Showing posts with label Oracle. Show all posts
Showing posts with label Oracle. Show all posts

Tuesday, November 18, 2008

Identity and Access Management Key to Security Best Practices in Changing Business Landscape

Transcript of a BriefingsDirect podcast on the role of identity and IT access management in the dynamic enterprise.

Listen to the podcast. Download the podcast. Find it on iTunes/iPod. Learn more. Sponsor: Hewlett-Packard.

Dana Gardner: Hi, this is Dana Gardner, principal analyst at Interarbor Solutions, and you’re listening to BriefingsDirect. Today, a sponsored podcast discussion on the role of identity and access management (IAM), and its impact on security and risk reduction.

We live in an age when any of us, on a typical day, has access to hundreds of applications, and perhaps we have improper access to some of those applications or data inside of our companies. We may not even know it. What's worse, our IT department might not know it.

Managing who gets access to which resources for how long -- and under what circumstances -- has become a huge and thorny problem. The stakes are too high. Improper and overextended access to sensitive data and powerful applications can cause significant risk and even damage or loss.

Hewlett-Packard (HP) and Oracle have been teaming up to improve the solutions around IAM. Through products and services, a series of best practices and preventative measures has been established. To learn more about managing risk around IAM, we will be talking with executives from both HP and Oracle.

Here with us today, we are joined by Dan Rueckert. He is the worldwide practice director for security and risk management for HP’s Consulting and Integration (C&I) group. Welcome, Dan.

Dan Rueckert: Thanks, Dana, glad to be here.

Gardner: We are also joined by Archie Reed, distinguished technologist in HP’s security office in the Enterprise Storage and Server Group. Welcome, Archie.

Archie Reed: Hi, Dana.

Gardner: And we’re also joined by Mark Tice, vice president of identity management at Oracle. Thanks for joining, Mark.

Mark Tice: Hi, Dana, thank you very much.

Gardner: Now, let’s look at this historically -- and I guess I’ll take this to Dan Rueckert. How have things changed around IAM and general risk and security around access to assets and resources in the past couple of years? Is this another instance of data explosion, or are there other implications for organizations to consider?

Rueckert: Thanks, Dana. When we look at IAM, we are really saying that the speed of business is increasing, and with that the rate of change of organizations to support their business. You see it everyday in mergers and acquisitions that are going on right now. As a result of that, you see consolidation.

All these different factors are going on. We are also driving regulations and compliance to those regulations on an ongoing basis. When you start to go with these regulations, the ability to have people access their data, or have access to the tools, applications, and data that they need at the right time is key.

It’s the speed, and it’s continuing to go on as we see the convergence of both the traditional IT systems or applications, and then the merger with operational technology, as we know it, from real-time systems, or near real-time systems.

Gardner: Archie Reed, how do you see this impacting the business climate? How important is this for companies in terms of their exposure?

Reed: This is a critical area that folks have to look at. There's a difference that we’re seeing when we go out and talk to customers, and they’re saying that security is a big concern. It’s a big issue for them. It’s not simple and it’s often not cost-effective, or the return on investment (ROI) is difficult to define.

When you talk about security being a big concern, there is a disconnect between it being a priority, or a high priority, for a lot of companies. It’s dependent on the specific company to have security high on the priority list. It’s often placed low because of that ROI challenge.

The reality in the market is that many things impact that security posture, internally, every time a new system is installed, any product or service defined, or even when a new employee joins. Externally, we're impacted by new regulations, new partnerships, new business ventures, whatever form they may take. All those things can impact our ability, or our security posture.

Security is much like business. That is, it’s impacted by many, many factors, and the problem today is trying to manage that situation. When we get down to tools and requirements around such things as identity management, we are dealing with people who have access to systems. The criticality there is that there have been so many public breaches that we have become aware of recently that security again is a high concern.

People are not necessarily taking it into their priority list as being critical, but tools such as identity management and general system management can help you to mitigate the risks. If we start to talk about risk analysis, and ROI being one and the same discussions, then we may be able to help companies move forward and get to the right position.

Gardner: Clearly, this is not something that product alone can tackle, nor services alone either. So, it's certainly makes sense that Oracle and HP are teaming up with a solutions approach to this. What is the overall solution approach, is this 60 percent behavior, 40 percent product? Dan, give us a sense of how this gets solved, when it comes to products and/or services?

Rueckert: Dana, it's definitely people, process, and technology coming together. In some cases, it’s situational, as far as working with customers that have legacy systems, or more modern systems. That starts to dictate how much of that process, how much of that consulting they need, or how much technology?

When we talk about the HP-Oracle relationship, it’s about having that strong foundation as far as IAM, but also the ability to open up to the other areas that it's tied into, in this case enterprise architecture, the middleware pieces that we want for databases, and other applications that they have.

You start to put that thread with IAM, combined with an infrastructure and that opens this up as a whole, which is key. And, enablement, as far as depending on the size and complexity or localization or globalization, tends to play into those attributes, as far as people process and technology.

Gardner: And this also relates to the Secure Advantage Program, as well as the HP Adaptive Infrastructure, can you paint a picture for us as to how those relate? I guess we can go to Archie Reed on this.

Reed: The first thing would be to understand what Secure Advantage is. Fundamentally it’s an evolution of HP’s Security Strategy. One thing folks may not know is that HP has been in the security business for over 30 years across most industries and the geographies.

Secure Advantage is effectively the embodiment of all of HP security prowess or expertise, as services, products, and solutions, and as well as partners that we can offer organization to help them deal with security in business issues that we've been alluding to through this discussion.

The challenge that HP sees is that most folks worldwide may have developed a relationship with HP, perhaps for a server or a desktop businesses or a software and printing businesses. Many are unaware how wide and how deep HP's security expertise is, across the entire business spectrum.

HP has been developing this Secure Advantage Program over the last few years to essentially allow people to take a broader look at our security portfolio. I'll give you a specific example. I said we have been in the business for over 30 years now, and one thing that many folks aren't aware of is that HP has been engaged at the core of all the ATM networks around the world.

In fact, we’re directly involved in over 70 percent of ATM transactions. So, when you walk up to a bank, you put in your debit card or your credit card, you ask for $100 or 100 Euros, whatever it maybe anywhere around the world. Behind the scenes, HP technology, policies, and process have been worked on to ensure that the data is encrypted, that all of the banks and ATM network folks can talk to each other without necessarily knowing everything about them or who they are working with.

It’s secured through a set of processes. I am not going into the details obviously, but this is something that is an incredibly complex situation with a huge set of regulations on a worldwide basis about what can and can't be done, and what should be done. HP is right at the core of that, with encryption technology, with processes, with services and products that span the gamut. That is a really good example of where Secure Advantage comes into play.

We are engaged in the standards development behind the scenes. We have many patents and many processes that help these banks put together what they need to make it all work. That's the sort of expertise we bring, when we go talk to companies in situations where they need to implement tools such as identity management and access management tools. Does that make sense?

Gardner: Sure, it does. Mark Tice, tell us from Oracle's perspective, why is it important to have a complete solution approach to this? It seems like so many applications, so many different cracks, if you will, in the foundation. What’s the philosophy from Oracle in terms of getting a comprehensive control over identity and access management?

Tice: Well, one of the things that we really encourage, and this is where we get great alignment with the folks at HP.

One of the things that we really work hard to do is make sure that first off, before breaking ground on one of these projects, customers put in place a complete framework, or architecture for their security in identity management, so that they really have a complete design that addresses all of their needs. We then encourage them to take things on one piece at a time. We design for the big bang, but actually recommend implementing on a piece by piece basis.

Gardner: Let's get into a little more detail about how companies actually come to grips with this. You can't start solving the problem until you have a sense of what the problem is. How significant is this? How out of control are the access and identity solutions and safeguards in companies? Dan Rueckert, you want to take a step with that?

Rueckert: It depends, now that we start to think about each industry and those areas that have the regulations and compliance issues and standards of business. As Archie said, the financial services area is very sophisticated in a lot of things they do. Once again, it’s the speed of business and the changes from mergers and acquisitions that have started to occur.

When we get into more traditional business, maybe heavy process in certain aspects, you might see lesser controls. But now, as we start to get into access into certain areas of a process facility that tie together with the system, it starts to bring that together also. So, you have that different view.

Gardner: Let's look closely at the actual solutions. How do companies get started with this? Let's go to you, Archie. What are some of the first steps that you should take in order to gauge the problem and then start putting in the proper solution?

Reed: When we start thinking about security, one of the first things that people look at generally is some sort of risk analysis. As an example, HP has an analysis toolkit that we offer as a service to help folks decide what is critical to them. It takes all sorts of inputs, the regulations that are impacting your business, the internal drivers to ensure that your business not only is secured, but also moving in the right direction that you wanted to move.

Within this toolkit, called the Information Security Service Management (ISSM) reference model, is a set of tools where we can interview all of the participants, all of the stakeholders in that policy or process, and then look at the other inputs that are predefined, such as the regulations.

If you are in healthcare, you are looking at the Health Insurance Portability and Accountability Act (HIPAA). If you are dealing with credit cards, then you are looking at things such as the Payment Card Industry (PCI) standard, about how you have to handle the data, and whether you have to encrypt.

By having these things that are predefined, not only in terms of being more prescriptive for companies, which helps them a lot, but also being more accessible in terms of how quickly they can decide what's important, allows them to move on and decide in which order they’re going to implement their security strategy? They may already have pieces in place, and that's another part of the ISSM reference model that asks, “Where do you grade yourself on this, and where do you want to be?”

There is also in this gap analysis between what is and what should be or what is wanted. That allows the company to decide how they’re going to implement these sorts of things. That becomes a great way to then determine how to cost things out, and that's also an important factor for organizations.

Generally, beyond that, folks are looking at a triumvirate of focal points which shows this governance risk management and compliance (GRC), which essentially says, “Here are the drivers. What's the analysis that we are going to do, and what are the approaches we are going to take to deal with that?” And, they essentially align or deal with the contentions between business and security requirements.

Those sorts of things allow a company to get up to speed quickly and analyze where they’re at. You may have a security review every year, but a lot of companies need to do it more often in more isolated ways. Having the right tools come out of these sorts of things allows them to do ongoing assessments of where they’re at, as well.

Hopefully that's the bulk of the question, and we can go into a little bit more detail with Dan about how services help you do that.

Gardner: How about some examples? Do you have either companies we can talk about directly, or use-case descriptions, where you have gone in. What are some of the pay backs? What are some of the savings or risk-avoidance benefits?

Rueckert: Let me start. When you truly get at the basics and you have the right access at the right time, you start to look at whether you have someone waiting to have something done from a system perspective.

It takes time, it wastes time, and somebody not doing what they were hired to do as far as their general responsibilities. So, there are labor efficiencies that can be gained by having that type of access, and then you get into the number of incidents or request to a help desk to enable someone who says “I am having a problem, help me”.

You start to look at these labor efficiencies from just a pure IT perspective. If you don't have the things that you need to do your job, you then hit the bottom-line tremendously in the line of business in that value chain. So it can cascade out tremendously as far as that.

The other is access, as far as your partners in conducting business. If they don't have what they need from an external point, they can hold up payments or shipments that you might need. All different sorts of people rely on this. I need to validate, I need to know who you are, so then I can conduct my business as I need to.

Reed: Another way to look at this is, when you consider how companies today are not only trying to be more efficient, provide cost savings, analyze, and do more with less -- whichever way you want to phrase it -- there is also an approach that says, “Let's consolidate our datacenters. Let's bring everything together and minimize the amount of stuff on the network. Let's do whatever we can to try and resolve the sort of cost issues.”

Again, when you start to think about who can do what, who has access to what and how much can they do, regardless of how you do those consolidation efforts, you need to consider security.

So, I would also raise the HP Adaptive Infrastructure as an example of how we help customers deal with those challenges of reconciling between the two. Adaptive Infrastructure is essentially a portfolio that help customers at all their data centers, from the high-cost silos where everybody has their Internet on their own servers, and they all have their own hardware in place to low-cost pooled assets.

That allows an IT department to move to that service provider model that a lot are trying to get to, while meeting needs. We help customers evolve to the next-generation data center, 24/7, lights-out computing, blades in place, virtualization. You get that lower cost. You get the high quality of service, but you also cannot ignore the security as being a critical component to that.

I’ll give an example of some customers we’re helping with virtualization right now. Even in the virtualization space, where everybody is trying to get more from the same hardware, you cannot ignore things such as access control. When you bring up who has access to that core system, when you bring up who has access to the operating system within the virtual environment, all of those things need to be considered and maintained with the right business and access controls in place.

The only way to do that is by having the right IAM processes and tools that allow an organization to define who gets access to these things, because important processing is happening on the one box. You are no longer just securing the box physically. You're securing the various applications that are stacked on top of all of that.

Gardner: Of course if you get it right, it can be of great value as you move into other types of activities. Whether it’s taking advantage of application, modernization or virtualization, building out those next generation data centers, having your IAM act together so to speak, certainly there’s a strong foundation for doing these other activities better and with less cost and risk.

Tice: Dana, I’d like to jump in on that one. What we see when we first go into companies, when they don’t have this in place, is that most of their identity management work is done in silos. It's done in a department, or an app-by-app basis. The fact of the matter is that each department or each group has to make up their own security policies, implement them, and manage them. From a company perspective, it means that your security is only as good as your weakest department.

So, you've hit it dead on. Having the right policies in place, and then tools to manage and implement those, is critical. It means that you can act, instead of having to stop, think, and then act -- time, and time, and time again.

Gardner: Moving into the future road map, what we expect, it seems, is that not only is access management important for today’s infrastructure. As we continue to automate, ramp up rules and policies, and start using events-based inference and business intelligence, this also is a foundation for creating a more robust and increasingly automated approach to IT, as well as provisioning of services and application. This is particularly true, as we move into what we call cloud computing nowadays, where we are going to get applications and services from the variety of different sources.

So who wants to take the approach to the future, and have us build on that opportunity?

Rueckert: I’ll comment on just some of the things that are happening right now, and you haven’t talked about the mobility of employees.

We talked more traditionally about datacenters and maybe desktops, but now we have hand-held devices that are mobile in nature and contain a lot of power, and we need to make sure we validate that they can have access.

You can take simple examples of BlackBerry devices and other entities that now tie back into applications and key data that they need in the field, and can use wireless networks. It’s a tremendous benefit overall, as far as where we are going, and it’s why this is so important as we start to work towards the future.

Reed: I’d back that up by saying that, when we start to consider IAM, one thing we really haven't touched on, but sort of alluded to so far in the conversation, has been all of this process and other stuff that happens on the identity management side of house. The provisioning, the decisions, the policy management happens over the longer term. Access management is more of a defined policy and enforced in real-time. There is a lot of more to this overall aspect that relates to one of HP's core areas of expertise, management tools in general.

So, when we define the policies, when we decide what the procedures are for following that, we need good tools that allow you effectively to implement and write out what they are, and automate those policies and procedures, so that they are enforceable.

More importantly, over the longer term, changes occur. For example, in the last year alone, in 2008, there is an estimate of an extra 9,000 to 10,000 regulations that small to medium businesses must follow -- and that's not including what big businesses have to follow in terms of changes for the regulations they're already engaged in.

Now, consider the impact that has on being able to rewrite change, manage the policies across all of your business units, and consider what Mark was talking about in terms of businesses that have siloed security approaches. There is no guarantee, unless you have a comprehensive view over all of your systems, services, and business policies, that you can guarantee to the outside world that you are complaint.

Once we've got all this defined, we now need to monitor, and report at least internally, sometimes externally, that we are being complaint. This is another area where management tools and IAM in particular, allow you to say and prove that you have done what is required by the regulations.

Regulations are generally thought of as being driven by government bodies. If you deal internationally, that can mean a lot of different things in lot of different regions. But, regulations can also be internally driven.

They can be internal policies that you have decided as an organization need to be enforced, because you believe that if you want better customer service, you do things this way. Ultimately, it all comes down to making sure that the process is defined, is easily either automated or followed, and finally, and ultimately, reported on an adequate way -- whether it has been circumvented, incorrectly used, or, more generally, that the right thing was done.

Ultimately, it comes back to this discussion we had earlier, which is that GRC and things like IAM play a critical role in that. That's why we have chosen to go with the strategy that we have as HP, as part of Secure Advantage.

Working with folks like Oracle, who have some of the best tools out there in order to support certainly middle sized businesses, but also large organizations with huge, siloed security problems, different businesses, and different geographies. It’s a huge issue that companies need to resolve with tools, because there's no way to do it manually.

Gardner: Alright. Looking toward the next rev, if you will, of these tools, Mark Tice at Oracle, maybe you could outline what the plan for the future is for HP and Oracle working together and where the access management capabilities will come from? I surely don't expect their pre-announcements on products, but just a sense of where the technology is headed?

Tice: Sure. It runs down a couple of different threads. In your last question you touched on the cloud computing issue, and one of the things you will hear us talking about more and more in the future, is the emergence of identity management as a service.

That is, make it real easy for applications to leverage identity management services for access control, permissions, and such. Make it easy for them to access those. One, so that you can support a cloud environment seamlessly and easily. And two, you don't have to replicate a lot of security in identity management code in applications. You can have applications what do or they do best, which is support application logic and leave a lot of security infrastructure to tools like ours.

The second piece is in the area of quickly adapting to change. We see identity management right now as a 1.0 in a 2.0 piece, the very basics, like user provisioning, access control, single sign on, federation -- that is the ability to allow other entities from outside of your firewall and give seamless access for trusted sources.

We see this as kind of 1.0, the very basics that you put in place. Even in the 2.0 space, that's really where we see things like strong authentication -- that is making sure that people are who they say they are -- and tie this into real-time risk detection. So, if we are detecting fraud, we make sure that we challenge people to a fairly extreme degree, if we perceive there to be risk.

Also, in the area of real management, we see deriving a lot of access based on business function, as opposed to complex IT rules. As people move around in the organization, they do different things. As Dan pointed out, as they merge and such, access is controlled automatically, based on where people sit in the organization, and what they are working on, as opposed to IT rules. Those are a couple of the trends that we see on the technology side.

Reed: I just want to expand on those comments, as well as something that Dan mentioned earlier, which was the mobility aspect. If we’re truly looking at what's coming up, what companies need to deal with, and why this ability to be able to deal with change quickly and effectively is important, we have to look at the new employees that are coming into the market. We have to look at the new business situations or paradigms that organizations are dealing with.

The new employees are coming out of the universities these days. They've got all the Facebook and MySpace -- and all such things.

They’re also used to using their own kit. They're used to plopping down wherever they are, being able to work on what they want, using whatever equipment they want, and consider themselves masters of their own identity.

When they walk into a company, they would like nothing more than to be able to bring a hardware that they can use at home, can move around with, and still be able to access the resources they need to do the work that they have been asked to do.

We'd love for those to be HP bits of hardware, but the reality is, if you take a broader sense, you need to be able to deal with that situation. If you think about the companies and the way in which the things have been moving, that is to deal with more partners, they've got to deal with more outsourcing too, all of these situations where they are no longer in control of the identity of who is using their kit. They are responsible for it, but they may not be in control of it.

This is happening worldwide. The contractor market has been around for a long time, but is evolving in this respect. They expect to run their own equipment, but use your organizational resources to do their job. There are outsourced organizations that expect to get access to your blue prints to produce things for your company.

But you have all these regulatory issues that you have got to deal with, which require encryption, monitoring, and access controls to be in place. And again, these regulations are changing over and over. If we think more about the business sense than the technology sense, you've got to have available to the business users the tools that allow them to do those things in a secure manner, and allow them to adjust to the processes, as Mark was saying, in a rapid fashion, without compromising the security of the organization as a whole.

Gardner: So, in the future we'll have a number of different scenarios where the end point hardware might be any number of different options, only to extend that access and management to that individual, based on their role, their business process context, and so forth. Sounds like a very interesting time.

Reed: Absolutely. We've heard about the borders to the company not being anywhere, the castle metaphor thing -- being broken down. The network is no longer Secure in and of itself. There is no perimeter.

I fully expect that within the next five to ten years we will be carrying around all of our data and all of our essential knowledge on memory sticks or in the cloud, and that will be all it needs to sometimes get to work. There will be devices everywhere that we should be able to use -- be it a mobile phone, a mobile device, right through to a huge, honking desktop that just happens to be there.

Gardner: And IAM is really the key to unlocking that sort of a flexible future.

Reed: Yes. Fundamentally, IAM is about managing those relationships between who is coming into the network, who is getting access to things, why are they getting access, how, and when are they allowed to do that.

Gardner: And, when done right, there are many different benefits, not only risk reduction, but as we had been discussing, now we look into the future with a lot more flexibility in terms of how IT can be distributed and used.

Great. We have been talking about identity and access management, it's impact on security and risk, some of the new opportunities for using this in different scenarios, including cloud computing and distribution of a variety of devices, sometimes not even the organizations or the enterprises devices.

Helping us weed through some of these topics, we have been joined by Dan Rueckert, a worldwide practice director for security and risk management, at HP, C&I. Thank you, Dan.

Rueckert: Thank you, Dana.

Gardner: I have also been joined by Archie Reed, distinguished technologist in HP security office also in C&I. Thank you, Archie.

Reed: Thank you.

Gardner: And, Mark Tice, vice president of identity management at Oracle. Thank you, Mark.

Tice: Thanks, Dana, Archie, and Dan. Thanks for inviting me to attend.

Gardner: This is Dana Gardner, principal analyst at Interarbor Solutions. You have been listening to a sponsored BriefingsDirect podcast. Come back next time for more insights on IT strategies. Bye for now.

Listen to the podcast. Download the podcast. Find it on iTunes/iPod. Learn more. Sponsor: Hewlett-Packard.

For more information on HP and Oracle Identity and Access Management.

For more information on HP Secure Advantage.

For more information on HP Adaptive Infrastructure.

Transcript of a BriefingsDirect podcast the role of identity and access management in the changing enterprise. Copyright Interarbor Solutions, LLC, 2005-2008. All rights reserved.

Thursday, October 02, 2008

Interview: HP’s Paul Evans, Oracle’s Lance Knowlton on Application Modernization and IT Transformation

Transcript of BriefingsDirect podcast recorded at the Oracle OpenWorld Conference in San Francisco the week of Sept. 22, 2008.

Listen to the podcast. Download the podcast. Find it on iTunes/iPod. Learn more. Sponsor: Hewlett-Packard.

Dana Gardner: Hi, this is Dana Gardner, principal analyst at Interarbor Solutions, and you're listening to a special BriefingsDirect podcast recorded at the Oracle OpenWorld conference in San Francisco. We are here the week of Sept. 22, 2008. This HP Live! Podcast is sponsored by Hewlett-Packard (HP), and distributed through the BriefingsDirect Network.

We are here with representatives from both HP and Oracle to discuss how IT infrastructure, systems and software come together in a whole greater than the sum of the parts for many enterprises.

We are going to be discussing services-oriented architecture (SOA), application modernization, next generation data centers and how better results from computing deployments come from tighter integration and cooperation between the platform and software providers.

Joining us to discuss these issues we have Paul Evans, worldwide marketing lead for IT Transformation Solutions at HP. Welcome to the show, Paul.

Paul Evans: Thank you very much.

Gardner: Lance Knowlton, vice president for modernization at Oracle, also joins us. Welcome, Lance.

Lance Knowlton: Thanks for having me.

Gardner: You know here at OpenWorld we have 43,000 people from around the globe, bringing lots of thought leaders together, and it seems that the level of cooperation between HP and Oracle has never been stronger. I wonder if we could start with what's going on between these two large global vendors and how software support and systems come together. Let's go first to Paul. What's going on with this relationship between HP and Oracle?

Evans: Obviously, Oracle and HP have a historical relationship around systems and database. Everyone knows that Oracle is the leader in that space, and that's where the history has been, but as we move forward, the agendas of both HP and Oracle have focused more on the transformation and modernization of environments.

That is built around the desire to deploy new applications, modernize existing applications, or take a fundamental look at the underpinning infrastructure, the support applications.

For some that can be the infrastructure that is the database or the way the operating system just does what the operating system does. But, as we look into the future, the customers that we both have are looking at things like SOA to understand how they are going to architect the solutions going forward. They will incorporate the technologies from HP and Oracle.

Gardner: So this sounds more like a solutions relationship than a supplier relationship.

Evans: Our customers don't buy products. They want solutions to business issues, and that's a very glib term. The word "solution" can be overused by people in marketing, but that's what people want.

You walk into a car show room, and you want to buy a car. You don't want to buy an engine, a set of wheels, or a set of headlights. You are going there for solution for a particular need, whether it's a sports car, a family car, an SUV, or whatever it is you want. Similarly, between companies the size and scale of HP and Oracle, we have the ability to deliver those solutions, both between ourselves, and with the network of partners that we share.

Gardner: I suppose they want an Audi at the price of a Ford Focus. How do we get high performance but at reduced cost, or at least higher value?

Knowlton: Well, in the application modernization space we have seen a number of customers that are faced right now with proprietary legacy systems. These systems are costing them a lot of money, not only in dollars, but also in agility, and the lack of ability to be able to react to business conditions in that particular industry. So when we are modernizing legacy systems out of these proprietary platforms, we are helping to reduce their cost and increase agility, which is a much more beneficial approach than just simply leaving them on the proprietary platforms that they have had.

Gardner: Now this is more than simply modernizing the applications. They also want these applications to play well with the newer applications, be they packaged apps or green-field apps from either ISVs or the custom apps that the organizations are building internally. Help us understand how Oracle and HP work together, not only on the modernization, but more so on the SOA approach.

Knowlton: SOA is an approach where you take existing applications or new applications and create services on top of these applications. This is very important from the sense that you are abstracting these entry points into these systems and you no longer have the dependency of these systems in where they run today.

SOA is not only important in new application development, but also where we're leveraging legacy systems, and bringing these systems together. From this point you are no longer creating point-to-point relationships, but you are actually allowing a higher level of reuse, and many more participants can access these applications.

Gardner: Paul, if I'm in an organization modernizing apps and I am getting better integration on a services orientation, I'm not going to be just looking at my apps to transition and to transform. I'll probably be taking a hard look at the infrastructure as well. So we're talking about a multi-tiered approach here. The benefit being agility, but also lower total cost as we go to these more modern systems and platforms. What's the relationship between application modernization and the next generation data center – the end goal on the journey?

Evans: Well, all organizations are looking to modernize or transform. They all are. They're doing it in different ways, whether it's hardware, software, services, whatever it maybe. Everybody is modernizing something. Nobody is standing still.

The recent business environment we have seen over the last month or two has pointed out that business changes very quickly and people have to respond to that. IT has to also, as it will either lead or follow -- but it is intrinsically involved in that change process.

The customers that Lance and I work with come from different directions. Some come in from, "I have all aged applications that I need to transform. They're costing me a fortune. They are inflexible, and they don't respond to change. The skills of the people to support these applications are becoming limited, so we need to move now and do something."

We have other clients who come from the database environment. They're looking to provide a much stronger, more resilient database environment to look after their information, and provide a much-improved level of customer service. Or, they come in from an infrastructure point of view. "I'm running hardware. It's obsolete. It's aging. It's costing me a fortune. I want to change."

So there's no-one-size-fits-all. What we have done with the relationship between HP and Oracle is that we have studied some of these points, whether database historically, or whether it was two years ago when we started the application modernization initiative with Oracle.

We came at it from the top down, but what we are also looking at is a holistic view around what we call IT Transformation. That allows our clients to join the party from any doorway they want in terms of what they are looking for in a business benefit. That's the really exciting thing between us and Oracle, because you have two organizations with immense capability that bring that capability together to deliver these real-world cost solutions.

Gardner: We're hearing some pretty interesting news this week about deeper relationship between Oracle and HP. We're also seeing an additional partner, Intel, prominent here at the show. Tell me a little bit about the triumvirate, if you will, of Oracle, HP and Intel.

Evans: Well, the combination of what Oracle, HP and Intel can bring, is somewhat immeasurable in terms of the capabilities of three companies. Two years ago, we announced this thing called Application Modernization Initiative (AMI), which was from all three companies.

The intent here was to bring together the capabilities of the three companies and to de-risk the solutions that we could provide by doing the testing off-site in our own labs to make sure the effects what Oracle is producing, versus what HP produces, runs on what Intel produces. So you have three enormous companies with enormous capability taking the time to really ensure that the modernization solutions that we deliver to our customers actually do what they say on the box.

Gardner: Lance, what does that mean for modernization in Oracle's perspective?

Knowlton: When we talked to our customers, there are two key areas that they look at. They are having problems on their legacy. That's their applications and their data. From the applications perspective, these systems are often fragmented and siloed. They've been developed over the past 30 years, and they have been maintained so much that they no longer have the ability to keep pace with the business.

From the data perspective, often times the data is very siloed. It's very hard to leverage in future-state architecture. So for Oracle the interest that we have for HP and Intel with applications modernization is to be able to take this legacy data and legacy applications and bring them forward into a new architecture.

Oracle will often speak about SOA and Java relational databases, but it's not just enough to talk about new standards and new technologies. You have to have a process and a means of bringing those systems forward. That's what AMI brings to the party.

Gardner: In this IT transformation phase, there are different implications for different enterprises. It's happening not in an isolated fashion, but in the context of some other major trends. We have more virtualization. We have storage that has created these abstractions of data. We have the need for skills that is propelling people off of these older systems.

Tell me, Paul, about some of these trends that are underscoring and accelerating IT transformation, and what that means also for HP and Oracle.

Evans: When Lance and I worked in this thing called AMI two years ago, we had our sights firmly set on applications. What is also bubbling up, and I think technology by technology, is this whole concept around the next generation of data center, which a lot of our customers, joint customers, are looking at. Oracle, the world leader in databases, has a real interest in the data center market. From a high technology infrastructure market, we obviously are extremely interested in where people are going.

As we said earlier, there are different priorities. Some people are coming at this from a green IT issue. They want to lower their power in cooling. They want to reduce their floor space that the data center uses, or CO2 emissions.

Other people are coming at this from experimenting with newer technologies like virtualization. How can I improve the servers' utilization by actually using this virtualization technology? Other people come at it from a more straightforward way, which is, "Hey, I have an aging mainframe. I am not going to continue to pay the sort of prices that I have to do for that technology. Therefore, I am going to upgrade."

The next-generation data center is the underpinning to some degree of what we are seeing, whereas the reverse of that is what we see in the applications world. But what we are seeing is these two coming together, and I think that the real joy and benefit, as it were, and passion in this is what Oracle brings, and what HP brings. Then, of course, what we can now blend into that what HP will bring with the EDS acquisition, in terms of the skills and knowledge and industry credibility.

In terms of bringing solutions of a world-class nature, that will exploit the work that Lance and others and I have worked on over the last couple of years, but also those fundamental technologies, which of course are underpinned, by the Intel technology. So it all tends to sort of overlap and come together. As long as we can explain it to our customers in simple joined-up language, then I think we are going to have a lot of fun, and in a great position.

Gardner: How is the market reacting to this? It sounds like a fairly complex approach and, as I say, it's going to vary from enterprise to enterprise, perhaps from department to department. What's going on out there? How are people adjusting to this? Are they tentative; is there an accelerating adoption? What do you see as the trend in that regard?

Knowlton: We see a lot of pent-up demand in this particular area. Paul mentioned legacy skill sets. We have had a couple of our customers over the last month tell us that they are actually bringing back IT staff – these people were greater than 70 years old -- because they simply could no longer maintain their existing legacy applications. We hear this time and time again. There are systems that went down, and that have been maintained over such a long period of time, that they are not able to bring them back up again.

Gardner: At that age you ought to get your options to invest fairly quickly, don't you think?

Knowlton: Exactly, exactly.

Gardner: So in addition to having these skill-sets issues, we are starting to see not only pent-up demand worked at from the legacy perspective, but also we are starting to see people interested in modern architectures. Tell us, Paul, what are you seeing from HP's perspective on readiness -- how to move in a market?

Evans: As I said earlier, everybody wants to modernize. The problem is that people see it to be risky. So we have this situation where 10 percent of the customers that Lance and I go out and talk to are sort of on the move, want to modernize, are getting on with things. Eighty percent of those customers out there are watching the 10 percent to see will they stumble, will they fall, will they actually deliver improved agility, and will the cost be lower?

I think we have enough proof points now that those people are saying now is the time we have to do this. We can't keep holding back. It was like the age-old days where you were going to buy a brand new calculator or mobile phone. If you wait a week the price will go down. Well, yes, the price did go down. The problem is that for that week that you waited, you didn't have the benefit of the technology.

Customers have now gotten to that inflection point that [former Intel Chairman and CEO] Andy Grove used to talk about, which is the point that says, "We have got to move. Our competitors are moving. They are modernizing. They are delivering improved customer satisfaction and service."

Whether you are an airline or a car manufacturer, everybody is using technology to deliver richer customer experience. If you don't modernize, you have no ability to deliver that experience. That's what is driving the market, whether it's a change in applications, whether it's database, whether it's a move to SOA, or the underlying infrastructure. Here at Oracle, everyone is asking us, "What do I do, where do I start, what do I need to do?"

Gardner: Let's look at some examples. The proof of the pudding is in the eating, as they say. Lance, give us some examples perhaps of where 70-year-olds have had to be brought in, and what happens after the modernization and transformation activities?

Knowlton: There is an inherent cost of doing nothing, and, as Paul is alluding to, you can't just simply let these legacy systems stay out there, not treat them truly as an asset, and not have an ongoing plan on how to modernize them. What we have seen several times with our customers is, they have not have had that plan. They let these systems age. They become fragile over time, and now they have to figure out a strategy on how to move them forward. Often times, they feel like that this is a big-bang sort of risk.

Gardner: I know you can't always mention names, but you give me some examples of what's really happened in the field?

Knowlton: We have had one of our customers in the manufacturing area that had a system outage that was planned. They expected the system outage to be just a couple of hours. Unfortunately, they found that they couldn't bring the systems back up. This was a very critical process to the manufacturing, and after seven days they finally got the system back up. So, it was a mission-critical system, and because they didn't understand it, and because they had not modernized that system, they are exposing themselves to a tremendous amount of risk.

Gardner: So they are fairly brittle at this point?

Knowlton: Very brittle.

Gardner: Any additional examples from the HP side, Paul?

Evans: There is always one thing that Lance and I understand every day of the week. Legacy systems still, in general, run the largest organizations, whether that's in a public sector or a private sector worldwide. That's something we have to understand.

Legacy doesn't mean they are old and unused. It means they are old, but actually critical to the operation in any organization. The point is that we have to appreciate that, but in moving people from the legacy world, we are, as it were, playing with, experimenting with, and having to work with the systems that are absolutely fundamental to that company's success or failure.

That's why we have done so much in de-risking the solution, because what we have to demonstrate to these customers is that by moving from the legacy environment to a modernized environment, they are going to get improvement. They are not just going to spend a ton of money with Oracle and HP, and we are going to walk away and leave them. We are not going to do that. What we have got to ensure is that whatever they're using today we can improve on, and give them a fundamental change in the cost structure, but also a fundamental uplift in the agility.

From the example standpoint, one of our clients is an airline. These days, all of us expect to just sit at our PC, wherever it might be, and be able to choose any option we want in terms of what we are going eat on the plane, where we are going to sit, who we are going to sit next to, and are not going to sit next to, and all the rest of it.

One airline we have been working with has not been able to offer some of that capability. They have traditionally run batch mode, in which they get all the bookings in from the travel agents during the day, process them overnight, and the following day everyone knows what flight they are on.

By not being able to offer that real time capability, they have seen sales drop, because people are just not prepared to say that somebody else is going to allocate my seat when I get the airport. I want to sit. I want to print my boarding card. So, that airline is suffering real problems in terms of not being able to do that. Now, they are in that position of being on the back foot, and they have to work twice as hard to regain the position they had in the first place.

Gardner: And, that's not a band-aid solution. That's a fundamental transformation that will bring them into that real-time capability.

Evans: Well, I think the challenge is that they've spent years and years and years bringing up a loyal customer base. It's the old adage. It takes $10 to get somebody into a store, but it only takes $1 to keep them in the store. The point being, if you build up a loyal customer base, as long as you can keep delivering and pleasing them with the customer experience, they will remain loyal customers. The problem is, as soon as you trip, they can be somewhere else.

Gardner: Sure. Expectations are increasingly getting toward that real-time gratification.

Evans: Absolutely.

Gardner: Especially among the younger folks.

Evans: It's the "I want it now, and if I can't get it now, I will go and find somebody else that will give it to me now."

Gardner: We were here talking about of IT transformation, legacy systems, and modernization of applications at Oracle OpenWorld. We have been focusing also on how the services and value of Hewlett-Packard and Oracle come together on that front.

We have been joined by Paul Evans, worldwide marketing lead for IT Transformation Solutions at HP, and also Lance Knowlton, vice president for Modernization at Oracle.

Our conversation today comes to you through a sponsored HP Live! Podcast from the Oracle OpenWorld conference in San Francisco. Look for other podcasts from this live event series at, as well as via the BriefingsDirect Network. I’d like to thank our producers on today's show Fred Bals and Kate Whalen, and of course, our panelists.

This is Dana Gardner, principal analyst at Interarbor Solutions. Thanks for listening, and come back next time for more in-depth podcasts, on enterprise IT topics and solutions. Bye for now.

Listen to the podcast. Download the podcast. Find it on iTunes/iPod. Learn more. Sponsor: Hewlett-Packard.

Transcript of BriefingsDirect podcast recorded at the Oracle OpenWorld Conference in San Francisco. Copyright Interarbor Solutions, LLC, 2005-2008. All rights reserved.

Interview: HP's John Santaferraro on Latest BI Modernization and Data Warehousing Strategies

Transcript of BriefingsDirect podcast recorded at the Oracle OpenWorld Conference in San Francisco the week of Sept. 22, 2008.

Listen to the podcast. Download the podcast. Find it on iTunes/iPod. Learn more. Sponsor: Hewlett-Packard.

Dana Gardner: Hi, this is Dana Gardner, principal analyst at Interarbor Solutions, and you're listening to a special BriefingsDirect podcast recorded at the Oracle OpenWorld conference in San Francisco. We are here the week of Sept. 22, 2008. This HP Live! Podcast is sponsored by Hewlett-Packard (HP) and distributed through the BriefingsDirect Network.

We welcome John Santaferraro, director of marketing for HP’s Business Intelligence (BI) portfolio. We're going to be talking about the intersection of BI in the context of not just business value and outcomes, but in the context of Oracle, a major data applications middleware and BI provider, and HP as prominent systems provider, as well as a prominent BI services provider.

We're going to try to figure out how this plays together. Then, we'll look toward the future of BI in the context of some major trends, such as service-oriented architecture (SOA), master data management (MDM), and bringing more automation to the delivery of intelligence from systems and data to those users who need it at the front lines of business. So I want to welcome John Santaferraro to the show.

John Santaferraro: Glad to be here, Dana. Thanks.

Gardner: First, let's set the stage and get a level-set about the Oracle-HP relationship vis-à-vis BI, because we're here at Oracle OpenWorld. Oracle is in the software side of things predominantly. You’ve got both systems and services. Perhaps you could paint a picture of how this fits together.

Santaferraro: It’s been a great and long relationship that we've had with Oracle since they were first building and releasing a database. We had folks in our labs that understood this idea of databases and data warehousing, and they were actually building and architecting our systems in a special way with things like massive I/O, massive memory to address -- the kinds of things you need in a data warehouse and query environment.

Back in those days, we were actually building our systems to handle data warehouse workloads, when everybody else was still focused only on the regular online transaction processing (OLTP) kinds of transactions in the enterprise resource planning (ERP) systems.

Because of that natural connection that we had with what was going in our labs, and what Oracle was doing, we have from the very start built a tight relationship with them from an engineering perspective and a good market perspective. Oracle is very clearly a leader in data warehousing and BI, and we augment that with the systems that we have developed to run in an optimized way with Oracle, as well as some other services that we bring to bear.

We recently bought a company called Knightsbridge, which was known as the go-to company for anybody who was doing data warehousing or BI and who ran into problems that nobody else could solve. Everybody knew that if you went to Knightsbridge, there were people there who could solve those problems. So it’s great to have them at the center of our global BI services organization. This company has taken their methodology and their expertise and has transferred it to folks around the world.

The other great thing about the acquisition of Knightsbridge is that they have real deep expertise in their various vertical markets -- health and life sciences, communications, financial services, retail manufacturing. Because of that, the Oracle-HP relationship is strengthening.

We are more than a systems provider and more than a services provider. We are delivering real solutions to our customers. We can come alongside of anybody, talk to them at the level of the business, and be able to build data warehousing and BI solutions that are mapped to the business, not just technology.

Gardner: I just got back from listening to Thomas Kurian at Oracle describe their full portfolio, and they’ve really put together quite a full lifecycle approach around the gathering, cleansing, and organizing of data, integrating it from disparate sources, managing the scale of huge loads, making this closer to a real-time value. They're also exporting middleware for application integration, creating the BI analytics, and then delivering that back out to those business applications.

It’s quite an impressive portfolio. They've been putting it together for quite some time, and they’re also quite proud of the metrics around the performance, and getting closer to that real-time nirvana. Tell us a little bit about how what Oracle has done from the lifecycle perspective and what you think are important aspects of the services’ side of making organizations readily able to let exploit those technologies.

Santaferraro: What you described is very much a product lifecycle in the data warehouse and BI space. Along with that, you can go in two directions. Along with the product lifecycle, there is actually a system lifecycle as well. Anytime anybody says to me that they can make data warehousing simple, I react, because the truth is that it’s very complex.

The processes you just described are extremely difficult for any company to work with and navigate through. Add to that the whole infrastructure piece of it. The more you move towards “operationalizing” BI, suddenly the more important the infrastructure becomes.

A lot of time we get calls from customers who are trying to deploy data warehousing solutions. They'll be in test and development and are supposed to perform, and they've got users out there who are expecting to click on a button and get all of the information back within a matter of seconds, and they can’t figure out how to make it work.

So they call the HP storage folks and they say, "Hey, we’ve got a storage problem. What’s going on here?" And, the storage folks say, "Well, wait a minute, it's not storage. That sounds like the database." So, they call Oracle, and Oracle says, “Well, that’s not us. It’s not the database. It must be a server problem.” So the customer has to go back to the server guy. We have people that will lose weeks of time in deploying their systems, because the entire lifecycle is extremely complex.

What we really do is look at how can we come alongside of Oracle in our labs and figure out how to build those systems with Oracle, pre-installed, pre-configured, and pre-tested, so that what the customer is getting is ready to go out of the box. It takes the guesswork out of all of this implementation and development that they’ve got to do.

I had one customer who lost a week in production, lost a week in test and dev, went into production and made the same exact little thing. They forgot to turn on a synchronous I/O on their storage system. It’s just a basic little problem, but it cost them another week in production time before they were up and running.

So, we’ve got solutions like HP BladeSystem for Oracle Optimized Warehouse. We have about 50 reference configurations that help take the guesswork out of deploying these.

Gardner: This is really more than just one hand washing the other. This is three hands washing each other. We have the systems integration and specialized software, which is created through products, integration, and technology innovation, and then the opportunity for that third hand of services to come in with methodologies and best practices, for preventing those gotchas.

Santaferraro: Exactly. And then, on the services’ side, here are people who have walked this path before. They’ve done it before. My recommendation to companies who are out there trying to do BI and data warehousing and are hitting difficulties is, “Why not go find somebody who has done it before?”

You really don’t have to do it alone. There are people out there who have walked this path. They’ve done it. They know the gotchas. They have accelerators. They have ways of making it all come together faster. And all of that translates into more business value. If I don’t have to spend as much time in deployment, as much time in all of the testing and trying to figure out what is wrong, then I can be investing my time and my effort in developing real business innovation and real business value.

Gardner: And, of course, in the field there are many different companies that are at different places on the path toward some of these goals. For those that are deeply into BI and recognize the value of getting this lifecycle, elevating the data, getting that good quality data out, and then be able to work with it, what’s the next step?

I’m hearing some buzzwords nowadays about operational BI and even BI modernization. Tell me little bit about what these mean, and are these in fact the next chapters in where companies will be taking this capability?

Santaferraro: Yes, these are definitely the next chapters, and you're seeing right now probably about five percent of companies out there -- the ones who are on the leading or bleeding edge -- already doing Operational BI and BI Modernization.

Operational BI has to do with this idea that I have all of this data in a single place, it’s accessible, and it’s fairly well cleaned. I don’t think anybody has perfectly clean data -- that doesn’t exit -- but once it’s there, what do I do with it?

We're finding that customers want to do two things. One, they want to get that information to everyone across the organization, as well as customers and partners, and they want it to be actionable. So how do I get actionable information in the hands of everyone across my organization who needs it?

The second thing I see is people wanting to do with operational BI is actually take the analytics that are driving their systems, and embed them in the business processes or in the business applications. When a loan comes in to be underwritten, you want to have the right rules that don't put you in a position as a bank where you end up with a bunch of loans that you can't sell in the secondary market, or going into default. Everybody is aware of that problem, right?

How do you take the analytics and discovery that you’ve made and put it right in the applications, so the decision is automatically made by the application or so somebody has it right there. As they are using the business application, they have the information to make the decision right there at their disposal.

Gardner: And is that what you call operational BI?

Santaferraro: Yes.

Gardner: Now, this also raises in my mind a question about the capabilities that a services oriented architecture (SOA) offers -- governance, bringing services like BI as a service into play with applications, but at the right point in time. So it's exercising governance policy; learning from your mistakes, and building on them. How does what you’re describing as operational BI and SOA fit together?

Santaferraro: It’s a great question, because when I hear people talking about SOA, I primarily hear them talking about business services. How do I take these mammoth applications that I’ve built, reduce them into reusable business services, and be able to use them effectively across the organization, instead of replicating them all over. The real opportunity comes when you have these business services in operation and you begin to bring in information services as well. Take customer profitability, for example. That's not really a business service. It’s an information service.

A lot of analysis has to go into the mix for companies to figure out or answer the question, "Who are my most profitable customers?" If you can figure that out, and give every customer a rating, then that information service again becomes a service within a SOA that you can actually use and distribute in a very useful way all across the organization. You can send it to the call center, send it to the sales force, send it to the Web, and send it to the ATM transactions that are happening. So there's a whole opportunity of information services as a part of SOA that haven't even begun to be tapped.

Gardner: It’s sort of the intelligent implementation of BI as a service?

Santaferraro: Absolutely.

Gardner: How does that differ from BI modernization?

Santaferraro: Modernization is built around this whole concept that folks started doing data warehousing 15 to 20 years ago. It’s a fairly old technology; yet it’s still very useful. It’s still something that companies need to do, but a lot of new technology has come in and new kinds of data. We are discovering that data warehousing had great value. It has all the information in a single place. It made information accessible. You could now do analysis.

Gardner: But it was largely structured data.

Santaferraro: Exactly. Now we have other kinds of data coming. What about email? What about document management systems, and all the documents that are being digitized? What about new types of data like RFID? What about GPS data? There are all these new types of data, and we're discovering now that the data warehouse bubbled up.

It's a great value for BI, but not everything has to go into the data warehouse. In fact, we’ve discovered with a lot of our customers that as soon as the data warehouse gets to a terabyte, about 70 percent of the data in that data warehouse never even gets touched or used.

So companies are spending enormous amounts of money to build these massive data warehouses, and a lot of that is not being used. Modernization is about figuring out what data needs to go into the data warehouse and what needs to be delivered through the enterprise service bus (ESB). Are there certain things where you can just embed analytics out at the application layer and do the analytics out there? Are there other types of data that should be just cataloged at the user level?

Gardner: Metadata, for example?

Santaferraro: Yes, and metadata becomes the rich side of definitions around that content, that actually brings it all together for the sake of the user.

Gardner: Regardless of where it resides?

Santaferraro: Exactly, and that becomes active metadata by the way. It’s no longer just this metadata that sits below for the data folks to understand what’s there. It’s active metadata that the users are using to understand the information that they're looking at.

Gardner: I suppose that, over time, that’s going to also include events?

Santaferraro: Absolutely, events and then tie right into the new complex event processing (CEP) systems. One of the opportunities that I’ve not seen tapped into by any software companies is this whole new world of information delivery.

So, if you’re operationalizing BI, if you’ve got a modernized BI infrastructure with data provisioning in place, and it’s not just the data warehouse -- you’re basically trying to get it out to all these users across the enterprise and embed it in business processes. There needs to be the design of a brand new information-delivery system that actually can handle all of these kinds of data to the desktop, to the application, to the hand-held device, or wherever it happens.

Gardner: Without belaboring this point, what sort of technologies are you looking at? Is this syndication, publish-and-subscribe, terminal services? What do you use to get that out there?

Santaferraro: I would say, yes. Because, as I said, I haven’t seen anybody that’s done it yet.

Gardner: Good, a big opportunity there. Okay. We've talked about this modernization of BI. This is happening in the context of other trends, of course, for virtualizing our data centers, and a lot has been done to virtualize storage and data over time.

We're going to be bringing in more kinds of content. We might even be getting content and services off of clouds, other people's public services or perhaps a cooperative private federation among business partners, all of which has to be managed and accurately projected back into the application services and processes that people use. It sounds very interesting, and is a much easier sale to the C-class, the corner office in the organization, because this really helps them in the way they do business.

What can companies do in terms of exploiting these technologies, getting those business outcomes, and, I suppose most importantly, how do they get started? As you say, this is not trivial. It’s complex and needs to be done properly.

Santaferraro: Most companies are started right now in BI and data warehousing. What I hear a lot of customers say is that they either are not getting the value out the investment they are putting into it, or they don’t know if they are. So I think it really makes sense to kind of pause where you're at and bring in some experts to do an assessment.

We do a lot of work with customers. We look at the vision, the strategy, and the planning behind data warehousing and BI, and because of our depth of experience, we can come alongside our customers and help them figure out what’s working and what’s not to put value on where to really invest moving forward, and help drive that forward in an intelligent way. Why not do BI with some intelligence behind it?

That’s one thing. The second thing is that with operational BI on the horizon, we’ve got a lot of folks within our organization who understand the potential of what could be done with BI in a bank? What if you could have customer profitability, customer segmentation services, and offer optimization at every point of sale? So, for the teller, for the ATM service, for the call center, wherever somebody is interacting with a bank, all of that information is right there with them.

What we find is that people have been so caught in the world of reporting and just basic analytics and online analytical processing that takes place in the back room. We think that it also makes sense to move to this next level. Bring in some folks who understand operational BI and let’s dream together and figure out if you could actually have these capabilities, what could you do with your company? How could you transform your relationship with your customers and your suppliers?

It's basic vision strategy and planning, too. Let’s get together and dream about operational BI, and figure out what your company could become? We actually believe that in the next five to seven years that there is going to be a major restructuring of leaders in every single industry. The ones who come out on top are going to be those companies that figure out how to use BI to transform themselves into competitive leaders.

We want to be there with our customers to make that happen for them.

Gardner: And this is not just for them to actually find new markets, but to uncover risks that they wouldn’t have been able to uncover until it was too late. And we’ve seen examples of that -- and perhaps to focus on what the right businesses are to be in and not to be in? So it’s not just how to make things better, it’s also risk mitigation on what to avoid?

Santaferraro: Absolutely.

Gardner: Very good. We’ve been talking about BI and some of the next chapters in BI, particularly in a context of a longstanding partnership between Oracle and HP. We’ve been joined by John Santaferraro, director of marketing for HP’s BI portfolio. Thanks very much, John.

Santaferraro: Thanks a lot, Dana.

Gardner: Our conversation comes to you today through a sponsored HP Live! Podcast from the Oracle OpenWorld conference in San Francisco. Look for other podcasts from this HP Live! event series at, as well as via the BriefingsDirect Network.

I'd like to thank our producers on today's show, Fred Bals and Kate Whalen. I'm Dana Gardner, principal analyst at Interarbor Solutions. Thanks for listening, and come back next time for more in-depth podcasts on enterprise IT topics and solutions. Bye for now.

Listen to the podcast. Download the podcast. Find it on iTunes/iPod. Learn more. Sponsor: Hewlett-Packard.

Transcript of BriefingsDirect podcast recorded at the Oracle OpenWorld Conference in San Francisco. Copyright Interarbor Solutions, LLC, 2005-2008. All rights reserved.

Tuesday, September 30, 2008

Oracle and HP Explain History, Role and Future for New Exadata Server and Database Machine

Transcript of BriefingsDirect podcast recorded at the Oracle OpenWorld Conference in San Francisco the week of Sept. 22, 2008.

Listen to the podcast. Download the podcast. Find it on iTunes/iPod. Learn more. Sponsor: Hewlett-Packard.

Dana Gardner: Hi, this is Dana Gardner, principal analyst at Interarbor Solutions, and you're listening to a special BriefingsDirect Podcast recorded at the Oracle OpenWorld Conference in San Francisco. We are here the week of Sept. 22, 2008. This HP Live! Podcast is sponsored by Hewlett-Packard, and distributed through the BriefingsDirect Network.

Today we are going to discuss a large and an impactful product announcement at Oracle OpenWorld that took place on Sept. 24. It was the introduction of appliances in a cooperative relationship between HP and Oracle to create some of the most high performing databases and date warehouses in history. We are going to talking about the Oracle Exadata Storage Server and -- when put together in a very impressive configuration -- what becomes the HP Oracle Database Machine.

Here to help us understand how these impressive server configurations and high-speed, extreme-performance databases came together, we are joined by Rich Palmer, the director of technology and strategy for industry standard servers at HP. We are also joined by Willie Hardie, vice president of Oracle database product marketing. Welcome to the show, Willie.

Willie Hardie: Good to be here, Dana.

Gardner: Tell me a little bit about this very momentous announcement. This has been several years in the making, but it’s not just a product announcement. It seems like an architectural shift, and also an alliance and partnership shift in terms of the cooperation between a hardware provider, in this case HP, and Oracle, until now purely a software company.

Hardie: That’s an excellent question. So what we actually announced this week is the Oracle Exadata Storage Server. Now, the Oracle Exadata Storage Server is an intelligent storage device. We’ve basically taken industry standard hardware and storage components from HP, and we’ve combined that with smart intelligence software from Oracle that allows us to offload query processing from the database servers to the storage servers.

So now they can do a lot of the work for us, to allow the stripping off of the rows and columns that we require, and push last data backups through much wider networks.

Gardner: For those of us who are not computer scientists, but are nonetheless interested in the outcomes, architecturally we are putting the intelligence that we usually have in a database server in very close proximity to the data storage itself, connecting that through a very fat pipe in the form of InfiniBand. And, in essence, parallel processing comes to bear, because of the proximity. Is that correct?

Hardie: Absolutely. So what we are able to do for the first time ever is we can use these storage devices to actually do the query processing itself. So the more that the storage server processes and we compute into our configuration, the more of the workload they can take off, which traditionally is done at the database server.

Gardner: Let’s go to Rich Palmer at HP. Tell us a little bit about the history. How did this come about, and what is it that HP has been doing to improve upon the performance of this long-term database lineage?

Rich Palmer: If you look at HP and Oracle as partners in this industry, we have a long-standing history together. We have several reference configurations, more than 50 reference configurations that we do with industry standard hardware and Oracle solutions, which we’ve been delivering for many years now.

Going back all the way to the introduction of Oracle Real Application Clusters (RAC), and even before RAC introductions, the history of the two companies really stems from two leadership positions. HP does more servers on Oracle than any other company. Oracle does more data warehouses than any other company. You bring those two forces together, and you get a very strong formidable entry into this data warehouse appliance market.

Where HP and Oracle really started this discussion stems back a couple of years, and it really became a trend in the market of bringing data and server processing power closer together; that trend has escalated over the last couple of years -- especially as so much data has been growing at exponential rates, every single year. What we found is that, you cannot push so much data over a traditional storage fabric. This new technology allows us to do that.

Gardner: And we are talking about very large data sets, of terabytes and larger, right?

Palmer: Enormous Data sets. Let me give you an example, and I think we are all very familiar with this example. We all use cell phones in today’s industry. Every one of those cell phone calls is a database record somewhere, be it on AT&T’s database or T-Mobile’s database or whomever's database -- they store that data. Now, when they are storing that data, sometimes they are going to want to move it. If you have a narrow pipe to push that data down, and you’re bringing back enormous amounts of data that is erroneous, and you don’t need the other data; all you need is just for what you’re looking for in the query.

So this process allows us to push just the query information across that pipe. Less data over the pipe, a wider pipe, and your performance goes up dramatically.

Gardner: Okay, so let’s unpack this a little bit. We’ve established that the marketplace is demanding better performance, particularly in the use of large data sets, 1 terabyte and larger up to 10 terabytes, and size often. That requires the movement of very large sets of data, and the inhibitor here was the storage’s physical capacity, and ability to deliver the data.

So you’ve re-architected, and we brought together two companies to work together. This brings the question: Why hasn’t the hardware and software duality gotten closer before this? Why now?

Palmer: In this market, it’s constantly evolving to a state where you have to bring software tools to the table, and you have to bring high-performance hardware to the table. The evolution of both of those have hit at the perfect time in the last year.

Oracle has been developing the software code for several years now, and HP has been working on the hardware side of this equation to bring together the two forces at this time. We are using industry standard technology, so it’s not something that we are the only hardware guys out there with InfiniBand, and InfiniBand is an evolving technology. But the performance of InfiniBand is at a point now where we can actually leverage it using Oracle software to offload the storage processing from the database server. Those are the two key components -- it’s not just the hardware, and it’s not just the software. You have to marry these two things together.

So why hasn’t it been done in the past? Well, it has to some degree, there are others who had tried to do this, but they haven’t done both. They haven’t been able to achieve both facets, and that’s really why this is the right product at the right time.

Gardner: Okay, Willie, let’s get into the actual product itself. Explain to me what the Oracle Exadata Storage Server actually is? What are we talking about?

Hardie: You see that the Oracle Exadata Storage Server is basically comprised of an industry standard HP DL180 Storage Server. So inside this storage server we have 12 3.5-inch disks to be 12 SATA drives. We have two Intel quad-core processors. We have 8 gigabytes of memory; we have two InfiniBand network connections, and dual power supplies.

So in this storage server we have a lot of storage capacity, we have a lot of processing power, and we have a lot of network bandwidth. Then the real secret sauce here is this intelligence software from Oracle that’s installed into each and every one of those devices. It’s this intelligent software that enables us to offload this query processing, which makes the Oracle Exadata Storage Server really unique.

Gardner: Okay, let's dumb this down a little bit in simplistic terms. Instead of large data sets moving from storage to the database and back, what happens differently now?

Hardie: What happens differently now is, because we are offloading the query processing at the storage server, the storage server can strip out the columns that we don’t need, strips out the rows we don’t need, returns a subset of data back up through this wide InfiniBand network. That’s what makes the difference. We are treating a much smaller data set that we pass up through this network, and the database server can just finish off that query processing much faster than it ever could previously.

Palmer: One of the other values that we achieve here is certainly in the data passing back and forth, or less data over a wider pipe. So you’re going to get exponentially better performance. Now at the storage servers you’ve taken the processing power of doing the query right at the disks, and in every one of these storage servers you have eight cores, these are Intel quad core processors, two of them in each servers, and so you have eight cores on the input/output (I/O) path directly to the disk.

So there is no external I/O going to your disks. Traditionally you’ve had to go outside of the server, go to the disk that is across the fabric -- and everyone else is sharing that fabric.

So you have many people sharing a fabric, versus now you have a dedicated fabric inside of the server. So it’s a copper-to-copper connection inside the server. Those disks are right on top of the processor. That is really the essence of it -- you can pull the data off of this rapidly because it’s all so much faster. As Willie indicated, you can strip out all the unnecessary data and pass a much smaller data set over a much wider pipe, back to your database servers. There are so many levels of performance improvement here.

Gardner: And to your point on the secret sauce -- you are also taking advantage of all those cores via multiple threads, and the software has been a deeply tuned to take advantage of those multiple threads in a concurrent fashion.

Hardie: Oh, absolutely, and Rich touched on that as well.

Palmer: When we add more Exadata Storage Servers into our configuration we can take advantage, not just that additional storage capacity, but we can now take advantage of that additional processing capability -- to own that storage layer, which is a big, big difference.

Gardner: And at the announcement here, Oracle Chairman and CEO Larry Ellison described use cases where improvement typically was 10x to up to 72x over what has been the industry benchmark.

Hardie: Absolutely, when you actually cut away the technology and look at this from a business perspective, what it means for me as a business user -- it means that when you’re accessing those data warehouses that Rich was talking about earlier -- like a call data record -- data warehouse have billions of rules additionally. What this means, when you’re accessing those, your queries are going to run much, much faster than they ever did previously. Not only will they run faster, you can have much more queries and more long-running queries concurrently. That’s what is going to be making the big difference.

So when we hear of customers talking about getting 20x performance, improving 30x performance in one particular instance; in one particular query, 72x performance -- that is extreme performance improvements, in anybody’s measurement.

Gardner: Okay, so we have this engine, this Oracle Exadata Storage Server. We also a new announcement, the HP Oracle Database Machine. Tell me how one relates to the other.

Palmer: The HP Oracle Database Machine is a single rack that contains everything you need to run a large data warehouse. It contains eight ProLiant servers running Oracle Database 11g and RAC. It has four InfiniBand network switches and it has 14 of these Oracle Exadata Storage Servers that we talked about earlier. So in a single unit you have everything you need, ready to load up your data and start running your business queries right away.

Gardner: Tell us a little bit, Rich, about this 42-slot rack configuration and why it’s right for the market now?

Palmer: Well, so if you look at the market in data warehousing, the appliance type of delivery is a much simpler deployment of hardware and software configurations. That is emerging as a high-growth area in data warehousing. So with this market trend that’s going on between HP and Oracle, we’ve been able to come together and put everything in customers’ needs in one box. We put it at the customer’s site, and that’s on a global basis.

If you look at HP, one of the strengths that HP brings to this relationship is our ability to distribute and deliver globally. We build all of these database servers or database machines in regions around the globe. They are not just built here in the United States; they are built in United States, they are built in Singapore, they are built in Scotland, and then they are delivered to those regions on a worldwide basis.

So this ability of HP to build the product from the ground up to an exact specification, deliver to the customer, install at to customer's site, and then have Oracle come in and tune the software to make sure it's optimally configured -- that is a no-lose environment. We have the ability here to deliver an appliance-like stack of hardware, put the right software set on that hardware, and target a customer's need for simplicity, high performance, and data reliability -- all in one box.

Gardner: Okay, we've described the marketplace need, the size of data pushing the envelope. Now we are re-architecting to adjust to that. We've described the subset, which is the Exadata Server, and then the configuration, which is the racked Machine. Now, what kind of organizations are going to be interested in having the forklift upgrade to this, bring it right in, drop it in, pre-configured, optimized, and what are they going to do with it? Is this for business intelligence (BI), is this for simply managing scale? What are the speeds that this now provides going to do for companies to improve, or to change, how they do business?

Hardie: The organizations that are going to be interested in Oracle Exadata Storage Server and the HP Oracle Database Machine are those primarily interested in large data warehouses. And by large data warehouses we're talking into the (terabytes and petabytes) and beyond. Now if you look at the organizations that are typically dependent on very large data warehouses, it's organizations that Rich mentioned earlier, the telcos could be an obvious one, call data records, retail organization, very much dependent on analyzing point of sales (POS) transactions. You look at other organizations like trading systems, massive amount of transactions flow through these systems on a daily basis.

Gardner: Especially these days.

Hardie: Absolutely. It is really important to understand what's going on with these transactions, and to make informed business decisions. The beauty of this is you have completely scalable infrastructure from a storage point of view. But more importantly, you've got completely scalable infrastructure from a query performance point of view. As you store more call data records into these systems, more POS transactions, more stock transactions into these systems, you're not going to deteriorate your query performance at all. The more hardware, the more storage servers you put into these systems, the better your performance is going to be.

Gardner: Now that I have this capability to bang on this thing, so to speak, in more ways without the degrading performance, in what ways do you expect these companies to actually "bang" on this? Is this going to provide new and higher level of business intelligence querying? Is this going to provide higher-order analytics? Are there going to more business applications that can derive near real-time data and analytics from this? All of the above? What's the qualitative payback?

Hardie: There is definitely an element of "all of the above." Let me give you some of the examples of some of the queries that customers have actually been experiencing using the Oracle Exadata Storage Server. This probably fits into the context pretty well. You have organizations out there, retail organizations, telcos, for example. You know, some of the queries they are running are literally running for over half an hour. In some cases it is hours.

Moving to this new architecture is bringing down these execution times. One particular example, a query that was running for over 30 minutes is now running in under 30 seconds. It's that scale of improvement. Now when you can set your terminal, your laptop, or your mobile device and then kick off a query and get an answer within seconds -- then you're going to do more of these. If you know that when you kick off a query it is going to take 30 seconds to return it, you're going to pick more times when you choose to kick that off. You don't have to worry timing that anymore. You can just ask queries when you like, and expect to get a quick answer.

Palmer: Willie, I think you are absolutely right. The ability to capture business information has accelerated so much because of this technology. There are customers that cannot access data records beyond a certain time period simply because of the massive size of those data records, or because of how long a query would take to access a historical group of data. That all goes away now.

Now you have the ability. Historically you might have been able to look at the last week's worth of retail records, or medical records. Now you have the ability to go and look at years and years of data in the same timeframe that you were looking at weeks of data, and query a much bigger dataset, because of this architecture. That's a big business value, because now I can trend my business in a much more effective way. I'm putting more productivity tools in the hands of the user, so that they can actually turn data queries and business intelligence back into a fundamental element of growing their business and being more competitive in their markets.

Gardner: I imagine this will also compel companies to put even more data and information into these warehouses, because they are not going to degrade the performance of these essential queries. They are also going to able to do more types of queries. And, again, we're improving the quality and breadth of the data types, but still getting even better performance. So it's sort of a qualitative improvement on many different dimensions.

Hardie: It's a qualitative improvement, and it's a quantitative. I mean, you're absolutely right. Organizations today are more and more dependent on faster access to better information. It's just as simple as that.

Gardner: We've talked about the types of organizations that we'll use this now in its current configuration. I expected this re-architecting of the database and the storage will also move down market a bit. What possible other use-case scenarios do you envision for leveraging this technology beyond the high-end of the market, into other areas of the market?

Palmer: If you look at some of the growing and emerging markets today, just think of cloud computing and all of the massive amounts of data that we're storing in other locations on the Internet, or through a paid service, and the massive amounts of storage that's being deployed for those types of applications. That's not going to slow down at all. This allows us through the Database Machine to go in and drop in a configured environment for that workload, specifically dedicated to a workload.

You can now scale this product by connecting multiple racks together, you can now scale just the storage component, if the processing side of the database environment is sufficient. You can now just scale the storage nodes, so it is a scalable grid architecture that can grow on the fly. So cloud computing is a very good example where we really don't know what the upper limit of that storage is going to be. So deploy a configuration, say, on a HP Oracle Database Machine and then grow it as your needs grow. This is one application where we know this is going to succeed.

Gardner: Willie, we're also aware that organizations will just want the Oracle Exadata Storage Server. They might have their own environments, their own preference for configuring what's available to them, and what would become available to them in the future.

Hardie: Any organization that wants to run their data warehouse on the Oracle Exadata Storage Server -- all they have to do is buy the Oracle Exadata Storage Server. It's just as simple as that. Oracle and HP of long given customers a choice of configurable options. So if customer feels that something like HP Oracle Database Machine is not the right fit for their organization, if it does not fit the standard needs for their organization, then they have the option of buying the individual components, the Oracle Exadata Storage Server, the InfiniBand connectors, connecting to the database servers, they have that option.

Gardner: Looking at this again through how to get started, where do organizations go? Now that this is available immediately, both of these configurations, is the sales happening through both HP and Oracle?

Palmer: It's a cooperative effort, but Oracle is leading the sales process. So the Oracle sales representatives on a global basis are leading this process, and HP is certainly as their partner going to join with them and make sure that the customer receives the best from both companies.

Gardner: HP is going to service the hardware, but the support comes through Oracle, is that correct?

Hardie: Oracle is the first point of contact if you want to buy an Oracle Exadata Storage Server, Oracle is your first point of contact. So talk to your local Oracle sales representatives. If you do decide to buy one, and you want to resolve a support issue, you call Oracle, and Oracle will bring in HP as and when required to resolve any issues.

Gardner: To sum up a little bit, for those folks who perhaps are a few steps removed from the IT department, who are doing queries, or using business applications, what's the big take away for them? What about this announcement is going to change their world?

Hardie: For these types of users you just mentioned, a little bit or a couple of steps removed from the IT department ... To be quite honest, they don't really care what their systems run on. What they are interested in is getting fast answers to their business queries. It's just simple as that. So when these business users know that they can get instantaneous response times, they can get real extreme performance of their date warehouse, or of their business intelligence applications -- that's what's going to make a big difference for them.

Gardner: Rich, at HP, let me flip the question to you. For those people inside the IT department, who want to come in Monday morning without big headaches, what is this new configuration and architectural approach mean for them?

Palmer: Simplicity, higher performance, the ability to increase their service level agreements (SLAs) with their customers in the warehousing world. This is a solution built on industry standard hardware, with Oracle software that is just well accepted in the industry as an enterprise software leader. The IT departments are very comfortable with both of those facts. They're very comfortable with HP; they're very comfortable with Oracle. Putting the two together is a natural event for any IT manager.

Gardner: We've been talking about a large and impactful announcement here at Oracle OpenWorld, the introduction of the Oracle Exadata Storage Server -- the first hardware product from Oracle. Isn't that right?

Hardie: Absolutely.

Gardner: We've also looked at the configuration of those Exadata servers into the HP Oracle Database Machine, which is in effect a data warehouse appliance. Joining us to help explain this, we have been happy to have Rich Palmer, director of technology and strategy in the industry standard servers group at HP. And also Willie Hardie, vice president of Oracle database product marketing. Thanks to you both.

Hardie: Thank you, Dana.

Palmer: Thank you very much, Dana.

Gardner: Our conversation comes to you today through a sponsored HP Live! Podcast from the Oracle OpenWorld Conference in San Francisco. Look for other podcasts from this HP Live! event series at, as well as via the BriefingsDirect Network. I'd like to thank our producers on today's show, Fred Bals and Kate Whalen.

I am Dana Gardner, principal analyst at Interarbor Solutions. Thanks for listening, and come back next time for more in-depth podcasts on enterprise IT topics and strategies. Bye for now.

Listen to the podcast. Download the podcast. Find it on iTunes/iPod. Learn more. Sponsor: Hewlett-Packard.

Transcript of BriefingsDirect podcast recorded at the Oracle OpenWorld Conference in San Francisco. Copyright Interarbor Solutions, LLC, 2005-2008. All rights reserved.