-to-end 10Gb network that makes use of Juniper’s virtual chassis technology. Using this technology, the network aggregation layer is eliminated, which does away with bottlenecks and decreases latency dramatically.

The solution also simplifies management, as multiple Juniper switches can be managed as a single logical device. In addition, to deliver the security demanded by NHS Trusts and allow anytime, anywhere access, Scalable recommended Juniper’s modular security platform. The result is a high performance network that is helping to improve patient care.

“Midwives can now access real-time patient data remotely to provide high quality care in the community while reducing time spent updating records back at the hospital,” says Dr Chaudry. “We estimate that staff productivity has increased two-fold through instant, secure remote access to critical applications.”

“Remote access to patient records is fully compliant with national data protection legislation and protection,” continues Dr Chaudry. “Controlled access to digital images through the NHS’s Picture Archiving and Communications system is also providing faster and improved diagnosis for doctors and other healthcare professionals. In addition, we believe we’ve reduced operational costs by 10 percent, through simplifying our infrastructure.”

My first introduction to the work of IT security came in 2000, when I configured my first firewall. Back then, it was all about technology for me – but looking back, I can now see how wrong I was.

IT security is part of information risk management, which in turn, plays an important role in the wider area of business risk management. That’s the way to view it: this shift in approach is what enables clever information security professionals to talk a similar language as business people, who actually bring money into a company.

Unless security professionals can understand that technology is not the ‘holy grail’ of their jobs, they will find themselves marginalised and will always struggle to promote the need for additional investment in IT security. It’s a question of people, processes – and, only then, technology.

In my work as senior enterprise security architect at Nokia, I have developed a security model that supports business needs. This is firmly based on the idea that there are three major drivers for security work:

1. Laws and regulations: These are mandates with which an organisation must comply, of face legal action or fines. In the UK, the Data Protection Act is a good example.
2. Business objectives: Generating profits is the overall objective of most businesses. IT security supports this objective by protecting systems and information that the business uses to make money. Think, for example, of Microsoft’s need to protect the Windows source code: if it wasn’t protected, I could have compiled my own operating system without paying Microsoft any licence fees. Another example might be online bookseller Amazon: its business objective is to see product on its online shop, so keeping the shop online 24/7 is a key objective.
3. Security threats: This is a tricky one, because security threats work against laws/regulations and business objectives. However, they also drive IT security work because a company needs to respond to threats in order to satisfy the first two drivers.

In my opinion, it’s the second of these drivers – business objectives – that we IT security professionals tend to neglect. I believe that we need to step back from the technology and see the problem of information security from the business’s perspective. An engineer operating a network intrusion protection system (IPS), for example, should understand how that system supports business goals, just as the CISO at the top of the pile should be able to demonstrate a very high level of business acumen.

To gain the right degree of understanding, we need to understand stakeholders better – and by stakeholders, I mean the recipients of our IT security efforts in the wider organisation. Talk to your stakeholders. Ask them about their concerns. Show how you are addressing those concerns – then send a report to them that shows you understand their area of the business, their security concerns and that outlines your response to these issues. In other words, get them on your side!

Everyone in the security team should know who their customers are, and their customers are their colleagues in other parts of the business. If they don’t understand that, IT security professionals risk alienating business leaders, who have the power to outsource security tasks to managed security service providers (MSSPs) and might even make in-house security expertise redundant. So my main message to IT security professionals is this: Adapt, or find a new job.

At Centrix Software, we’ve analysed some 2 million enterprise desktops with our end-user analytics software to date and uncovered some interesting findings along the way. These highlight the value of gathering accurate user intelligence as part of the desktop-review process:

1. Up to 50% of applications installed across an enterprise desktop estate are simply not used. Most organisations suffer software sprawl – application assets installed but no longer used. These forgotten applications remain part of the desktop infrastructure and cost money to maintain. Software sprawl adds a layer of unnecessary complexity to any desktop transformation project. The only way to combat sprawl is to identify what you have installed, what is being used and what is not, and then rationalise.  Companies that do this find they actually recover budget that can be used to fund their transformation initiatives.
2. Many laptops are not used outside of the office. A user may think that a laptop is the optimum device for them but it’s likely that their day-to-day productivity is based on accessing corporate applications and services in the office and using a smartphone, and increasingly tablets, when they are on the move. We found one customer who established that 75 percent of their laptops were never used outside of the office. With the higher TCO associated with supporting laptops organisations can incur unnecessary costs quite quickly. Assessing how a user connects to corporate resources and the applications they access will help you determine the most efficient application delivery and device strategy for your user environment: thin client, tablet, PC, and Bring-your-own-device are all alternative options that IT can recommend to the business based on empirical data.
3. Users don’t wait for IT approval. This is a potential minefield for corporate or regulated environments: the relative ease of accessing software-as-a-service (SaaS) applications and using web applications means that users have the ability to circumvent IT. The IT department needs to be more engaged with business requirements and increasing numbers of CIOs and IT departments are adopting approaches to become true service providers rather than infrastructure managers to adapt to the impact of consumerisation of IT. Solutions exist today to help with this transition.
4. Users often store passwords in an open document on their desktop. With applications and services being provisioned from multiple sources, the number of passwords a user has to deal with can be considerable. One approach to simplifying the password security issue is to enable central management of multiple IDs through an end-user application and service delivery platform. Instead of having to remember multiple passwords, the user has one password in one ‘workspace’, while an identity authentication layer provides seamless, secure access to services from across the company’s infrastructure and external sourcing platforms. The idea is to create a more unified end-user computing environment for the user.  Solutions supporting this approach are being referred to as application and service delivery platforms, IT-as-a-Service and user virtualisation.
5. Desktop virtualisation requires a different mindset to PC deployment. Moving to a virtual environment is not a case of taking existing applications and dropping them on to a desktop virtualisation platform.  The architecture of a virtual environment is different and approaching it with a device-led mindset can derail projects.  As we move to more service-centric IT and desktop models enabled by virtualisation along with web technologies, the user has to be at the heart of every decision. When planning a virtual environment you should know: What applications users need; how users work; where there are common applications that can be grouped by users; who isn’t a good candidate for virtualisation! Even the most basic information can be insightful – with simple analysis, one customer established that they had 15% less users and devices than they believed. This immediately painted a different picture for their virtualisation planning.

If your desktop planning becomes a user-centric exercise, not only can projects stay on time and on budget, but user satisfaction and long-term business and IT planning will greatly improve.

A well designed service desk should be the Single Point of Contact (SPOC) that provides advice, guidance, and is focused on restoring service in the shortest possible time. It should direct non-technical issues to appropriate parts of the organisation, retain ownership of all requests, and is the trusted representative of the internal customer community. The most common functions of a service desk include receiving requests, providing first line support and performing initial assessments. This desk also typically monitors escalations, manages the request lifecycle and communicates status updates.

Many organisations will still be operating a derivative from the old help desk. We see four key differences between a help desk and a service desk:

reactive/proactive – help desks wait for calls to come in, service desks are also responsible for upgrades and release managements, therefore have proactive skills too

• technical/usability – help desks are typically defined to accept issues which have been qualified as technical. Service desks have a broader remit, and support internal customers with all manner of usability issues.

• resolution/root cause – help desks focus on solving the known issue, while service desks are mandated to explore root cause

• measurement – help desks tend to be measured on call volume, call times, first contact resolution ratios and time spent on issues. Service desks on the other hand tend to be measured on customer satisfaction, in addition to help desk type productivity metrics.

But beyond these internal drivers, there is a much larger force at play. Exposure to social networks and consumer cloud solutions has led to higher internal customer expectations in the enterprise. Not for perfection, but for transparency. This trend is colliding with industry norms of measuring functional performance rather than user experience.

As help desks become virtual, anticipating questions(FAQs) and enabling users to share experiences are critical. The enterprise nervous system is becoming richer, and therefore more demanding. We expect custodians to develop leadership maturity and handle intangibles such as internal customer satisfaction.

How does your service desk stack up?

If you found this post interesting then please come along to the Network Optimisation Pathfinder Session  “Why user experience narratives trump device efficiency metrics” which will be presented at IP EXPO 2011 in the Network Optimisation Theatre at 09.50 – 10.20 on Thursday 20th October. We will be presenting some of the findings from our recent survey on Service Desk transitions.

Since delivering that capability often involves a whole heap of technology for the IT department to deploy and manage, it’s hardly surprising that IT industry has been quick to give this demographic of demanding mobile and remote workers a whole new name: ‘workshifters’.

Citrix Systems claims to have originally coined the term and uses it to describe the growing trend to working from anywhere other than a traditional office. In fact, it owns and manages the workshifting.com online community, a place for workshifters, their bosses and their advisors to share opinions on, and experiences of, new ways of working.

But other vendors are using the term, too. One of them is mobility services provider iPass, which publishes a quarterly Mobile Workforce Report. The company sees workshifting as “flexible work schedules that enable employees to work wherever and whenever they want” and its quarterly report surveys more than 3,100 mobile workers at over 1,100 enterprises worldwide.

Its most recent report – published in late August – points to a remarkable willingness among employees to work outside of traditional office hours. Thirty-eight percent of respondents report that they work before their daily commute, 25 percent work during their commute, 37 percent work during lunch and the same proportion work at night.

What this says about modern work/life balance is perhaps open to question, but it’s certainly good news for bosses who equip their employees with the tools they need to work remotely.

For example, three-quarters of respondents report that they work more hours due to workshifting. More than half (55 percent) were working at least 10 or more additional hours each week as a result of their more flexible schedules and 12 percent were working 20 or more additional hours.

However, respondents are generally positive about their workshifting experiences: almost two-thirds (64 percent) of them report improved work/life balance and more than half (51 percent) say they feel “more relaxed” because of flexible work.

In fact, the survey suggests that if employees don’t get enough flexibility at work, they’ll vote with their feet: 33 percent stated that they would seek employment elsewhere. And over half (57 percent) said that they would be less satisfied with their job.

“It appears that the mobile workforce is getting a better hold on their work-life balance,” commented Barbara Nelson, chief technology officer at iPass.

That’s the idea behind the company’s new Brocade Network Subscription service, which is squarely targeted at organisations migrating to cloud-based IT environments. In essence, participating customers will estimate their base and peak switch port needs, install the ports needed to accommodate peaks at no upfront capital cost and pay on a monthly basis only for those that are ‘switched on’.

Announcing the service, Brocade chief marketing officer John McHugh described it as “the ‘virtualisation’ model for infrastructure procurement.”

“With Brocade Network Subscription, customers can turn on vast amounts of networking capacity, from high-end routers to wiring closet switches, without any upfront capital costs,” he said. “Just like application virtualization, this innovative approach allows organisations to acquire network capacity with little risk, while helping them scale up and scale down, in line with their month-to-month needs.”

That is potentially good news for IT professionals responsible for data centre networks, especially those populated by virtualized servers. Already, the demands of virtualization and cloud computing place a considerable burden on existing networking gear – and whether they like it or not, many CIOs will be forced to invest a good portion of the IT budget in new networking equipment over the next few years.

And it’s the nature of these investments that have typically given the CIO a headache. Where network capacity needs are hard to predict, over-provisioning is common practice. But that’s just the start, because in many cases, customers are locked into a product refresh cycle of around six years in length – or at least they are if they want to avoid the many problems of supporting today’s data flows with yesterday’s networking equipment.

So while there may be a touch of marketing hyperbole around Brocade’s claim that it is “revolutionising IT economics’ with this announcement, the underlying economic argument is pretty interesting for companies that regularly acquire other companies, experience seasonal spikes in traffic or are heavily involved in cloud-based testing and development of new applications and services. And for Brocade and its channel partners, the service offers the chance to reduce  dependency on hardware – where commoditization means margins are wafer-thin, anyway – and start to benefit from the recurring revenue and long-term, services-based relationships that a subscription model involves.

There are, however, a couple of things for would-be subscribers to bear in mind. The subscription service is only available to customers with a requirement for around $500,000-worth of equipment. Once they’re signed up, they need to give Brocade adequate notice of their intention to scale infrastructure up or down – 30 days in the case of scaling up, and 60 days to scale down. Finally, while the deal covers most Brocade products, its Fibre Channel SAN products are excluded.

That said, this is an interesting new approach that could set Brocade apart from much larger competitors, particularly Cisco and Hewlett-Packard. The only alternative that currently exists to get companies off the capital-expenditure treadmill when it comes to updating corporate networks is leasing, which tends to come with fixed-period contracts (while Brocade Network Subscription is a simple month-to-month commitment) and no option to scale down, only upwards. And in virtual server environments, or those that are headed in that direction fast, paying for network ports by subscription would seem to make good sense, because as more machines are virtualised, the more physical network ports are generally needed in the data centre.

At market research company IDC, analyst Joe Pucciarelli is happy to provide Brocade with a glowing endorsement. A flexible acquisition option like this, he claims, enables companies to add and reconfigure networking resources in shorter time frames. “As a result, IDC believes that offerings like Brocade Network Subscription will rapidly become an integral method of acquiring IT resources as organisations seek to introduce heightened levels of flexibility and variability into their network infrastructure and related capacity management strategies.”

His choice of words is interesting: “offerings like Brocade Network Subscription”. If this new service proves to be a palpable hit for the company, a legion of copycat services from other vendors will surely follow.

IT market research firm Gartner recently forecast that the WAN optimisation market would hit $1.9 billion in 2011, compared to $700 million in 2006. Over the next five years, Gartner’s analysts expect a further tenfold increase in sales.

Vendors are not about to let the opportunity slide. Riverbed was at VMworld, announcing a partnership with remote desktop delivery specialist Terdici, which the two companies claim will enable customers to reduce the bandwidth consumed by the PC-over-IP (PCoIP) protocol used in many virtual desktop infrastructure (VDI) deployments by between 50 percent and 90 per cent.

Silver Peak was there, too, launching a free version of its WAN optimisation software for virtual environments, as well as an upgrade to its flagship virtual WAN appliance for data centres.

And Blue Coat took the opportunity to demonstrate its VMware-ready MACH5 WAN Optimisation Virtual Appliances for accelerating and optimising email, file access, enterprise applications, video, Web, cloud-based applications and data replication in branch offices and data centres.

But what is sparking customer appetite for WAN optimisation? To a large extent, the market has grown up over the last 10 years around the trend among large organisations to centralise IT resources. When companies move systems, applications and services from remote and branch office locations into central data centres, they’ve often met with serious performance challenges. After all, in these scenarios, users are accessing systems over the WAN, with all the latency that distance introduces, rather than over high-speed local area networks, or LANs.

The problems created were illustrated in a report published earlier this year by market analyst company Enterprise Systems Group (ESG), ‘Remote Office/Branch Office Technology Trends’. When asked to define their top challenges for supporting IT requirements for remote office/branch office locations, IT professionals gave the following top responses:

1. WAN performance management (37 percent)
2. Monitoring WAN traffic (34 percent)
3. Identifying, prioritising and accelerating application traffic on the WAN (32 percent)
4. Managing latency-sensitive applications like video and IP telephony (30 percent)

WAN optimisation technologies provide a working solution to issues of latency and sluggish application performance. Typically sold in the form of a device (but also, in some cases, as software) that sits on the corporate network, they apply data reduction and compression techniques to the data passing across it. As a result, redundant data isn’t sent out over the WAN multiple times, data volumes are reduced and transfer rates receive a serious boost.

For vendors, new opportunities continue to come thick and fast. The rise of virtualisation and cloud technologies, with its emphasis on centralisation, has only served to boost the market. Desktop virtualisation, in particular, “provides an exciting new use case for WAN optimisation”, according to a recent blog from ESG analyst Jon Oltsik. “The primary job of WAN optimisation controllers is accelerating Sharepoint, Exchange and file access,” he writes. “Lots of vendors do this pretty well, but desktop virtualisation requires new protocol support and may open the market for new equipment or new vendors.”

At the same time, Gartner analysts see a significant opportunity for cloud-based WAN optimisation. “Vendors are developing innovative approaches that make the deployment of cloud-based communications and networking services more secure, reliable and remote,” they report. “Organisations with globally distributed locations should consider WAN optimisation services to eliminate the need for distributed WAN optimisation appliances.”

These dynamics are stirring up a market that is not only fiercely competitive (Silver Peak and Riverbed, for example, are currently engaged in a patent dispute) but already extremely crowded.

In an early 2011 assessment of the market, analysts Tracy Corbo and Jim Frey of Enterprise Management Associates (EMA) identified and analysed a “dizzying array of options” from thirteen companies: Blue Coat, Certeon, Cisco Systems, Citrix Systems, Expand Networks, Ipanema, Juniper Networks, NetEx, Replify, Riverbed, Silver Peak, Streamcore and Xtera Communications. “Fifteen other [WAN optimisation controller] providers were invited to contribute information but declined,” they note.

With the overheated WAN optimisation market experiencing unprecedented attention and growth, it’s clear that it’s one to watch. What is equally clear, however, is that a serious shake-out can’t be far ahead.

Is that good news for companies? At Scalable, we think so. Among our customers, we’ve seen productivity rise significantly after we’ve implemented networks that allow employees and contractors to have access to applications and information when and where they need it. Add social networking, video and video conferencing and there are even greater possibilities for improving collaboration and efficiency.

The downside of this is that providing the type of access Generation Y demands makes IT departments distinctly nervous. When we talk to customers, the first conversation we have with them is typically about security. In ‘simply connected’ networks, security has to be dynamic and follow the user. Traditional security solutions that are focused on the device just aren’t suitable.

As a vendor-independent company, we’ve taken the time to investigate and select a small number of best-of-breed solutions. One of them is Junos Pulse from Juniper Networks, which allows IT departments to manage security without having to manage the device.

Junos Pulse is an integrated, multi-service client that sits on mobile and non-mobile devices. With a user experience that requires little or no interaction, Junos Pulse serves as a gateway for user authentication, endpoint services and comprehensive integrity checks. As a result, it provides a centralised way for IT to apply mobile policies by user type, regardless of device type.

In addition, Juniper SRX Series Services Gateways deliver a full suite of security and networking services. The consolidation of routing, WAN connectivity, switching, and Unified Threat Management (UTM) simplifies deployment and administration while delivering fast and consistent service quality regardless of user location.

But we also have to be aware that security isn’t the only barrier to providing Generation Y workers with the seamless wired and wireless experience they crave.

If organisations aren’t careful, mobility can add another level of complexity to corporate networks. So, when designing ‘simply connected’ networks, it’s not only important to combine an appropriate mix of wireless and wired access. It’s just as important to look at how complexity can be reduced.

To simplify the wired elements of the networks we provide, we often use Juniper EX Series Ethernet Switches. The virtual chassis technology allows multiple switches to be interconnected, configured and managed as a single logical device. As a result, we need fewer devices, fewer connections and looping protocols are eliminated. Consequently, we can deliver networks that are ‘wired less’, improving performance while reducing operational cost and risk.

In addition, to ensure the wireless experience is as good as the wired one, Juniper WLA Series Wireless LAN Access Points provide the reliability, scalability and seamless roaming for even the most demanding applications, such as video over wireless.

At Scalable, our focus is on using the best technologies to help our customers create intelligent, converged networks that enable them to embrace new commercial opportunities, increase profitability and drive competitive advantage. Partnering with Juniper Networks to ensure workers can be ‘simply connected’ is a key part of that.

Despite organisational differences, some metrics are universally applicable. These include budget and incidents, availability and outages or security breaches. But the rest can be highly varied, ranging from internal customer satisfaction survey results, to procurement compliance metrics. The process of updating dashboard components is often used as the bass for building better understanding between stakeholders.

Perhaps the most important element of any dashboard is the target audience and action they should take. The more evolved practices we have examined have a ‘cascade’ of metrics that allow for actionable data to be presented at different levels of granularity, depending on the target audience. Purists argue that dashboards should not be require more than one ‘frame’ – page length or screen width, depending on the prevailing medium. We have come across a wide spectrum of dashboards, including:

■            universal – highlights of an IT team’s performance, broadcast internally and externally, usually to proclaim successes.

■            IT team leaders – tactical production, development and system level data, to drive resource priorities

■            IT management – summary view from team leaders’ dashboards, to enable programme and project decisions and to run IT effectively

■            Business management – availability and enhancement pipeline to support business decisions

■            Board level – strategic considerations to evaluate business growth lans and assess business risks

How do your dashboards flow? We recently ran a survey on dashboards which has helped us refine content for the Network Optimisation Pathfinder session at IP EXPO 2011 where the findings will be shared.

Respondents from these sectors were asked to rate corporate clients’ facility with various aspects of cloud computing on a scale of one to five, where one represents “very unskilled” and five represents “very skilled”. Results show there is clearly room for improvement”

• Understanding the technology underpinnings (how the cloud works) = 2.39
• Assessing the near-term maturity to support enterprise computing needs = 2.19
• Navigating/assessing vendor and service provider markets and landscapes = 2.03
• Sourcing/structuring cloud initiatives and engagements = 1.81
• Managing/governing cloud initiatives and engagements = 1.69
• Assessing risks (eg, data, IP, business, reputational) = 2.07
• Understanding how cloud impacts enterprise systems and outsourcing = 2.03

But despite the low ratings IT executives received, IT service providers are bullish on buyer uptake of cloud-based solutions. Forty-two percent of service providers polled said that their clients have one or more live cloud services deployments and that cloud engagements would increase to 66 percent in the next year, according to the KPMG survey.

“The [current] situation is not dissimilar to the early days of the Internet when buyers struggled to define and execute on strategies to exploit its business potential. It is critical, however, for buyers to leverage past experiences, particularly with outsourcing, to accelerate ramping up cloud computing skills and knowledge,” said KPMG report author Stan Lepeak.

“Many problems associated with outsourcing deals and major enterprise system initiatives arise from inadequate buyer business cases, sourcing, transition and governance capabilities. This, too, will likely prove to be the case for many buyers with cloud computing efforts,” he continued.

In the short term, the key challenge for buyers is to address the “less glamorous” aspects of cloud computing, he believes. This includes tasks such as defining (and redefining) cloud strategies; assessing migration options for existing environments; and building realistic business cases that measure the true potential performance improvements and cost savings from cloud computing.

Said one respondent: “Amongst users there is still a ‘shiny new toy’ aspect to cloud computing and especially SaaS [software-as-a-service], and our concern is that clients/prospects are not fully evaluating implications of this architecture, nor validating the real experience versus the promise.”

In February, the company announced a whopping $70 million investment from US investment bank Goldman Sachs. In May, it appointed Harry Labana, formerly chief technology officer (CTO) at Citrix’s desktop division, as its new CTO. In June, it closed a record financial year, posting revenues up 54 percent to more than $71 million, and opened a cloud and mobile research centre in the heart of Silicon Valley.

Could the company – with roots in Warrington, UK – be poised for greatness? The company’s CEO Darron Antill, who joined in January this year, certainly doesn’t shy away from talking up its prospects. He has claimed that the user virtualisation market could be bigger than the entire virtual desktop integration (VDI) market. AppSense, he says, is “committed to unlocking technology to free human potential and possibility.”

But what is user virtualisation, anyway? According to Simon Townsend, the company’s technical director for enterprise technology, it’s a collection of technologies that can help companies with major desktop projects across physical, virtual AND cloud-hosted platforms.

That’s because AppSense’s tools separate, or virtualise, the user from their desktop and manages all information relating to that user seamlessly across different platforms. The result, says Townsend, is a managed user experience, irrespective of the device or connection an individual is using, or their physical location.

“The world has become a far more complex place. If I look around my desk today, I’ve got a laptop, a smartphone, an iPad and I’ve got a Citrix session open on the desktop enabling me to access applications running in the data centre,” he says. “The links that exist between the user and the device slow the user down and the number of devices they carry and the number of delivery mechanisms that the IT department must provide are increasing. But those links are breaking down – and that something that we can help with,” he explains.

Analysts at IT market research firm Ovum are positive about the market opportunity that AppSense hopes to exploit. “Many organisations have invested in, or are considering, desktop virtualisation strategies,” writes Roy Illsley in a recent report on AppSense’s technology. He reckons that market penetration of VDI currently stands at between 2 percent and 5 percent of the business desktop market, and could reach 15 percent to 20 percent within five years.

“However, management issues are one of the biggest restraining forces, while migration to Windows 7 is an equally large force for change,” he points out. What AppSense had developed is a solution that enables end-user organisations to deploy a desktop strategy that works for them, rather than adopting a compromised, one-size-fits-all approach. “This allows AppSense User Virtualisation to span all desktops, not just VDI, meaning that the market potential for user virtualisation covers physical desktops, virtual desktops and server-hosted shared desktops,” says Illsley.

But it is important not to confuse user virtualisation with managing user profiles as individuals roam, says Townsend – there’s plenty of products that already enable this, including those from AppSense, but that’s just a subset of what the company offers.

With true user virtualisation, he explains, the user is truly separated not only from the operating system, but also the applications. In this way, AppSense can capture and shift user settings from one OS to another and from locally installed applications to virtualised apps, without the user having to log-off from their session. In other words, users should get the same user experience no matter what desktop or application delivery mechanism they are using, across both 32- and 64-bit operating systems. At the same time, IT teams are able to enforce policies regarding which applications a user can access, according to the device, connection or location they are opting to use.

That has proved an appealing proposition to recent UK customers such as air traffic control organisation NATS and retail and banking company The Co-operative Group. It’s also won AppSense lucrative technology partnerships with some of the industry’s biggest companies, including Microsoft, Citrix and Cisco. Around half of the company’s revenues now come from US customers (the rollcall there includes United Airlines and JP Morgan Chase) – a sign that this UK company has truly cracked the US market.

AppSense is clearly going places, and bearing in mind that recent hefty cash injection from Goldman Sachs, one of its next stop-off points seems likely to be a public flotation on a large US stock exchange. Watch this space.

The potential benefits are enormous.

So what impact are all these changes having on organisation’s networks? “Huge,” says Trevor Dearing, head of enterprise marketing EMEA at Juniper Networks. “As companies consolidate and virtualise their data centres, networks are becoming more and more complex and, more importantly, more and more costly. It’s got to the point where they are holding companies back from achieving the full benefits of cloud computing.”

Simon Brown, managing director at Scalable, a Juniper Elite partner, agrees. “Cloud computing is all about delivering compute power on demand,” he says. “That depends on being able to allocate, assign and scale resources dynamically, as they are needed. But, with traditional networks, you can incur a major performance penalty depending on where resources are located.”

“Place the application one hop away from its storage and the latency could be three microseconds. Move the application to the other side of the data centre and latency can increase five-fold because data has to pass through all three network layers. Consequently, organisations still have to plan where they place virtual machines and storage very carefully.

“Add to that the fact that even data from adjacent racks has to pass through two layers and you can see that maintaining high performance in a virtual environment is an issue.”

So what’s the answer? “Simplify the network,” says Dearing. “With our virtual chassis technology organisations can already reduce their network to two layers, improving performance significantly. With our QFabric technology they’ll be able to go even further.”

“QFabric technology will allow organisations to create a single logical switch that connects the entire data centre – up to 6,000 servers – eliminating tiers of multiple access, aggregation and core switches and reducing the number of devices needed, which also reduces the demand for space and power.”

Scalable is already putting Juniper’s technology into practice. “At Liverpool Women’s Hospital NHS Foundation Trust, we’ve designed and implemented a network using Juniper’s virtual chassis technology,” explains Brown. “The result is much higher performance and an estimated 10 percent reduction in operating costs, because we’ve been able to reduce the number of devices and simplify the network dramatically.”

But it’s not just the elimination of devices that has simplified network management at the Trust. “In traditional networks, administrators have typically had to cope with multiple operating systems, even with equipment from the same supplier,” says Brown. “That’s positively prehistoric and makes management extremely time consuming. With Juniper, administrators only have the one operating system to worry about – Junos. It’s far more efficient and effective.”

But major transformation isn’t just confined to the data centre. On campus networks that connect employees to the data centre radical changes are taking place, too. “When we look at how people are accessing and using applications and data we see significant changes occurring in the next few years,” says Brown.

“Employees increasingly expect to be able to connect wirelessly, anytime, anywhere and through their own devices. What they are consuming is also changing, with a huge increase in the use of voice and video for applications like collaboration, conferencing and training. We expect to see step changes in the use of wireless and mobile connections to corporate systems.”

“The new working methods offer significant increases in productivity, efficiency and service delivery, but cause a major security headache for IT departments,” says Dearing. “The device-based security measures of the past are simply untenable.”

Brown agrees. “Security today has to follow the person not the device and ensure that policies are consistently applied wherever a person is, whatever device they choose to use,” he says. “At customers like Liverpool Women’s Hospital NHS Foundation Trust, we’re turning that vision into reality using best-of-breed solutions from Juniper Networks and other suppliers.”

“Midwives can now access real-time patient data remotely to provide high quality care in the community while reducing time spent updating records back at the hospital. The Trust estimates that staff productivity has increased two-fold through instant, secure remote access to critical applications.”

“Cloud computing has the potential to revolutionise how organisations deploy and consume applications, services and information,” concludes Dearing. “But, to really take advantage of it, companies must have the vision and understanding to not only put in place the new server and storage technologies, but also the new, intelligent networks that are needed to support them.”

At first, stormy weather was believed to be the culprit. In status updates to end users, both Microsoft and Amazon initially pointed the finger at a lightning strike at a local electricity substation. Subsequently, local utility ESB Networks waded in to the debate, ruling out lightning as the cause and blaming equipment failure instead.

For cloud customers, the root causes of downtime are not really the issue. Whether an outage is caused by an ‘act of god’ or a systems problem, customers are still at the mercy of their cloud provider to get things up and running again. In this recent episode, affected customers included the Daily Telegraph, which uses the Amazon EC2 service to host a puzzles site, social media analytics service PeerIndex and customers of Microsoft’s BPOS online desktop application suite.

Luckily, in the Dublin outage, the worst of the downtime occurred over the weekend. Microsoft BPOS customers, for example, were only locked out of their email and other personal productivity apps for a few hours on a Sunday afternoon.

But it’s not always that simple and this year’s steady trickle of cloud-outage horror stories will certainly be enough to make some prospective cloud customers rethink their plans.

Back in April, for example, US-based Amazon customers were unable to access their hosted systems for days following a “network event” at the company’s data centre in North Virginia. And just last week, US customers of Microsoft’s Office 365 online apps (the successor to the company’s BPOS product line), as well as its Dynamics CRM software-as-a-service suite, suffered a mid-week outage that went on for more than five hours. “They [Microsoft] should call it Office 364 to account for the downtime,” tweeted one joker.

The fear, uncertainty and doubt created by cloud downtime raises several questions. How should end-user companies be balancing the advantages of cloud services against the risks involved? How might they expect to be compensated for downtime? And are their expectations of uptime reasonable in any case? One thing is clear: the industry has a long way to go until these issues are truly ironed out.

Most cloud providers, for example, offer well-publicised service-level agreements (SLAs) in order to instil customer confidence in their services – but the terms and conditions of these can be slippery. Some of them compensate customers affected by downtime – but typically by issuing service-credits that give customers discounts on their continued use of the service. In any case, these measures will provide little comfort to companies that suffer serious reputational damage or that miss out on lucrative business opportunities as a result of a serious, sustained cloud outage.

On the other hand, is it realistic for customers to expect cloud providers to offer 100% uptime, with no exceptions? In-house systems suffer downtime, too, and lengthy delays in recovering systems are a pretty commonplace occurrence regardless of who is hosting them, or where. Can cloud customers really claim that they could do a better job than providers – and if so, how many corporate systems truly require 100% uptime in any case? Some, of course, but by no means all.

Instead of endlessly shifting the onus back and forth between cloud providers and cloud customers, perhaps it’s time for others to get involved. I’m starting to hear industry talk of cloud computing insurance policies and this seems an intriguing idea – in principle, at least.

CloudInsure, a US-based start-up, seems to be further along with the concept than any other. It already partners with some of the biggest names in cloud computing, including Amazon, Microsoft, Salesforce.com and NetSuite. Its business model is based on analysing both cloud providers and their customers, assessing the data-risk models of each and setting premiums accordingly. Its argument – that providers and customers are wasting time fretting over questions of risk valuation, risk hedging and risk transfer that the insurance industry has already mastered – seems valid. It’s early days, but it could be one to watch.

In the meantime, cloud outages tell us relatively little about the safety or reliability of the cloud model, unless a direct, quantifiable comparison can be made with in-house failure and recovery times – an unlikely proposition. Expectations need to be adjusted, and probably will be as the cloud computing model matures – a point made by Gartner analyst Robert Desisto when he blogged about Amazon’s April 2011 problems. “What is important is to understand [that] cloud outages do happen and will happen in the future… There is no way to completely avoid risk,” he wrote. “However, taking pause and evaluating which applications you are willing to move to the cloud, knowing that there will be unmitigated risks, is something we should all take greater care in doing.”

Recently, that question has been the focus of discussion among members of the Security for Business Innovation Council (SBIC), a group of top security executives from Global 1,000 companies convened by RSA, the security arm of information management company EMC.

In particular, the SIBC has turned its attentions to a new and fast-growing type of cyber attack, advanced persistent threats (or APTs), and the most appropriate ways to respond to these. Their conclusions are the subject of a new Council report, ‘When Advanced Persistent Threats Go Mainstream: Building Information-Security Strategies to Combat Escalating Threats‘.

Council members agree that their focus has shifted away from the almost-impossible goal of preventing intrusions to the more crucial task of preventing damage to systems and theft of data. “Assume you are compromised,” they advise, and focus on detecting attacks and mitigating damage as quickly as possible. With this in mind, Council members offer seven defensive measures against escalating APTs:

1. Improve intelligence gathering and analysis
“Deep knowledge about the threat landscape and about your own organisation should be the cornerstone of your information-security strategy,” says the report. That involves developing a deeper understanding the means, methods and motivations of hackers; analysing the digital assets that your organisation must protect; and collecting, in forensic detail, all information about any security incidents that do occur. “The solution is to stop treating security as just a technology function. When you’re dealing with a highly sophisticated, deeply resourced adversary, you have to treat security as a counter-intelligence function,” says William Boni, chief information security officer (CISO) at T-Mobile USA.

2. Activate smart monitoring
Forming a complete picture of malicious activities in the environment involved monitoring at multiple layers – application, host, network and data – and the ability to associate events from  multiple platforms. “This is a tall order,” says the report. Advanced incident monitoring and analysis tools can be a big help, but only if you’ve got the management processes to underpin them, says David Kent, vice president of global risk and business resources at biotech company Genzyme. “Get organised first and build the processes you’ll need to detect these sorts of attacks,” he advises.

3. Reclaim access control
A key defensive measure is to make it harder for attackers to obtain access rights. This may require a major review of who needs access to what systems within the company. “You have to be on high alert for high-value compromises now, especially any events involving administrative users,” says Renee Guttmann, CISO at the Coca-Cola Company. “Don’t assume it’s just an admin error – get confirmation.”

4. Get serious about effective user training
Every organisation’s greatest vulnerability is its people. “If you do it proactively and keep educating your user population, I think they will – over time – understand how to make a distinction between what is real mail and what is phishing mail. If you use statistical information to see what training strategies really work, those strategies should mature,” says Vishal Salvi, CISO at HDFC Bank.

5. Manage the expectations of executive leadership
“It is a common mantra in information security that you need awareness and buy-in from the top. In the current threat landscape, you won’t survive without it,” warns the report. “Ensure the C-level realises the nature of combating APTs is akin to fighting a digital arms race.”

6. Rearchitect IT
Combating APTs will require not only different approaches in security, but also changes in IT. That might involve network redesigns, introducing desktop virtualisation so that critical data assets remain within the central data centre and a more rigourous approach to software assurance.

7. Participate in information exchange
Ultimately, defending against APTs will take not only new models for enterprise IT, but also new models for information sharing. “Leverage knowledge from other organisations by sharing threat intelligence,” the SBIC urges.

The low take-up, say Gartner analysts, is due to the fact that long-standing, established tools and approaches are often “too difficult to use, slow to respond or deliver content of limited relevance.” They believe that the ‘consumerisation’ of BI technologies could benefit organisations by delivering a better fit with the kinds of questions employees need to answer and broader user appeal.

“The fact of the matter is that BI is not pervasive and adoption is not in line with the investment made by most firms. Almost every organisation could improve, if its stakeholders had easier access to well-integrated information, and if they analysed that information to manage performance and to make decisions,” said Gartner research director James Richardson.

According to Gartner, employees’ experience of interacting with ‘Internet-powered technologies’ – presumably referring to social networking sites and online mapping data, for example – has changed their expectations of IT. BI users, they say, “want to be able to just pick up and use the technology – they don’t want to have to read the manual.” This places a high degree of importance on the human/computer interaction aspects of BI product and deployment design.

Three factors that can drive adoption of technology can also discourage the sustained use of BI by its intended users, if weak or absent, they say:

• Ease of use: If Bi is hard to work with, or completely static (or sometimes even if it just looks bad), users will stop using it.
• Performance: If users are frustrated by delays in query responses or report production, then they will be likely to stop using the BI tool (or they’ll use it once each time they need to do some analysis, then simply load its output into Excel.
• Relevance: If the BI platform omits information that users need, or does not express content in line with their frame of reference, they they will stop using it or, once again, use it to move (and probably add) data into a spreadsheet for ‘correction’.

“A failure in any one of these areas can be the cause of poor take-up and goes some way towards explaining why just 28 percent of users have adopted their organisation’s standard BI platform of choice,” said Richardson.

The concept of a single, enterprise-wide BI product – a concept actively promoted by many of the leading BI tools suppliers – is flawed, according to Gartner. Organisations need to face the reality of overseeing a number of BI platform components. “It is inevitable that managing a portfolio of BI applications will require more effort than is needed for a single platform. However, the balance of capabilities offered and the relevance to the business will justify the effort incurred – by ensuring a better match to end-user needs and, therefore, a greater return on investment in BI,” said Richardson.

“The power of consumerisation means that, in all but the most locked-down of firms, portfolio management is an inescapable fact of life.”

“I am convinced that every company, in every conceivable industry, with significant size and valuable intellectual property and trade secrets has been compromised, or will be shortly, with the great majority of the victims rarely discovering the intrusion of its impact,” said Dmitri Alperovitch, vice president of research at security vendor McAfee, of his recent project, Operation Shady RAT.

In other words, if you think your organisation is of no interest to hackers, think again. They’re not just training their crosshairs on government agencies, defence contractors and high-profile tech giants like Google. No organisation is safe.

It would be easy to dismiss Alperovitch’s findings as a good way to sell more security software – and, naturally, that’s exactly what’s happened in this case. Rival security vendors have rushed to dismiss the report’s findings as either “overblown” or “nothing new”, but similarly, many of them get pretty prickly when their own research is dismissed as marketing.

The attention Operation Shady RAT received has been astonishing, being widely reported in national newspapers and by broadcasters around the world. It even made the online site of culture, fashion and current affairs bible, Vanity Fair, and has its own hashtag on Twitter: #ShadyRAT.

In fairness, a number of independent security experts are impressed by the lengths that Alperovitch and his team have gone to in order to investigate, collate and publish details on the intrusion, including the industry, location and possible length of compromise for over 70 different organisations victimised by Shady RAT. This was achieved by painstakingly studying the logs of a single ‘command & control’ server used by the hacker operation, over a period of five years.

At the very least, then, McAfee has done a great job of educating the wider market about the extent and scale of modern computer hacking.

Vladimir Jirasek, director of communications at the Cloud Security Alliance UK & Ireland, described the report as “excellent” on his blog. But while “the reading is pretty daunting”, he continued, “the attack vector is no surprise here. [It's] something we security professionals have been talking about for some time.”

In other words, Operation Shady RAT does not involve a particularly sophisticated kind of attack. What’s astonishing to Jirasek is how long the attacks went on without detection – and he believes that there’s a lot that organisations could do to better protect themselves. Not all of these remedies are technological and it’s a topic he’ll be discussing in more depth in an IPEXPO.ONLINE blog in September.

Meanwhile, what surprised the research team at McAfee was the enormous diversity of the organisations that fell victim to this individual: “the United Nations, a multinational Fortune 100 company, a small, non-profit think-tank, a national Olympic team, an unfortunate computer security firm.”

Still think your company would never be targeted? Think again. Or better still, read the full report yourself, available for download from Alperovitch’s blog. As Alperovitch himself puts it: “I divide the entire set of Fortune Global 2,000 firms into two categories: those that know they’ve been compromised and those who don’t yet know.”

That’s the thinking that lies behind systems company Dell’s announcement last week of its plans to buy networking specialist Force10 Networks. Dell – still most commonly associated with PCs and servers – has already invested heavily in boosting its storage capabilities in recent years, with the acquisitions of EqualLogic (in 2007) and Compellent (2010). Now, it’s taking on the networking infrastructure market, too.

“Wireless LAN used to be about enabling employees to bring a laptop to an office building or enterprise campus and to roam around it freely,” he explains. “But for customers, the rise of new mobile devices – and here, the iPad is a great example – requires that they need to take a far wider view of company mobility.”

The promise of greater, more flexible mobility, he says, is seen as attractive not only for the productivity gains it can deliver, but also for its cost-reduction potential. Plenty of UK businesses today, he says, would prefer not to have 3,000 people sitting in costly office space in central London. “A better solution might be three or four offices in the Home Counties, closer to employees’ homes and situated where rents are cheaper. An even better solution for some might be to have employees working from home, either on a part-time or even full-time basis,” he says.

It’s about enabling people to connect to relevant information, applications and services “whenever and wherever” it suits them. But the same general rule increasingly applies to third-parties such as contractors and consultants, too – within reason and according to rules laid down by the client who owns the information, applications and services.

For Aruba, it’s about helping companies to apply rules to remote access according to the identify of an individual, the device they are using and their geographic location, says Hockaday. A high-ranking executive in a company, for example, might be granted complete remote access to all applications and services on the corporate network, regardless of location or device. A part-time knowledge worker at the company might have partial access to job-specific applications, from a corporate PC situated in their home office. A contractor, meanwhile, might be granted access to specific applications, from any location, but only be able to access them from a ‘known’ device, such as a laptop loaned to them by the company itself. These rules, says Hockaday, need to be sophisticated in their parameters but, at the same time, easy to implement and monitor.

Security, he claims, is not as big an issue in remote access as it once was. “IT teams can be pretty confident now about secure access, as long as they have the right tools in place to give them oversight and control,” he says. “The real challenge is not about who is connecting to the network but what is connecting, in terms of device, and why it is connecting, in terms of what the use wants to access.”

For many IT teams, that’s still a challenge. “While the IT department might know the user, because they’ve provided the right authentication to join the network, they may know nothing about the advice and whether or not it is loaded with the appropriate corporate security applications.”

Nor may they fully understand the types of application that will be run and the demands that will place on networks. “Lots of people today don’t ever bother to use a deskphone – they use unified communications (UC) tools such as Microsoft Lync, for example,” says Hockaday. “So there’s a challenge there in terms of getting the network to serve sanctioned applications appropriately, according to business need and quality of service expectations.”

Today, the big questions for CIOs and their teams, he says, are these: “Why are we still building networks the way we did 20 years ago, with numerous cables running to numerous desks? How many of the devices our employees use even have an ethernet port? Why are we continuing to invest in all this cabling – shouldn’t we start to take a more device-centric view.”

Increasingly, he believes that the answers will be provided by employees themselves as the next generation of employees start work. New graduates who are given a corporate device, a corporate desk and a corporate deskphone will find the approach a turn-off – they’ve grown up in a wireless world, where they have endless choice over the device and services they use. “In the next few years, young people will start to dictate the network infrastructure – and it won’t look anything like the one that most businesses have in place today.”

Over time, these tools have largely been accommodated. Email is now considered indispensable, as is some kind of online presence. After a shaky start, many executives are beginning to recognise the power of social media to reach new audiences, forge closer links with existing ones and enable employees to work closer with colleagues, partners and suppliers. Most companies, in fact, have reaped huge benefits from the internet and continue to do so.

But with the consumerisation of IT, as more and more employees use personal devices including smartphones and tablet computers for business purposes, sharp-eyed managers are as fearful as ever.

In a new survey of senior executives and managers in 700 small businesses across the UK, France and Germany, almost one-third of respondents (32 percent) worry that mobile devices will be used by time-wasting employees for personal purposes during working hours.

Other concerns are perhaps more reasonable: the same proportion (32 percent), meanwhile, are concerned – perhaps rightly – over the security implications of allowing employees to download applications and documents to these devices, while 29 percent cite remote access to the corporate network as their main concern.

And, as the survey suggests, most companies do too little to exercise any control or risk mitigation as the consumerisation trend continues its relentless march: more than half (57 percent) of the companies polled have no policy, procedures or IT systems in place to manage the use of personal devices for business purposes. In the UK, just over half (54 percent) are aware of all the devices their staff are using for business purposes. In the country’s favour, this easily outstrips the European average, which stands at just 43 percent.

But fretting over workers being distracted seems futile: workers looking to skive off will always find something to distract them from the work at hand, just as outright bans will always hamper dedicated employees who exploit new technologies to find new ways of doing things faster and more effectively.

In fact, respondents to the Citrix Online survey goes as far as to claim big gains in productivity where personal communications devices have been successfully integrated into working practices. One-third of businesses have recorded productivity improvements of more than 10 percent, while 11 percent claim gains over 30 percent.

“As the boundaries between office hours and personal time become less distinct, managers are losing control of how people ‘work’, as individuals want to prioritise what they do,” says Andrew Millard, senior director of marketing in EMEA for Citrix Online. “It is no surprise therefore that there is so much resistance to workshifting, as managers have to move to evaluating performance on results over time rather than on the basis of physically seeing them working at their desks.”

“The good news,” he continues, “is that these devices enable employees to take charge of their time, by self-prioritising in an effective and controlled way.”

For anxious bosses, it’s a hard one to call: enable the slackers or arm the warriors? As the dividing lines between business and personal technologies continues to blur, a decision will need to be made at every company.

IPv6 was developed to tackle a significant problem within IPv4 – the growing shortage of available internet network addresses. “IPv6 provides far more addresses – 3.4 x 10 to the power of 38 more, to be exact,” says Robin Adams, a security, fraud and risk management expert at payment specialist The Logic Group. “However, IP6 is far more than simply a greater address range: it is the next generation of IP and has significant changes from the current IPv4 protocol stack.”

Those changes demand a carefully thought-out approach to migration. Conversations with networking specialists suggest this might be tackled in three steps:

1. Assess networking needs
Companies will need to take a close look at current network volumes and patterns, says Tara Van Unen, senior manager of market development at IP testing company Ixia. Any IPv6 migration strategy will require IT teams to consider company-specific challenges, she says, taking into account traffic types and volumes; the need for strict service-level agreements for mission-critical applications; and available uplink connectivity.

2. Audit the current network infrastructure
IT teams will need to complete an inventory of all devices currently connected to the network, “checking for devices that will either need a software update or complete hardware refresh”, according to Patrick Bedwell, vice-president of product marketing at Fortinet. They’ll also need to establish how long it will take each of their vendors to become IPv6-compliant. Here, he offers a word of warning to IT decision-makers: “Make sure you truly understand what a vendor means by ‘supports IPv6’, as it could mean [either] passing IPv6 data packets or being able to perform deep packet inspection on IPv6 address, which are completely different.”

3. Pick your migration strategy
Companies face three options for migrating to IPv6 in a phased approach, according to Marina Gil-Santamaria, director of product marketing management at network management company Ipswitch:

• Dual stack: this involves running IPv4 and IPv6 at the same time. End nodes and routers/switches run both protocols, and where IPv6 communication is possible, it is used the preferred protocol. The advantage of this approach is its flexibility; the primary drawback is the computational overhead involved.
• Translation: Designers of IPv6 planned for a transition period in which networks would have to support both IPv4 and IPv6. The IPv6 protocol thus includes support for translating packet headers from the IPv4 format to the IPv6 format. (This is accomplished by mapping IPv4 addresses, appended with prefix, to a special subset of IPv6 addresses.) While the problems of computational overhead are avoided here, translation is not always a viable option when network address translation (or NAT) is already used within IPv4.
• Tunnelling: This involves repackaging network traffic into a supported protocol, so that an IPv6 packet, for example, can be treated as data that is transmitted as payload by IPv4 packets. With configured tunnelling, the encapsulating packet contains information about the destination address of the IPv6 packet. With automatic tunnelling, the final destination address is determined using an IPv4-compatible address of the IPv6 packet, which is the IPv4 address prefixed with 96 bits of 0s.

“No one approach is best for every situation, and your requirements will dictate the appropriate solution for your environment,” cautions Gil-Santamaria. However, she believes that the dual‐stack approach is already providing the best balance of functionality versus management overhead in many use-cases.

The analyst company expects the desktop virtualisation market to make significant gains in both revenues and total customer count well into the second half of the decade. As solutions mature, they will become increasingly applicable to more organisations and a greater range of vertical industries, it predicts.

“Customers are intrigued by the possibility of a better desktop management model and the operational savings desktop virtualisation could deliver,” said Ian Song, a senior research analyst in enterprise virtualisation software at IDC. “Many vendors have emerged to provide solutions and desktop virtualisation products are now available from small start-ups to Fortune 100 companies. In turn, customers are concerned about the capability and viability of each vendor’s solution.”

The report, IDC MarketScape: Worldwide Desktop Virtualisation 2011 Vendor Analysis, evaluates vendors in the desktop virtualisation space by analysing their current capabilities as well as their longer-term strategies that IDC believes will impact their ability to provide solutions and gain market share going forward. It uses a scoring and ranking model based on both qualitative and quantitative criteria, which results in a graphical illustration of each vendor’s position in the competitive landscape.

Among the vendors evaluated in the report, IDC placed just one – Citrix – in the ‘Leaders’ category. Citrix was recognised for its comprehensive set of technologies and a firm strategic grip on where it wants to take its product line-up.

The firm placed seven vendors in its ‘Major Players’ category – Desktone, Kaviza, Microsoft, MokaFive, Quest Software, Virtual Bridges, and VMware. The vendors that were placed in the ‘Contenders’ category, meanwhile, were Red Hat, Unidesk, Virtual Computer, and Wanova.

“As desktop virtualisation gains more mainstream attention, the solutions offered by these vendors will continue to mature at a quickened pace,” said Song. Over the next two years, he predicts, desktop virtualisation technologies will move beyond just managing PCs, to become “a solution that can provide a holistic management paradigm addressing many different facets of end-user computing”.

“It is very likely that larger vendors will introduce unified management platforms in the near future to bridge the management between desktops, mobile devices and cloud services. Smaller vendors will also move up-market and take advantage of unified management, but due to the size and resource limitations, they will remain serving small and medium sized businesses (SMBs), or larger customers on a per-use-case basis,” he added.

“Cloud computing represents a major shift within IT – changing from a traditional IT delivery to a service-provider model. Moving to the cloud is a complex evolution for many companies and it’s essential that IT and executives are aligned on initiatives,” he warns. “Planning a seamless move is critical to achieving all the simplicity, affordability and efficiency that these environments have to offer.”

Organisations investing in virtualisation and hybrid/private cloud technologies tend to follow a similar path, starting by virtualising less critical applications such as test and development environments and progressing to more important applications such as email and collaboration; line of business applications; eCommerce and supply chain; and ERP/CRM.

But in a recent survey of more than 3,700 respondents in 35 countries worldwide, Symantec found that early investments have revealed gaps between expectations and reality, which indicated that organisations are still learning what these technologies are capable of and how to overcome the new challenges they bring with them.

With that in mind, Symantec has recently drawn up a list of four recommendations, designed to make the journey as smooth as possible.

1. Ensure alignment between IT and executives in virtualisation and cloud initiatives: It is important to show that you can address C-level concerns such as security and availability. Show that their concerns, while important, can be successfully overcome by leveraging existing best practices and robust solutions that ensure valuable information and critical applications are protected and highly available.

2. Don’t operate in a silo when it comes to cloud computing: virtualisation and cloud initiatives are most successful when implemented as mainstream, comprehensive IT initiatives. Because they involve all aspects of IT (servers, storage, network, applications and so on) they can fail when managed as siloed ‘special projects’. Rather, treat cloud as an IT-wide initiative with all departments included in planning and implementation.

3. Leverage and modernise your existing infrastructure: Before you’re ready to implement hybrid/private cloud, make sure you are leveraging the existing infrastructure to achieve the same efficiencies and then modernising it as needed. Convert static servers, storage and networking into a virtualised pool of resources. Replace static provisioning with self-service provisioning, and make sure to implement monitoring and metering to demonstrate value to the business.

4. Set realistic expectations and track your results: Remember that despite the hype, cloud is a new and still maturing market. Do your homework to set expectations that are realistic, then follow up and track results to identify ways to improve project efficiency going forward.

His recent appointment as chief cloud technologist for EMEA at virtualisation company VMware is the perfect opportunity to do that, he says. In fact, the vendor’s clarity on cloud is the very reason he joined the company: “VMware understands what cloud computing is, and what it most definitely isn’t. The team there knows exactly what it can deliver, and what it can’t. They see the potential of the public cloud, but at the same time recognise that, for many companies, private cloud infrastructures may be the way to go – for now, at least.”

Baguley is just warming up. He only joined VMware three weeks ago, after ten years at systems management company Quest Software, and his ‘settling in’ period has so far been ridiculously busy, he says.

But his appointment at the company looks like a shrewd move on the vendor’s part to those who know Baguley. In his final role at Quest, as the company’s chief technology officer (CTO), he had already built an impressive reputation for his clarity of thought and technical know-how on virtualisation and cloud computing.

He has played a key role in setting up Cloud Camp events across Europe, is part of the Industry Expert Group at standardisation and interoperability body SIENA and is a founding committee member of the Data Centre Specialist Group at the British Computer Society, who helped shape the European Code of Conduct for Data Centres.

In his new role, Baguley will be based in the UK but report to VMware’s CTO office in Palo Alto, California. He’s charged with developing and communicating VMware’s strategy with customers and partners.

That strategy is evolving fast – and with good reason. VMware already dominates the market for server virtualisation, but the competition is heating up fast, with Microsoft and Citrix joining VMware as leaders in the most recent Gartner Magic Quadrant for x86 server virtualisation infrastructure.

There’s still much to play for in that market, say Gartner analysts. Right now, around 40 percent of x86 architecture workloads have been virtualised – but that will grow to around 75 percent by 2015, they reckon.

In any case, VMware’s strategy reaches far beyond server virtualisation: its strategy is now squarely based on helping customers to build out entire enterprise hybrid cloud environments. Or, as Baguley puts it, “The infrastructure stuff is important, but the real value to businesses lies higher up the stack.”

With that in mind, VMware has spent the last few years building the products to support that stack. These include solutions for resource management (vSphere and vCenter), for security and compliance (vShield and vCenter Configuration Management), for catalogue-based service delivery (vCloud Director) and for service approval and metering (vCenter Chargeback and vCloud Request Manager).

In order to help companies bridge the gap between their internal virtualised data centres and the public cloud, VMware offers technology that enables them to manage virtual machines running in the public cloud from within vCenter.

“At many companies, virtualisation is already a proven way to cut costs and increase efficiency – it’s a mature technology now,” says Baguley. “For those companies that are thinking ahead – and frankly, more should be doing this – the real challenge is to build on what they have today for further cost and efficiency gains. My personal challenge now is to help communicate the message of how they can do it and why they should.”

The poll, conducted among 460 IT decision-makers from medium and large enterprises, found that almost two-thirds (63 percent) have so far been disappointed by the cost savings they’ve achieved using virtualisation.

So what’s going wrong for them? The findings suggest that a lack of IT service automation in virtualised environments is the major stumbling block. For example, 44 percent of survey respondents who said that most of their server provisioning processes are automated report significantly reduced costs through virtualisation. By contrast, almost half (48 percent) of those who said that the complexities of virtualisation have introduced new costs said that most of their server provisioning processes are manual.

That message, naturally, fits well with CA Technologies’ strategy of selling systems management software that automates many of the processes involved in keeping a virtualised data centre up and running. It’s a rapidly evolving and fiercely competitive market, in which it is competing against vendors such as BMC and HP.

But it’s not just tools that companies are lacking. They are also struggling to make the changes in IT roles and responsibilities that a newly virtualised environment demands.

“Virtualisation is a bean counter’s dream, but it can be an operational nightmare,” stated one respondent to the survey, Ian Watts, a senior technical manager of BT Americas. “Change management is a huge overhead, as any changes need to be accepted by all applications and users sharing the same virtualisation kit. While many organisations are seeing benefits from virtualisation, such as reduced hardware spending and improved server utilisation, these benefits often get overshadowed by the lack of productivity improvements in data centre staffing and operations.”

In fact, according to James Staten, an analyst at Forrester Research, higher-than-expected costs, or lower returns, are major reasons for ‘VM stall’ – the slowing or stoppage in large virtual server migrations. Some costs come from realistic expectations, he says in a recent report, and some from that failure among IT organisations to adapt teams or budgets to take greatest advantage of the technology.

In that sense, at least, the price war that is rapidly developing between virtualisation rivals VMware and Microsoft may be something of a red herring for IT decision-makers. This week, Microsoft executives responded to VMware’s new pricing for virtualisation technology with demonstrations showing how customers can run clouds using Microsoft’s hypervisor technology at (allegedly) one-quarter of the cost.

What is clear, however, is that those upfront investments in virtualisation are only half the story for many IT organisations: far more effort is needed on the ongoing operational elements of virtualisation if it is to deliver on its extensive cost-reduction promises.

Two out of five of the 413 respondents, drawn from both the vendor and end-user communities, indicated that they are only now experimenting with a move to the cloud. Just over one-quarter (26%) are still “awaiting market maturity” before adopting a formal cloud strategy.

Today, scalability and cost continue to be seen as the primary drivers for cloud usage. But new drivers are emerging, with agility and innovation forging a path up the agenda of IT organisations that need an effective means to implement new applications quickly and keep pace with application backlogs and business demands.

Factors cited by respondents as longer-term drivers (up to five years) for cloud adoption include maintaining competitive differentiation, mobility and ensuring application interoperability through the use of open cloud APIs.

“Respondents’ interest in developing cloud-based solutions for new areas that will also support mobility and competitive advantage in the future are challenging organisations to think differently about their IT strategies, deployment of resources and how to invest smartly in the cloud, commented said Michael Skok, general partner at North Bridge Venture Partners.

At the same time, however, business leaders continue to harbour concerns about security that – left unaddressed – may scupper their cloud projects well before they reach the planning stages.

Unsurprisingly, security and compliance remains the top inhibitor, cited by 31% of respondents as key obstacles to cloud adoption. But interoperability and vendor lock-in also give decision-makers a headache, with 25% of respondents identifying these two, interlinked problems as a serious roadblock to cloud usage.

Jay Lyman, a senior analyst at The 451 Group, detects a change in attitudes. The survey results, he suggests, demonstrate “a higher level of awareness and pragmatism in confronting challenges and drawbacks such as security, complexity and compliance, perhaps because of the lessons learned already in deploying virtualisation at all layers of the stack.” This, he concludes, should help to accelerate cloud computing’s uptake in the enterprise, “despite this seemingly slow start”.

Panellists presented feedback from clients and peers in the industry that showed many firms are preventing a move to a cloud platform because of a lack of trust in vendors and suppliers. Business owners and IT directors, they said, are worried about the popularity of cloud giving rise to “cowboy” companies without the reputation or expertise to manage the transition from a traditionally-hosted infrastructure.

Andrew Corbett of the UK IT Association felt that a code of practice would help businesses find reputable firms. He said: “Businesses want to see an easily recognisable badge that shows a supplier or vendor has met the demands of an independent external testing and verification process. The business owner doesn’t have to know the ins and outs of what it all means, they just want to know that they should look for ‘level A’ for example.”

At the same time, IT decision-makers need to bear in mind that, even with outsourced projects, including those hosted by a third party in the cloud, it is still the client company that needs to take responsibility for how that service is operated on its behalf.

“There is this natural human behaviour that says when you put something out to a service, you delegate responsibility subconsciously. You don’t do your due diligence and you don’t ask for validation on certain things. We need to educate the marketplace so customers know when they take on any service, they still have a responsibility to prescribe exactly what they require and take steps to monitor the service they are receiving,” said Andy Burton, chair of the Cloud Industry Forum (CIF), established in 2009 to promote trust in reputable cloud service providers.

CIF’s own code of practice, for example, addresses the concerns highlighted in its research amongst UK businesses. Asked about the most pertinent issues that would affect the long term success of cloud computing, 23 per cent cited the ‘reliability of operations’ as the most important issue. Asked, meanwhile, how they establish trust with an online provider, business owners cited a recommendation from a trusted source as one of the most important factors, second only to reputation. Furthermore, an overwhelming 62 per cent said a code of practice would be “important” in determining their choice of supplier.

The CIF’s code of practice aims to provide clarity and confidence to help in choosing a provider. Its members meet strict criteria on transparency – including details of financial stability – and capabilities, including their commitments to information security and customer service.

“The people that are building pretty and cheap sites are promising the same things that the best and most experienced vendors are offering. What substance is behind those claims?” asked Lawrence Jones, managing director of UKFast.

Unfortunately, it’s often not until you’ve had the experience yourself – and it’s often a bad experience – that you find out there’s very little backing it up,” he added.

“The key principle for us in choosing a cloud provider was picking the one who really understood the outcomes we desire, not just the content of the service we were looking for,” he continues. “What boxes we use, what badges are on those boxes and where those boxes are hosted is, frankly, not that important compared to how much food and beer we sell.”

In the last year, M&B has focused its core business on generating greater revenue from food, for example. It also has ambitious plans for expanding its number of outlets in 2011 and 2012, he adds. “We require an agile IT infrastructure to underpin that growth.”

That calls for the kind of scalability that only the cloud can offer – a scalability in both power and cost that allows M&B to adjust data-centre capacity upwards and downwards as business growth and seasonal customer demand dictates.

As part of the transition to a cloud service, M&B will run IT applications on Fujitsu’s virtualised servers, hosted in the service providers data centre close to London. Fujitsu will also provide M&B with a hosted telephony service that will connect its head office to its retail outlets.

For M&B, that means a wholescale commoditisation of elements of the IT infrastructure – among them power, data storage and network capacity – that don’t add true business value.

But at the same time, Sackman is looking to Fujitsu to deliver a hefty dose of innovation that will boost IT’s overall value to M&B. The lead architect from the Fujitsu team now appears on Sackman’s organisational chart, “just as if they were one of my own full-time, permanent members of staff”. They also run and lead design reviews for the private-cloud service and directly influence M&B’s own change management team in terms of deciding what’s possible today and what might be the best roadmap for the company in the future.

“Direct access like this is key. The team at Fujitsu must look and feel like part of the M&B team, regardless of the company logo printed on their payslip at the end of the month,” says Sackman.

“If you deal with these guys [cloud providers] at arms length and do everything by formalities – meetings, account reviews, reports and so on – a service is never going to be that successful. You need those things in place, of course, for good governance. But for us, our IT partners must enjoy working in our outlets and understand what makes a good pub and restaurant business,” he says.

The five-year deal with Fujitsu will start in January 2012. Already, the transition is underway, says Sackman. The first element of the move involves getting the right network in place, so 1,600 M&B outlets need to be equipped with Fast ADSL connections that will see them replace their current 0.5 megabits-per-second (Mbps) connections to 20Mbps lines. Sackman aims to have that infrastructure in place by October 2011.

Then, he’ll tackle the data centre move itself. “Our key principle here is to miss our peak trading periods,” he says. Software will move onto new boxes (and 80% of the company’s software estate can already run on virtual machines). Then, these new boxes will be physically moved to Fujitsu, some from M&B’s own offices and some from current service provider IBM’s Warwick-based operations.

The evolution of corporate IT – particularly cloud and virtualisation – are what make a bold new approach to IT management possible for a company such as M&B, says Sackman. “In future, we won’t be dogmatic about how services are delivered or what technology is used. But we’ll be more dogmatic about outcomes than we’ve ever been before.”

Describing the new service as “where Office meets the cloud”, Microsoft chief executive Steve Ballmer said at the launch event, broadcast online, “We believe that the best collaboration technology has to be available to all business, from massive global enterprises with thousands of workers, to feisty startups with just a couple of employees.”

It is perhaps those massive global enterprises that worry Microsoft the most. After all, Jaguar Land Rover, Motorola and Intercontinental Hotels Group have already made the decision to migrate users to the cloud-based apps offered by Microsoft’s fierce rival, Google.

Other cloud-based productivity and collaboration tools include products from Zoho, VMware’s Zimbra, IBM’s Lotus Live and Salesforce.com’s Chatter.

But it will be cost and functionality that decides which vendor will win the oncoming battle. Google Apps are available to corporate users at $50 per user, per year. Office 365 per-user prices range from $2 per month (for basic email), to $27 (for email, the full Office suite of Word, Excel and PowerPoint, plus add-on collaboration tools such as Sharepoint and Web conferencing). Subscribers to the $27-a-month offering also get a license to the most powerful version of the Office PC software.

Lying somewhere in the middle, it is perhaps Office 365′s $6-per-month offering, aimed squarely at small businesses, that perhaps has the greatest parallels in terms of function with the current Google Apps offering.

Either way, the move to cloud-based productivity and collaboration apps mean big decisions ahead for the IT staff that currently deliver these functions to end-user employees

They should make no mistake about where this trend is leading, said Christopher Voce, a Forrester Research analyst, in a recent blog on Office 365. “If you’re not asking yourself if the cloud is right for your company, your CFO, CIO or another executive will,” he warned.

While the costs are very appealing (“and always start the conversation”, according to Voce), the IT team will need to perform an in-depth evaluation of their company’s needs, its application integration requirements and security concerns. And that’s true regardless of the end-target for migration – whether it’s Google Apps, Microsoft Office 365 or any other cloud-based suite.

What do employees need – offline access and an installed email client, or simple Web access? What size email box do they need? Do emails need to be archived for compliance purposes?

They’ll also need to take those tricky integration needs into account, says Voce. “It’s important to recognise that it’s not just people who use your email and collaboration platforms – it’s the back-end ERP [enterprise resource planning], finance and other line-of-business applications that do as well,” he points out.

For some organisations, he believes, a hybrid approach, where they retain on-premises email infrastructure for some users and transition larger groups to cloud services, will be the best option.

But regardless of the choices made by individual organisations of all sizes, one thing is clear: the move to the cloud for this class of applications is now well and truly underway.

Pizza Express, for example, has announced that it is rolling out free wi-fi services across its 384 UK restaurants. The service will be provide by The Cloud, part of BSkyB, which already provides similar services to McDonalds, Pret a Manger and JD Wetherspoon, with a network of over 4,500 public access hotspots across the country.

“The roll-out satisfies growing consumer demand for free access to the web in our restaurants, and the convenience and flexibility that brings,” explained PizzaExpress IT director John Sullivan.

National Express, too, is on a journey to free wireless internet. It has announced that passengers on its coaches between Stansted Airport and London can now stay connected, at no extra charge, while on the move. In this case, the connectivity is provided by Icomera, using a continuous connectivity device it calls the Moovbox.

“Using mobile technology will be an increasingly important part of what we offer our customers,” said Andrew Cleaves, managing director of National Express UK.

Offering free wi-fi makes good sense for many businesses, despite initial set-up costs. Being able to check emails, browse the Internet or communicate with friends and family on social networks attracts customers to a particular brand, keeps them loyal to it, and, in the case of restaurants, pubs or cafes, can persuade them to extend their visit and make add-on purchases. That’s as true for small, local businesses as it is for major chains.

Some may be prepared to use their 3G networks to access the Internet, of course, but performance issues and cost will deter many. Plus, there’s an increasing resistance among consumers for paying for access to a wi-fi hotspot, particularly the inconvenience of submitting their credit card details over an unfamiliar web form.

In short, there’s a growing expectation that free wireless internet access should be just another customer amenity, like sachets of ketchup or toilet facilities. It is, for example, is the most sought-after amenity for hotel guests, according to a survey of 53,000 travellers conducted in September 2010 by JD Power & Associates. It found that, no matter what the class of hotel, free wi-fi ranked above complimentary breakfast and free parking as a hotel ‘must-have’.

“Trending indicates that guests are starting to expect wireless Internet access in their hotel rooms,” said Mark Schwartz, director of the global hospitality and travel practice at JD Power. “In today’s digitally connected world, being able to use mobile devices or computers without interruption is considered a comfort of home that should extend to the hotel experience.”

Over time, that will be true of all manner of public spaces. Increased demand for mobility, the use of media-rich applications and the exploding number of users armed with wi-fi enabled devices are here to stay.

Despite the hype surrounding mobile applications (or ‘apps’), developing mobile solutions should not be an either/or decision, according to a recent report from IT market research company Forrester Research.

In the report, “Why the ‘Web Versus Application’ Debate is Irrelevant to Your Mobile Product Strategy”, Forrester’s analysts advise building complementary app and mobile Internet services.

They do so for good reason: the company’s research shows that heavy app users are also heavy mobile Web users. More than half (51 percent) of European consumers who download apps regularly access the mobile Internet daily. The majority of North American consumers who have interacted with a brand via a mobile device have used a combination of SMS, apps and browsers. And across the board, the more frequently consumers access the internet via their mobile phones, the more likely they are to download apps at least monthly.

“The debate around web apps, hybrid apps and optimised mobile websites is nothing but industry jargon. Consumers are interacting with brands via mobile phones using multiple technologies,” said Forrester analyst Thomas Husson.

Mobile strategists, he added, should avoid being drawn into either/or discussions, “saying either browser technologies will prevail in the future or that apps are the future of the internet.” In fact, the two will continue to co-exist for some time.

Nor should they allow technology developments to confuse their strategy. Mobile technologies such as HTML5 and Near Field Communications (NFC) can appear so promising, said Husson, that product strategists often forget to ask themselves the right question: “Which products and services, for which audiences, at what cost, and when?”

“In multi-device, multi-connection world, product strategists need more than a good product with a connection to win customer loyalty,” he says. “They need to create a digital customer relationship and deliver that in a continuously connected experience across many devices.”

Forrester’s recommendations for a smart mobile strategy:

1. Don’t let technology dictate your mobile choices

2. Focus on apps to provide optimal services to the “smartphone early majority”

3. Focus on the mobile internet for audience reach and less device-centric services

4. Pursue both apps and mobile web strategies side-by-side – and ensure the complement each other

5. Consider hybrid applications to reduce costs, while maximising reach

6. Remember, the boundaries between apps and the mobile Internet will blur.

But mobile devices – laptops, tablet computers and smartphones – are changing everything. It is a change unlike any other and the network we’ve been relying on – the Ethernet network which provides end-to-end connectivity from the data centre to the laptop – is on its way out. Data centres today are virtualised, for example, and users are not sitting at wired desks.

The wireless network that is replacing the wired edge is increasingly important. So what are you going to look for as you start to build out your wireless LAN?

1. Manage the air

Conducting an RF site survey to decide where wireless access points should go is still good practice – but bear in mind that these surveys are often performed on an empty building or site, with no people and no furniture. The RF environment will change radically when these are introduced. The impact of interfering networks should also be considered. So what you’re looking for is an RF environment that adapts dynamically to conditions and the demands placed upon it.

2. Manage the client

When we’re on the move, we don’t need to tell a client that we’re moving from one access point to another – the decision to switch is made by the client itself. Wireless networks need to support a huge range of different devices from many different manufacturers. So the challenge here is to consider how optimum device performance AND network performance can be achieved. In some cases, certain devices shouldn’t connect to certain wireless access points. Band steering, for example, can enable you to match devices to the appropriate access point. Spectrum load balancing tackles the issue of too many users on a particular channel at certain times a day.

3. Secure the User

The next thing is to look at people, their roles and the devices they use. A firewall based outside the network can’t distinguish between me using a Lenovo laptop and me using an iPad. It doesn’t distinguish between authorised corporate device and a completely unauthorised device. Only a firewall inside the network can do this, governing what a particular device can access and where it can go when connected.

4. Secure the Air

The traditional way to deal with wireless intrusion detection on a network is to send de-authentication frames and disassociation frames to rogue access point that is connected. That can use a lot of bandwidth. Why not set up a ‘honey pot’ that recognises a rogue device and attracts it? That way, you’re not wasting bandwidth on mitigating attacks.

5. Plan for high-density voice over wi-fi

When you do plan ahead, look for a design that will be capable of delivering high-density voice over wi-fi. You may not need this today – but you’re not building a network solely for today’s needs. You need to plan ahead and tomorrow’s needs will be high-density voice over IP.

6. Get visibility

If your wireless network goes down, you need to find the problem as quickly as possibly – but that shouldn’t involve physically relocating to where the problem is and manually performing a spectrum analysis. Spectrum analysis should be built into the wireless network itself.

7. Unified management

Today’s wireless networks frequently rely on wired infrastructure – but existing management applications don’t tend to cater for the wireless client. Effective troubleshooting requires tools that provide administrators with information about location, network characteristics, client history and device knowledge.

That’s the view of a recent report based on a survey conducted by security company McAfee and the CyLab unit at Carnegie Mellon University in the US. More than 1,500 respondents from 14 countries participated. These included corporate end-users of mobile devices and senior IT decision-makers in companies with 100 or more employees.

As the report points out, the consumerisation of IT is all about productivity. But while employers see the benefits of consumer devices in the workplace, they are still highly concerned about protecting sensitive corporate or customer data.

Those who aren’t should be. Some two-thirds (63 percent) of those surveyed are not familiar with their employer’s corporate policy on the use of mobile devices. One in four organisations have had mobile devices lost or stolen, and half of these lost or stolen devices contain “business-critical” data. In addition, more than a third of mobile device losses have had a financial impact on the organisation, in addition to brand and regulatory risk.

In reviewing the survey results, Patrick Tague, an assistant research professor at CyLab, pinpoints some “glaring shortcomings” of mobile security and policy management:

Lack of separation between devices for personal and business use

“Since the importance of device separation has been a recurring problem for many years, especially with the explosion of malware living on the web, I really hoped that policy-makers and administrators would have adopted more stricter policies regarding the use of personal devices for business purposes,” says Tague. “However this result is not surprising due to the overhead that would be required to ensure device availability and policy enforcement.”

Overwhelming lack of awareness of company policies regarding security and privacy

“In addition to demonstrating the lack of internal education or training regarding company policies, which is a severe limitation of any approach to security management, this lack of awareness hints at additional shortcomings: a necessary lack of policy enforcement (which would immediately alert the administrators of training gaps) and gaps between intended and actual employee behaviours with respect to policies,” says Tague.

Apparent unwillingness of the majority of administrators to pay for mobile security products or services.

“While this result is not terribly surprising, it is very unfortunate as such administrators are undoubtedly exposing their company’s employees and assets to unnecessary preventable risks,” he says.

However, Tague says he was “pleasantly surprised” to see administrators increasingly incorporating location and other contextual information into security management. “These sorts of data provide useful supplements to traditional access control and authentication mechanisms that will undoubtedly improve usability.”

With 802.11 Frame Format, after all, Layer 1 is simply the air. Layer 2, meanwhile, has three different frames: the management frame, the control frame, and the data frame. Encryption (such as WEP and WPA2) is only valid for the data frame. The management and control frames are not encryptable, but transparent and always visible.

And hackers are using a variety of tools to ‘phish’ for access points in your WLAN. A tool such as Karma can respond to any client probe request, taking advantage of automatic network selection in WIndows.  Another, IPPON, uses several techniques  to launch update-exploitation attacks and uses a man-in-the-middle approach to build and inject a fake update reply or hijack an ongoing update session.

Mobile working brings significant risk, too. Is the sales executive in a coffee shop connected to a real hotspot connection? Is a conference attendee staying at a hotel connected to an insecure access point? Is the CEO working in the departures lounge of an airport connect to another passenger in ad-hoc mode? And do employees working from home using laptops that probe for wireless connections not on the safe list? Even when they’re in the office, employees could be connecting to municipal wi-fi instead of the corporate WLAN.

But WLAN management is a challenge. There is considerable difficulty for IT teams in managing various infrastructure vendors with multiple consoles. These diverse environments add levels of complexity and often leave a legacy of networks with inconsistent configurations.

Thankfully, the industry is responding to these threats and needs with a class of product referred to as unified wireless management platforms. These seek to fortify WLANs by focussing on three critical areas: security and compliance, network assurance and infrastructure management.

In this way, they are able to manage and mitigate any threat over the course of its lifecycle. They detect rogue devices and associations. They provide a threat index against which threats can be measured, from the least risk (a friendly neighbourhood network) to the highest risk (a rogue AP on the corporate network). They analyze rogue connections – its activity levels, who is connected to it and the volume and nature of the data transmitted. They locate rogue devices using real-time, accurate location tracking of all devices and terminate the rogue ones.

For the IT team the value of this proposition is clear: proactive monitoring and centralised trouble-shooting from a single management console.

In a May 28 statement regarding the attack, the company claimed that thanks to “swift and deliberate actions” taken to protect its network and increase IT security, no customer, program or employee personal data was  compromised.

If true, the company has been extremely lucky. The attack was one of a particularly sophisticated type that is increasingly referred to as an advanced persistent threat, or APT.

“While traditional attacks start with mapping networks and collecting intelligence on technical vulnerabilities, an APT often starts with mapping the human organisation and collecting intelligence on employees, who are nowadays a weaker link that network components,” say the authors of a February 2011 white paper from RSA (the security arm of EMC).

In an ironic twist, RSA itself was hit by an APT in the month after this paper, Mobilizing Intelligent Security Operations for Advanced Persistent Threats, was published. But it is far from alone in being victimised in this way: Google was hit by an APT in January 2010 and email leaks from infamous hacker group Anonymous suggest that Dupont, Walt Disney, Johnson & Johnson, Sony and General Electric have also been subjected to this kind of attack.

So what is an APT? This is a controversial question: some security experts shun the term entirely, dismissing it as a marketing buzzword that the software security industry is using to scare organisations into buying more products.

Others are more circumspect. They define an APT as a form of cybercrime directed at business and political targets and requiring a high degree of stealth over a prolonged duration in order to be successful. The aim is usually industrial or political espionage, with a view to stealing intellectual property.

Either way, there is plenty that companies can be doing to protect their intellectual property, not just from APTs, but from all kinds of attack. As a bare minimum:

1. Understand your data - Information governance, risk and compliance (GRC) efforts generally involve an audit of critical information assets, often followed by a classification process. By classifying information assets, a company is much better positioned to afford each category of data the appropriate security protections.

2. Provide security awareness training - Many APT attacks use an element of social engineering to breach systems, as RSA’s authors points out. Employees may be tricked into sharing username and password details over the phone or by a phishing email, so every employer needs to provide training on they can safeguard that information.

3. Keep up-to-date with systems patching - The fastest route for an APT to get into a company’s systems is via previously published vulnerabilities in commercial hardware and software. As a matter of routine, organisations should keep on top of the patching and hardening effort

4. Monitor security logs closely - Detailed security logs generated by corporate systems should be reviewed regularly in an effort to spot anomalous activity and potential security events. Automation can be a big help here in minimising reaction times.

5. Get the incident response plan in order - Implement appropriate incident response policies and procedures. Test these regularly, so that if the worst happens, the IT team know exactly how to deal with the situation. The faster the IT team can adapt and stay ahead of the attack, the less time the APT has to cause damage.

Currently, I see them exploring a number of options for virtualising desktops: Microsoft’s Remote Desktop (RD) Session Host; Virtual Desktop Integration (VDI); and Local VDI. Each of these has its own pros and cons, in data security terms.

Some years ago, we used operating systems that offered a choice of either standalone or workgroup editions. While these choices still exist today in current operating systems (OSs), most IT leaders would assume that being part of a networked workgroup was vital to most employees.

While ‘pre-networked’ operating systems delivered the best part of requirements, they also allowed individual users to control and configure their own desktop OS. Essentially, we could all be administrators, if we wanted.

Things are very different now. If we fast-forward through several OS releases, we now have Active Directory, UAC (User Account Control) and local groups such as ‘admins’ and ‘power users’.

Some people argue that moving everything off the desktop and into the data centre gives the IT department greater control of the OS, data and security environment. But what if certain users want to retain more control over their own OS? And is it really an option with Local VDI or are we simply moving data from an endpoint device to a virtual machine (VM)?

If you are empowering users with Local VID, this gives them an offline option, which means that if they are away from the corporate network for several days or even weeks at a time, the risk of data loss is as great as with a traditional company laptop. If the Local VDI image is not synched with the data store and the laptop gets lost, stolen or corrupted, then the data is lost.

However, it could equally be argued that the data is slightly more secure, as whoever steals or finds that laptop would not only need to access the endpoint OS, but also the VM sitting back in the data centre. If the username and password were the same, however, then this might be a moot point.

With any local or offline VDI solution, you need to address ‘worst case scenarios’ and look at solutions that offer options that go beyond just backing up data when a user is in the office.

Hosted desktops, such as RD Session Host and VDI, are advantageous, since the user sessions are not accessed offline. As a result, data doesn’t in theory leave the data centre.

When accessing a hosted desktop, users will use one of several protocols; for example, QuestEOP, HP RGS, Citrix HDX, Teradici PCoIP and so on. These different protocols, and corresponding management tools, offer enhancements to further secure the connection and ensure data security can be obtained.

Speaking generally, rather than about any specific solution, you can re-provision desktops at log off to ensure the virtual desktop is completely refreshed thus not leaving any user data. You can apply application and host restrictions to control access as you, the admin, decides. A couple of the more basic but critical features to look out for are the ability to disable clipboard and local drive redirection and to prevent copy-and-paste functions between endpoint and hosted desktop.

Personally, if I worked for a company that was in the process of deciding on a hosted desktop solution that also met corporate data security requirements, I would look for a product that offered a blended approach and gave me flexibility. One size, after all, does not fit all.

Commenting on the cases, the ICO’s acting head of enforcement Sally-Anne Poole said: “The ICO’s guidance is clear – any organisation that stores personal information on a laptop or other portable device must make sure that the information is encrypted.” The ICO also freely provides guidance to UK companies on its own approach to encryption.

So why is the message not getting through? It’s possible that, within charities, there’s a feeling that money could be better spent elsewhere, on the organisation’s most pressing projects and current campaigns, or simply a lack of in-house expertise to deploy encryption.

But while the ICO has decided not to fine the two charities involved for their non-compliance, it has not held back from holding them up as examples of poor practice. The bosses of both charities have each had to sign an agreement confirming that, in future, their organisations will encrypt all portable and mobile devices used to store sensitive personal information and update their policies and procedures for the storage and use of personal data.

Regardless of the sector in which an organisation operates, the law is the law. But for many companies, it’s not just laptops and USB sticks and hard drives they need to worry about encrypting these days – it’s the smartphones and tablet computers that employees are buying themselves and bringing to work.

According to Chenxi Wang, an analyst with IT market research company Forrester Research, the increasing use of personal mobile devices in the workplace is posing some increasingly complex security challenges.

In a recent report, Managing the Security and Risk Challenges of Personal Devices in the Workplace, Wang identifies four major data security risks from the use of personal mobile devices.

First, there is the risk of device theft or loss. “From the corporate perspective, device loss could lead to data compromises if sensitive data lives on the device”, the report says.

Second, the mobility and portability of these devices increase the threats to data protection. “To defend against casual data access, you can implement PIN-based entry and device lock. To protect against active attacks, you will need measures like full disk or file encryption”, writes Wang.

Third, she warns, there’s the risk of attack from a malicious, but authorised, insider: “If you are concerned with employee misuse or malicious insider threats, encryption alone does not do the job. You need to actively restrict data manipulation operations like cut-and-paste and control which mobile apps can handle the corporate data.”

Finally, data-stealing malware is increasingly attacking mobile devices. Any personal device with the freedom to download mobile apps is a ripe target for infection, she says.

The challenge for IT teams, says Wang, lies in balancing corporate security measures with an employee’s freedom to use their device as they choose. “Secure processes such as remote wipe, pin-based entry and centralised management will satisfy many of the security requirements of your organisation. However, when the mobile actions of a user conflict with the interests of the enterprise, this raises notable legal issues surrounding the adoption of personal devices in the workplace.”

In other words, it’s going to take a company-wide effort to establish a robust mobile policy, one that balances the security requirements of the enterprise with the user’s own device experience. Encrypting laptops is just the tip of the iceberg – but it’s clearly a must-have for any UK organisation handling personal data that wishes to avoid the censure of the ICO.

But this kind of data presents special challenges and has its own unique requirements. We’re not talking about more usual types of corporate data – we’re talking about masses of video files, often accompanies by other types of data, such as the time/date and location of capture.

We’re talking about data that sometimes needs to be retrieved at very short notice. If a crime’s been committed, after all, the stored data may need to be reviewed immediately. So what unique data management requirements does surveillance impose on a business?

1. A failsafe architecture that provides 24-hour recording across fixed and mobile assets

Most surveillance systems have distributed storage at the edge of the network – in fact, it’s the preferred implementation methodology. That is predicated on the fact that around 90% of the surveillance cameras in use are analogue. Where IP-based cameras installed, and this is a rapidly emerging part of the industry, these are totally network-dependent and -reliant. The issue when you start deploying these in a legacy environment is that many cities and businesses simply don’t have the bandwidth available or a sufficiently robust backbone for constant video streaming. Networks go down – it happens all the time – but organisations can’t afford for surveillance capabilities to go down with the network.

That’s why we propose a distributed architecture, which combines failsafe continuous recording at the point of capture, with on-demand access to all parts of the system. This can be achieved by using an integrated camera recorder (ICR) device that provides fail-safe local storage at the network edge but which connects to (or even contains) an enterprise server. In this way, content can be stored and viewed locally but also streamed to your centralised storage method of choice, where it can be managed by a video management system or VMS.

In a tiered storage architecture like this, the camera typically provides the first 24 hours of full frame-rate video, backed up by nearside storage for the first seven days. In the middle lies your ‘cloud’ – perhaps the internet or the corporate network – and beyond that, you have storage and archiving systems, providing perhaps 90 days of storage and an archive of specific security events.

2. Central storage and archive management that provides both back-up and fast event retrieval

These video and archive management systems are typically engineered for enterprise, SQL-based video management. They offer map and query-based graphical user interfaces (GUIs) for camera selection and control, and help users to find video content relating to a specific security event or crime. A complex archive management solution will also import and index event-driven downloads, archiving all video to your preferred choice of storage and download from mobile and removable media.

3. Health monitoring to ensure maximum uptime

An added bonus of some systems is automated diagnostic reporting, via SNMP over a wireless network: this enables individual cameras to report that they are not recording or are obscured, so that operators don’t have to perform regular checks on every camera in the network – only those that have reported problems. So in a city-wide public-transport network, for example, that health data would be downloaded along with stored images whenever a bus returned to the depot for refuelling, a driver change or at the end of a service.

All of these elements are needed for effective use of video for security and surveillance purposes. No business can afford to lose video records, so that content needs to be stored and archived well.

The fact remains, however, that small businesses are less interested in how progressive they are and choose technology solutions on the basis of cost-efficiency and ease-of-use.

Ask most small-business owners whether they consistently execute backups and regularly transport the media used offsite, and the honest ones will generally concede that it doesn’t happen all of the time. Nor do they have real confidence in their ability to recover quickly and easily from tape backup.

Cloud, by contrast, promises high degrees of automation for consistency, as well as rapid access to the data if something goes wrong. Plus, it can be budgeted as an ongoing service expense (Opex), rather than in the form of a hefty upfront investment (Capex).

As a result, cloud is what people concerned with safe, regular backups are talking about. Many cloud offerings cater either to very large enterprises or to individual consumers. Small businesses lie somewhere between the two, so when cloud vendors change their low introductory or unlimited pricing model, cost can become a concern. Networks in small companies tend to be small and Internet connections slow, which adds another constraint in moving data to and from the cloud.

At the same time, custody of data is extremely important to small and medium-sized businesses (SMBs). Issues around control and custody of data vary from SMB to SMB, but as a general rule, the smaller the business, the more likely it is that the business owner will want to know exactly where their business and customer data is residing. Often, they feel safer when their data is locked in their own premises. Small government groups, such as municipalities and public safety agencies think like this as well: they want full control of their data, even if they are not IT experts.

The solution is simple: file replication between two sites. This provides automatic offsite backup and enables very rapid access to files and restoration of file data.

Using intelligent technology, only new files or changes in existing files (incremental backups) are copied to a secondary site. The process of synchronising a primary site and a remote secondary site can be scheduled to automatically run during off-peak hours or at multiple points during the day. Unlike public cloud backup, the secondary storage system can be physically transported to the primary site (if needed) far more quickly than it would take to copy all of that data down from the cloud.

So how can a small business get started with offsite backup? That’s simple: it needs to deploy the right type of easy-to-use, capable storage system at its two chosen locations which, ideally, are sufficiently distant from each other that they don’t share the same ‘disaster radius’ in the event of fire or flood.

Many local resellers offer a blend of onsite and hosted services, where they deliver capital solutions at the small business location and also lease equipment and space in their own facility for the offsite backup.

In this way, SMBs can experience the benefits of a private cloud combined with the ease and automation of a public cloud – all while not using a cloud at all.

“We save everything until our mail server gets full – then we delete everything and start anew.” Or, “We save everything for 30 or 60 or 90 days – and we’ve never had a problem.” Or, “We gave up trying to figure out individual retention rules and now keep everything for 10 or 15 or 20 years.”

If so, it’s using blanket retention policies that can create perilously unsafe harbours of information. If your organisation needs to embark on an eDiscovery exercise in order to satisfy an inquiry from a regulator or the judiciary, the cost of responding to that request could be staggering.

A few years ago, American chemicals company DuPont conducted an internal cost assessment of a three-year response to a single discovery request. Its aim was to persuade business unit leaders of the necessity of effective document retention. The team that performed this exercise found that 75 million pages of text needed to be reviewed over the three years. More than 50% of the documents were kept beyond their retention period. And the cost of reviewing only those documents that were beyond their retention period totalled a staggering $12 million.

The point is that the regular, policy-based destruction of ESI (electronically stored information), including email messages, is a legal and appropriate business practice if no law or other obligation requires retention.

But against the backdrop of escalating litigation and regulatory needs, many organisations fail on their document retention policies. It’s just not considered a high priority until a ‘compelling event’ forces it onto the management agenda. Employees are busy. An organisation has too many disparate IT systems to consider. IT is given no funding and project cycles for this kind of work are considered too long.

Nor are the legal and IT departments speaking the same language. Lawyers talk in terms of evidence, spoliation, legal hold, redaction and culling. IT professionals talk about archives, network attached storage, cloud and back-up tape.

What is needed is a coordinated corporate initiative that involves different areas of the business: legal, compliance, lines of business and IT. At Iron Mountain, we’ve defined eight tenets of effective document retention policies:

1. Understand your regulatory requirements

2. Understand how employees use data

3. Create a common sense retention schedule

4. Create a litigation hold process

5. Inform and train your employees on the new policies

6. Enforce the policies with audits and punishments if not followed

7. Ensure that policies are defensible in the event of litigation, by reviewing the policy annually and refreshing as necessary

8. Document everything. Remember: if it’s not documented, it didn’t happen.

That may sound like a tall order – but businesses today have the choice of a number of ESI classification options. They can apply a universal, ‘one size fits all’ policy – where all email, for example, is classified and retained equally. They might adopt a role-based, ‘high water mark’ policy, where ESI is classified according to department, geography or accounting code, for example. They might opt for a manual, user-based retention approach, where users classify messaged within the email system themselves and organise them into managed folders. Or they might deploy technology that uses the message content itself as a source of metadata, allowing it to classify a message according to subject, content, attachments or its ‘custodian’ (either the sender or the recipient).

Whatever approach is chosen, businesses should never let perfection be the enemy of good. In other words, perfect policies and disclosure processes don’t exist in the real world, so there’s no point in defining perfection at the expense of execution.

Your goal instead should be to develop practical, workable policies, processes and practices today. These are ones that should allow you to show the courts and the regulators that you have a policy and take reasonable efforts to follow it. You must also be able to demonstrate that your disclosure hold process is periodically testes and that you know what data you have and where it’s kept.

Above all, your organisation should be confident that it destroys unneeded, older, non-litigation and non-compliance related documents on a regular basis – and that time and energy is devoted to improving its retention policy and processes over time. It is possible to balance eDiscovery and compliance obligations with IT operational and budget constraints – and it could be your organisation’s best defence if the courts or regulators come knocking.

But what do we mean by ‘usability’? It’s certainly a term used widely among storage vendors, who are waging a fierce battle to capture a slice of the market for selling lower-priced, easier-to-use unified storage systems to small and medium-sized businesses (SMBs).

EMC, for example, unveiled its VNX and VNXe systems at the start of the year, in a direct challenge to NetApp, the leader in this market. In April 2011, Dell announced the launch of two new entry-level PowerVault models (NX3500 and MD3600i), also with the needs of SMBs in mind.

Right now, then, small enterprise storage arrays are a particularly vibrant area of the storage market – and that looks set to continue, because server virtualisation is driving huge demand for networked storage, even within relatively small IT departments. But virtualisation also calls for advanced features and high performance, hence the calls for improved ‘usability’ among customers, particularly those who have few (if any) specialist storage skills in-house.

For customers, usability means three things, says Villars:

1. Inherent flexibility. That, he says, is embodied by systems that support both block- and file-based storage network protocols, so that IT teams can use a single unified system to support a range of storage needs – email archives, database, files and so on.

2. Embedded data efficiency. Usable storage should include support for virtualisation technologies and data management services (such as automated provisioning and data deduplication), which ensure that physical storage capacity doesn’t go to waste. At the same time, customers are looking to allocate stored data to the most appropriate medium, according to its value to the business over time. That medium might be (in increasing order of price/performance) slow disk, fast disk or solid state disk, according to how recently data was stored and the likelihood of it being accessed in future. So SMB customers are looking for mixed-media storage arrays, too.

3. Simple capacity provisioning and data protection. SMB customers need storage that provides “common and highly automated provisioning, reallocation and data replication through a simple and intuitive interface,” says Villars. That interface, he adds, needs to be “application-aware”, so that administrators can easily set up storage pools that are optimised for important and widely-deployed applications.

At many companies, storage usability can’t come quick enough. “Decision-makers have become impatient with the care and feeding of their IT infrastructure. Preferred is a model that shields users from arcane IT and storage vocabulary and domain-specific activities (such as how to allocate pooled storage to individual users or applications),” says Villars.

The onus, then, is on vendors to provide that much-needed blend of sophistication masked by simplicity – and at an entry-level price. The market is already crowded, with big players (EMC, NetApp, Dell and HP, for example) competing alongside much smaller ones (Drobo and StoneFly, for example). But what they have in common is that they are placing usability centre-stage.

That’s an appealing prospect for the many organisations where IT teams struggle to to handle a sprawling desktop estate, with all the management time and resources that this task entails.

After all, the average operational cost of a traditional desktop is around $2,000. Provisioning and supporting desktop services is complex and costly. Data protection and compliance present new challenges for desktop use and refreshing desktops to align with new operating systems as they emerge is an added burden. Environmental concerns, meanwhile, cast doubt on the efficiency of traditional desktop PCs and the trend towards agile and responsive It means that systems adminstrators are expected to deliver projects to ever-tighter deadlines.

With a VDI, a single physical server can host a large number of virtualised desktop images. Each image’s ‘disk’ is hosted on an enterprise-class NAS [network-attached storage] or SAN [storage area network] and a ‘broker’ is used to evenly load-balance client access across the infrastructure charged with supporting desktop services. Meanwhile, connection protocols such as RDP (Remote Desktop Protocol) and PCoIP (PC over IP) are used to access the desktop image over the corporate network. That means that the desktop image belonging to a particular user can be accessed not only from traditional desktops and laptops, but from thin clients and mobile devices, too.

So how does this kind of infrastructure address physical desktop limitations? For a start, a VDI reduces the cost associated with each desktop PC over its lifecycle in the areas of support, administration and break-fix. Fewer staff are needed when the complexity of a desktop estate is reduced by centralising and controlling desktop images in the data centre. At the same time, this means that the dissemination of sensitive corporate data can be protected and monitored and updates can be orchestrated from that central point of control. When it comes to the ‘green’ debate, meanwhile, VDI allows for the deployment of inexpensive, energy efficient thin clients and, by deploying a range of bespoke images tailored to the needs of different groups of users, IT staff can efficiently meet the demand of users for refreshed desktop images.

In its experience to date with VDI deployments, EMC has learned a number of key lessons that it regularly shares with customers:

1. VDI is not a shink-wrapped solution. There is no such thing as a one-size-fits-all approach.

2. Every company’s user environment is different. Reference architectures and generic performance figures can only ever be a guide.

3. The workload of each individual desktop user will vary, even across one organisation. Many organisations contain a range of different user types.

4. Each organisation’s desktop services environment will be unique. There could well be, for example, multiple combinations of desktop images, applications and user data.

Understanding the types of applications and user data created inside a company – as well as how that information needs to be delivered to the user and protected – is critical. Are desktop users light or heavy users of services? What kinds of data do they create and store – are they performing basic data input tasks or uploading unstructured content, for example? Does their access to data need to be persistent and what types of devices do they typically use to access it? What type and number of applications exist within our business?

In our experience, successful VDI deployments start small, with careful user profiling, and are then progressed through to a proof-of-concept (POC) to full implementation. Most businesses find that they do not adequately understand the performance required for their desktop images or how large those images need to be – but a failure to balance cost with delivering a good user experience will doom a VDI deployment.

Above all else, organisations need to be realistic about the scope and applicability of VDI. Once it’s up and running in the data centre, VDI becomes a Tier 1 application in terms of performance and availability requirements. In order to scale sufficiently, an organisation may need to leverage new technologies such as deduplication, flash memory and thin provisioning. Plus, there remain some unresolved elements to VDI, such as desktop licensing and the general impact on data centre operations that come from centralising desktop access.

But despite the challenges, it is still relatively easy to judge a successful VDI deployment. The IT team should see fewer calls to the helpdesk from frustrated users, along with fewer desk-side visits, less time spent on adds, moves and changes and quicker and simpler application and operating system upgrades. With the right use case and the right cost model, an organisation should be well-positioned to exploit this technology to its fullest effect.

But one assumption that many organisations make is that, using a new virtual desktop infrastructure (VDI), they can put everything inside the data centre but still provide employees with the same old PCs. As we shall see, that may not be a good idea from a cost perspective.

At Wyse, we advise customers to take a long, hard look at the desktop device itself, rather than just concentrating on the back-end VDI piece of the puzzle.

There is a really good reason for that: if you leave an older PC out on the desk, and continue to use it as the access device for desktop virtualisation, it’s still going to need anti-virus, it’s still insecure, it will still require a considerable amount of management, only last around 4 years and consume as much energy as ever.

If you’re serious about the idea of virtual desktops, by contrast, you’ll need to address what sits in front of the users. With thin or zero client devices, for example, you cut out the need for antivirus, totally centralise management, plus the device will last longer (perhaps as much as 15 years) and use a great deal less electricity. Above all, it will cost you far, far less than a standard desktop PC.

The cost argument is backed up by independent research. Leading IT market research company Gartner has calculated that a standard desktop PC will cost an organisation around $117 per month to own and run. In organisations that put desktop virtualisation in place, but leave the standard PC on the desk, the number actually goes up, to around $135 per month. But a thin client used in combination with a VDI infrastructure will cost an organisation, on average, around $73 per month. That represents around a 35 percent to 40 percent reduction in monthly running costs, per device.

So what might you consider as an alternative to the desktop PC? At Wyse, we like to talk about thin clients, zero clients and Cloud PCs.

Thin client: This is a flexible device, that can be connected to a Microsoft infrastructure, a Citrix infrastructure, a VMware infrastructure, or technology from a number of other vendors. It’s a small, compact device – about the size of a paperback book – that uses around 6w of power and is extremely reliable. And it comes in a mobile version, too, which is great for employees who would otherwise use a full laptop.

Zero client: Here, there is nothing on the client to manage; for example, no security software needs to be installed. It’s all at the back end. It will have a more limited range of function compared to a thin client, but demands the least amount of management time and resources.

Cloud PC: With a cloud PC, operating system and applications are sent over the network from the back-end data centre to the device.

Different models suit different users in different industries, but the overall message is clear: just because it’s smart to move stuff into the data centre, you’ve got to look at the desktop device itself, or you’re simply not going to get the benefits from your virtualisation investments.

Maybe not, but a new problem associated with such projects is emerging, according to vendors – and they call it ‘virtual stall’.

This is the situation that arises when all of the easy-to-virtualise servers in a data centre have already been converted to VMs and the IT team starts to set its sights on trickier, riskier systems.

It’s only then that they realise what little progress they’ve made. On average, the low-impact, low-risk systems that provided the best early targets for virtualisation (the ‘low-hanging fruit’ in the parlance of IT suppliers) account for little more than between 20 percent and 30 percent of the machines installed in their data centres. In other words, they’ve still got a long way to go.

But when they start to consider their other servers to VMs, they run into problems. That’s virtual stall – the inability to move beyond that initial 20 percent to 30 percent of servers – and the number one reason it occurs, it seems, is lack of visibility into the state of VMs running in an environment.

In March 2011, virtualisation management tools company Veeam commissioned a survey of 253 CIOs across the US, UK, Germany and France, working in companies that employ 1,000 people or more. Respondents were asked to identify the issues that were holding back their virtualisation adoption and the researchers found that many were linked to a failure to integrate virtualisation with traditional enterprise management tools and frameworks.

For a start, there’s the difficulty involved in managing servers virtualised using vSphere (VMware) and Hyper-V (Microsoft) from a single console, cited by over 70 percent of those surveyed. There’s also the fact that almost half of respondents (48 percent) choose systems management tools on the basis of ease-of-management, rather than functionality.

Above all, the survey found that the majority of organisation use specialist tools, rather than their installed enterprise-wide management frameworks to manage their virtualised server estates. While 80 percent would prefer to use these frameworks, they cannot, because of a lack of functionality.

Given that the survey was sponsored by a specialist tools vendor (Veeam), some caution is required here. But this study is not alone in finding that a distinct systems-management deficit is leading to ‘virtual stall’ across the board – indeed, a number of leading independent IT market analysts echo that view.

According to a recent report from IT market analyst firm Forrester Research, issues such as capacity planning and management are often “mysteries” in a virtualised environment, “because the exact capacity of the infrastructure is hidden beneath the complexity of the virtualised systems.” This causes confusion around managing the performance of the infrastructure, which imposes excessive risk to business services reliant upon virtual servers. In order to cut through that confusion, IT teams need to be able to answer the following questions:

1. Do we know what’s running? In a newly virtualised environment, having a good understanding of the physical resources that are running is no longer sufficient. Organisations will need to maintain an inventory of virtual assets, too – namely virtual machines (VMs), even those that are currently offline – in the form of a configuration management database (CMDB).
2. Do we understand the needs of specific services and applications? In order to avoid the over- or under-utilisation of physical resources in a virtualised environment, administrators need to define and enforce resource utilisation rules for every VM it contains; that is, its memory, storage and network requirements. Effective capacity planning is all about getting VMs to ‘play nicely’ together on a physical host.
3. Can we actively monitor the virtualised environment? Organisations will need tools that are able to monitor and relate performance statistics collected from VMs and their physical hosts to identify potential performance problems.

Fortunately, the gap between the complex new requirements of VMs and the need for greater visibility and control over the whole environment – both virtual and physical – is starting to close, as tools emerge (some from specialist vendors, some from traditional systems management companies) that are specifically engineered to solve the problems of both virtual sprawl AND virtual stall. Either way, it’s time for companies that want to reap the true benefits of virtualisation to impose more control over the environments they have today.

In fact, it is the clear cost savings to be gained from reducing the number of servers in data centres, along with the accompanying flexibility and availability benefits, that have made deploying VMware technologies a top project on the agenda of today’s IT departments.

But like any business venture that is likely to pay a return, embarking on a virtualisation journey is not a case of immediate, 100% savings. Some upfront investment will be required.

For smaller environments, that investment has not always been easy to justify. The costs associated with purchasing larger-scale servers, a storage area network (SAN) and software licences for server virtualisation have sometimes seemed too steep to small and medium-sized businesses (SMBs). In other words, the necessary capital expense may be easy to quantify, but is hard to justify – presenting a limiting factor to SMBs looking to build the business case for virtualisation.

Operational efficiency is harder to quantify, but no less valuable. When an IT manager can do more with the same amount of time – in the same way that they can do more with the same amount of financial investment – the business really benefits. And it is no secret that the IT manager supporting everything within IT at a small company really needs these time and effort savings, enabling them to deliver better service levels and improved availability of mission-critical applications to everyone in the organisation.

The good news is that corporate IT is now subject to a trend frequently referred to as ‘consumerisation’. While before, server virtualisation technology was often cost-prohibitive and too complex for SMBs to manage, consumerisation is bringing new options to SMBs that make server virtualisation less costly and more viable.

All of the popular server virtualisation technologies now offer low-cost options that deliver sophisticated features for high availability. Built especially for small-business IT, the VMware vSphere Essentials 4.1 kit, for example, is an all-in-one solution that combines virtualisation for up to three physical servers (up to two processors each) with centralised management capabilities. The Essentials Plus kit specifically provides the same enterprise fault-tolerance associated with VMware’s high-end products, including vMotion, High Availability (HA) and Data Recovery (DR), but designed with the needs of smaller organisations in mind.

Many of these same capabilities are also available from other technology vendors. One example is XenServer from Citrix: its Advanced Edition has sophisticated features for HA in a licensing model that offers a low fixed cost per server for as many servers as you have.  Microsoft with Windows Server 2008 R2 with HyperV, meanwhile, is another server virtualisation option that is proving very affordable for small businesses.

So where does shared storage fit into the equation? A shared SAN enables all virtual servers to see the same storage, enabling IT teams to move virtual machines (VMs) and applications across redundant infrastructure. This architecture opens up tremendous flexibility, creating an environment where IT managers can move applications without impacting user access or uptime. This can be a life-saver when it comes to maintenance: you can move a VM and application, perform vital maintenance, migrate the VM and application back to its original host, and the user never notices.

Without a SAN, however, VMs are limited to one physical server and direct-attached storage, and vulnerable to downtime for maintenance or even extended downtime in the event of a failure.  Therefore, SAN storage is a must if you want to maximise mobility and availability for Server Virtualization. Fibre Channel SANs have a high entry cost and iSCSI can be lower in price, but many iSCSI arrays are designed for enterprises and are still tens of thousands of dollars and expensive by most measures.

The good news is that the benefits of consumerisation for SMBs have also seen a vast reduction in the cost and complexity of iSCSI SAN solutions. Thus, a highly-available virtualisation solution is closer than most SMBs might think. By combining Essentials Plus (or other entry virtualisation solution) with an iSCSI SAN, easy and affordable high availability is possible.

That makeover, say BMI’s analysts, has in part been shaped by increasing consumer and business interest in voice-over-IP (VoIP) telephony due to its affordability over conventional telephony approaches. Many users, they say, are making “significant savings”, particularly when making international phone calls.

Take, for example, the University of Nottingham, which earlier this month announced it is saving £60K per year by migrating to IP telephony.

Security, however, continues to be a concern – and lurid headlines can’t be helping. Last year, for example, some 30 members of an organised crime gang were arrested in Budapest and London and charged with stealing €11 million via VoIP toll fraud.

The gang used thousands of stolen VoIP account details to make 1.5 million calls to premium rate numbers which, in turn, paid the gang a percentage of the inflated call charges,” explains Paul Henry, an information security and computer forensic expert.

“The automated billing mechanisms of VoIP services using direct debit or credit cards make these prized targets for criminals who often have difficulty selling stolen data,” Henry says.

But the problem is not just limited to the theft of calling credits, he continues. As data and voice coexist on the same networks, criminals increasingly use weaknesses in one area to gain access to the other – and that should be a big concern for businesses interested in VoIP.

“The information gained from hacking into sensitive voice conversations can be used for insider trading or corporate espionage,” explains Henry, who points out that few organisations encrypt VoIP traffic sent across shared networks.  “The widely held assumption that VoIP traffic is difficult to intercept is plainly wrong,” he comments, pointing to a growing number of free tools that will capture SIP based voice calls and turn them into audio files via minimal access to a shared IP network.

It’s for these reasons that Henry will be leading the first European session of The SANS Institute’s new Security 540: VOIP Security course in Amsterdam in May.

Henry, who regularly advises and consults on some of the world’s most challenging and high-risk information security projects, believes that only one in 10 organisations that deploy VoIP specifically look at the security implications of these new voice services. The new course, the SANS Institute claims, will enable IT professionals to better design, deploy and audit VoIP infrastructures.

The launch of the SANS Institute course may be good news for companies intent on implementing their own VoIP systems, but the effort involved will hold little appeal for others, due to reasons of time, cost or in-house resources: hence the prolific growth of hosted VoIP for business.

According to a recent survey by Frost & Sullivan, the European hosted IP telephony market, worth €0.9 billion in 2010, is set to grow to €4.9 billion in 2016. Once companies experience the functionality and service levels offered by hosted VoIP, they become more comfortable with communications being delivered in this way, says Frost & Sullivan analyst Dorota Oviedo.

But companies should ensure that among the service levels, terms and conditions offered by their provider, some attention is given to the matter of security. As with all hosted or cloud solutions, the onus for day-to-day management (incuding data security) is shifted from customer to supplier. But in the event of a VOIP breach, it’s the customer who will really suffer. There’s no excuse for any business to claim ignorance of VoIP security threats and it’s clear that, here, better education and understanding is still needed.

Global enterprises, in particular, say they have fallen behind on security measures during the current economic crisis – around 57% of them, according to a 2010 survey by Deloitte Touche Tohmatsu. And around half indicated that they had experienced  data breach in the last 12 months.

The result is that we have good reason to believe that the vulnerability of data in transit has increased over the last two to three years.

Cloud computing raises the profile of the security debate further still. The security of cloud computing is often questioned and there are still no generally accepted cloud computing standards with respect to assurance.

Data-centre security, however, isn’t the problem. Most data centre operators do a good job of protecting the assets it contains. What’s lacking is protection for the data that leaves that data centre on its way to another data centre, as it travels between these two protected zones. What happens to it along the way? The transit area, after all, is public.

Fibre-optic networks, in particular, provide a profitable target for industrial espionage – and the tapping of information in this way is seldom discovered. (In one example, however, US security forces discovered an illegal fibre eavesdropping device in telco Verizon’s optical network, placed at a mutual fund company, shortly before the release of their quarterly numbers).

Until recently we at ADVA told customers it was almost impossible to tap into fibre. Unfortunately, that’s simply not true any more.

So the advice from John Pescatore, a security analyst at Gartner, for example, is to use encryption when transporting data over fibre-optic networks. That’s in line with government regulations that mandate the protection of data in regards to its storage and transit, especially for organisations in the financial service and health industries.

There are multiple ways for hackers to access fibre: through cabinets located on public streets or within buildings, for example, using tapping devices that ‘listen’ to data in transit in a non-obtrusive way and doesn’t disturb the flow of data on the fibre core. Such a device can be bought today on eBay for between $1,000 and $2,000.

You could of course argue that it’s still difficult to extract meaning from the flow of light across a network. But we regularly use testers to monitor and analyse the smooth running of networks and these are freely available to the public, including hackers. In effect, all data traffic can easily be monitored, recorded and replayed.

So what can be done about this threat? Some companies own their own dark fibre -but that’s not a solution because there are still splicing boxes and street cabinets where a third-party could hack into the dark fibre. Others apply physical protection, such as sheathing provided by steel tubing, between two data centres – but that only works when the data centres are relatively close together. Even 10km would be quite expensive. Monitoring of optical performance goes some way to help, allowing companies to detect tapping of fibre, but offers no protection against the reading of data.

So the answer ADVA proposes is in-flight encryption of transmitted data. Although a hacker could still tap into data in transit, their ability to read it provides no meaningful content if they can’t decrypt it. An organisation can pick and choose what data to encrypt and to what level. It’s a modular approach that can be added per channel on an as-needed basis.

New technological developments are making in-flight encryption more affordable for companies of all kinds and spurring greater uptake. High price tags are no longer an issue. Today, professional hackers have the means to attack your data in transit. If that data’s unprotected, the consequences could be huge. Next time your organisation sends data between two data centres over an unprotected link, think hard about the risks involved.

In short, new high-definition (HD) devices require far less network resource and offer superior results to previous IP solutions.

Just two or three years ago, a 8 megapixel or 10 megapixel camera might require 60mb on the network. You’d get fantastic images, of course, but in anything other than a lab environment, that just wasn’t practical. That’s not the situation anymore.

Of course, it’s not a question of ripping out all the cameras you already have installed and replacing them, if a company needs to preserve its existing investments in security systems.  Existing analogue and IP cameras can be connected to hybrid MVRs [recording units] residing on the corporate network, for example. Locally, we can connect encoders to older composite video cameras, creating a pathway to the network.

This end-to-end strategy gives customers the flexibility to deploy all-IP video today, or transition to an open, IP video environment by adopting new technologies when they’re ready to make that step. At the same time it supports the common management of both IP and hybrid IP/analogue systems across a large-scale enterprise with hundreds, or even thousands, of locations.

But there is still a strong case for migrating to HD IP cameras. In short, improved rates of image resolution means better information when it comes to security. Post-event reconstruction, for example, is greatly enhanced by higher resolutions.

One of the great things for usability is that today’s edge devices are capable of handling a lot of the data processing themselves. That means that digitalisation, compression and analysis is handled automatic by the camera itself, with the accompanying benefits of reduced command-and-control complexity, lower resource requirements and, of course, less associated cost.

For system resilience, this is a much better proposition: with data processing handled out at the network’s edge, if you lose a camera, you just lose that one channel. You’ll be less vulnerable to experiencing the hassles associated with a single point of failure.

Also, if video analysis happens out at the edge, you can choose how frequently to stream the data. If you’re watching a stockyard, for example, and nothing’s really happening, then two frames per second should be enough because over the past ten minutes nothing changed. You can then switch the cameras to higher bandwidth or higher quality when there’s more activity in that area. That means network usage is only required when there’s potentially something worth watching or recording. In other words, you’re not using network bandwidth to establish that nothing happened.

There’s a misconception that installing these kinds of advanced products is more complex or more challenging – but, in reality, it’s just different from the approaches used for analogue cameras. What they do provide is the opportunity to be more creative in how your organisation addresses its security challenges.

And at March Networks, we already sees that within our existing customer base, from public transport operators who need to offer a safe environment for passengers, to retailers seeking to curb the activities of shoplifters. Specific video content analysis, which automates much of the human effort previously involved in watching spaces, crowds, objects or traffic, can take that creativity to a higher level still, making security systems even more usable and more efficient for the organisations that deploy them.

It’s time for a reality check. The truth is that nothing will really change on the surface; the transition to IPv6 will happen gradually and, for the next few years, both IPv4 and IPv6 will co-exist.

In fact, the IT industry has known about the move to a newer version of the Internet Protocol for a long time now. IPv6-ready networking products are already available.

But two recent announcements have sparked an industry debate about what really needs to be done to prepare the network and why it should be done sooner rather than later. In January, Google, Yahoo, Facebook and Akamai designated 24 June 2011 as World IPv6 Day – a day when the four companies will work together to test how the new protocol will work in practice. And in February, the Internet Assigned Numbers Authority (IANA) warned that ISPs were accelerating their requests for IPv4 addresses as the supply nears its end.

Indeed, it’s the ISPs that will feel the brunt of the switchover. Ulimately, they’ll also be responsible for driving it, as they start to assign new IPv6 addresses to customers. These companies need to test how IPv6 will integrate with IPv4 now and provide guidance to customers. More activity can be expected around World IPv6 Day.

In Asia, many countries are already using IPv6 and companies in the region are seeing the benefits. Their counterparts in Europe should look to their example of how the new features of IPv6 might be used when the transition starts to happen here.

One main benefit is enhanced security: the IPSec standard, for example, is built into IPv6, so that any new devices added to the network are protected behind a firewall and do not need to be translated. That could be a key draw in industres that need high levels of security for users accessing different tiers of confidential data, such as military organisations, academic institutions, hospital networks.The security benefits are a key factor for industries that need high levels of security for users accessing different tiers of confidential data, such as the military, university and hospital networks. In the US, for example, the Department of Defense is already implementing IPv6 across its network. In the UK, the Ministry of Defence is trialling the new version.

Another key benefit is the possibilities for remote management of devices that IPv6 offers. When almost any device can be assigned an IP address and be securely connected to to the Internet, as the new version offers, it will be possible, for example, for holidaymakers to control home-based light switches and security cameras from their mobile or laptop. We expect an explosion of innovations like that over 2011 and 2012 as the transition to IPv6 Internet addresses begins.

For now, however, the key is having a plan. IT managers need to start preparing for the transition by analysing their network and testing how IPv6 will be integrated over time. They also need to speak to their ISPs about what to do as IPv6 addresses start becoming available in the UK.

There is no doubt that the switchover will be challenging and will cause a few headaches along the way; however, in the long term, it will mean that the Internet will become simpler and more stable, bringing a host of new benefits to our growing digital world.

But the trouble with these so-called ‘native’ applications is that they are designed to run only on a single mobile platform only, such as an iPhone, or a Blackberry or an Android-based handset. Plus, they must be downloaded to that handset in order to run. In many cases, they consume processing power and battery life voraciously.

These drawbacks may not bother the average consumer, but it presents a real problem for businesses that need to equip mobile workers with the means to send and receive data while on the move.

For business leaders, the ‘mobile cloud’ concept proposes a better approach. Here, corporate applications are based in a third-party provider’s data centre. When a remote worker needs to capture the details of a new customer order or record a successful delivery, for example, they can access the necessary app over the cloud via their smartphone’s Internet browser, avoiding the need to download that app to the handset.

For their bosses, that means that corporate IT teams don’t need to develop, host or manage the systems that serve up these applications to employees in the field, or the servers on which they run. Instead, they simply pay a provider for the mobile cloud services they use.

Nor do they need to equip employees with a specific, corporate-sanctioned handset – an uphill struggle in any case at a time when employees increasingly use their own devices to access corporate data in a trend known as the ‘consumerisation of IT’.

That’s important, because today’s users currently carry a number of different devices, including laptops, smartphones and increasingly, tablet computers such as the Apple iPad. In 2010, enterprise mobility company iPass surveyed 1,200 mobile workers across Europe, the United States and Asia-Pacific, and fond that 97 per cent carried 2 mobile devices and 50 per cent carried three devices when they were travelling on business.

Finally, cloud-based mobile applications are not limited to the life of the battery contained in a handset nor by that handset’s storage capacity or processing abilities. Instead, they have all the power of a server-based computing infrastructure behind them.

That means that not only do mobile cloud apps use fewer handset resources, but they can also perform a wider range of richer functions. As a result, predicts Mark Beccue, an analyst with IT market research company ABI Research, “cloud computing will bring unprecedented sophistication to mobile applications.”

In the process, he adds, these kind of applications will surpass their downloadable, native equivalents in popularity. “By 2014, mobile cloud computing will become the leading mobile application development and deployment strategy, displacing today’s native and downloadable mobile applications,” he says.

Much needs to happen before the mobile cloud can reach its true potential, however. Mobile network operators – one of the many types of providers keen to offer corporate clients mobile cloud hosting services – are already struggling to accommodate burgeoning volumes of data traffic alongside traditional voice and text message communications. Other would-be providers to corporate customers, meanwhile, have yet to emerge in any significant numbers.

Regardless of who hosts mobile applications, however, the pressure from users – both consumers and mobile employees – is seemingly relentless. With mobile phones set to overtake PCs as the most common web access device worldwide by 2013, according to analysts at IT research firm Gartner, the world of mobile cloud applications looks ready to explode.

It’s an alarming phrase to use, perhaps, but it’s Gartner’s way of encouraging IT leaders to look at the infrastructure they have now and ‘re-imagine’ it to take account (and, presumably, advantage) of a whole new world of cloud-based services.

“Creative destruction develops new resources by dismantling and redirecting existing ones. In IT, this means applying new technologies and practices in ways that redirect or liberate resources to deliver greater innovation and value,” explain Mark McDonald and Dave Aron at Gartner in the recent report, Reimagining IT: the 2011 CIO Agenda.

Through that process, they argue, creative destruction “seeks to create change with little or no net additional innovation — something that every CIO recognises they must do.”

It’s early days yet, of course. In a mid-2010 Gartner survey of 2,014 CIOs in 38 industries across 50 countries (and representing a combined annual IT spend of some $160 billion), a mere 3 percent said they had moved more than half of their infrastructure and applications to the cloud. By 2015, however, Gartner is betting on that number to have risen to as much as 46 percent.

So what should be destroyed and what should be put in its place? Here’s a summary of five areas that, according to Gartner’s analysts, require re-imagination through creative destruction:

IT’s strategic role: Destroy the perception and reality of IT supporting generic business strategies and operations in order to create new sources of strategic relevance based on competitive advantage.

IT organisation: Destroy technically oriented silos that tie up resources and reduce flexibility in order to create greater opportunity and dynamism.

IT personnel skills: Destroy habits that delegate current operations to existing staff while supporting new projects and technologies with outsourced or contracted resources.

IT processes: Destroy restrictive processes, governance arrangements and management techniques that seek to protect IT from the business. These processes need to be replaced with agile approaches that concentrate on productivity and throughput.

IT metrics: Destroy operational and project metrics that only demonstrate that IT is doing its job and not wasting the company’s money, in favor of metrics that demonstrate real business impact.

“Applying creative destruction in each of these areas recognises the need to stop new things before we start new things,” says Gartner’s Mark McDonald. “Creative destruction is essential for re-imagining IT as the goal is to achieve new levels of performance within IT’s existing resource base.”

To read more on Reimagining IT: The 201 CIO Agenda, download the full report here.

So what do these growing volumes cost the average business? We find that, while costs keep increasing while IT budgets don’t, the actual capex (capital expenditure) associated with unstructured data accounts for only around 20% of total cost of ownership (TCO). The remainder is largely associated with management and operations: 15% for power and cooling; 40% for labour and management; the rest (some 25%) for migration and transformation of data.

Organisations know they need to do something radical to tackle these costs and reduce this burden. We know that cloud storage can provides an answer, if applied in the right areas.

The most important thing is to look at the storage infrastructure and identify which types of storage cause the most problems. Typically, it’s content depots (generally speaking, these are appliances containing records that typically remain unchanged) and unstructured data that represent the most significant pain points in terms of consumption of disk capacity.

As it happens, these are also the two categories of data that lend themselves most readily to policy-based management – and that are, as a result, best suited for consignment to a cloud-based delivery model that allows a company to offload the management work to a third party.

We see a genuine need to move things out of a siloed approach, away from storing data per application, and towards content depots and unstructured data platforms that span applications and allow companies to perform consolidated searches on the data they contain.

At the same time, there’s no single ‘point product’ that addresses cloud storage. Companies need to find an approach that works best for them. They may simply want to virtualise their storage, creating a shared pool of in-house resource to support virtual machines. Or they may want to use a cloud service that focuses on storage AND management of those top two problematic data types: content depots and unstructured data.

For some, infrastructure-as-a-service (IaaS) provides an answer. Here, capacity, IOPS (input/output operations per second) and CPU (processing power) are delivered in an on-demand way. This kind of service, however, focuses more on the technical infrastructure associated with storage, rather than the management burden incurred.

With storage-as-a-service, however, the entire use case is based on information management. Here, we see a service that takes into account how an organisation uses information over the entire data lifecycle and provides the management services required to keep it in good order. That may, for example, include applying retention rules to certain forms of content, such as medical records, that must be kept, unchanged for a mandated period of time – and deleting them once that retention period has expired, where appropriate.

With the approach developed by Hitachi Data Systems, this service is kept in-house, but can be managed either by in-house personnel or remotely by third-party specialists. As such, it provides a firm foundation for secure inclusion of hybrid and/or public delivery models in future. We have calculated that customers using Hitachi Cloud Services for Private File Tiering save, on average, 25% on their cost per terabyte, per month charges for storage. Effectively, an organisation that uses this approach is enabling low-risk cloud, at its own pace.

First, however, some important decisions will need to be made regarding the IT services portfolio that most companies manage: What should be done in-house and what should be outsourced?

Most companies are pretty familiar with web hosting, for example: I don’t know many these days that handle this themselves and the majority of companies are happy and confident to hand the management of their online presence over to a third-party specialist.

Where we generally find that they’re less confident, however, is in moving elements of their day-to-day enterprise computing  infrastructure to the cloud. For them, it’s about non-standard platforms, LAN equipment, mission-critical data – an organisation can be very sensitive about putting these things in a third-party data centre.

Less timid companies, however, are increasingly happy to take that step – and they are starting with some ‘quick wins’. They’re moving Microsoft Exchange and Active Directory, for example, into the cloud. Others are looking to place their PABX [private automatic branch exchange] there, so that they’re using cloud-based telephony via the cloud. CRM is another possibility, using applications delivered entirely as a service from Salesforce.com, for example. Document and content management systems – such as Microsoft Sharepoint – are also good options for cloud-based services, freeing companies from having to invest in infrastructure, management and overheads.

In short, if you can remove just some of this legacy infrastructure from the internal comms room, perhaps to the same data centre that provides your web hosting, then you’re going to make a huge difference in day-to-day IT operations.

But as an IT director, CIO or manager, once you start using an element of your business on an on-demand basis, you’ll change the whole way you approach procurement decisions. In short, you’ll be looking for a supplier who can match its service to the way your organisations wants to consume that service. That means that they provide complete satisfaction in terms of:

Service levels: Can a third party provide your organisation with a service better and cheaper than it could achieve in-house? Will they promise to do that according to  strict service level agreements (SLAs) and recompense you if they fail to meet agreed levels of service?

Accessibility to new services: Keeping up with new developments in cloud technologies is hard. If you’re with a cloud provider, it’s their responsibility to stay up-to-date and keep you current. Also, they’ll be in charge with keeping your software licences current – a big compliance challenge that many in-house IT departments struggle with.

Scalability: Smart cloud customers look for scalable platforms. They want to introduce some predictability in the face of spikes and troughs in demand, so that they’re confident that these fluctuations can be accommodated, with no disruption in service.

Returning to the question of transformation versus migration, the migration part of the equation involves discovery, design, planning and implementation – no easy task, certainly, but not the end of the story, either.

It’s the transformation element that makes all the difference and this is about the ongoing relationship between customer and cloud provider that develops during the support stage. A good provider will strive to improve delivery of the service, look for new areas of consolidation, constantly improve reporting for greater transparency and, where possible, continue to seek out further cost reductions.

In short, a good cloud services provider will look for ways to strengthen and extend its relationship with your business. Or, as analysts at Gartner put it, companies should be working towards ‘IT Lite’, a state “where IT works as the glue between the outsource suppliers and the company departments who need their services.”

Let’s start with a brief definition of the Private Cloud: what we’re talking about is a virtualised infrastructure that offers services on an on-demand basis, but which sits behind a company’s own firewall and is owned and operated solely for that organisation’s benefit.

Typically, a lot of customers tell us that although they’re exploring virtualisation, they’re not using it for their production environments yet – or at least, they’re not putting sensitive corporate data into that virtualised environment. Unfortunately, that means that they’re not taking full advantage of all the benefits that virtualisation can offer.

The journey to the Private Cloud is usually travelled in three stages, each with its own security considerations.

The first stage in the journey is the introduction of virtualised servers. At this stage, IT teams should use the controls they have in their existing physical environment and map them to the newly virtualised environment. Virtualisation specialists such as VMware and Microsoft can advise on platform-hardening measures for the hypervisor layer, to strengthen security still further. And you will need strong authentication and role separation for administrators, because – in theory at least – if an unauthorised person gains access to the hypervisor layer, it may be possible for them to compromise a number of virtual machines.

The second stage of the Private Cloud journey is porting critical production applications to the virtualised environment. Here, yhe goal becomes protecting information: you want security policies and controls to move with the data as a virtual machine shifts between hosts, protecting the data itself, not its container.

The third stage is true ‘IT as a service’, where the IT department becomes a business in itself, and hopefully a profitable one, too. Here, the virtualised environment enables IT to start charging other units of the business for the services and applications it provides on a per-usage basis. This stage also often marks the point at which third-party services are introduced on an as-needed basis.

But that, of course, means ensuring compliance across a hybrid cloud infrastructure – and the IT department must ensure consistency of security controls across physical and virtual infrastructures and service providers, too. Here, the emphasis is on establishing a verifiable ‘chain of trust’ between a company and its third-party cloud providers, so they speak the same language when it comes to data security.

It takes a lot of thought – but that’s not to say that security should be any kind of inhibitor to private cloud computing. In the physical environment, IT teams are used to dealing with multiple different technology ‘stacks’ and having a range of security controls that apply to each individual stack – controls that secure the network, the hardware itself, the applications and so on. With virtualisation, by contrast, they’re dealing with a composite stack and thus working from a better vantage point – they’ve got a more complete view of what’s going on.

This correlated view of the environment is one of virtualisation’s greatest advantages when it comes to data security. For many companies, in fact, the journey to the cloud is one in which data becomes more secure, not less, at every stage.

That, at least, is what the Information Systems Security Association (ISSA) thinks – and it’s that kind of thinking that has driven the organisation to propose a new security standard for SMEs. It’s a follow-up to ISSA’s 2010 research study on SME security, conducted on behalf of the UK Information Commissioner’s Office, the government body charged with enforcing the Data Protection Act.

ISSA is the largest not-for-profit, international organisation for information security professionals and practitioners, and as such, its proposed standard should be taken seriously. It’s based on a year’s work by 30 individual ISSA members who have closely examined the issue of data security for companies with 250 or fewer employees and aims to consolidate the most up-to-date best practice information to make it easier and faster for SME owners to find and apply it in their own businesses.

The man behind the draft standard moreover, is David Lacey, a respected figure in the world of information security and a former security pro at companies including the Royal Dutch/Shell Group and Royal Mail.

But are SMEs really as nonchalant about data security issues as ISSA suggests? Perhaps their inertia has less to do with complacency and more to do with fear, uncertainty and doubt, not to mention a lack of affordable, accessible guidance on data security issues – a point that ISSA also makes further on in its report.

“Even if the SME owner is inclined to do something about information security, where do they go for up to date guidance? There is a lot of information out there, but it is spread across numerous websites; it is focused primarily at large corporate or government bodies, where huge processes and large amounts of paperwork are the norm; and is often out-of-date and does not address current threats and security issues,” say the report’s authors.

But the evidence that the UK SMEs need to do more work on data security issues keeps on coming. In recent days, for example, customers of online retailer, Play.com, have been bombarded with spam and phishing emails – the result, it seems, of a data breach involving customers’ email addresses not at Play.com itself, but at a marketing services provider it uses.

The ISSA draft standard would seem to propose a sensible, three-step approach to looking at data security in a more mature, holistic manner. The stages involved include the definition of:

1.      Basic security measures – including owner/director commitment; a business-wide understanding of individual obligations; clearly defined responses to risks; and essential security countermeasures, ranging from locks on doors to anti-virus software.

2.      A defined security regime – incorporating rules, responsibilities, a disaster recovery plan and a regularly performed set of checks to ensure oversight.

3.      A managed security system – comprising policies and procedures; security technologies; and security education for the entire workforce.

Over the coming months, ISSA is inviting its members and other interested parties to take a look at the draft standard and provide their feedback directly to ISSA. The findings will be published this summer. Let’s hope they prove useful for the thousands of SMEs who would like to do a better job of safeguarding valuable corporate and customer data. So far, for whatever reason, it’s proving a difficult nut to crack.

For more on ISSA’s proposed standard, visit: http://www.issa-uk.org/issa5173

That’s according to a recent study conducted by specialist independent research company The Ponemon Institute and sponsored by data security company Symantec.

Based on the data breach experiences of 38 UK companies from 13 different industry sectors, the survey found that the cost of breaches rose for the third successive year, according to the report. The average data breach costs UK firms £1.9 million, or £71 per record – an increase of 13 percent from the year before.

Cost of breaches ranged from £36,000 to £6.2 million, where the costs associated with detection, escalation and notification, plus increased customer churn due to diminished trust were taken into account. Incident sizes, meanwhile, ranged from 6,900 records to 72,000 records.

Lost business ranked as the biggest contributor to overall data breach costs, accounting for 48 percent of the total, an increase of 2 percent from 2009. Costs for resetting accounts and communicating with customers made up 23 percent of the total and costs related to detection and escalation made up 20 percent.

According to the report, when a hostile attack is involved, the costs of a data breach are at their highest, at an average of £80 per record, up £4 on 2009.

More than a third (37 percent) of the cases scrutinised during the study involved system failure, up 7 percentage points on 2009. Negligence, by contrast, dropped 11 points to reach a 34 percent blame for data breach rating last year. Lost or stolen devices and third-party mistakes each fell slightly, while malicious or criminal attacks rose five points to become the principle reason given for 29 percent of data breach incidents.

However, an increasing concern for those surveyed was the threat from insecure mobile devices connecting to the corporate network. Some 64 per cent of those studied said they recognised this risk, while a whopping 84 per cent said that insecure mobile devices were likely to have accessed corporate data.

Several technologies were used as post-breach remedies. Three-quarters of those surveyed said they had deployed endpoint security solutions following a data breach, up significantly from 59 percent in 2009. Encryption is the second most implemented preventative measure introduced in response to a data breach, cited by 70 percent of respondents. Strengthening perimeter controls came in at third place, cited by 69 percent of those surveyed.

Commenting on the report’s findings, Dr Larry Ponemon said that regulators are cracking down to ensure organisations implement required data security controls or face harsher penalties.

“Confronted with both malicious and non-malicious threats from inside and outside the organisation, companies must proactively implement policies and technologies to mitigate the risk of costly breaches”, he noted.

The Domain Name System (or DNS) is the ‘telephone directory’ used on the Internet and on internal networks to provide the translation from name to a number. So www.directline.com maps to the IP address 155.136.71.10. The www.orange.com translates to 195.92.248.7. And www.comparethemeerkat.com becomes 62.128.133.234. If you didn’t have the DNS, you’d need to remember a complicated IP address for every website.

Multiple servers on a network run the DNS service to provide resilience. When a client wants to look up a website by name, a query goes out to a DNS server and a response comes back with the IP address.

One of the major issues around DNS, however, is its lack of security: DNS grew up over the early 1980s and was launched in the middle years of that decade. Effectively, its 25 year old technology and there haven’t been many changes to the system over the years.

Messages are sent in plain text: DNS was invented in the day when people on computer networks trusted each other implicitly. The protocol itself is very easy to spoof and, over the years, a number of DNS-related attacks have been reported: Denial of services (DOS) attacks are one common example. Another is the WPAD attack, where someone takes over your proxy server.

The security issue we’re going to look at here, however, is cache poisoning: this is where malicious data finds its way into your organisation’s DNS server in order to deliberately redirect legitimate users to an illegitimate website.

The problem lies in the random number generator used to generate the transaction ID (TXID), a 16-bit number that is assigned to every DNS query.

The problem is, they’re not that random, as Amit Klein of security firm Trusteer discovered in his research on the subject. Basically, if a hacker can predict the next TXID that the name server will use, by ‘sniffing’ a few sample DNS packets, then they can potentially poison the cache by spoofing a response with a matching TXID.

Inducing a lookup to an organisation’s name server is easy – the hacker can just send that organisation an email to a false email account. The ‘no such user’ response they receive contains transaction ID information they can use. A flurry of emails to false addresses on an organisation’s DNS server produces a flurry of responses, containing TXIDs, that enable the hacker to find a pattern. The probability of them guessing the correct TXID increases the more queries they send. Although the TXID is a 16-bit number with 65,536 possible values, hackers can achieve 90% probability with only 600 guesses.

If they successfully poison the cache, users will be redirected to the hacker’s own DNS server – but unaware of the fact, may go on to send passwords or credit card details directly to that hacker.

But more dangerously still, if that hacker can use the TXID weakness to hijack a whole domain and all the traffic that uses it – SMTP, HTTP, VPN, FTP, everything.

So what’s the fix? There isn’t one really – this is a fundamental protocol problem. Work to implement better TXID randomisation and the introduction of source port randomisation (so that a hacker has to guess both the source port AND the TXID) had made attacks harder, but isn’t a true ‘fix’.

The only real way to fix this is to deploy the DNS Security Extensions (DNSSEC), which adds cryptographic checksums to DNS responses that authenticate the data. If someone poisons a cache, the checksum will not validate and the response will be discarded. But DNSSEC is hard to do and requires widespread adoption.

For now, organisations have two options: implement DNSSEC in your organisation or monitor your name servers more carefully, analysing query logs and monitoring query loads. A range of tools are now available to help IT departments automate some of the workload around this very important security task.

Click here to listen to the Podcast

If not, it may be time for a rethink. Whether the IT team is ready or not, a growing number of employees are exercising their power of choice and using devices they buy themselves to send and receive potentially sensitive business data, in a trend increasingly referred to as ‘the consumerisation of IT.’

This movement raises important security questions for CIOs and their staff. In a 2010 survey conducted by networking giant Cisco, 41 percent of IT managers worldwide confirmed that employees regularly access the corporate network using unsupported devices.

But there are positive aspects to the trend, too, as it can provide a hefty boost to employee productivity, according to Josh Bernoff and Ted Schadler, analysts at IT market research company Forrester Research and co-authors of Empowered: Unleash Your Employees, Energize Your Customers and Transform Your Business.

In the book, they describe how forward-thinking organisations like Black & Decker and BestBuy are enabling employees to solve “customer and business problems using readily available technology that they master first at home”. If an organisation empowers its workforce to use the tools and services of their own choosing, goes the theory, they’ll get more done. If those tools and services are available to them, regardless of location, they’ll be productive when travelling, working from home, or meeting customers, too.

This is fuelling renewed interest among companies for mobile device management (or MDM) technologies, says Nick Jones, an analyst with IT market research company Gartner. MDM is a category of product that enables central IT teams to exert control over mobile devices out in the field. The physical location of devices can be tracked; they can be ‘wiped’ if lost or stolen; their voice and data usage can be managed and monitored; and IT teams can provide support and resolve problems remotely.

The trouble for corporate buyers is that the MDM vendor landscape is populated by a very large assortment of vendors. Gartner has identified more than 40 companies and considers the landscape to be both “immature and chaotic”.

In a recent study of available MDM products, Gartner analysts assessed only those toolsets that could support at least three of the following mobile platforms: Google Android phones, Apple iPhone, Apple iPad, RIM Blackberry, HP Palm OS and webOS, Microsoft Windows Mobile, Microsoft Windows Phone 7 and Nokia S60. While that list is by no means exhaustive, it may provide a useful guide to corporate IT buyers as to the range of devices they should be thinking of supporting.

Either way, IT directors seem to be coming round to the view that the consumerisation trend is unstoppable: in a November 2010 survey of attendees at Gartner’s Symposium/ITxpo event in Cannes, respondents expected one in five mobile devices used for business purposes in 2012 to be owned by employees. They also expect to be supporting an average of 3.3 smartphone or tablet platforms by next year.

It used to be the case that an organisations would build an end-to-end Ethernet network over a structured cabling system, on the assumption that employees would be sitting at a desk, connecting to a data centre sitting in the same building.

These days, at many organisations, that assumption’s simply not valid anymore. Many back-end services are not in the data centre, they’re located out in the cloud. And many employees are not sitting at their desks, they’re out in the field. Research from the Yankee Group estimates that around half of employees spend at least 20 percent of their working hours away from their primary work area.

Think back to the last time you were in your office. How many empty desks were there? How many people were working from home, from clients’ offices or out on the road? How many were in meeting rooms or elsewhere in the building?

This is where wireless technology brings big benefits. Take, for example, Carnival UK, the cruise ship holiday company: in planning its new premises, the company decided it wanted to enable its employees to be more efficient and flexible by using a wireless network based on 802.11n in its large, open-plan building. Since that office was opened, around 50 percent of employees (some 600 people) have never connected to the wired network. It’s not about having people sat down at a desk. It’s about giving them access to the data they need to get their jobs done, regardless of location.

And increasingly, they’re choosing to use their own devices to connect to that data – because most devices now come Wi-Fi ready.

For these reasons, traditional, port-centric networks are both over-provisioned and under-subscribed. The average enterprise has around 3.5 Ethernet ports for every desk position. But think back to your office: how many people aren’t sitting at their desks at any given time? Your organisation could be paying a great deal of money to provide connectivity that employees don’t need or use throughout much of the working day.

Once you’ve got a wireless network in place, you can give those employees ‘two-handed’ mobility and dramatically reduce the number of wired ports you need to purchase, install and support. If everyone’s running around, getting work done using iPads or smartphones or laptops, do you really need 3.5 or 4 Ethernet ports per desk? Of course you don’t.

Rationalising the wired network – which, let’s face it, has existed in much the same way for 20 years – can deliver huge cost efficiencies. At Aruba Networks, we’ve calculated that what we call a ‘rightsized’ network edge can cost around 40 percent less to build and maintain.

For example, a company supporting 1,000 end-users with 4 ports per person and no wireless LAN can expect to spend over $1.3 million in initial build-out costs and $408 per user in annual operation costs (when you take into account equipment maintenance fees, power and cooling, depreciation and refresh costs and money spent on adds, moves and changes to the network).

By contrast, by opting for two ports per person and providing a pervasive 802.11n wireless network, the same organisation could plan to spend just $775,000 on initial build-out costs and $262 per user in annual operation costs.

That’s worth thinking about. It’s not a case of replacing the existing wired network wholesale. It’s a question of making choices that better suit today’s working styles and saving money at the same time.

For cities, wireless broadband is essential in attracting businesses and jobs to the local area, ensuring public safety, supporting residents and government employees and reducing overall operating expenses. It’s also playing a big role in tackling digital exclusion, as connectivity is extended even to the most deprived areas.

In short, today’s city-wide networks are making urban environments more intelligent and more responsive to public needs. We talk a lot about ‘smart cities’ – those that harness technology to enhance public safety, to streamline traffic and transportation systems, and to measure and monitor water, gas, electricity usage, for example. In fact, city-owned wireless networks are quickly becoming a necessary tool to manage city operations and services.

The ideal city-wide solution is a single, high-capacity network that provides a reliable and secure service for all users at low cost. It needs to be installed dynamically and flexibly. It needs to be based on multi-radio 802.11n and advanced multi-polarity antenna technology that means that unnecessary digging up of roads to lay cable is avoided. Ideally, the technology chosen should be fully compatible with the mobile devices that government workers and urban residents are already using. Above all, it needs to be secure.

Where can we see this today? Barcelona is a good example: it’s working to become a global digital city of excellence. It already has probably the largest municipality-owned network, providing access to local government employees rather than the general public. Key applications include fixed and mobile cameras for security, traffic light controllers and parking management. In total, there are 18 applications supported. Today, these are mostly data-based, rather than voice-based, and will ultimately be rolled out across the entire city.

Also in Spain, the city of Toledo is forging ahead with an urban mesh across the perimeter of the city. This controls traffic-light sequence and monitors traffic flows. This infrastructure was deployed and installed in under a month.

In Hollywood, Florida, meanwhile, local government agencies were facing a number of unnecessary costs: high cellular data fees incurred by public servants using mobile devices; lost revenue from parking; and poor management of water resources. Now, with a city-wide wireless network supporting parking and water meters, the city expects to achieve over $23 million in savings over the next 15 years.

Industry estimates suggest that corporate wireless LAN technology can deliver an annual return on investment of £370 per user. But the benefits of this technology outside of the office, across today’s cities, promise to be far greater.

In a recent study into the new standard, research house In-Stat predicts that the new standard’s impact will be as speedy as its performance, pushing shipments of 802.11ac-enabled devices from a standing start of zero to nearly 1 billion by 2015.

“The goal of 802.11ac is to provide data speeds much faster than [current standard] 802.11n, with speeds of around 1Gbps,” says Frank Dickson, vice president of research at In-Stat.

The forthcoming standard, which uses existing radio spectrum in a range below 6GHz, is designed to exceed data-transfer rates of 1 gigabit per second by sending multiple simultaneous streams of data from access points to devices. Earlier versions of 802.11 wireless networking standards used the 2.4GHz frequency band, but 802.11n expanded to the 5GHz range as well.#

While the standard has yet to be finalised, the current schedule for 802.11ac approval is to have a draft standard created by 2011, Dickson explains, and have the first 802.11ac products out by the end of 2012.

That will appeal to corporate IT teams that want high-speed networks – but not the expense and inefficiencies associated with laying cable for fixed networks.

They will be hoping, meanwhile, that 802.11ac won’t be hampered by the same kind of issues that led to interminable delays of the 802.11n standard, currently the fastest version of Wi-Fi technology available. Given the fact that 802.11ac builds upon many of 802.11n’s established capabilities, however, that seems unlikely.

Overall, Wi-Fi continues to thrive, according to In-Stat. In 2015, some 800 million mobile phones will ship with the technology, they say, and nine out of ten percent of electronic e-book readers will come with Wi-Fi by that year. The company also predicts that 100% of mobile hotspot shipments will be 802.11ac-enabled in 2015.

Even companies that have already upgraded their network storage environments substantially in recent years are rapidly finding that the adoption of virtualised servers places unprecedented pressures. These fall into four key areas:

1. Storage utilisation rates

Virtualisation enables VMs to be deployed rapidly – that’s part of its attraction. But most VMs are created from a standard template, known as a virtual machine disk image or VMDK. When creating these VMDKs, most IT teams set the default storage capacity pretty high in order to accommodate the operating system, application and accompanying storage; on average, between 50 gigabytes (GB) and 100 GB per VM. When VMs proliferate in an environment, and companies fail to take down VMs that are no longer needed, the result is a massive over-provisioning of storage and profligate under-utilisation of what storage has already been bought and paid for.

2. Performance

With a single operating system running on a single machine, input/output (I/O) should, in most situations, be smooth and relatively sequential. But as more VMs are added to a physical host and start competing to send their I/O streams to the hypervisor for processing, these streams are unable to flow smoothly, become more random. This phenomenon – sometimes referred to as the ‘I/O blender effect’ – results in rapid performance degradation and disk crashes.

3. Storage management

Because storage allocation is managed through the virtualisation layer, typically the domain of the server management team, colleagues on the storage management team often lose sight of what’s happening within the environment. Virtualisation muddies the demarcations between servers, storage and networking, introducing conflicts and overlaps between team members. It can also make storage management processes – such as routine back-ups – extremely challenging. In order to back up a VM that may move around a virtualised environment on a regular basis, you’ve got to first figure out where in that environment it’s currently located.

These challenges leave many IT teams feeling forced to choose between one of two strategies: to be less aggressive in adopting virtualisation or to continue over-provisioning storage.

Thin provisioning, however, provides a more efficient alternative for tacking the first storage challenge of virtualised environments: utilisation rates. This technology enables a storage array to allocate storage to an application, but release it only when the capacity is required. In other words, when utilisation of pre-allocated storage approaches a pre-determined threshold, the array automatically expands the storage volume on an automated, just-enough, just-in-time basis.

Initially pioneered by smaller storage vendors, thin provisioning is now receiving more attention, thanks to Hewlett-Packard and Dell’s protracted 2010 bidding war for one of those pioneers, 3PAR. At the same time, storage vendors such as IBM and EMC have also been developing their own thin provisioning technologies and virtualisation leader VMware has built these kinds of capabilities into its software.

Storage resource management tools, meanwhile, can help with the second two challenges: performance and storage management. These tools can be used to monitor the reliability and availability of storage resources in a virtualised environment; enable IT teams to plan and allocated storage capacity; collect metrics on application data growth, device availability, bandwidth and I/O per second (IOPS); and to perform regular back-up and recovery tasks.

According to Valids Filks, an analyst with IT market research company, companies that have formal storage reporting, monitoring and capacity planning processes in place are typically able to reduce storage costs by between 20 percent and 30 percent.

Sample SRM vendor products include EMC Ionix, HP Storage Essentials, IBM TPC, NetApp SANscreen and Symantec Command Central. Additionally, some vendors of storage arrays are increasingly including tools for their own environments: these include EMC Celera Manager, NetApp File Storage Monitor and Sun Storage 7000 Analytics.

In a sense, these new technologies represent a ‘third way’, an alternative path to the existing options of ‘virtualisation sprawl’ (where VM proliferation leads to over-provisioning of storage) or virtualisation stall (where holding back on virtualisation limits the organisation’s application of the technology to applications with a relatively small and predictable storage footprint). Those that fail to adopt them may well find that, sooner rather than later, the benefits of server virtualisation are quickly overshadowed by storage problems.

Many companies today are using 1 terabyte (TB) and 2TB SATA drives today and much bigger SAS drives (often in the hundreds of gigabytes) today, along with bigger fibre-channel drives, too.

For most companies, it’s about growing capacity while seeking to maintain the corporate line on cost. But while everyone gets excited about the release of newer, larger drives, in many cases, what isn’t being addressed is addressable space. Most SAN and NAS controllers can only address a very specific amount of physical space, which we call a volume size.

That volume size – the largest single file system you can create in that type of storage systems – hasn’t grown that much. It’s typically around 10TB in terms of usable space.

So there’s an expansion in the size of disk and an expansion in the volumes of disk, but the window through which we can view that data is not going up. And while disks are bigger, they’re not faster. The speed of a SATA drive hasn’t increased much over last ten years; it’s typically 60 megabytes per second (MBps) to 80 MBps.

And overall, there’s just more ‘stuff’ to manage – LUNs [logical unit numbers], volumes, aggregates – so everything is getting more complex.

How can Solid State Disk (SSD) address these problems?

The growth in SSD is like nothing we’ve seen before. Almost every organisation has got some SSD in their data centres today.

In a recent ranking of the most disruptive storage technologies or business models by industry insiders and vendor executives, conducted by GigaOM Pro, SSD is at the top of the heap:

1. Flash memory/SSD

2. Private/public cloud computing

3. Storage/server virtualisation

4. Storage efficiency (thin provisioning, de-deduplication, compression etc)

5. Unified networking

And when we drill down to look at SSD in particular, this is what we find:

SSD memory densities are 64 times what they were 3 years ago. Cost per gigabyte is decreasing rapidly (but still nowhere near rotating disk).

SSD is gaining market momentum. Drive shipments are still low as a percentage of total shipments, but the future is extremely bright.

SSDs, combined with SATA, are making enterprise SATA disk drives more viable as primary storage, because customers can use half as many drives and achieve a similar level of performance as FC/SAS drives. That may sound strange, because SSD is still expensive – but we’re finding that a thin wedge of SSD with a larger amount of SATA is a great fit for many workflows.

Correctly configured, SSD technology can unleash the potential of multi-core processors, increasing enterprise data throughput while decreasing power and space requirements.

Above all, price per GB price is expected to decline by 48 percent between 2008 and 2013.

Thus far, two primary ways for deploying SSD in the data centre have emerged. First, as a disk replacement, where a separate data compartment consisting of SSD drives is built, introducing  a new ‘Tier Zero’ level to the storage hierarchy. Second, using SSD within NAS filers and SAN controllers, to act as a cache. Both these approaches have their limitations, but early deployments are already demonstrating the potential performance boosts that SSDs will deliver over the coming years.

That’s the view of Richard Villars, an analyst at IT market research company IDC. At many small and medium-sized enterprises (SMEs), he says, the person charged with managing and supporting storage systems is typically an ‘IT generalist’ – someone with limited IT knowledge and experience.

“The IT generalist doesn’t want to perform mundane storage device provisioning and management tasks, but they do need to set up, protect and expand storage capacity,” he says.

Give them “smart storage solutions”, he adds, and they can set up and use storage pools without having to be a storage expert.

That’s a message that the storage industry is keen to capitalise on. In recent months, there’s been a flurry of announcements from vendors emphasising the simplicity and low-cost of networked storage devices designed specifically for SMEs.

Take, for example, EMC: in January 2011, the company announced its new VNXe storage platform for that market, under the banner “Simple. Efficient. Affordable.”

“The product is designed in such a way that you really don’t have to know anything about storage to use it – and anything that you might need to know along the way is presented in the context of what you’re trying to get done,” wrote EMC global marketing CTO Chuck Hollis in a recent blog about the launch.

This attack on the sub-$10,000 storage device market represents a direct challenge to a number of the company’s rivals who are also bidding for their own slice of it. IBM, for example, recently released the StorWize v7000 and HP has its P2000 array. Dell’s Equalogic and NetApp’s FAS 2000, too, were designed with a similar customer profile in mind.

Drobo, by contrast, is attacking the market from the opposite angle. In the three-plus years since the company’s inception, Drobo (formerly known as Data Robotics) has focused its efforts on providing easy-to-use storage devices to the small office/home office (SOHO) market – a category sometimes referred to as ‘prosumers’.

With its recent announcement of three new products, the company is reinforcing its year-old drive to capture a slice of the small and medium-sized enterprise (SME) market, as well as appeal to individual departments within much larger companies.

The new Drobo line-up includes:

• an 8-bay file sharing Drobo with remote back-up;

• an 8-bay SAN (iSCSI-attached) Drobo;

• a 12-bay SAN (iSCSI-attached) Drobo with expanded redundancy features, support for thin provisioning and new data-aware tiering technology.

The first two devices are available immediately, while the 12-bay SAN will start shipping in April.

Much has been added to that third device to enhance its appeal to the SME market. Its new data-aware tiering technology, for example, automates the process of placing data on disks according to how frequently it is accessed. In this way, the devices ‘recognises’ different data types (for example, archived emails or rich media files) and matches them to the media that best fits their usage profile. The device is rack-mountable and has dual, hot-swappable power supplies.

“For Drobo, it’s about providing big storage in a small box with ease of use and a small price tag,” says Paul Thackeray, the company’s VP of EMEA.

With so much competition, it will be interesting to see how the battle for the SME networked storage market plays out. But for vendors, it’s clearly a battle worth fighting: according to IDC, the entry-level market for storage is both larger and boasts a higher growth rate than the mid-range of high-end markets.

Such complexity adds cost and administrative burden to already over-burdened environments. Ultimately, traditional back-up methods – termed legacy back-up methods – are proving too costly to operate and maintain with insufficient recovery options.

Beyond cost and recovery issues, legacy back-up methods systems are also out of step with modern data centre priorities. These include infrastructure consolidation, cost cutting and simplification of operations. Yet instead of furthering these initiatives, legacy back-up methods systems run counter to them by adding complexity, consuming data centre floor space, and increasing energy consumption. To support current trends, data protection systems must evolve by taking advantage of new server capabilities.

Image-based data protection solutions are the next generation in data protection technology. The breakthrough that enables – simply better data protection – is the use of system images to make back-up copies, rather than individual files.

Virtual servers create image files that encapsulate virtual machine (VM) systems. Protecting the images is far faster and easier than scanning for the thousands of individual files these images represent. With simple conversion tools, equivalent image files can also be created for each physical system. By applying the advantages of image-based data protection learned in virtual environments to physical systems, image-based data protection solutions make better data protection possible for all environments.

The use of images reinvents the way data is collected, transmitted and recovered. Image-based back-up collects and protects more types of data in a single step, transmits and stores it more efficiently, and offers faster recovery at more frequent points in time.

The resulting return on investment (ROI) for image-based data protection is significant; conservative estimates are at least $15 returned for every $1 invested in image-based data protection solutions.

Unlike migration between back-up software brands, adoption of image-based data protection solutions is fast and easy in most environments. Image-based data protection solutions can be added to legacy back-up method deployments. Configuration options enable image-based data protection jobs to be merged into existing legacy back-up methods cycles. Console systems already in place can be used for environment-wide scheduling. Existing SAN storage can be leveraged for secondary sweep-to-tape of all protected data in a single job.

These consoles and systems are already familiar to back-up administrators, thereby easing the adoption process. Operating a single console system that manages all data protection for the environment is a priority for most organisations, and the task of managing various data protection tools is already a familiar one.

Adoption of image-based data protection is expected to occur incrementally in existing environments, and is gaining in acceptance in most organisations. Over time, as more and more organisations become aware of the benefits of image-based data protection methods, adoption is expected to accelerate.

To read this Quest white paper in full, visit: http://tinyurl.com/4rz2unx

That’s because, until recently, IP telephone applications were not typically supported as virtual machines (VMs) capable of running alongside other VMs on a shared hardware infrastructure. In other words, these apps needed their own dedicated server – in many cases, a proprietary appliance – on which to run. 

For CIOs and their teams, that has meant that UC and virtualisation have been separate projects on the IT agenda and separate line-items on the IT budget.

In fact, there have been good reasons for keeping certain parts of the UC portfolio well away from virtualised servers: compared to other corporate workloads, such as customer relationship management apps or even email, real-time communications have totally different performance requirements. A few seconds’ delay tend not to matter with most corporate workloads – but real-time services such as call control, conferencing and call centre applications are quickly scuppered by them.

However, recent advancements in hypervisor technology – the software that allows multiple workloads to cohabit on a single server – are gradually opening the door to fully virtualised UC platforms.

And within the last year or so, vendors such as Avaya, Mitel, Cisco and Siemens have ported call control and other UC applications to run on virtualised servers and/or appliances). In addition, Microsoft supports OCS 2007 on a hypervisor, although not yet for voice or video.

Right now, it’s not a case of moving UC wholesale into the generic virtualised server environment. For most UC vendors, the focus thus far has been on engineering their approach to leverage some of the benefits of virtualisation, but to avoid critical quality-of-service failures in real-time applications.

So for customers, it’s a case of finding an approach that fills the gap between implementing real-time applications on dedicated appliances and a general-purpose pool of servers in the data centre. But at the same time, those responsible for architecting and managing their company’s UC strategy should quickly develop a working knowledge of virtualisation technologies and products, because vendors of both UC and virtualisation are promising big advances in future.

Over the longer term, the benefits of virtualising UC will be the same as for virtualising other kinds of corporate application or service: optimal use of hardware resources, reduction of infrastructure operating costs and overall server consolidation. Another major benefit of virtualised UC is that, in the event of a hardware failure, UC VMs can be migrated to another server in the environment for business continuity purposes.

Virtualisation is also enabling UC vendors to offer customers a ‘mix and match’ approach to adoption. This means that organisations can pick out virtualised modules of UC services and deploy each service they require within a separate partition on a turnkey appliance. Using this approach, multiple instances of the same service can be loaded onto the appliance, providing redundancy and load-balancing for high-demand services.

For most companies, this is yet another stage in their virtualisation journey. As a  candidate for virtualisation, real-time communications may somewhat late to the game, but the potential benefits are certainly appealing.

This topic will be covered in more detail by presenters at Unified Communications Expo, the UK’s leading business communications event, to be held 8/9 March 2011 at Olympia London. For more details, visit: http://online.ucexpo.co.uk

Right now, virtualised desktops account for fewer than 1% of the 550 million business PCs worldwide, according to figures from IT market research company Ovum. Many organisations are doing ‘proof of concept’ projects, but few have rolled out fully virtualised desktop estates at this point in time. But we believe that uptake of this technology is likely to take off over the next few years.  

There’s little point in rushing into it. As with all virtualisation technologies, the only effective time to deliver is at the point of dislocation for an existing service. So if you’re facing a hardware refresh, or an application refresh or a new version of an operating system or some of the middleware, then that’s the best time to move to virtualised delivery of desktop services. At any other time, you’re going to have to throw stuff away – and that won’t help your return on investment (ROI) case.

Once the time has come, desktop virtualisation is a journey you should approach step by step, rather than with a ‘big bang’ implementation. Traditional wisdom has been that the way to reduce desktop costs is by standardising PCs and locking down as much functionality as possible. Now, a new approach is emerging that dictates that diversity is the way forward.

That’s because desktop virtualisation is about far more than enabling people to work from home or roam between offices or using mobile devices to work when they’re on the move. It’s about improving workforce agility and delivering the service that the user expects.

There is a real culture change happening in the way that young people entering all industries expect to use technology. They’re the Facebook generation, the Twitter generation, they’re people who blog. They need access to a wide range of collaborative and social networking tools, in their perception, in order to do their jobs properly. Coming into a traditional corporate IT environment, where such things are often blocked, will not allow this generation to perform to the best of its abilities.

That’s why ‘bring your own computer’ models are becoming increasingly prevalent. This movement – whereby employees select the device that they prefer to work with, rather than accept a standard-issue bit of corporate IT kit – is critically associated with enabling a younger generation of workers to bring their own independent stamp and efficiencies and optimal performance to the workforce.

Some companies are even starting to grant employees an allowance to go shopping for their device of choice – but the payback is that the IT department don’t have to support it, because it’s not their problem anymore. That job is effectively outsourced to the employee.

At the same time, however, the IT team still has to deliver a secure, build-and-load partition for that employee within the data centre, complete with a secure application stack that they can access from their chosen device.

Defining that application stack involves categorising users according to their role. That means identifying the kinds of access to services and data that different classes of user require. Does this individual have permission to view confidential data? Do they belong to a group with authorisation to change it? Is this person a process worker in front of a screen, executing business processes? Do they require access to the Internet? Is mobility part of their day-to-day job? These are the types of questions that drive a definition of roles within a workforce, and help identify and design the most suitable desktop template to go with that role.

In order for your desktop virtualisation project to deliver real value and real results, you need to be flexible. Make a virtue out of managing diverse requirements and deliver a compelling end-user experience. These days, one-size-fits-all won’t work.

The success of virtualisation shows that the benefits have been proven, but are companies realising the true rewards from having a virtual estate and making the most of its capabilities?

Most companies are initially enticed by the cost-cutting efficiencies of virtualisation. This is understandable – after all, organisations such as Stockport College have saved over £500,000 in hardware alone since virtualising. However, while many companies have reaped the initial benefits of a server virtualisation project, it is those that take virtualisation to the next level that can make the long-term transformative improvements to their entire IT operation.

A fully virtualised estate brings with it improved management of all systems, as applications can be controlled via one central hub, for a streamlined process. With a complete oversight of all operations, the business is given better control of its resources, ensuring high availability and improved application performance.

At the same time, by not taking the next step and virtualising important, tier one applications like Microsoft Exchange and Oracle, an organisation also risks missing out on the most important benefits of virtualisation – business continuity and disaster recovery.

In fact, many of the organisations that have virtualised their mission-critical applications rate improved business continuity and disaster recovery capabilities as the number one benefit of virtualisation – even ahead of cost savings. But of course, the increased uptime and availability offered by virtualisation can mean even further cost savings down the line.

We shouldn’t forget that a fully virtualised IT estate makes the daily role of an IT Manager much easier. Any applications running on physical servers still require manual updates, and will be prone to over-capacity issues. If all servers are virtualised, simpler updating processes, uptime and capacity issues mean that IT departments can instead focus their energies on more strategic business projects.

Virtualisation can help a business to better utilise its IT resources by pooling them together. The technology has been proven to reduce opex and capex costs, energy consumption and streamline processes, but the best deployments are those that cover most, if not all, the organisation’s servers.

The way to derive the greatest value from virtualisation is to have a comprehensive, staged deployment that virtualises all applications. Of course, achieving this target involves reassessing the management and process disciplines associated with any major IT change.  Thousands of organisations have done this, are reaping the benefits and are now in a strong position to adopt the cloud approach to IT, to achieve even more savings and deliver greater value to their organisations.

See also: http://tinyurl.com/5wp7bwx

Cost reduction
VDI (virtual desktop infrastructure) is already an area of technology deployment where benefits massively outweigh costs. ‘Full’ VDI (hosted Windows XP and Windows 7 desktops) has already been adopted in industries such as defence, healthcare and finance, where security, data sovereignty and/or device-independence are major imperatives. Organisations in these sectors are willing to assign greater capex (capital expenditure) investment to implementing virtual desktops than they would to traditional desktop deployments. Education has been another early adopter. But for the adoption of desktop virtualisation to continue across a wider range of industry verticals, the capex cost of a virtual desktop needs to fall below that of a physical desktop in order for desktop virtualisation to become a serious consideration for all organisations.

Terminal Server/Session Host resurgence
We hear increasingly of VDI pilot projects that have stalled on economic grounds, finding new life only when someone dares to mention the term “Terminal Server.” The fact is that as much as 90 per cent of the technology used in VDI is the same as that used in Terminal Server – but right now, most people don’t realise that there’s a simple, low-cost way to deploy applications and desktops to task workers using almost identical technologies and at a fraction of the cost.

As the market becomes more educated about desktop virtualisation in general, and not just VDI, more organisations will realise that they can meet the needs of their task workers with Terminal Server for less than VDI costs, and that blending these technologies will deliver even more savings.

Market understanding
The market will simply become more knowledgeable. Right now, a lot of VDI pilot projects are launched today because a reputable vendor tells organisations, “You gotta try this”, and gives them a bunch of cheap or free licenses. After no small amount of effort, many of these projects end in disillusionment. In 2011, we’ll see greater awareness the potential pitfalls of VDI and the adoption of strategies to achieve better and cheaper results.

More flexible management
Central control of multiple desktop virtualisation types is key to realising the promised opex (operational expenditure) savings. We also anticipate more awareness of which management-console features are there to tick a box on a features list, rather than provide ‘must-have’ functionality.

Growing diversity of mobile access devices
The launch of the iPad in 2010 showed the world how far mobile device technology has come. In 2011, we expect a new crop of tablet computers. For those who would have traditionally carried a clipboard and used thin clients of PC ‘hot desks’ to do their jobs, a tablet computer is a highly attractive proposition. That’s particularly true in workplaces such as manufacturing plants, hospitals and other healthcare organisations.

The Cloud
This nebulous term applies to everything and means so many things to so many people. In the world of desktop virtualisation, it primarily refers to virtual desktops being served from a cloud-based data centre, rather than an on-premise one. The biggest challenges to this model are two-fold: first, extending enterprise authentication domain into the cloud, and second, licensing. In particular, software licensing has not yet caught up with the idea that the entire user desktop with its applications might be delivered on-demand, as a monthly or quarterly subscription service, with no lock-in or perpetual contract. But the momentum behind cloud computing is immense and with huge capacity and growing network bandwidth available at ever-lower prices, customer demand will surely drive the growth and acceptance of desktops in the cloud as well as changes to licensing during 2011.

At Quest, we’ll be following these developments closely and will continue to provide innovations to accommodate them – with technology that’s just as impressive our crystal ball.

Analysts at IT market research company Infonetics Research recently proclaimed that “a new round of data centre upgrades is now underway”. In 2010, their estimates suggest, the market for data centre networking equipment grew 67 per cent over 2009, to hit a “milestone” $7.6 billion worldwide. Much of that growth, they add, was driven by purchasing in the North America and EMEA regions.  
This market, Infonetics’ definition, comprises three main product areas – Ethernet switches, application delivery controllers (ADCs) and WAN optimisation appliances – and it is the first of these that we’ll focus on here.

According to Infonetics’ calculations, 10G accounted for 14 per cent of data centre switch ports in the third quarter of 2010, much higher than the total Ethernet switch market. And penetration of 10G ports is set to reach around 50 per cent by 2014, aided by rapidly falling prices.    But why should customers pinpoint this particular technology for their data centre infrastructure investments?

The answer is pretty simple: the voracious rate at which today’s data centre consumes network bandwidth. Several wider trends that are fuelling its appetite.

Above all, there’s the trend of virtualisation. It’s fair to say that the technology has proved a great success at companies looking to consolidate their server estates and boost the utilisation rates of the servers that remain, but some challenges persist. Many CIOs and their teams are finding that, in their newly virtualised storage estates, individual virtual machines (VMs) residing on a server are competing against others on the same host for their share of underlying resources. When each VM is ‘tricked’ by virtualisation into thinking it has exclusive use of networking equipment, the result is heavy over-subscription.

And what kinds of machines are hosting these VMs? In many cases, it’s powerful servers equipped with multi-core, multi-threaded processors. In order to achieve their full processing efficiency, these machines require network interfaces (and the underlying network itself) to be exponentially more powerful, too.

Storage is proving a flash point as well, and IT teams are increasingly looking to consolidate their storage infrastructure on a next-generation Ethernet network. What’s helping that trend is the convergence of Ethernet and storage protocols such as Fibre Channel, iSCSI and Fibre Channel over Ethernet (FCoE). It’s a huge opportunity for networking suppliers if they handle the transition well, say market watchers.

But make no mistake, warn analysts at IT market research company, Forrester Research, “Ethernet is the future of all data centre networking.”

Their advice to IT teams comes in three steps. First, they should leave behind the traditional three-tiered LAN architecture and start moving towards the ‘Promised Land’ of a two-tiered LAN.

According to network vendors, this offers the attractions of lower latency, because of the reduced number of device ‘hops’; simplified device management; significant savings on power, cooling and space; and a reduced number of potential system failure points.

Second, say Forrester’s analysts, IT teams should make the change to a converged Ethernet slowly, using FCoE, in order to avoid major overhauls until SANs are phased out in 10 years.

And third, they should save save money on data centre networking by evaluating all vendors and being open to the idea of a multivendor network. “Customers couldn’t be in a better position to have true networking choices,” says Forrester analyst Andre Kindness. “Hewlett-Packard acquired 3Com, Brocade spiced up Foundry with its Brocade One initiative, and Juniper entered the high-end switch market with a bang. Meanwhile, Cisco Systems has left the gate with its Nexus and UCS solutions.”

For IT networking teams, the pressure is on – but with IT budgets still squeezed, what investment decisions will they be at liberty to make? It’s a situation that IP EXPO Bulletin will be monitoring closely over the coming months. Watch this space – or, better still, let us know your views.

1. 2011 will be the year of the Hybrid Cloud, Unified Communications and all the infrastructure and services requirements that go with these trends.

2. The emergence of cloud mobility. Companies have been enjoying the benefits of private cloud computing during 2010, but have been waiting for cloud mobility – the ability to migrate virtual machines (VMs) between cloud service providers without changing the way they connect to their app (for example, no change in IP address and so on). Up until recently, cloud providers were seen as suffering from the ‘Hotel California’ syndrome: “You can check out any time you want, but you can never leave.” The advent of cloud mobility, enabled by technologies such as Brocade’s Ethernet fabrics, which virtualise the network layer, means that customers can now deploy public/hybrid cloud applications in a simple and low-risk manner. What’s more, Ethernet fabrics are complimentary and interoperate seamlessly with existing standards-based Ethernet networks. This is bolt-on, added value at low risk – a CTO’s dream.

3. Network service providers will migrate their infrastructure from 10 gigabyte (10G) to 100G interfaces as the requirement for higher-performance links increases. Traffic from the web, including text, graphics, audio and video, will represent more than 75 per cent of corporate network traffic this year, up from 50 per cent in 2010. And that, coupled, with they type of traffic networks now carry (with social networking traffic second only to on-demand video), will require higher performance and more intelligent networks. Moreover, the IPv4-to-IPv6 problem will be fixed by the use of intelligent load balancers, such as Brocade’s ADX product family. These allow customer to maintain their existing environment in a world where IP addresses are running out fast.

4. Unified Communications will become the standard way that employees interact with colleagues and customers. The corporate data centre norm will be 10G Ethernet and application load balancers fronting server farms that host virtual sessions. More companies will embrace the benefits of social networking as part of their marketing activities and recognise the inevitability of new technologies such as tablets and smartphones, and the rich-media demands that these devices make on networking infrastructure.

5. A new breed of Ethernet will become mainstream. Ethernet fabrics will be embraced by both the storage and IP networking teams, since the stability and high performance of these fabrics, coupled with the benefits of reduced management through virtualisation, will make this an attractive option for CTOs looking for high performance top of rack and eventually converged networking over one infrastructure. The high-performance, low-latency nature of this new breed of Ethernet switch will also appeal to the high-performance computing (HPC) sector and trading-floor customers from the financial services industry.

Here, IP technology provides an increasingly attractive option as a data transport technology for security-conscious organisations. It also offers businesses the chance to integrate disparate security systems onto a single platform. As a result, the relationship between the network manager and the CCTV specialist is changing, as they seek to reach a mutual understanding of business needs.  

Until they make that move, however, businesses face a number of problems with their existing security systems. Having disparate systems limits monitoring capabilities and introduces many inefficiencies. Single-vendor systems, meanwhile, limit upgrade capabilities. And surveillance systems need to stay running 24/7 – so what happens during periods of routine maintenance?

The flip side of the coin is the problem of ‘information overload’. Businesses need to ensure that the security data that is collected can be turned into usable, actionable information. Increasingly, they may need key personnel to access the system remotely, to ensure continuity of surveillance. They need to continually revise security policies, to eliminate regular responses to ‘false-positive’ alerts. And they need a way to efficiently store and archive the data they collect.

Here, IP has substantial advantages over existing approaches:

• A reduction in cabling and equipment around a premise;

• More control over the storage and distribution of CCTV images;

• The return on investment (ROI) to be gained in eradicating superfluous cost associated with existing security network infrastructures;

• The secure utilisation of video streams by different departments and personnel;

• A single platform, rather than multiple stand-alone systems.

These benefits are already being enjoyed at the home of Irish international rugby, the Aviva Stadium in Dublin. Here, ADT is responsible for the end-to-end delivery, maintenance and support of the stadium’s life safety and security systems, including fire detection, CCTV, access control, intruder alarms, gas extinguishers and disabled WC alarms.

Each of these individual systems have been seamlessly integrated with the stadium’s local area network (LAN) and IT infrastructure. This enables security operators and the Gardai (Ireland’s police force) to monitor and control each component from centralised workstations around the site. It’s all part of the stadium’s efforts to ensure guests have a safe and enjoyable experience on match days.

Most organisations now recognise that it doesn’t make sense to simply throw more and more capacity at a problem. Instead, they recognise the need to be able to look at class-of-service capabilities, map services end-to-end and keep careful control over their network.  
In this respect, Ethernet WAN has much to offer. It has experienced some notoriety, because systems and standards are evolving. So when they need to link to a number of different service providers on a global basis, many companies find that not every provider’s Ethernet WAN service is the same as the next.

They need a more holistic approach to their procurement decision. They need a provider who can answer the following questions comprehensively: Are service-level agreements (SLAs) available across the entire network, regardless of location? And are they available, regardless of the last-mile service provider that is used as part of your delivery to us?

Integration is a major consideration, too. As a company starts to use cloud services, it’s vital that whatever Ethernet WAN it chooses integrates closely with its virtual private network and its data centre. It’s a case of bringing disparate networks together in a cost-effective way that still gives control.

There are a wide range of choices now available for Ethernet WAN: Ethernet Layer 2 WAN (VPLS), Ethernet Wavelength Services, Ethernet over SDH/SONET, Metro Ethernet. Regardless of what approach a company chooses, it’s important to consider, in advance, the state of its ‘Ethernet toolbox’.

The following questions provide a framework for deciding what a company currently has and what it may need:

• What regions/countries need to be connected?

• How many locations need to be connected?

• What’s our network architecture – point-to-point, hub-and-spoke, any-to-any?

• What are our bandwidth requirements by site?

• Do we understand access service availability and options?

• What legacy protocols can a provider support?

• What are our back-up or diversity requirements?

• What are our current edge equipment and interface capabilities?

• Is our goal converged IP services?

• What technical staff and skillsets do we have?

• What traffic-sensitive applications do we run and what are their quality-of-service requirements?

Ethernet WAN is already enabling truly converged services to be delivered – but this throws a further level of complexity into the decision-making process. If a company is starting to run multiple applications down a single pipe into the last-mile access to its office or data centre, it  needs control of every aspect of every element. In effect, it needs to be able to separate out those streams.

Not all companies can provide you with that control and visibility. So, if you’re making a change to your WAN transport architecture, and you’ve decided that Ethernet is the way forward, then check carefully that your service provider has a multiple service platform that enables you to take anything over that Ethernet pipe but still monitor and manage every element on an individual basis.

Those are some of the key findings from a recent report conducted by the Centre for Economics and Business Research (Cebr), on behalf of information management giant EMC. Overall, Cebr found that the annual economic benefit of cloud computing for each country by 2015 will be:

1.    Germany – €49.6 billion
2.    France – €37.4 billion
3.    Italy – €35.1 billion
4.    UK – €30.0 billion
5.    Spain – €25.2 billion

Big claims are regularly made for cloud computing – but these are by far the biggest we’ve seen to date. That’s perhaps understandable, when you consider that most research into cloud computing takes a micro-economic view, focusing on the economic benefits to individual companies. By contrast, Cebr’s 2011 Cloud Dividend Report takes a squarely macro-economic review and claims to be the first of its kind to do so.

In order to better understand how these figures were arrived at, we spoke to both Cebr and EMC to get the inside track on their motivation, their methodology and the study’s findings.

“We were aware that no-one had really looked before at the impact of cloud in such broad terms,” says Andrew Moloney, a director at EMC. “We had a hunch that this impact would be hugely significant – but it takes specific skills to produce this kind of in-depth analysis, which is why we called in Cebr to help.”

Cebr, by contrast, is no stranger to grappling with complex, macro-economic models: in recent weeks, the research house has also quantified the likely impacts of the EU’s bailout of the Irish economy and tax implications of the UK’s clampdown on City bonuses. The Cloud Dividend findings took the organisation some four weeks to produce, according to its managing economist, Oliver Hogan.

“What we were aiming for was a macro-economic quantification that would strike a chord with a wider audience: not just IT professionals, but for CEOs and those in the public-policy domain, who need to decide how national governments should be thinking about the cloud,” he says.

In order to arrive at its findings, Hogan explains, Cebr’s researchers broke down each national economy into nine industry sectors. For each sector, a certain level of IT spend as a percentage of overall turnover was assumed, enabling them to arrive at a basic cost savings figure for each sector. From there, they drew on data drawn from a wide range of sources to model business development and business creation benefits for each sector.

In the case of the UK’s headline figure of £100.7 billion in economic benefits, for example, these derive from cost savings of £22.4 billion from IT capital savings and operational savings, such as labour, power and cooling; £25.2 billion in business development opportunities; and £17.1 billion in new business creation. Other benefits included increased business efficiency through use of the cloud.

What is perhaps most interesting about the analysis is the ranking of countries by potential annual benefits by 2015. This was achieved by examining two key sources of difference from nation to nation: the number of new SMEs expected to enter markets and the differences in average levels of SME productivity.

On this basis, Germany is set to benefit the most from cloud computing, because German SMEs are the most efficient among the five economies and because Germany is predicted to achieve high levels of new business entry over the period 2010 to 2015. By contrast, new business entry in the UK is expected to be comparatively low during the same period, as is the average efficiency of its SMEs.

It stands to reason that research like this is based on a number of baseline assumptions – for example, cloud computing adoption needs to continue at present levels (at least) for these forecasts to work – but macro-economic analysis invariably relies on this type of thinking.  And as EMC’s CEO Chuck Hollis asks in a recent blog, “Those of you who travel in macro-economic circles understand the fundamental relationship between investments in different forms of infrastructure (water, power, transportation, communications etc) and economic growth… Shouldn’t newer forms of IT infrastructure (for example, ‘cloud’, for convenience) be part of that discussion?”

First, Wikileaks fell victim to a denial-of-service (DOS) attack, forcing it to seek refuge for its data on Amazon’s public cloud infrastructure, the Amazon Elastic Compute Cloud, or EC2. (Days later, Amazon ejected Wikileaks from its cloud, citing infringements of its terms of service). But as other organisations – including Visa, Mastercard and Paypal – similarly withdrew their services from the whistle-blowing site, they also fell victim to DOS attacks, perpetrated by the Anonymous hacker collective in an effort called ‘Operation: Payback’.

So what is a DOS (or sometimes, distributed-denial-of-service or DDOS)  attack – and what, if anything, do these attacks mean for cloud computing customers? In essence, it’s a sudden surge of bogus web traffic, directed at a particular site by hackers using networks of compromised computers, with the goal of overwhelming a system and rendering it inoperable. In the Wikileaks affair, the motive behind the attacks has been purely political. In other cases, however, it has been financial – with hackers offering to stop their attack on receipt of a hefty payment from the victim.

What companies need to know is that DOS attacks are increasingly common and exceptionally hard to defend against. Few have the in-house IT security resources to detect and tackle a DOS attack themselves. Some employ the services of a specialist DOS mitigation service provider to filter traffic flows in the event of an attack on their behalf, but these can be very costly.

In a sense then, the cloud might offer the best protection for mainstream businesses against DOS attacks. One of the chief advantages of the cloud model is its elastic capability to scale in response to spikes in traffic. And most cloud providers today are more likely to have the experience and skills needed to deal with attacks than their customers do.

According to the Overview of Security Processes provided to customers by Amazon Web Services (AWS), for example, “AWS application programming interface (API) endpoints are hosted on large, Internet-scale, world-class infrastructure that benefits from the same engineering expertise that has built Amazon into the world’s largest online retailer.”

Hyperbole, perhaps, but the document continues: “Proprietary DDoS mitigation techniques are used. Additionally, AWS’s networks are multi-homed across a number of providers to achieve Internet access diversity.” That’s a great deal more security effort than many organisations are able to put in using their own resources – and, to date, it seems to have served Amazon well.

In fact, Professor John Walker, member of the ISACA security advisory group and CTO of security consultancy Secure Bastion, argues that cloud computing may well prove to be more robust than traditional, in-house IT operations in the face of this kind of attack.

“Whilst some corporate brands fell under the logical weight imposed by cyberattacks, some cloud-based sites successfully sustained their operations during such adverse conditions,” he points out. “Does this not beg the question why this could be? Does this not suggest that some of the better cloud providers have higher capacity to deal with sustained adverse conditions? They may not be as insecure as perception would have us believe.”

Today, most vendors are cloud providers, whether or not you immediately associate them with the cloud. If you’re a sceptic, you might well surmise that the cloud might be defined as whatever is being pitched to you by a particular vendor at a given time!

Even if we look at the three leading analysts – IDC, Forrester and Gartner – we’ll see that they all define the cloud slightly differently. Each definition has certain terms in common: ‘IP’, ‘services’, ‘scalable’ – but, essentially, they’re all slightly different definitions.

I believe there’s three key service models that we need to understand. Each one comes with its own features, issues, challenges and advantages.

The first cloud delivery model is software-as-a-service, or SaaS. This is probably the best understood cloud-delivery mechanism. It’s about buying access to a cloud-based application on a per user, per month basis – or is it? Typically, we think of Salesforce in this context – the idea of a low-cost, flexible, variable resource. In fact, Gartner will tell you that, today, around 95% of SaaS is bought in advance on a year’s contract. Prices, meanwhile, vary enormously.

The second delivery model is infrastructure-as-a-service, or IaaS. The best way I can explain this is that, traditionally, you’d have a data centre containing a rack of 20 physical servers with 20 operating systems. If I move to the cloud, and to IaaS, I’m going to move my 20 operating systems to the cloud but I’ll no longer have 20 physical servers. My challenges, however, are largely the same: I still need to log in to those 20 operating systems to patch, monitor and manage them. I just no longer have the baggage and encumbrance of data centres and physical servers on my hands.

Today, that’s where the vast majority of the market is at: organisations adopting the cloud are moving from physical servers to virtual machines located in the cloud. One of the best-known names in this area is Amazon.

The third model is platform-as-a-service, or PaaS. Here, rather than having my 20 operating systems, I only have one. I write my application, perhaps in .Net or Java. Once it’s written, I know the APIs and the programming language that I need to write to and I publish the application to my chosen platform, perhaps Microsoft Azure. Now, my application runs in an environment I know nothing about, but I do know the APIs and the functions that platform provides, and I’m totally abstracted from the operating system, so I don’t need to worry about it.

In all three cases, for users at least, the beauty of the cloud is this: as long as they have a browser or a client interface that they’re used to working with, they don’t need to know (or care) which delivery mechanism is being used.

From this, we can conclude that we’re at a place where companies want to adopt cloud and that many will go for it. But cloud adoption is a journey – a journey that most organisations begin with a consideration of the cost benefits of the cloud.  

That’s understandable. When cash is tight, the chance to shift IT investment from capital expenditure (capex) to operational expenditure (opex) is very attractive. But any decision to move to the cloud computing model should never be based purely on upfront economics. The reality is that the true benefits are often hidden from IT decision-makers when they’re making their initial assessments of the offerings available.

By considering the ten secrets of successful cloud adoption, you can familiarise yourself with the broader benefits that making that leap could bring. So what are those secrets?

1. Cloud isn’t just about the money As discussed, the shift to the cloud isn’t based purely on the economics. Economics help, certainly, but they shouldn’t be the be-all and end-all. As with any paradigm shift, there’s a very real risk that your cloud initiative could be derailed if you focus solely on cost.

2. Cloud is still embryonic Cloud hasn’t been around that long. It’s still an early-stage technology – and one of the issues with that is that, in many ways, you need to treat a cloud deal much as you would a regular outsourcing deal. Another issue is that industry standards are only just emerging. So the message is: caveat emptor, or ‘buyer beware’. You need to be sure that you’re buying into the right cloud provider for your business.

3. Cloud helps IT to deliver speed In considering cloud computing, you need to understand the IT department’s function – its production value to the business. The production value of the sales team is to turn prospects into orders. The supply chain team turn orders into invoices. The finance team turn invoices into cash. But what does IT do? Its first job is to deliver speed, enabling the business to turn strategy into execution in as short a time as possible. With its ease-of-adoption, cloud computing helps IT to be more responsive to business needs and, in turn, IT is perceived by the business as an enabler.

4. Cloud helps IT to deliver scale The second production value of the IT function is to deliver scale. It’s got to help the business do more for less; in other words, to take operations and increase capacity while reducing cost. Cloud computing is an important enabler here, allowing businesses to pay for the computing capacity they use and to scale this capacity up and down as business needs dictate.

5. Cloud helps IT to deliver agility Traditional ROI frameworks used by IT typically don’t include agility measures. Cloud changes all that, because of the way it delivers speed and scale. If you judge the cloud by outdated ROI methodologies, you could end up with a skewed business case that doesn’t reflect the true business benefit of cloud adoption.

6. Cloud means you don’t need to worry about scale Under the old capex model, an IT team would buy big, deploy the system, and repeat the process regularly. Under the new opex model, IT teams can align cost with value, because the business pays only for what it uses – and what it uses delivers immediate value. It’s a question of faster gratification.

7. Cloud separates code from configuration Once code and configuration are separated, a business can be much more flexible. SaaS packages can be reconfigured ‘on-the-fly’ in a way that simply wasn’t possible with on-premise software. This means that it can easily be adapted to suit business needs, without any change to the underlying code.

8. Cloud delivers continuous updates Your cloud provider is on a treadmill – they’re responsible for delivering the latest technology on a regular basis. That takes a lot of pressure off the IT team. The great thing about the cloud is that you get more functionality – and newer functionality – for your money.

9. Cloud changes the way that systems interact with each other Integration has long been one of the biggest stumbling blocks of systems deployment and adoption. Because cloud-based software is ‘loosely-coupled’, it takes away many of the challenges associated with systems integration. A good cloud supplier provides its customers with application programming interfaces (APIs) that they can use to link disparate systems in a non-invasive and easy-to-modify way.

10. You need to judge cloud on its own merits As discussed, cost is one of there merits – but economic benefits should include efficiency improvement measures. Others merits are flexibility, availability, user experience, timeliness and security. Don’t be afraid to question a prospective cloud provider closely about their commitments to you in these areas.

Watch the keynote presentations that took place in the FUTURES theatre here

Presentations included:

• Architecting the future of IT presented by Michael Capellas, CEO, Acadia Enterprises (former CEO, Compaq Computer Corp)
• Cloud Changes Everything presented by Paul Strong, CTO (EMEA), VMware
• The near future of IT infrastructure presented by Jon Collins, Managing Director / CEO, Freeform Dynamic
• Driving the Future of DataCentre Efficiency presented by Mark Smith, Technical Director, S3 (Solid State Solutions Ltd)
• Panel Discussion: Can I do more with less and improve the user experience?
• Who is building for capacity? A vision for future proofing your infrastructure presented by Andy Bechtolsheim, Founder, Chief Development Officer and Chairman, Arista Networks
• True Cloud – The Google Vision for Enterprise Computing presented by Xenophin Lategan, Enterprise Engineering Lead, Google Enterprise
• A Completely New Approach to IT Infrastructure presented by Russ Klein, Vice President and IT Research Group Director, Aberdeen Group
• Global delivery of large scale VDI with Quest and Microsoft: Kingston University presented by Dan Bolton, Technical Analyst in IT R&D, Kingston University.
• Technology in 2020 – A perspective presented by Ian Foddering, Chief Technology Officer and Technical Director, Cisco.

To the novice IT manager says Network Instruments, a shift to cloud computing may appear to offer great relief. No longer will their team have to worry as much about large infrastructure deployments, complex server configurations, and troubleshooting complex delivery on internally-hosted applications. But, diving a little deeper reveals that cloud computing also delivers a host of new challenges.

While providing increased IT flexibility and potentially lowering costs, cloud computing shifts IT management priorities from the network core to the WAN/Internet connection. Cloud computing extends the organization’s network via the Internet, tying into other networks to access services, applications and data. Understanding this shift, IT teams must adequately prepare the network, and adjust management styles to realize the promise of cloud computing

• Can your internet pipes handle the added demand?

Cloud computing’s advantage lies in placing the burden of applications and data storage and processing on another network. This shifts management priorities from internal data concerns to external ones. Currently, organizations have larger network pipes and infrastructure at the network core, where the computer processing power is located.

With cloud computing and Software as a Service (SaaS) applications, the importance of large bandwidth capacities shift away from the core to the internet connection. The shift in focus will significantly impact the decisions you make from whether your monitoring tools adequately track WAN performance to the personnel and resources you devote to managing WAN-related issues.

• Determining Priorities
  

With a massive pipeline to the internet handling online applications and processing, data prioritization becomes critical. It is unworkable to have a single IP consuming 30 percent of the organization’s bandwidth. Prioritize cloud and SaaS applications and throttle traffic to make sure bandwidth is appropriately allocated.

• Unanticipated Delays

Whether a lack of connectivity is due to over reliance upon a single internet provider, connectivity failures, or delay from the cloud-provider, the network team needs to be prepared. In the case of internet connectivity, thoroughly assess the reliability of your existing Internet Service Provider. When the internet connection is down or degraded, business productivity will also be impacted. Consider having multiple providers should one have a performance issue.

In the case of cloud-service providers, while you can rely upon status and performance reports from your provider, it’s important to have an independent source that can analyze and evaluate performance capable of pinpointing whether the cause of delay is internal, their internet provider, or the cloud service provider.

Further the performance monitoring solution should provide evidence and analysis to the internet provider or cloud-service provider to resolve the issue rather than blame the client’s network.

• Lack of management control

No longer does the network team have control over all aspects of troubleshooting and management of performance. How do you deal with degrading service? How do you enforce service level agreements (SLAs)?  For companies that are primarily hosting critical services like e-mail internally, when a problem occurs within the network core, the engineer can monitor the entire path of network traffic from the client to the server in order to locate the problem source. With service providers controlling the majority of information in cloud computing, it becomes more difficult to monitor, optimize, and troubleshoot connections.

As a result, Service Level Agreements (SLA), take on greater importance. SLAs should outline expected Internet service levels and performance obligations and define unacceptable levels of dropped frames and other performance metrics.

An SLA by itself is not enough to guarantee your organization receives the level of service promised. Since it is not in the provider’s interest to inform a client when its quality of service fails, we must rely on an independent view of WAN link connections. Utilize a network analyzer with a WAN probe to verify quality of service and gauge whether the provider is meeting SLA obligations.

• Can you trust the service provider?

Storing sensitive data internally means that the client organization takes responsibility for how private data is stored, secured, and accessed. Storing sensitive data in the cloud means that network teams need to conduct due diligence to understand the security strategies and solutions that cloud service providers have in place to secure their data. While cloud-service providers bear some responsibility for security, the brunt of a public relations nightmare will fall in the lap of the party that ultimately is responsible for securing the private data. This is usually not the cloud-service provider, but rather the corporation interfacing directly with the customer.

Cloud computing is more than the latest IT buzzword; it’s a real way for companies to quickly obtain greater network flexibility, scalability, and computing power for less money. But like most technologies, these services are not without risk and require proper preparation and refocused management efforts to succeed. Without taking into account bandwidth demand changes, implications to network visibility, current monitoring equipment, and security implications of cloud computing, it’s impossible to realize the efficiency and ROI gains promised by shifting to the cloud.

Strategic review of IP & Convergence

7th Annual Convergence Summit

Review the exciting changes happening in the communications market place with the virtualisation of technology, centralisation of services and availability of Next Generation Networks. Learn how our managed service offerings and New World Communications model can simplify, standardise, centralise and greatly enhance your business communications.

Britannic Technologies bring over 25 years of experience within the communications industry to its clients, working in partnership to manage and simplify the complex process of migrating legacy communications to new world flexible and resilient technologies.

Convergence Summit – Twickenham Stadium, 24th November

A must attend event for anyone looking to find out how the latest communication solutions can transform their business

Click here for more information