Thursday, February 20, 2014

Istanbul-based Finansbank Manages Risk and Security Using HP ArcSight, Server Automation

Transcript of a sponsored BriefingsDirect podcast on how a large Turkish bank uses HP server tools for rapid applications deployment while ensuring heightened security.

Listen to the podcast. Find it on iTunes. Download the transcript. Sponsor: HP

Dana Gardner: Hello, and welcome to the next edition of the HP Discover Podcast Series. I’m Dana Gardner, Principal Analyst at Interarbor Solutions, your host and moderator for this ongoing sponsored discussion on IT innovation and how it’s making an impact on people’s lives.

Gardner
Once again, we’re focusing on how companies are adapting to the new style of IT to improve IT performance and deliver better user experiences, and business results. This time, we’re coming to you directly from the HP Discover 2013 Conference in Barcelona.

We’re here the week of December 9 to learn directly from IT and business leaders alike how big data, mobile, and cloud, along with converged infrastructure are all supporting their goals.

Our next innovation case study interview focuses on Finansbank, an Istanbul-based bank, and how they better manage risk. To learn how, we’re joined by Ugur Yayvak, Senior Designer of Infrastructure at Finansbank in Istanbul. Welcome.

Ugur Yayvak: Thank you.

Gardner: Tell us a bit about your organization and how you're operating in terms of keeping compliance and risk issues in check?

Yayvak
Yayvak: Finansbank is one of the largest banks in Turkey and it has more than 12,000 employees and 600 branches in the country. Banking is a competitive world in Turkey, and for compliance we have to be rapid. We have to do things faster. And security is a big deal for us.

Gardner: And what sort of challenges have you had in terms of managing your systems in order to keep up with their compliance and regulatory issues and needs?

Yayvak: Because we’re a bank, we need to obey the payment-card industry (PCI) and Sarbanes-Oxley (SOX) rules. To accomplish this, we had to create some scripts to check the data on the servers. It takes lots of time to do compliance reporting. Security is a must for the servers, because of attacks. We need to be compliant and secure and we need to move fast on the server side.

Gardner: And so as you began to look for solutions to these problems, how did you come up with a solution? Where did you go for help?

Compliance and integrity

Yayvak: First of all, we needed a compliance and integrity-check solution. We did a proof of concept (POC) with three different vendors and we checked for performance, compliance, tool support, ease of use, reporting tools, and the support that the vendor would give us. After all that, we chose HP Server Automation.

Gardner: Tell us a little bit about that process. How long have you been using HP Server Automation software?

Yayvak: We’ve been using it for six months. Three months was for the implementation process, but during implementation, we created our first rules. We did some basic agent rollouts on the servers. Now, we have 90 percent coverage on all of our UNIX servers on the Server Automation site.

Gardner: Have you been experimenting with other HP products, perhaps something around service management for ongoing operations?

Yayvak: We’re using Service Management and also the ArcSight tool. We integrated Server Automation with the Service Management, ArcSight, and also Operations Orchestration to do our jobs in less time.

Gardner: What have been some of the results that you’ve seen since you've been implementing these solutions? What have you been gaining in terms of better control and how are your auditors viewing this rollout?
With the help of the Server Automation, it’s very simple and we can get the results in much less  time.

Yayvak: We’re creating monthly reports for our audit teams, and it takes less time. With the help of Server Automation, we’ve scheduled our jobs and the audit rules and reports that we want to share with our audit teams.

It takes much less time than it did before. Also, with the help of the scripts, the daily system administration tasks are very easy. Previously, we were doing everything by hand. With the help of the Server Automation, it’s very simple and we can get the results in much less  time.

Gardner: As you gain more automation for your configuration and your servers, does that offer you some advantage if should you choose to migrate to a new platform or even to a different type of hosting environment?

If there is an opportunity to take this beyond just operations into transformation, should you want to move your servers to a co-lo or a managed service provider or even a cloud provider?

Yayvak: We don’t have a plan, but maybe after using this product, we might.

Looking to the future

Gardner: What about the future? Do you have plans to move further, perhaps using ArcSight? Are there other security benefits that you have in mind?

Yayvak: One is to improve audit server automation, because there are some scripts that we’ve changed. Those changes that we’ve done on the servers must be audited. We also want to integrate Server Automation with ArcSight to track the changes that we’ve made. And if we’ve made an error, we will be alerted by the ArcSight server.

Gardner: Because you’re such a large organization with many branch offices, is there full centralization? Is this all happening in one data center or are you able to use this across a wider distribution?

Yayvak: Right now, we’re using our central data center, and also the disaster recovery site. But maybe later on, we can implement this for the branches to take care of the data servers there.

Gardner: That usually means some significant cost savings.

Yayvak: For sure.
We need to be compliant and secure and we need to move fast on the server side.

Gardner: Okay, is there anything here at the Discover show in Barcelona that is intriguing to you? What announcements or advances in the products capture your interest?

Yayvak: The new version of Server Automation came out this year, and we wanted to know what has changed. Also Finansbank will use lots of HP's products like Service Manager, Orchestration Manager, Operations Manager. This event was a good place to learn what has changed across these services.

Gardner: Well great. I’m afraid we'll leave it there. We’ve been talking about how Finansbank in Istanbul has been improving their server automation and bringing a better compliance and audit capability as a result. I'd like to thank our guest, Ugur Yayvak, Senior Designer of Infrastructure at Finansbank.

I'd also like to thank our audience as well for joining us for this special new style of IT discussion coming to you directly from the HP Discover 2013 Conference in Barcelona.

I'm Dana Gardner; Principal Analyst at Interarbor Solutions, your host for this ongoing series of HP sponsored discussions. Thanks again for listening, and come back next time.

Listen to the podcast. Find it on iTunes. Download the transcript. Sponsor: HP.

Transcript of a sponsored BriefingsDirect podcast on how a large Turkish bank uses HP server tools for rapid applications deployment while ensuring heightened security. Copyright Interarbor Solutions, LLC, 2005-2014. All rights reserved.

You may also be interested in:

Tuesday, February 04, 2014

HP Service Virtualization Eases Developer and Operations Lifecycle Support for Shunra Software

Transcript of a BriefingsDirect podcast on the benefits to software development from greater use of service and network virtualization.

Listen to the podcast. Find it on iTunes. Download the transcript. Sponsor: HP.

Dana Gardner: Hello, and welcome to the next edition of the HP Discover Podcast Series. I’m Dana Gardner, Principal Analyst at Interarbor Solutions, your host and moderator for this ongoing sponsored discussion on IT innovation and how it’s making an impact on people’s lives.

Gardner
Once again, we’re focusing on how companies are adapting to the new style of IT to improve IT performance, deliver better user experiences, and boost business results. This time, we’re coming to you directly from the recent HP Discover 2013 Conference in Barcelona.

We’re here to learn directly from IT and business leaders alike how big data, mobile, and cloud -- along with converged infrastructure -- are supporting their goals in new and interesting ways.

Our next innovation case study highlights how Shunra Software uses service virtualization to help its developer users to improve the distribution, creation, and lifecycle of software applications. To learn how, we're joined by Todd DeCapua, Vice President of Channel Operations and Services at Shunra Software, based in Philadelphia. Welcome, Todd.

Todd DeCapua: Thank you, Dana. It's great to be here with you.

Gardner: Let's think a little bit about this market. There are a lot of trends affecting software developers. They have mobile on their minds. They have time constraints issues. They have to be faster, better, and cheaper along the apps lifecycle way. What among the trends is most important for developers?

DeCapua
DeCapua: One of the biggest ones -- especially around innovation and thinking about results, specifically business results -- is Agile. Agile development is something that, fortunately, we've had an opportunity to work with quite a bit. Our capabilities are all structured around not only what you talked about with cloud and mobile, but we look at things like the speed, the quality, and ultimately the value to the customers.

We’re really focusing on these business results, which sometimes get lost, but I try to always go back to them. We need to focus on what's important to the business, what's important to the customer, and then maybe what's important to IT. How does all that circle around to value?

Gardner: With mobile we have many more networks, and people are grasping at how to attain quality before actually getting into production. How does service virtualization come to bear on that?

Distributed devices

DeCapua: As you look at almost every organization today, something is distributed. Their customers might be on mobile devices out in the real world, and so are distributed. They might be working remotely from home. They might have a distribution center or a truck that has a mobile device on it.

There are all these different pieces. You’re right. Network is a significant part that unfortunately many organizations have failed to notice and failed to consider, as they do any type of testing.

Network virtualization gives you that capability. Where service virtualization comes into play is looking at things like speed and quality. What if the services are not available? Service virtualization allows you to then make them available to your developers.

In the early stage, where Shunra has been able to really play a huge difference in these organizations is by bringing network virtualization in with service virtualization. We’re able to recreate their production environments with 100 percent scale -- all prior to production.

Getting back to the idea of innovation, some people are seeing these as innovations of a test environment. When we think about the value to the business, now you’re able to deliver the product working. So, it is about the speed to market, quality of product, and ultimately value to your customer and to your business.

Gardner: And another constituency that we should keep in mind are those all-important operators. They’re also dealing with a lot of moving parts these days -- transformation, modernization, and picking and choosing different ways to host their data centers. How do they fit into this and how does service virtualization cut across that continuum to improve the lives of operators?
Service virtualization and network virtualization can benefit them is by being able to recreate these scenarios.

DeCapua: You’re right, because as the delivery has sped up through things like Agile, it's your operations team that is sitting there and ultimately has to be the owners of these applications. Service virtualization and network virtualization can benefit them by being able to recreate these in-production scenarios.

Unfortunately, there are still some reactive actions required in production today, so you’re going to have a production incident. But, you can now understand the network in production, capture those conditions, and recreate that in the test environment. You can also do the same for the services.

We now have the ability to quickly and easily recreate a production incident in a prior-to-production environment. The operations team can be part of the team that's fixing it, because again, the ultimate question from CIOs is, “How can you make sure this never happens again?”

We now have the way to quickly and confidently recreate incidents and fix it the first time, not having to change code in production, on the fly. That is one of the scariest moments in any of the times when I've been at the customer site or when I was an employee and had to watch that happen.

Agile iterations

Gardner: As you mentioned earlier, with Agile, we’re seeing many more iterations on applications as they need to be rapidly improved or changed. How does service and network virtualization aid in being able to produce many more iterations of an application, but still maintain that high quality?

DeCapua: One of our customers actually told us that -- prior to leveraging network virtualization with service virtualization -- he was doing 80 percent of his testing in-production, simply because he knew the shortcomings, and he needed to test it, but he had no way of re-creating it. Now, let's think about Agile. Let's think about how we shift and get the proven enterprise tools in the developer’s hands sooner, more often, so that we can drive quality early in the process.

That's where these two components play a critical role. As you look at it more specifically and go just a hair deeper, how in integrated environments can you provide continuous development and continuous deployment? And with all that automated testing that you’re already doing, how you can incorporate performance into that? Or, as I call it, how do you “build performance in” from the beginning?

As a business person, a developer, a business analyst, or a Scrum Master, how is it that you’re building performance into your user scenarios today? How is it that you’re setting them up for understanding how that feature or function is going to perform? Let's think about it as we’re creating, not once we get two or three sprints into use and we have our hardening sprint, where we’re going to run our performance scenario. Let's do it early, and let's do it often.
Get the proven enterprise tools in the developer’s hands sooner, more often, so that we can drive quality early in the process.

Gardner: If we’re really lucky, we can control the world and the environment that we live in, but more often than not these days, we’re dealing with third-party application programming interfaces (APIs). We’re dealing with outside web services. We have organizational boundaries that are being crossed, but things are happening across that boundary that we can't control.

So, is there a benefit here, too, when we’re dealing with composite applications, where elements of that mixed service character are not available for your insight, but that you need to be able to anticipate and then react quickly should a change occur?

DeCapua: I can't agree with you more. It’s funny, I am kind of laughing here, Dana, because this morning I was riding the metro in Barcelona and before I got to the stop here, I looked down to my phone, because I was expecting a critical email to come in. Lo and behold, my phone pops up a message and says, “We’re sorry, service is unavailable.”

I could clearly see that I had one out of five bars on the Orange network, and I was on the EDGE network. So, it was about a 2.5G connection. I should still have been able to get data, but my phone simply popped up and said, “Sorry, cannot retrieve email because of a poor data connection.”

I started thinking about it some more, and as I was engaging with other folks today at the show, I asked them why is it that the developer of the application found it necessary to alert me three times in a row that it couldn’t get my email because of a poor data connection? Why didn’t it just not wait 30 seconds, 60 seconds, 90 seconds until it did, and then have it reach out and query it again and pull the data down?

Changing conditions

This is just one very simple example that I had this morning. And you’re right, there are constantly changing conditions in the world. Bandwidth, latency, packet loss and jitter are those conditions that we’re all exposed to every day. If you’re in a BMW driving down the road at 100 miles per hour, that car is now a mobile phone or a mobile device on wheels, constantly in communication. Or if you’re riding the metro or the tube and you have your mobile device on your hands, there are constantly changing conditions.

Network virtualization and service virtualization give you the ability to recreate those scenarios so that you can build that type of resiliency into your applications and, ultimately, the customers have the experience that you want them to have.

Gardner: Todd, tell us a bit about Shunra and your application-performance engineering solutions?

DeCapua: So, application performance engineering (APE) is something that was created within the industry over a number of years. It's meant to be a methodology and an approach. Shunra plays a role in that.

A lot of people had thought about it as testing. Then people thought about it as performance testing. At the next level, many of us in the industry have defined it is application engineering. It’s a lot more than just that, because you need to dive behind the application and understand the in’s and the out’s. How does everything tie together?
Understanding APE will help you to reduce those types of production incidents.

You’d mentioned some of the composite applications and the complexities there -- and I’m including the endpoints or the devices or mobile devices connecting through it. Now, you introduce cloud into the equation, and it gets 10 times worse.

Thinking about APE, it's more of an art and a skill. There is a science behind it. However, having that APE background knowledge and experience gives you the ability to go into these composite apps, go into these cloud deployments, and leverage the right tools and the right process to be able to quickly understand and optimize the solutions.

Gardner: It's fairly obvious to me, but I do get this question from time to time. Why aren’t the older scripting and test-bed approaches to quality control good enough? Why can't we keep doing what we've been doing?

DeCapua: This question is very often asked of me, too. In the United States recently, October 1 of 2013, there was a large healthcare system being rolled out across the country. Unfortunately, they used the old testing methodologies and have had some significant challenges. HP and Shunra were both engaged on October 2 to assist.

Understanding APE will help you to reduce those types of production incidents. All due to inaccurate results in the test environment, using the current methodologies, about 50 percent of our customers come to us in a crisis mode. They say, “We just had this issue, I know that you told us this is going to happen, but we really need your help now.”

They’re also thinking about how to shift and how to build performance in all these components -- just have it built in, have it be automatic, and get the results that are accurate.

Coming together

Gardner: Of course HP has service virtualization, you have network virtualization. How are they coming together? Explain the relationship and how Shunra and HP together go to market?

DeCapua: To many people's surprise, this relationship is more than a decade old. Shunra’s network-virtualization capability has, for a long time, been built in to HP LoadRunner, also is now being built into HP Performance Center.

There are other capabilities that we have that are built into their Unified Functional Testing (UFT) products. In addition, within service virtualization, we’re now building that product into there. It’s one that, when you think about anything that has some sort of distribution or network involved, network virtualization needs to come into play.

Some people have a hard time initially understanding the service virtualization need, but a very simple example I often use is an organization like a bank. They’ll have a credit check as you’re applying for a loan. That credit check is not going to be a service that the bank creates. They’re going to outsource it to one of the many credit-check services. There is a network involved there.

In your test environment, you need to recreate that and take that into consideration as a part of your end-to-end testing, whether it's functional, performance, or load. It doesn’t matter.
In your test environment, you need to recreate that and take that into consideration as a part of your end-to-end testing, whether it's functional, performance, or load.

As we think about Shunra, network virtualization and the very tight partnership that we've had with HP for service virtualization, as well as their ability to virtualize the users, it's been an OEM relationship. Our R and D teams sit together as they’re doing the development so that this is a seamless product for the HP customer to be able to get the benefit and value for their business and for their customers.

Gardner: Let's talk a little bit about what you get when you do this right. It seems to me the obvious point is getting to the problem sooner, before you’re in production, extending across network variables, across other composite application-type variables. But, I’m going to guess that there are some other benefits that we haven't yet hit on.

So, when you've set up you're testing, when you have virtualization as your tool, what happens in terms of paybacks? Not just the obvious ones, but it seems to me that this becomes a strategic benefit, influencing your business in terms of your overall performance, not just your application's performance.

DeCapua: There are many benefits there, which we have already covered. There are dozens more that we could get into. One that I would highlight, being able to pull all the different pieces that we've been talking about, are shorter release times.

TechValidate did a survey in February of 2013. The findings were very compelling in that they found a global bank was able to speed up their deployment or application delivery by 30 to 40 percent. What does that mean for that organization as compared to their competitor? If you can get to market 30 to 40 percent faster, it means millions or billions of dollars over time. Talk about numbers of customers or brands, it's a significant play there.

Rapid deployment

There are other things like rapid deployment. As we think about Agile and mobile, it's all about how fast we get this feature function out, leveraging service virtualization in a greater way, and reducing associated costs.

In the example that I shared, the customer was able to virtualize the users, virtualize the network, and virtualize the services. Prior to that, he would never have been able to justify the cost of rebuilding a production environment for test. Through user virtualization, network virtualization, and service virtualization, he was able to get to 100 percent at a fraction of the cost.

Time and time again we mention automation. This is a key piece of how you can test early, test often, ultimately driving these accurate results and getting to the automated optimization recommendations.

Gardner: How about getting started for organizations that have been doing traditional testing? Perhaps they’ve been using some HP products but they’ve been resisting going the full service virtualization monty, if you will. Any suggestions about skills, organization, how do you get started?
Let's start with that small scale, doing it right, and delivering that speed, quality, and value.

DeCapua: The most fun piece for me is that you actually need to do something. I can't tell you how many times I get started, and people say, “Yeah, this is a great idea. Yeah, it's wonderful.” They walk out of one of the session at HP Discover and they say, “Yes, I love it. Yeah, I've got my next three things that I need to do.”

It’s more than a tool. It’s really about the people. How is it that you can get this vision? Maybe it starts with one simple business case. Let's go through what that business case is to help me to understand what's the value to your organization. Can we calculate out some return on investment (ROI)? Can we get to what is the break-even point of this investment?

I hate to start talking about business and I hate to start talking about metrics. But as we look at the history of innovation, or what it means with the new style of IT, being able to improve IT performance, delivering the better user experience, and ultimately, who is paying the bill -- it's the business. So, if we can't deliver better business results, this is all for naught.

To get started, there are a number of different pieces that I recommend. But rather than create this huge strategy and everything else, what I would recommend doing is -- I hate to use the term “minimum viable product,” but really that's what I hear when I am in the smaller startup organizations.

It's, “What is that minimum viable product? How can we deliver the most value with the least investment in the shorter period of time, show that incremental value, and then start expanding it more?” It could be expanding it to other teams. It could be expanding it into the other business units, and then it could be going to the entire enterprise. But, let's start with that small scale, doing it right, and delivering that speed, quality, and value.

Gardner: Before we wrap it up, I’d like to just look a bit into the future. Things have been moving so rapidly. What comes next in terms of software productivity? Where should organizations be thinking in terms of vision?

Slow down

DeCapua: I see Agile, mobile, and cloud. There are some significant risks out in the marketplace today. As organizations look to leverage these capabilities to benefit their business and the customers, maybe they need to just slow down for a moment and not create this huge strategy, but go after “How can I increase my revenue stream by 20 percent in the next 90 days?” Another one that I've had great success with is, “What is that highest visibility, highest risk project that you have in your organization today?”

As I look at The Wall Street Journal, and I read the headlines everyday, it's scary. But, what's coming in the future? We can all look into our crystal balls and say that this is what it is. Why not focus on one or two small things of what we have now, and think about how we’re mitigating our risk of  looking at larger organizations that are making commitments to migrate critical applications into the cloud?

You’re biting off a fairly significant risk, which that there isn’t a lot there to catch you when you do it wrong, and, quite frankly, nearly everybody is doing it wrong. What if we start small and find a way to leverage some of these new capabilities? We can actually do it right, and then start to realize some of the benefits from cloud, mobile, and other channels that your organization is looking to.

Gardner: I guess, too, the role of software keeps increasing in many organizations. It's not a tool. It's becoming the business itself and, as a fundamental part of the business, requires lots of tender love and care, right?
The more that we can think about that and tune ourselves and make ourselves lean and focused on delivering better quality products, we’re going to be in the winning circle more often.

DeCapua: You got it. The only other bit that I would add on to that is looking at the World Quality Report that was presented this morning by HP, Capgemini, and Sogeti, they highlighted that there is an increased spend from the IT budget, and a rather significant increase in spend from last year in testing.

It’s exactly what you’re saying. Organizations didn’t enter the market thinking of themselves as a software house. But time and time again, we’re seeing how people who treat what they do as a software house ultimately is improving not only life for their internal customers, but also their external customers.

So I think you’re right. The more that we can think about that and tune ourselves and make ourselves lean and focused on delivering better quality software products, we’re going to be in the winning circle more often.

Gardner: Well, very good. I’m afraid we’ll have to leave it there. We’ve been learning about how Shunra Software is improving its network virtualization and service virtualization in partnership with HP for overall improved software-development quality. Please join me in thanking our guest Todd DeCapua, Vice President of Channel Operations and Services at Shunra Software. Thank you, Todd.

DeCapua: Thank you very much, Dana. I appreciate the opportunity, and thank you all.

Gardner: Yes, thanks to our audience for joining the special discussion coming to you from the HP Discover 2013 Conference in Barcelona. I’m Dana Gardner, Principal Analyst at Interarbor Solutions, your host for this on-going series of HP-sponsored discussions. Thanks again for listening, and come back next time.

Listen to the podcast. Find it on iTunes. Download the transcript. Sponsor: HP.

Transcript of a BriefingsDirect podcast on the benefits to software development from service and network virtualization. Copyright Interarbor Solutions, LLC, 2005-2014. All rights reserved.

You may also be interested in: