Discover Case Study: Seagate Ramps Up Dev-Ops Benefits With HP Application Lifecycle Management Tools

Transcript of a BriefingsDirect podcast from HP Discover 2011 on how Seagate Technology is leveraging HP's ALM tools to conduct development and dev-ops faster, better and cheaper.

Listen to the podcast. Find it on iTunes/iPod and Podcast.com. Download the transcript. Sponsor: HP.

Dana Gardner: Hello, and welcome to a special BriefingsDirect podcast series coming to you from the HP Discover 2011 conference in Las Vegas. We're here on the Discover show floor the week of June 6 to explore some major enterprise IT solutions, trends and innovations making news across HP’s ecosystem of customers, partners, and developers.

I'm Dana Gardner, Principal Analyst at Interarbor Solutions, and I'll be your host throughout this series of HP-sponsored Discover live discussions. [Disclosure: HP is a sponsor of BriefingsDirect podcasts.]

We’re here now with an HP customer and an aggressive adopter of modern application development techniques, someone who is beginning to span the dev-ops divide and gaining some value from agile development methodologies. Please join me in welcoming Steve Katz, Manager of Software Performance and Quality at Seagate Technology. Welcome.

Steve Katz: Thank you very much, Dana.

Gardner: You know, we’ve heard a lot here about integration and converged infrastructure and we’ve certainly heard in the past from HP about the need for a solid integrated system of record when it comes to application lifecycle management (ALM). At Seagate, what you do and who are you? Then, what’s the problem? What are you trying to solve by adopting some of these newer development methodologies and products?

Katz: First of all, Seagate is one of the largest manufacturers of rotating media hard disks and we also are into the solid state and hybrids. Last quarter, we shipped about 50 million drives. That continues to grow every quarter.

As you can imagine, with that many products -- and we have a large product line and a large supply chain -- the complexities of making that happen, both from a supply chain perspective and also from a business perspective, are very complicated and get more complicated every day.

The Holy Grail for us would definitely be an integrated approach to doing software development that incorporates the development activities, but also all of the test, monitoring, provisioning, and all of the quality checks and balances that we want to have to make sure that our applications meet the needs of our customers.

In the last couple of years, with the explosion with cloud, with the jump to virtual machines (VMs), virtualization of your data center, and also global operations, global development teams, new protocols, and new applications, most of what we do, rather than developing from scratch, is integrate other people’s third-party applications to meet our needs. That brings to the table a whole new litany of challenges, because one vendor’s Web 2.0 protocol standard is completely different than another vendor’s Web 2.0 protocol standard. Those are all the challenges.

Also, we're adopting, and have been adopting, more of the agile techniques, because we can deliver quanta of capability and performance at different intervals, so we can start small, get bigger, and keep adding more functionality. Basically, it lets us deliver more, more quickly, but also gives us the room to grow and be able to adapt to the changing customer needs, because in the market, things change every day.

So for us, our goal has been the ability to get all those things together early in the program and have a way to collaborate and ultimately have the collaboration platform to be able to get all the different stakeholders’ views and needs at the very beginning of the program, when it’s the cheapest and most effective to do it. We’re not there. I don’t know if anybody will ever be there, but we’ve made a lot of efforts and feel like we’ve made a lot of ground.

Early adoption

The dev-ops perspective has really interested us, and we have been doing some of the early adoption, the early engagement with our customers, in our business projects very early in the game for performance testing.

We get into the project early and we start understanding what the requirements are for performance and don’t just cross our fingers and hope for the best down the road, but really put some hard metrics around what it is the expectations are for performance. What’s the transfer function? What’s the correlation between performance and the infrastructure that need to deliver that performance? Finally, what are the customer needs and how do you measure it?

That’s been a huge boon for us, because it’s helped us script that early in the project and actually look at the unit-level pieces, especially in each different iteration of the agile process. We can break down the performance and do testing to make sure that we’ve optimized that piece of it to be as good as possible.

Now when you add in the needs for VM provisioning, storage, networking, and databasing, the problem starts to mushroom and get more complex. So, for a long time, we've been big users of HP Quality Center (QC), which is what we use to gather requirements, build test plans, and link those requirements to the test plans ultimately to successful tests and defects. We have traceability from what the need of the customer is to our ability to validate that we deliver that need. And, it worked well.

Then, we have the performance testing which was an add-on to that. And now, with the new ALM 11, which by the way, marries the QC functionality and Performance Center functionality. They're not two different things any more. It’s the same thing, and that’s the beauty for us.

Having the QC and performance testing closer together has made a lot of sense for us and allowed us to go faster and cheaper, and end up with something that, in fact, is better.

That’s what we’ve been preaching and trying to work with our project teams on, to say that it’s just a requirement. Any requirement is just a requirement and how we decide to implement, fulfill, and test that is our choice. But, having the QC and performance testing closer together has made a lot of sense for us and allowed us to go faster and cheaper, and end up with something that, in fact, is better.

Gardner: Let’s get a sense of the scale here. How many applications do you have in production and how many at any given time are in your development phases, going from the requirements to development and test?

Katz: The major number of applications we have in production is in the 300-500 range, but as far as mission critical, probably 30. As far as some things that are on everybody’s radar, probably 50 or 60. In Business Servive Management (BSM), we monitor about 50 or 60 applications, we also have the lower-level monitors in place that are looking at infrastructure. Then, our data all goes up to the single pane, so we can get visibility into what the problems are.

The number of things we monitor is less important to us than the actual impact that these particular applications have, not only on the customers experience, but also on our ability to support it. We need to make sure that whatever it is that we do is, first of all, faster. I can’t afford to get a report every morning to see what broke in the last 24 hours. I need to know where the fires are today and what’s happening now, and then we need to have direct traceability out to the operator.

As soon as something goes wrong, the operator gets the information right away and either we’re doing auto-ticketing, or that operator is doing the triage to understand where the root cause is. A lot of that information comes from our dashboards, BSM, and Operations Manager. Then, they know what to do with that issue and who to send it to.

SaaS processes

We’ve subscribed to a number of internal cloud services that are software-as-a-service (SaaS) processes and services. For those kind of things, we need to first make sure it’s not us before we go looking to find out what our software service providers are going to do about the problems. And both of our applications, all the BSM and all the dev-ops has helped us get to that point a little better.

The final piece of the puzzle that we’re trying to implement is the newer BSM and how we get that built into the process as well, because that’s just another piece of the puzzle.

Gardner: As you’re moving towards this adoption of the newer products and binding together dev and ops, what sort of paybacks are you expecting? Is this just allowing the green light to stay on more, where your performance and reliability are strong? Or are there some other benefits in terms of reducing the cycle time for development, agility, and being able to cut costs in some ways?

Katz: It’s two things for us. One is the better job you do up front, the better job you’re going to do in the back end. Things are a lot cheaper and faster, and you can be a whole lot more agile to react a problem. So the better job we do up front, understand what the requirements are and not just what this application is or what it’s supposed to do, but how is it supposed to affect the rest of our infrastructure, how is it supposed to perform under stress, and what are the critical quality, the quality of service, the quality of experience aspects that we need to look at.

Defining that up front helps us to be better and helps us to develop and launch better products. In in doing that, we find issues earlier in the process, when it’s a lot cheaper to fix them and a lot more effective.

The better job you do up front, the better job you’re going to do in the back end. Things are a lot cheaper and faster, and you can be a whole lot more agile.

On the back end, we need to be more agile. We need to get information faster and we need to be able to react to that information. So, when there’s a problem, we know about it as soon as possible, and we’re able to reduce our root-cause analysis and time to resolution.

Gardner: You’ve mentioned that you’re being aggressive with SaaS. I imagine you’re increasingly looking at cloud, and then, of course, everyone is thinking about mobile these days as well. Is there something about tying together dev-ops, creating a better ALM capability, that allows you to adopt technologies more rapidly?

Is there a sense of complexity and inertia in adopting some of these things, that you could move to them more rapidly and enjoy some productivities resolved because of what you’ve been doing with ALM?

Katz: I look at that like a baseball team. My kids are in Little League right now. We’re in the playoffs. When a team does well, you get this momentum. Success really feeds momentum, and we’ve had a lot of success with the dev-ops, with pulling in ALM performance management and BSM into our application development lifecycle. Just because of the momentum we've got from that, we’ve got a lot more openness to explore new items, to pull more information into the system, and to get more information into the single pane.

Before we had the success, the philosophy was. "I don’t have time to fix this. I don’t have time to add new great things." Or, "I've got to go fix what I got." But when you get a little bit of that momentum and you get the successes, there is a lot more openness to it and willingness to see what happens. We’ve had HP helping us with. They’re helping us to describe what the next phase of the world looks like.

Gardner: Well, great. We’ve been hearing about adopting more modern and agile development methodologies and adopting some integrated systems of record to do that. We’ve been joined by Steve Katz. He is the Manager of Software Performance and Quality at Seagate Technology. Thanks so much.

Katz: Thanks, Dana. I always appreciate it.

Gardner: And thanks to our audience for joining this special BriefingsDirect podcast coming to you from the HP Discover 2011 Conference in Las Vegas.

I'm Dana Gardner, Principal Analyst at Interarbor Solutions, your host for this series of user experience discussions. Thanks again for listening, and come back next time.

Listen to the podcast. Find it on iTunes/iPod and Podcast.com. Download the transcript. Sponsor: HP.

Transcript of a BriefingsDirect podcast from HP Discover 2011 on how Seagate Technology is leveraging HP's ALM tools to conduct development and dev-ops faster, better and cheaper. Copyright Interarbor Solutions, LLC, 2005-2011. All rights reserved.

You may also be interested in:

• HP delivers applications appliance solutions that leverage converged infrastructure for virtualization, data management
• HP takes plunge on dual cloud bursting: public and-or private apps support comes of age
  
• HP rolls out EcoPOD modular data center, provides high-density converged infrastructure with extreme energy efficiency
• HP at Discover releases converged infrastructure products and services aimed at helping IT migrate rapidly to the future
  
• HP's IT Performance Suite empowers IT leaders with unified view into total operations, costs
• HP Delivers NMC 9.1 as New Demands on Network Management Require Secure, Integrated, and Automated Response

HP Discover Interview: Security Evangelist Rafal Los on Balancing Risk and Reward Amid Consumerization of IT

Transcript of a BriefingsDirect podcast from HP's Discover 2011 that focuses on new security challenges to IT security and the new approaches needed to address them.

Listen to the podcast. Find it on iTunes/iPod and Podcast.com. Download the transcript. Sponsor: HP.

Dana Gardner: Hello, and welcome to a special BriefingsDirect podcast series coming to you from the HP Discover 2011 conference in Las Vegas. We're here on the Discover show floor this week, the week of June 6, to explore some major enterprise IT solution trends and innovations making news across HP’s ecosystem of customers, partners, and developers.

We're here to talk about security, and the interesting intersection of security with the consumerization of IT, whereby enterprise IT directors and managers are being asked to do things that people are accustomed to with their home media and/or messaging and other fun gaming and entertainment activities.

I'm Dana Gardner, Principal Analyst at Interarbor Solutions, and I'll be your host throughout this series of HP-sponsored Discover live discussions. [Disclosure: HP is a sponsor of BriefingsDirect podcasts.]

It’s an interesting time. We have more threats. We hear about breaches in large organizations like Sony and Google, but at the same time, IT organizations are being asked to make themselves more like Google or Amazon.

So, let’s talk about that. We're here with Rafal Los, Enterprise Security Evangelist for HP Software. Welcome to BriefingsDirect.

Rafal Los: Thank you for having me.

Gardner: Rafal, what comes in your mind when we say "consumerization of IT?"

Los: I think of the onslaught of consumer devices, from your tablets to your mobile handsets, that start to flood our corporate environments with their ever-popular music, photo-sharing, data-gobbling, and wireless-gobbling capabilities that just catch many enterprises completely unaware.

Gardner: Is this a good thing? The consumers seem to like it. The user thinks it’s good productivity. I want to do things at the speed that I can do at home or in the office, but this comes with some risk, doesn’t it?

Los: Absolutely. Risk is everywhere. But, you asked if it’s a good thing. It’s a good thing, depending on which platform you're standing on. From the consumer perspective, absolutely, it’s a great thing. I can take my mobile device with me and have one phone for example, on which I get my corporate email, my personal email on, and not have four phones in my pocket. I can have a laptop from my favorite manufacturer, whatever I want to use, bring into my corporate environment, take it home with me at night, and modify it however I want.

That’s cool for the consumer, but that creates some very serious complexities for the enterprise security folks. Often, you get devices that aren't meant to be consumed in an enterprise. They're just not built for an enterprise. There's no enterprise control. There's no notion of security on somebody’s consumer devices.

Now, many of the manufacturers are catching up, because enterprises are crying out that these devices are showing up. People are coming after these big vendors and saying, "Hey, you guys are producing devices that everybody is using. Now they are coming up into my company, and it’s chaos" But, it’s definitely a risk, yes.

Gardner: What would a traditional security approach need to do to adjust to this? What do IT people need to think about differently about security, given this IT consumerization trend?

Need to evolve

Los: We need to evolve. Over the last decade and a half or so, we’ve looked at information security as securing a castle. We've got the moat, the drawbridge, the outer walls, the center or keep, and we’ve got our various stages of weaponry, an armory and such. Those notions have been blown to pieces over the last couple of years as, arguably, the castle walls have virtually evaporated, and anybody can bring in anything, and it’s been difficult.

Companies are now finding themselves struggling with how to deal with that. We're having to evolve from simply the ostrich approach where we are saying, "Oh, it’s not going to happen. We're simply not going to allow it," and it happens anyway and you get breached. We have to evolve to grow with it and figure out how we can accommodate certain things and then keep control.

In the end, we're realizing that it’s not about what you let in or what you don’t. It’s how you control the intellectual property in the data that’s on your network inside your organization.

Gardner: So, do IT professionals in enterprises need to start thinking about the organizations differently? Maybe they're more like a service provider or a web applications provider than a typical bricks and mortar environment.

Los: That’s an interesting concept. There are a number of possible ways of thinking about that. The one that you brought up is interesting. I like the idea of an organization that focuses less on the invasive technology, or what’s coming in, and more on what it is that we're protecting.

I like the idea of an organization that focuses less on the invasive technology, or what’s coming in, and more on what it is that we're protecting.

From an enterprise security perspective, we've been flying blind for many years as to where our data is, where our critical information is, and hoping that people just don’t have the capacity to plug into our critical infrastructure, because we don’t have the capacity to secure it.

Now, that notion has simply evaporated. We can safely assume that we now have to actually go in and look at what the threat is. Where is our property? Where is our data? Where are the things that we care about? Things like enterprise threat intelligence and data storage and identifying critical assets become absolutely paramount. That’s why you see many of the vendors, including ourselves, going in that direction and thinking about that in the intelligent enterprise.

Gardner: This is interesting. To use your analogy about the castle, if I had a high wall, I didn’t need to worry about where all my stuff was. I perhaps didn’t even have an inventory or a list. Now, when the wall is gone, I need to look at specific assets and apply specific types of security with varying levels, even at a dynamic policy basis, to those assets. Maybe the first step is to actually know what you’ve got in your organization. Is that important?

Los: Absolutely. There’s often been this notion that if we simply build a impenetrable hard outer shell, the inner chewy center is irrelevant. And, that worked for many years. These devices grew legs and started walking around these companies, before we started acknowledging it. Now, we’ve gotten past that denial phase and we're in the acknowledgment phase. We’ve got devices and we’ve got capacity for things to walk in and out of our organization that are going to be beyond my control. Now what?

Don't be reactionary

Well, the logical thing to do is not to be reactionary about it and try to push back and say that can’t be allowed, but it should be to basically attempt to classify and quantify where the data is? What do we care about as an organization? What do we need to protect? Many times, we have these archaic security policies and we have disparate systems throughout an organization.

We've shelled out millions of dollars in our corporate hard-earned capital and we don’t really know what we're protecting. We’ve got servers. The mandate is to have every server have anti-virus and an intrusion prevention system (IPS) and all this stuff, but where is the data? What are you protecting? If you can’t answer that question, then identifying your data asset inventory is step one. That’s not a traditional security function, but it is now, or at least it has to be.

Gardner: I suppose that when we also think about cloud computing, many organizations might not now be doing public cloud or hybrid cloud, but I don’t think it’s a stretch to say that they probably will be some day. They're definitely going to be doing more with mobile. They're going to be doing more with cloud. So wouldn’t it make sense to get involved with these new paradigms of security sooner rather than later? I think the question is really about being proactive rather than reactive.

Los: The whole idea of cloud, and I've been saying this for a while, is that it's not really that dramatic of a shift for security. What I said earlier about acknowledging the fact that our preconceived notions of defending the castle wall has to be blown apart extrapolates beautifully into the cloud concept, because not only is it that data is not properly identified within our "castle wall," but now we're handing it off to some place else.

What are you handing off to some place else? What does that some place else look like? What are the policies? What are the procedures? What’s their incident response? Who else are you sharing with? Are you co-tenanting with somebody? Can you afford downtime? Can you afford an intrusion? What does an intrusion mean?

What are you handing off to some place else? What does that some place else look like? What are the policies? What are the procedures?

This all goes back to identifying where your data lives, identifying and creating intelligent strategies for protecting it, but it boils down to what my assets are. What makes our business run? What drives us? And, how are we going to protect this going forward?

Gardner: Now thinking about data for security, I suppose we're now also thinking about data for the lifecycle for a lot of reasons about storage efficiency and cutting cost. We're also thinking about being able to do business intelligence (BI) and analytics more as a regular course of action rather than as a patch or add-on to some existing application or dataset.

Is there a synergy or at least a parallel track of some sort between what you should be doing with security, and what you are going to probably want to be doing with data lifecycle and in analytics as well?

Los: It's part and parcel of the same thing. If you don’t know what information your business relies on, you can’t secure it and you can’t figure out how to use it to your competitive advantage.

I can’t tell you how many organizations I know that have mountains and mountains and mountains of storage all across the organization and they protect it well. Unfortunately, they seem to ignore the fact that every desktop, every mobile device, iPhone, BlackBerry, WebOS tablet has a piece of their company that walks around with it. It's not until one of these devices disappears that we all panic and ask what was on that. It’s like when we lost tape. Losing tapes was the big thing, as was encrypting tapes. Now, we encrypt mobile devices. To what degree are we going to go and how much are we going to get into how we can protect this stuff?

Enabling the cause

BI is not that much different. It’s just looking at the accumulated set of data and trying to squeeze every bit of information out of it, trying to figure out trends, trying to find out what can you do, how do you make your business smarter, get to your customers faster, and deliver better. That’s what security is as well. Security needs to be furthering and enabling that cause, and if we're not, then we're doing it wrong.

Gardner: Now, I guess this is bit of a leap. It might even be considered hype. But, based on what you’ve just said, if you do security better and you have more comprehensive integrated security methodology, perhaps you could also save money, because you will be reducing redundancy. You might be transforming and converging your enterprise, network, and data structure. Do you ever go out on a limb and say that if you do security better, you'll save money?

Los: I don’t think it’s hype at all. Coming from the application security world, I can cite the actual cases where security done right has saved the company money. I can cite you one from an application security perspective. A company that acquires other companies all of a sudden takes application security seriously. They're acquiring another organization.

They look at some code they are acquiring and say, "This is now going to cost us X millions of dollars to remediate to our standards." Now, you can use that as a bargaining chip. You can either decrease the acquisition price, or you can do something else with that. What they started doing is leveraging that type of value, that kind of security intelligence they get, to further their business costs, to make smarter acquisitions. We talk about application development and lifecycle.

That’s what security is as well. Security needs to be furthering and enabling that cause, and if we're not, then we're doing it wrong.

There is nothing better than a well-oiled machine on the quality front. Quality has three pillars: does it perform, does it function, and is it secure? Nobody wants to get on that hamster wheel of pain, where you get all the way through requirements, development, QA testing, and the security guys look at it Friday, before it goes live on Saturday, and say, "By the way, this has critical security issues. You can’t let this go live or you will be the next . . ." --whatever company you want to fill in there in your particular business sector. You can’t let this go live. What do you do? You're at an absolutely impossible decision point.

So, then you spend time and effort, whether it’s penalties, whether it’s service level agreements (SLAs), or whether it’s cost of rework. What does that mean to you? That’s real money. You could recoup it by doing it right on the front end, but the front end costs money. So, it costs money to save money.

Gardner: Okay, by doing security better, you can cut your risks, so you don’t look bad to your customers or, heaven forbid, lose performance altogether. You can perhaps rationalize your data lifecycle. You can perhaps track your assets better and you can save money at the same time. So, why would anybody not be doing better security immediately? Where should they start in terms of products and services to do that?

Los: Why would they not be doing it? Simply because maybe they don’t know or they haven't quite haven't gotten that level of education yet, or they're simply unaware. A lot of folks haven't started yet because they think there are tremendously high barriers to entry. I’d like to refute that by saying, from a perspective of an organization, we have both products and services.

We attack the application security problem and enterprise security problem holistically because, as we talked about earlier, it’s about identifying what your problems are, coming up with a sane solution that fits your organization to solve those problems, and it’s not just about plugging products in.

We have our Security Services that comes in with an assessment. My organization is the Application Security Group, and we have a security program that we helped build. It’s built upon understanding our customer and doing an assessment. We find out what fits, how we engage your developers, how we engage your QA organization, how we engage your release cycle, how we help to do governance and education better, how we help automate and enable the entire lifecycle to be more secure.

Not invasive

It’s not about bolting on security processes, because nobody wants to be invasive. Nobody wants to be that guy or that stands there in front of a board and says "You have to do this, but it’s going to stink. It’s going to make your life hell."

We want to be the group that says, "We’ve made you more secure and we’ve made minimal impact on you." That’s the kind of things we do through our Fortified Application Security Center group, static and dynamic, in the cloud or on your desktop. It all comes together nicely, and the barrier to entry is virtually eliminated, because if we're doing it for you, you don’t have to have that extensive internal knowledge and it doesn’t cost an arm and a leg like a lot people seem to think.

I urge people that haven't thought about it yet, that are wondering if they are going to be the next big breach, to give it a shot, list out your critical applications, and call somebody. Give us a call, and we’ll help you through it.

Gardner: HP has made this very strategic for itself with acquisitions. We now have the ArcSight, Fortify and TippingPoint. I have been hearing quite a bit about TippingPoint here at the show, particularly vis-à-vis the storage products. Is there a brand? Is there an approach that HP takes to security that we can look to on a product basis, or is it a methodology, or all of the above?

Los: I think it’s all of the above. Our story is the enterprise security story. How do we enable that Instant-On Enterprise that has to turn on a dime, go from one direction strategically today? You have to adapt to market changes. How does IT adapt, continue, and enable that business without getting in the way and without draining it of capital.

There is no secure. There is only manageable risk and identified risk.

If you look around the showroom floor here and look at our portfolio of services and products, security becomes a simple steel thread that’s woven through the fabric of the rest of the organization. It's enabling IT to help the CIO, the technology organization, enable the business while keeping it secure and keeping it at a level of manageable risk, because it’s not about making it secure. Let me be clear. There is no secure. There is only manageable risk and identified risk.

If you are going for the "I want to be secure thing," you're lost, because you will never reach it. In the end that’s what our organizational goal is. As Enterprise Security we talk a lot about risk. We talk a lot about decreasing risk, identifying it, helping you visualize it and pinpoint where it is, and do something about it, intelligently.

Gardner: Now, we also have research and development, and HP has been making significant investments, I wonder if you have any insight into not necessarily HP Labs, but technology in general. Is there new technology that’s now coming out or being developed that can also be pointed at the security problem, get into this risk reduction from a technical perspective?

Los: I'll cite one quick example from the software security realm. We're looking at how we enable better testing. Traditionally, customers have had the capability of either doing what we consider static analysis, which is looking at source code and binaries, and looking at the code, or a run analysis, a dynamic analysis of the application through our dynamic testing platform.

One-plus-one turns out to actually equal three when you put those two together. Through these acquisition’s and these investments HP has made in these various assets, we're turning out products like a real-time hyperanalysis product, which is essentially what security professionals have been looking for years.

Collaborative effort

It’s looking at when an application is being analyzed, taking the attack or the multiple attacks, the multiple verifiable positive exploits, and marrying it to a line of source code. It’s no longer a security guide doing a scan, generating a 5000-page PDF, lobbing it over the wall at some poor developer who then has to figure it out and fix it before some magical timeline expired. It’s now a collaborative effort. It’s people getting together.

One thing that we find broken currently with software development and security is that development is not engaged. We're doing that. We're doing it in real-time, and we're doing it right now. The customers that are getting on board with us are benefiting tremendously, because of the intelligence that it provides.

Gardner: So, built for quality, built for security, pretty much synonymous?

Los: Built for function, built for performance, built for security, it’s all part of a quality approach. It's always been here, but we're able to tell the story even more effectively now, because we have a much deeper reach into the security world If you look at it, we're helping to operationalize it by what you do when an application is found that has vulnerabilities.

Built for function, built for performance, built for security, it’s all part of a quality approach.

The reality is that you're not always going to fix it every time. Sometimes, things just get accepted, but you don’t want them to be forgotten. Through our quality approach, there is a registry of these defects that lives on through these applications, as they continue to down the lifecycle from sunrise to sunset. It’s part of the entire application lifecycle management (ALM) story.

At some point, we have a full registry of all the quality defects, all the performance defects, all the security defects that were found, remediated, who fixed them, and what the fixes were? The result of all of this information, as I've been saying, is a much smarter organization that works better and faster, and it’s cheaper to make better software.

Gardner: We talked a little earlier about how good security practices augment your data lifecycle. It sounds like your ALM and the proper sunrise to sunset of an application’s life, security is part and parcel with that.

In closing, let’s think about the vision, the idea of security. As you say, you never attain it. It’s a journey. But, what should be the philosophy of IT now vis-à-vis security? What’s the new philosophy?

Los: The new philosophy needs to be the Sun Tzu quote that we always hear. “Know thyself.” Look inward. We, in security, all want to look for the new hotness. What’s the latest attack against whatever piece of software that we probably don’t even have in our organization?

Important questions

Let’s get out of that mentality and stop chasing those ridiculous kinds of concepts. While that may be important on some level somewhere to an organization, big or small, the most important questions are: what do you have, where is your data, what are your business processes, and how are you going to protect them?

If you don’t know what your company does, how it performs, how it works, and really what drives revenue, what are your organization’s goals, security needs to become part of the business. Security needs to understand the business. Security can’t be the little checkbox at the end of every process. It can’t. It has to be a part of every process. It has to be a part of every business decision.

It's not a revolution. It’s an evolution It’s something we’ve been talking about forever. Does that mean security teams will eventually go away? Possibly, but here’s where I am going with this. I've talked to a couple of CISOs who are doing it absolutely brilliantly.

They’ve split security into two functions, the operational role that does the day-to-day care and maintenance of the security devices and the operational things that make security work. That's the patching, the IPS management, malware analysis, and the incident response. That’s a small team, very tactical, very reactive on the spot.Built for function, built for performance, built for security, it’s all part of a quality approach.

It's not a revolution. It’s an evolution It’s something we’ve been talking about forever.

Then, there is a team that makes the policy and does the governance. That is the team that actually understands the business, that has a philosophy that protects the organization. They're not reactive. They have long-term vision. They have long-term strategies aligned with organizational goals, and they are flexible. That's the philosophy that we need to get into. That’s where it’s going and the intelligent enterprise, big or small, the intelligent company that is going to be doing it right, looking five year, ten years out is going to adopt that philosophy.

Gardner: Great. We've been talking about the consumerization of IT and security. We've been joined by Rafal Los. He is the Enterprise Security Evangelist for HP Software. Thanks so much.

Los: Thank you.

Gardner: And thanks to our audience for joining this special BriefingsDirect podcast coming to you from the HP Discover 2011 Conference in Las Vegas.

I'm Dana Gardner, Principal Analyst at Interarbor Solutions, your host for this series of the user experience and evangelist discussions. Thanks again for listening, and come back next time.

Listen to the podcast. Find it on iTunes/iPod and Podcast.com. Download the transcript. Sponsor: HP.

Transcript of a BriefingsDirect podcast from HP's Discover 2011 that focuses on new security challenges to IT security and the new approaches needed to address them. Copyright Interarbor Solutions, LLC, 2005-2011. All rights reserved.

You may also be interested in:

• Discover case study: Paychex leverages HP ALM to streamline and automate application development
  
• HP delivers applications appliance solutions that leverage converged infrastructure for virtualization, data management
• HP takes plunge on dual cloud bursting: public and-or private apps support comes of age
  
• HP rolls out EcoPOD modular data center, provides high-density converged infrastructure with extreme energy efficiency
• HP at Discover releases converged infrastructure products and services aimed at helping IT migrate rapidly to the future
  
• HP's IT Performance Suite empowers IT leaders with unified view into total operations, costs

Case Study: AIG Insurance Group Leverages ALM to Attain IT Performance Architecture Advantage

Transcript of a sponsored BriefingsDirect podcast, part of a series on application lifecycle management and HP ALM 11 from the HP Software Universe 2010 conference in Barcelona.

Listen to the podcast. Find it on iTunes/iPod and Podcast.com. Download the transcript. Sponsor: HP.

Dana Gardner: Hello, and welcome to a special BriefingsDirect podcast series coming to you from the HP Software Universe 2010 Conference in Barcelona.

We're here in the week of November 29, 2010 to explore some major enterprise software and solutions, trends and innovations making news across HP’s ecosystem of customers, partners, and developers. [See more on HP's new ALM 11 offerings.]

I'm Dana Gardner, Principal Analyst at Interarbor Solutions, and I'll be your host throughout this series of HP sponsored Software Universe Live Discussions. [Disclosure: HP is a sponsor of BriefingsDirect podcasts.]

Our customer case study today focuses on AIG-Chartis insurance and how their business has benefited from ongoing application transformation and modernization projects.

To learn more about AIG-Chartis insurance’s innovative use of IT consolidation and application lifecycle management (ALM) best practices, please join me in welcoming Abe Naguib, Director of Global Performance Architecture and Infrastructure Engineering at AIG-Chartis in Jersey City, NJ. Welcome to the show, Abe.

Abe Naguib: Hello, Dana. Nice to be here.

Gardner: Abe, tell me a little bit about the scope of your organization and the type of applications activities that you are undergoing and why moving toward some newer products made sense?

Naguib: Let me step back for a second, Dana, and give you a background on AIG and its applications. AIG is a global insurance firm, supporting worldwide international insurance of different varieties.

We're structured with 1,500 companies and roughly about eight lines of businesses that manage those companies. Each group has their own CIO, CTO, COO structure, and I report to the global CTO.

What we look at is supporting their global architecture and performance behavioristics, if you will. One of the key things is how to federate the enterprise in terms of architecture and performance, so that we can standardize the swing over into the Java world, as well as middleware and economy of scale.

Gardner: Given the breadth and depth of the organization, where are you in terms of your applications? What are some of your goals in terms of improving how things are done?

Proliferation of middleware

Naguib: I started about 10 years back, when I came on board to standardize architecture, and I saw there was a proliferation of various middleware technologies. As we started going along, we thought about how to standardize that architecture.

As we faced more and more applications coming into the Java middleware world, we found that there’s a lot of footprint waste and there’s a lot of delivery cycles that are also slipped and wasted. So, we saw a need to control it.

After we started the architectural world, we also started the production support world and a facility for testing these environments. We started realizing, again, there were things that impacted business service level agreements (SLAs), economy of scale, even branding. So, we asked, how do we put it together?

One of the key things is, as we started the organizational performance, we were part of QA, but then we realized that we had to change our business strategy, and we thought about how to do that. One key thing is we changed our mindset from a performance testing practice to a performance engineering practice, and we've evolved now to performance architecture.

The engineering practice was focused on testing and analyzing, providing some kind of metrics. But, the performance architectural world now has influence into strategies, design practices, and resolution issues. We're currently a one-man or one-army team, kind of a paratrooper level. We're multi-skilled, from architecture, to performance, to support, and we drive resolution in the organization.

Gardner: What is your role in that team?

Naguib: I manage the organization in terms of deliveries. We hold internal best-practice discussions. We catch trends and metrics in our knowledge base. We influence design. We even influence vendors that come in. We partner with a lot of the products that come in.

So, we meet with IBM, HP, and Oracle products, and as we influence and capture trends, we work back with the product development teams to figure out how to first resolve internal development, as well as the product that we build on.

Gardner: And as you were making the transition to this performance architecture, what were some of the important considerations you had in terms of making that more holistic, more managed, and more comprehensive?

Naguib: One of the biggest things was the time to market. We also saw that resolution had to happen quickly and effectively. Carnegie Mellon did a study about five years ago and it said that post-live application resolution of performance issues was seven times the cost of pre-live [performance application resolution].

In other words, we realized that the faster we resolved issues, the faster to market, the faster we can address things, the less disruption to the delivery practices.

Too many people involved

In normal firefighting mode, architecture is involved, development is involved, and infrastructure is involved. What ends up happening is there are too many people involved. We're all scrambling, pointing fingers, looking at logs. So, we figured that the faster we get to resolution, the better for everyone to continue the train on the track.

We built a practice with architectural engineers and DBAs to get to issues and resolve them faster.

Gardner: So, when you've got multiple teams and then fairly large numbers of people involved with these teams, they're probably distributed as well. What’s the overall umbrella concept? What did you need to pull that all together and to give you that view into these activities to make that performance, integrity, and speed come together?

Naguib: The key thing is that we started working with the CIOs at that level, and figuring out a strategy to develop a service-level target, if you will. As we went along, we began working with the development teams to build a relationship with the architectural teams and the infrastructure teams.

We became more of a team model, building more of a peace-maker model. We regrouped the organization, so that rather than resolve and point fingers at each other, we resolved issues a lot faster.

Now, we're able to address the issue. We call it "isolate, identify, and resolve." At that point, if it’s a database issue, we work directly with the DBA. If it’s an infrastructure or architecture issue, we work directly with that group. We basically cut the cycle down in the last two or three years by about 70 percent.

A lot more CIOs have started bringing in more applications. We see a trend growth internally of roughly about 20-30 percent every year.

Gardner: And as you're increasing your goals of speed and integrity are you also able to handle more applications at once? Does this improve the volume of applications going through your pipeline?

Naguib: Absolutely. Because there is a change in our philosophy, in our strategy to focus more on business value, a lot more CIOs have started bringing in more applications. We see a trend growth internally of roughly about 20-30 percent every year.

I have a staff of nine. So, it’s a very agile, focused team, and they're very delivery-conscious. They're very business value-conscious, and we translate our data, the metrics that we capture, into business KPIs and infrastructure KPIs.

Because of that metric, the CIOs love what we do, because we make them look good with the business, which helps foster the relationship with the business, which helps them justify transformation in the future.

Gardner: Can you share with us any of those KPIs, what’s the report card that you could bring back to your superiors in a business sense? What’s the business case and rationale you can provide?

Footprint is key

Naguib: If you look at ITSM model, Service Level Delivery, one of the key things is the footprint of applications. One thing that organizations are starting to realize now is that software drives the hardware. For example, the cost of IBM WebSphere on hardware is much more expensive than actually buying a server.

In traditional firefighting mode, people tend to hire consultants, bring in hardware, and end up increasing their cost. What we found is that, if you address the software angle of it, then you can improve your TCO and ROI.

By taking a looking at correlating business transactions to a footprint on a server, and improving those transactions and their consumption rate, you're actually effectively improving the consumption of that application particularly. And as you improve that, there is more room for capacity. When there's more room for capacity, your economy of scale goes up. So, if TCO improves, ROI improves, and your technical debt actually gets resolved a lot faster.

Gardner: It sounds as if managing the development, test and deployment cycle effectively really is almost like the head of a pyramid -- and affects the entire IT economic equation.

Naguib: Absolutely. There is a new paradigm now, they call it the "Escalator Message." In 60 seconds or less, we can talk to a CIO, CTO, COO, or CFO about our strategy and how we can help them shift from the firefighting mode to more of an architecture mode.

In 60 seconds or less, we can talk to a CIO, CTO, COO, or CFO about our strategy and how we can help them shift from the firefighting mode to more of an architecture mode.

If that’s the case, the more they can salvage their delivery, the more they can salvage their effective costs, and the more they can now shift to more of an IT-sensitive solutions shop. That helps build a business relationship and helps improve their economy of scale.

Gardner: We're hearing a lot here at Software Universe about ALM 11, a new launch by HP. You've been a beta user of at least some of the components of that. Tell us how that started and what you experienced?

Naguib: Sure. My background is that I dealt with the Mercury products back in the late 1990s. I have experience with Quality Center and the improvements that have gone on over the years. Because of our focus, we built our paradigm out of QA and into the performance world, and we started focusing on improving that process.

The latest TruClient product, which is a LoadRunner product, has been a massive groundbreaking point solution. In the last two years, frankly, with HP and Mercury getting adjusted, there’s been kind of a lag, but I have to give kudos to the team.

One of the key things is that they have opened up their doors in terms of the delivery, in terms of their roadmap. I've worked extensively for the last roughly year with their product development team, and they have done quite a bit of improvement in their solution.

Good partnership role

They have also improved their service support model; the help desk actually resolves questions a lot faster. And we also have a good partnership role, and we actually work with things that we see, and to the influence of their roadmap as well.

This TruClient product has been phenomenal. One of the key things we're seeing now is BPM solutions are more Ajax-based, and there are so many varieties of Ajax frameworks out there than we know how to deal with. One of the key things with the partnership is that we're able to target what we need, they are able to deliver, and we are able to execute.

Gardner: So, trying to fit that into our larger equation, the test and development deployment scenario is very important to the overall IT equation economically. How does this product, TruClient, fit into that in terms of aiding and abetting your goals?

Naguib: One of the key things is how to build partnerships across the organization, internally and externally. LoadRunner and TruClient allow us to get in front of the console, work with the business team, capture their typical use cases in a day-in-the-life scenario, and automate that. That gets buy-in and partnership with the business.

We're also able to execute a test case now and bring that in front of the IT side and show them the actual footprint from a business perspective and the impact and the benefits. What ends up happening is that now we're bringing the two teams together. So, we're bridging the gap basically from execution.

Frankly, nobody really cares as much about the footprint cost, until they start realizing the dollars that are spent.

Gardner: And as an early adopter and user, is there any 20-20 hindsight advice that you might offer to others who would be going down this trail as well?

Naguib: I would definitely send the message out to think in business value. Frankly, nobody really cares as much about the footprint cost, until they start realizing the dollars that are spent.

Also, now, business wants to see us more involved from the IT side, in terms of solutions, top-line improvements, and bottom-line improvements. As the performance teams expand and mature and we have the right toolsets, innovative toolsets like TruClient, we're able to now shift the cost of waste into a cost of improvements, and that’s been a huge factor in the last couple of years.

Last, I would say that in 8,000+ engagements -- we're actually closing in on now 10,000 events this year -- we've seen roughly $127 million in infrastructure savings that we have recouped. Again, that helps to benefit the firm. Instead of waste, now we're able to leverage that into more improvement side.

Gardner: So, the unfortunate reality for IT is they often have to do more with less. You've found a way to actually make that happen and perhaps continue it on an ongoing basis.

Naguib: Absolutely. I am excited about what I do. We have a great team and a great strategy. The support from my CEOs is fantastic. And again, we are seeing that just the whole partnership model across both the vendor side and internally has been a super benefit to the organization as well as the industry.

Gardner: Well, great. We've been discussing IT consolidation, applications lifecycle best practices with Abe Naguib, Director of Global Performance Architecture and Infrastructure Engineering at AIG Chartis insurance. Thanks so much, Abe.

Naguib: Thank you. I appreciate it.

Gardner: We're here in Barcelona at HP's Software Universe 2010 Conference. Look for this podcast and others on the HP.com website, as well as via the BriefingsDirect network.

I'm Dana Gardner, Principal Analyst at Interarbor Solutions, your host for this series of Software Universe Live discussions. Thanks for listening, and come back next time.

Listen to the podcast. Find it on iTunes/iPod and Podcast.com. Download the transcript. Sponsor: HP.

Transcript of a sponsored BriefingsDirect podcast, part of a series on application lifecycle management and HP ALM 11 from the HP Software Universe 2010 conference in Barcelona, Spain. Copyright Interarbor Solutions, LLC, 2005-2010. All rights reserved.

You may also be interested in:

• HP Software GM Jonathan Rende on how ALM enables IT to modernize businesses faster
  
• HP rolls out ALM 11 in Barcelona to expand managed automation for modern applications
• HP's new ALM 11 helps guide IT through shifting landscape of modern application development
  
• Dave Shirk details how HP's Instant-On Enterprise initiative takes aim at shifting demands on business and governments
  
• New book explores automating the managed applications lifecycle to accelerate delivery of business applications

HP Software GM Jonathan Rende on How ALM Enables IT to Modernize Businesses Faster

Transcript of a sponsored BriefingsDirect podcast, part of a series on application lifecycle management and HP ALM 11 from the HP Software Universe 2010 conference in Barcelona.

Listen to the podcast. Find it on iTunes/iPod and Podcast.com. Download the transcript. Sponsor: HP.

Dana Gardner: Hello, and welcome to a special BriefingsDirect podcast series, coming to you from the HP Software Universe 2010 Conference in Barcelona.

We're here the week of November 29, 2010 to explore some major enterprise software and solutions, trends and innovations, making news across HP’s ecosystem of customers, partners, and developers. [See more on HP's new ALM 11 offerings.]

I'm Dana Gardner, Principal Analyst at Interarbor Solutions, and I’ll be your host throughout this series of Software Universe Live discussions. [Disclosure: HP is a sponsor of BriefingsDirect podcasts.]

To learn more about HP’s big application lifecycle management (ALM) news, the release of ALM 11, and its impact on customers, please join me now in welcoming Jonathan Rende, Vice President and General Manager for Applications Business at HP Software. Welcome, Jonathan.

Jonathan Rende: Hey Dana. How are you doing?

Gardner: I'm doing well. I don’t think it’s an exaggeration to say that applications are more important than ever, and they're probably going to become even more important. What’s more, we're looking at a significant new wave of applications refresh. So it strikes me that we're at a unique time, almost an inflection point in the history of software. Am I overstating the case?

Rende: No, not at all, Dana. Over the last 25 years that I've been in the business, I've seen two or three such waves happen. Every seven to 10 years, the right combination of process and technology changes comes along, and it becomes economically the right thing to do for an IT organization to take a fresh look at their application portfolio.

What’s different now than in the previous couple of cycles is that, as you said, there is no lack of business applications out there. With those kind of impacts and requirements and responsibilities on the business, the agility and innovation of an application, is now synonymous with the agility and innovation of the applications themselves in the business.

Gardner: It seems like we're also at a point where we need to speed up the process. The legacy, the traditional means of application development, the sequential process, perhaps even the siloed organizational approach -- are all conspiring to hold us back. What needs to happen to break that logjam?

Rende: It’s not really the case that the people building, provisioning, testing, and defining the applications are lacking or don’t know what they're doing. It’s mostly that the practices and processes they're engaged in are antiquated.

What I mean by that is that today, acquiring or delivering applications in a much more agile manner requires a ton more collaboration and transparency between the teams. Most processes and systems supporting those processes just aren’t set up to do that. We're asking people to do things that they don’t have the tools or wherewithal to complete.

Gardner: The more I hear about ALM 11, it seems to me that not only are you trying to bring together the disparate parts of the application process, you're also extending it. An analogy might be an umbilical cord or cords into other parts of the business, so that they aren’t isolated. Does that hold true? Are we looking at both unification and an extension into the large organization?

Lifecycle roles

Rende: Exactly. Not only are we bringing together -- through collaboration, transparency, linking, and traceability -- the core app lifecycle roles of business analysts, quality performance, security professionals, and developers, but we're extending that upstream to program management office and project managers. We're extending it upstream to architects. Those are very important constituents upstream who are establishing the standards and the stacks and the technologies that will be used across the organization.

Likewise, downstream, we're extending this to the areas of service management and service mangers who sit on help desks who need to connect. Their lifeblood is the connection with defects. Similarly, people in operations who monitor applications today need to be linked into all the information coming upstream along with those dealing with change and new releases happening all the time.

So, yes, it extends upstream much further to a whole group of people -- and also downstream to a whole group of audiences.

Gardner: What are the businesses looking for? What do they need? We've defined the problem -- and clearly there is a lot of room for improvement. What do enterprises and governments then do about it?

Rende: Number one, they need to be able to share important information. There’s so much change that happens from the time an application project or program begins to the time that it gets delivered. There are a lot of changing requirements, changing learnings from a development perspective, problems that are found that need to be corrected.

All of that needs to be very flexible and iterative. You need those teams to be able to work together in very short cycles, so that they can effectively deliver, not only on time, but many times even more quickly than they did in the past. That’s what’s needed in an organization.

There isn’t a single IT organization in the world that doesn’t have a mixed environment, from a technology perspective.

On top of that, there isn’t a single IT organization in the world that doesn’t have a mixed environment, from a technology perspective. Most organizations don’t choose just Visual Studio to write their applications in -- or just Java. Many have a combination of either of those, or both of those, along with packaged applications off-the-shelf.

So, one of the big requirements is heterogeneity for those applications, and the management of those applications from a lifecycle approach should be accommodating of any environment. That’s a big part of what we do.

Gardner: It sounds as if you need to be inclusive in terms of the technologies that you relate to, but at the same time -- based on what we spoke about a minute ago -- you need to also be more of a single system of record, pulling it all together. How can we conceptualize this, being agnostic, but also being unified?

Rende: You have to be able to maintain and manage all of the information in one place, so that it can be linked, and so you can draw the right, important information in understanding how one activity affects another.

But that process, that information that you link, has to be independent of specific technology stacks. We believe that, over the past few years, not only have we created that in our quality solutions, in our performance solutions, but now we have added to that with our ALM 11 release -- the same concepts but in a much broader sense.

Integrating to other environments

By bringing together those core roles that I mentioned before, we've been able to do that from a requirements perspective, independent of [deployment] stack -- and from a development environment. We integrate to other environments, whether it’s a Microsoft platform, a Java platform, or from CollabNet. The use-cases that we've supported work in all of those environments very tightly -- between requirements and tests -- and pull that information all together in one place.

Gardner: Jonathan, this really strikes me as a maturity inflection point for application lifecycle development to deployment, and reminds me a little bit what happened in data several years ago. The emphasis became more on the management of the metadata about the data, letting the data reside where it may.

Is there an analogy or similarity between what you are talking about in terms of ALM metadata, if you will, over the applications process, while at the same time allowing the process to exist in a variety of different technologies, or even vendor supported platforms?

Rende: It’s very similar, if you think about different activities and the work that’s done in those different activities. A business analyst or a subject matter expert who is generating requirements, captures all that information from what he hears of what’s needed, the business processes that need to built, the application, and the way it should work. He captures all of that information, and it needs to reside in one single place. However, if I'm a developer, I need to work off of a list of a set of tasks that build to those requirements.

It’s important that I have a link to that. It’s important that my priorities that I put in place then map to the business needs of those requirements. At the same time, if I'm in quality-, performance-, and security-assurance, I also need to understand the priority of those.

So, while those requirements will fit in one place, they'll change and they'll evolve. I need to be able to understand how that impacts my test plans that I am building.

With ALM 11, we're already seeing returns where organizations are able to cut the delivery time, the time from the inception of the project to the actual release of that project, by 50 percent.

Maybe the last example is a developer who is building toward all these priorities, what he is given as requirements. Those, in turn, need to also link as changes to everything that’s happening in the quality, performance, and security areas. Although the information is distinct, it has to be related and that can only be done if you store it in one place.

Gardner: So we're unifying, managing, and governing -- but we're still able to adapt and be flexible given the different environments -- the different products -- in a variety of different types of organizations, as well as across departments within those organizations -- a great deal of heterogeneity.

So, if you do this right, what sort of paybacks do you get? I'm hearing some pretty interesting things about delivery and defects and even managerial or operational benefits?

Rende: Huge benefits. If you look at some of the statistics that are thrown around from third parties that do this research on an annual basis: In almost two-thirds of projects today, application projects still fail. Then, you look at what benefits can be put in place, if you put together the right kind of an approach, system, and automation that supports that approach.

With ALM 11, we're already seeing returns where organizations are able to cut the delivery time, the time from the inception of the project to the actual release of that project, by 50 percent.

Cutting cost of delivery

We're seeing organizations similarly cut the cost of releasing an application, that whole delivery process -- cut the cost of delivery in half. And, that’s not to mention side benefits that really have a far more reaching impact later on, identifying and eliminating on creation up to 80 percent of the defects that would typically be found in production.

As a lot of folks who are close to this will know, finding a defect in production can be up to 500 times more expensive to fix than if you address it when it’s created during the development and the test process. Some really huge benefits and metrics are already coming from our customers who are using ALM 11.

Gardner: That, of course, points up that those organizations that do this well, that make this a core competency, should have a significant competitive advantage.

Rende: A big advantage. Again, if you go back to the very beginning topic that we discussed, there isn’t a business, there isn’t a business activity, there isn’t a single action within corporate America that doesn’t rely on applications. Those applications -- the performance, the security, and the reliability of those systems -- are synonymous with that of the business itself.

If that’s the case, allowing organizations to deploy business critical processes in half the time, at half the cost, at a much higher level of quality, with a much reduced risk only reflects well on the business, and it’s a necessity, if you are going to be a leader in any industry.

It really scales from the smallest to the largest organization, and from a single geography to multiple geographies.

Gardner: This cuts across the globe. This isn’t just for advanced economies or developing emerging economies. It’s pretty much across the board?

Rende: Across the board in a couple directions or vectors. One, from small organizations to large organizations, ALM 11 allows small project teams to be able to take advantage of this and get the same benefits as well as large Fortune 10 enterprises that have hundreds of projects, which get linked together into a single release, and those projects are being built in unison around the globe.

It’s really scales from the smallest to the largest organization, and from a single geography to multiple geographies, so they can collaborate, because, as we know, development can happen in many locations today. In the final equation, you have to make sure that what [applications] you're releasing are reflective of an organization, no matter where those activities take place.

Gardner: And as far as that goes for all types of organizations, we have enterprises, small and medium size businesses, we are also talking about governments, and we're also talking about now the variety of different hosting organizations, whether it’s telecom, cloud, mobile, or what have you.

Rende: Exactly. There are so many different options of how people can deploy or choose to operate and run an application -- and those options are also available in the creation of those applications themselves. ALM 11 runs through on-premise deployment, or also through our software as a service (SaaS), so will allow flexibility.

Gardner: We've heard a lot about how important software is to HP as a larger organization across the company and its strategy. Is it fair to say that ALM 11 is a strategic initiative for HP? How does it fit into the bigger HP direction?

Deep software DNA

Rende: As you said, software and our software business are increasingly important. If you look at the leadership within the company today, our new CEO has a very deep software DNA. Bill Veghte, who came in from Microsoft, has 20 plus years. The rest of the leadership team here also has 20 plus years in enterprise software.

Aside from the business metrics that are so beneficial in software versus other businesses, there is just a real focus on making enterprise software one of the premier businesses within all of HP. You're starting to see that with investments and acquisitions, but also the investment in, more importantly, organic development and what’s coming out.

So, it’s clearly top of list and top of mind when it comes to HP. Our new CEO, Leo Apotheker, has been very clear on that since he came in.

Gardner: Super. We've heard a lot about ALM 11 here in Barcelona, and I expect we're going to be hearing more about how this relates to that larger software equation. I'm looking forward to that.

I want to thank you, Jonathan Rende, Vice President and General Manager for Applications Business in HP's Software & Solutions organization. I hope you're having a good show. I appreciate your time.

In the final equation, you have to make sure that what you're releasing is reflective of an organization, no matter where those activities take place.

Rende: Thanks very much, Dana. Hopefully, everybody can get out there and learn a little bit more about ALM and how it fits into some of the larger initiatives, applications, and transformation, that are really changing the entire industry. So good luck, everybody.

Gardner: Great. I want to thank also our listeners for joining the special BriefingsDirect podcast, coming to you from the HP Software Universe 2010 Conference in Barcelona.

Look for other podcasts from this event on the hp.com website, as well as via the BriefingsDirect network.

I'm Dana Gardner, Principal Analyst at Interarbor Solutions, your host for this series of Software Universe Live discussions. Thanks again for listening, and come back next time.

Listen to the podcast. Find it on iTunes/iPod and Podcast.com. Download the transcript. Sponsor: HP.

Transcript of a sponsored BriefingsDirect podcast on application lifecycle management and HP ALM 11 from the HP Software Universe 2010 conference in Barcelona, Spain. Copyright Interarbor Solutions, LLC, 2005-2010. All rights reserved.

You may also be interested in:

• HP rolls out ALM 11 in Barcelona to expand managed automation for modern applications
• HP's new ALM 11 helps guide IT through shifting landscape of modern application development
  
• Dave Shirk details how HP's Instant-On Enterprise initiative takes aim at shifting demands on business and governments
  
• New book explores automating the managed applications lifecycle to accelerate delivery of business applications