Tuesday, October 31, 2006

Transcript of Dana Gardner's BriefingsDirect Podcast on PC Remote Administration in the Ramp-Up to Windows Vista

Edited transcript of BriefingsDirect[TM] podcast with Dana Gardner, recorded Oct. 18, 2006.

Podcast sponsor: LogMeIn.

Listen to the podcast here.

For an instant trial of LogMeIn Rescue, the solution Rent-A-Geek relies on for its highly successful remote support business, visit www.LogMeInRescue.com/podcast. Within five minutes of signing up, you can conduct your first remote support session. And, through this special link, you’ll receive an automatic three-week trial (a full week longer than the standard trial). Get your trial going at www.LogMeInRescue.com/podcast.

Dana Gardner: Hi, this is Dana Gardner, principal analyst at Interarbor Solutions, and you're listening to a sponsored BriefingsDirect podcast. Today, a discussion about PC remediation remote service, using the Internet with some very powerful new tools that allow people to get into PCs and fix them, keep them well-maintained, and, of course, also gain remote access business opportunities.

To help us understand the burgeoning market opportunity for such remote remediation, we are joined today by Keith Schiehl. Keith is president of Rent-A-Geek in British Colombia, Canada. Thanks for coming along Keith.

Keith Schiehl: It’s pleasure to be here, Dana. Thank you for having us.

Gardner: Keith, tell us a little bit about what has been going on with remote PC tech remediation. It seems like it has gone from a high-touch, retail, and local business to suddenly a global software-as-a-service capability.

Schiehl: Absolutely. And the remote aspect has been around for years, with programs like Remotely Anywhere, PCAnywhere, etc. But what’s really happened here in just the last few years are the remote technologies that don't require software on the end-user’s side. All it requires is that the end user enter a certain pin code or go to a Web site and download a Java applet.

Now, we are able to help anyone, anywhere in the world, as long as they have an Internet connection. Whereas before -- with the other products -- it required that you install the client product, that you open up port forwarding on their routers and firewalls. This works right through the network, and that’s what makes it so widely available now -- that anyone out there can get support.

Gardner: Interesting. Now tell us about Rent-A-Geek -- of course that kind of sums it all up in the three words. But tell us of the story of Rent-A-Geek. How did you start, and where do you expect to be going on in the next couple of years?

Schiehl: I’m in British Colombia, Canada. I came up here in late 1998 from New Orleans. And my background in New Orleans was doing data warehousing. I had worked at the university level, at the government level, did my graduate studies in information systems. When I came up here, I came camping and decided that I didn’t want really to leave. I made my home here.

But Canada was in a recession at that time, so there wasn’t job availability in my expertise area. So I did what I have always done, which was work at the PC level -- fixing PCs. It just started as a one-man shop, and in the next two years it grew and grew to the point where we went from just myself to having seven technicians full-time.

Then, we took on the remote aspect of our business -- where we are no longer focusing on our little valley here, but now we are using LogMeIn products. We’ve reached out from our little valley and now we have clients on four continents.

Gardner: And how far do you reach?

Schiehl: Our customers are in every state in the U.S. and every province in Canada, so North America. We have got Australia. We’ve got a little community in China, where it's all U.S. executives. They have their own little community over there to do business. So we have several clients there. And then also in Europe: in England and in Germany.

Gardner: Okay, so in the olden days -- and we're really talking just a few years ago -- somebody would have a problem with their PC. They’d probably look in the Yellow Pages and they’d see "Rent-A-Geek," and give you a call. And you’d probably have to go to see them, or have them schlep their PCs to you. Tell us of what kind of problems you deal with on that level?

Schiehl: Sure. We have the brick-and-mortar store, and we do on-site as well as in our valley -- and that’s how customers still find us. Originally, very few of our customers even understood that we did the remote thing. Many of our international clients who call have called because they had heard or seen a geek-type name, or they Googled for help and found us. They go to our Web site and they assume that we’re there in their neighborhood. So they call us.

Actually many of our clients call us for on-site service because that’s all that they know. Then we have to educate them and say, “Hey, you know what? We are not in Illinois, but we can fix this right now. Do you want to try this and sit back and watch?" And they go, "okay." Then, we begin and they are just blown away that we can actually do that.

Gardner: Now what if your PC is totally crashed, all you get is maybe a blue screen or some kind of a nasty message. Can you take them from that point and get a remote access to their PC?

Schiehl: Yeah, as long as the hard drive, for example, has not completely failed, or the power supply has not completely failed. If we can get that thing powered up, we can get them through the process, no matter how quick or long it takes. We can get them bootable. And once we can get them bootable and into safe mode, then we can fix it.

Gardner: What’s the growth opportunity here? How fast are you growing now, and where do you think this can go from now, for let's say the next two or three years?

Schiehl: Well, in the last two years we have grown at an average rate of 500 percent per year. It's been phenomenal, but really that’s just been off of referrals and people in our valley referring us to family and friends all across North America.

Beyond that, the opportunities here are astounding. Our target market, the people that we really serve, are the small-office, home-office (SOHO) end users. We have a very fiercely defined target market. These are the people we work with, and there's a total market of $30 billion right now for outsourced IT support. So, how much of that and how big we can go is simply a matter of how scalable we make our operation. And that’s a whole other story. We’ve got a business model and plan in place to address that.

Gardner: So, you can scale up on the warm bodies, and you can use these technologies. But let me understand the breadth of the service here, not just for recovery. I am a small-business owner myself, and if I have a problem and I find you guys and you help me out. I think my next question would be, "Well, what can you do to help me not have to go through this again?” And what’s your typical response?

Schiehl: Prophylactic measures against viruses and spyware, after we do the clean up, is the big part of our business model. It’s about the education. It’s about putting the pieces in place, putting in a guarantee that this won’t happen again for a certain number of days. With the end users, it's all about education. And we get clients calling us for very simple problems to us. But for them, they are very intense, very stressful problems.

Gardner: All right, so how do you keep those people from losing it? How do you make their day, and what are some of the enabling technologies that you can bring in, so that this is a pleasant experience and they do want to come back for more?

Schiehl: Well, we always start with the human aspect of it. We have some very defined core values in our business, the first of which is: fun. Then, we have education, success and understanding. These are all based on interpersonal reactions, and we use something called the "Fish Philosophy," based on the Seattle Pike Place Fish Market. It's all about being present, choosing your attitude, making his or her day -- looking for that opportunity to make somebody’s day.

Our guys are actually trained to actively listen first, before they formulate a response, to ask the right questions and then look for that opportunity -- to really make someone’s day. Because if they can do that everyday, for 365 days a year, times the number of technicians, times the number of years we are in business, then we can create a massive change out there in tech support.

Gardner: So, you’re probably providing a little bit of psychotherapy. Because I know when I'm at that blue screen position, I am ready to toss the whole thing out the window. I am stressed and not in a happy situation, particularly if I am losing work and money as a result. Tell us about that personal touch in terms of what the technology can bring?

Schiehl: Okay, and really we consider ourselves as relationship counselors first, and technicians second -- and we mean that. Because the relationship between the end user and their technology can be as tenuous as any marital relationship. And that always comes down to communication, just understanding why the other person -- or computer, in this case -- is behaving that way, and that it's not personal. We can help you guys communicate better and help fix this. And sometimes it’s a case of helping to fix the user.

Gardner: You can’t afford to have technology go bad on you when you are helping somebody with his or her technology.

Schiehl: That's right. Given that somebody is already in a stressful situation, the enabling technologies of the LogMeIn Rescue product that we use for remote support makes it so easy for the end user. They are initially very stressed and they say, “Well, I am already not good at working with computers, and now you’re asking me to launch a remote support session? This is absolutely foreign to me. I'm not comfortable with that.”

And so, we simply ask them, "Can you open an email? Do you know how to do that? Do you know how to view a Web page?" Because if you can view a Web page or you can open an email, we can help you.

Gardner: Okay, so you mentioned LogMeIn. How did you settle on that? What was the process for choosing that?

Schiehl: Well, before LogMeIn Rescue came about we had for years used things like PCAnywhere. It almost required a technician on-site to set up the software, to do a remote session. But after that we used another product that came out a couple of years prior. But the problem with that one was that it was at the price of about $450 per user-license, and you’re only enabled to do one session per license at any given time.

So, we used that for two years, but every month when we paid for it we just sat there shaking our heads saying, “There’s got to be a better way.” And then when LogMeIn’s product came out, when Rescue came out, they were offering it as a free trial. So there was absolutely no commitment. But it was $99 per month thereafter, if you chose to keep it. Moreover, you could do up to 10 simultaneous sessions with the LogMeIn product as opposed to the one with the $450 product.

So, for us, we immediately downloaded it onto five machines in the shop and began generating revenue. And at that point there was just no turning back. In fact, we felt so bad about generating revenue on a free trial that we signed up right away.

Gardner: So, this was a benefit to your business model, but also suited your technology needs, and architecturally because this is a peer-to-peer technology, and that’s got some benefits too, right?

Schiehl: You bet! They’ve got 256-bit security, end-to-end so it’s absolutely encrypted for the data, for transfers that are taking a place. The end user doesn't have to install software. It's just phenomenal, and makes this so easy for the client; they don’t have to have any technical knowledge to make this work.

Gardner: How has the type of problems that people are coming to you with changed over time? Now you're servicing four continents, you’ve got people remote – are you facing the same types of problems? And could you also explain what PCs you are mostly working with? It's Microsoft Windows XP and Windows 2000, is that right?

Schiehl: Yes, XP, 2000 -- and also Windows 98 and Windows 95 are still out there, and we still work with them. But the problems are pretty well universal, whether it's just a software issue with Outlook Express, for example, not downloading messages, not able to send things; whether it's a firewall or something blocking it.

Of course, there's the huge, huge problem of malware, spyware, and viruses that are coming in today without the user even having to open an email. All they have to do is view a Web page that’s infected, where the malformed image or whatever the exploit of the day is, and they are getting infected without any interaction.

Gardner: This is disaster remediation. More and more small businesses are getting more dependent on their PCs, and yet at the same time probably losing precious time that they need. They can’t go down, they are working on a mission-critical basis, just like large enterprises.

Tell me a little bit more about the managed-services industry. It seems like if you’re growing 500 percent year over year for two years, there's a big business opportunity and a potential $30 billion market to go after. How do you take your business and continue to grow it, and do you think that this is unique to you? Where do you see industry as a whole going?

Schiehl: I don’t see it so much as being unique to us. However, we are being very intent in the way that we are growing. We have very specific goals and landmarks that we set for ourselves, benchmarks that we set for ourselves. We’re managing our growth through a series of referrals first. Then, we have some affiliates that we set up, second. And then, in the end, when we create our new model, we’ll be dealing with more mass exposure. But, right now, we’re trying to limit our growth if anything, so that we can manage it properly.

Gardner: Okay. When you get control over someone’s PC, does that tend to flip him or her out a little bit? I guess I’d worry about privacy and security, if all of a sudden some guy in British Columbia is monkeying around with my PC. How do you keep people trustful and sort of comfortable with that?

Schiehl: Well, certainly there's apprehension initially. The first time somebody sees their mouse moving without them touching it, that tends to freak them out a little bit. So, we have to overcome some of that resistance through a dialogue.

Initially, the people say, “Well, I was really expecting to have somebody come over to my house. I am not really comfortable with you being up in Canada and I am down here in Denver, and you’re coming into my computer.” And we say, “Well, look, we’ve got this product, but you’ll always have overriding control of the mouse, of the keyboard, etc. You’ll always have the ability to end the session anytime you want. Now, we stay on the phone with you while we’re doing this, so it's like we’re there. But would you rather have a complete stranger come into your house, where he has access to everything and not just your computer?"

And they're like “Well, okay. I guess they didn’t think about that."

Gardner: And once the session ends with the technician on your end, the "geek," they can’t get back in unless the other party allows him, right?

Schiehl: That’s right, it’s a dead cookie at that point. That’s one thing we explain to them, because we give them a unique six-digit pin code, and they always want to write it down, and we say, “Well, don’t bother writing it down, because it’s no good after this session. It will never work again.” And they go, “Oh! Okay.”

Gardner: Let's get back to that situation where I’ve just suffered some malware. I am frozen, but I am able to at least have someone on the phone talk to me into safe mode, I can get this session going with you, and then my first reaction is, "I can’t go through this again. Is there some sort of a routine maintenance?"

Can I just say, “Listen, I am now comfortable with you guys coming into my PC. We have a business relationship. I know that I can turn it off as I need to, but can you come in here behind the scenes and help me so that I am clean and up and running, and I don’t have to worry about this stuff?”

Schiehl: Yes, and we have two ways of doing that. We either have the on-demand model, which requires them to call us and initiate a session. Or we have the model where we just come in and do it, and that involves another LogMeIn product, called LogMeIn IT Reach. That’s a unique and special product that we use for customers who are very comfortable with it, because what that product does is it stays active on their computer, all the time, and it monitors critical system processes.

Then it will email us, it will instant message us, whenever an event fault comes up or an XP event comes up; or if, for example, their temperature gets too high in the computer. There are certain trigger points, things that you can set to monitor that we get informed about. So, we call the customer and say, “Hey, look, this is happening to your computer. We’re thousands of miles away, but your fans are not working properly. So, you need to get that addressed immediately.”

Gardner: And LogMeIn IT Reach has the sensors in the PCs that can tell them this? Or is that your scripts and your stuff?

Schiehl: That’s IT Reach.

Gardner: So, we’ve got routine maintenance. There must be more services. What about backup? That’s another thing that I use as a small business. I am doing it myself manually, but I kind of like the idea of it being up in the cloud and automatic.

Schiehl: That’s something that we’re just starting to get into -- being able to do backups. And not only for the client at their particular site, like setting backup routines for them that will operate with their own external drives, for example, but also using a new product that LogMeIn just acquired called Hamachi. Hamachi sets up a software VPN between our computers and the client’s computer.

So, it’s just like having a VPN in your office, or in your remote offices, where you have direct access to specific folders on the hard drive, and you can map them locally. You can actually run a back-up routine on their system – from their system -- that drops the data into one of our folders on our computers, just as if our computer were on their network.

Gardner: And why would I want an encrypted VPN to do that? Why couldn’t I just do that otherwise, or would my data be vulnerable if I didn’t have a VPN going?

Schiehl: The VPN sure makes it easier to do the job, just because you are able to map the drive as a local drive. The security is just an added benefit, but certainly if you did it outside of a VPN, your security would be compromised or could be easily compromised.

Gardner: What kind of prices do you charge for this? I know what I am paying for a guy that I physically bring my PC to when I have the issues, and that I do have sort of maintenance contract with them. As a small business owner, how much am I going to be out of pocket to get an ongoing maintenance relationship on this remote basis?

Schiehl: We price ourselves for our market, the small office, home-office market. We are not always the cheapest, but we have a lot of value on top of it. We have per-hour pricing that is $65 per hour, very reasonable for that market. We have fixed-price products such as our branded PC Oil Change, which is a complete system tune up, clean up, and virus scan, ensuring all your updates are in there. That’s a fixed price product at $100.

Gardner: So, that’s like a Jiffy Lube for my PC.

Schiehl: Well, that’s exactly what it is. The thing is that we draw off from different industries to create our own business models. We draw off from very successful businesses to create a same business model for the computer world.

Gardner: Yes, so you are doing psychotherapy and car-like computer maintenance. That’s pretty good.

Schiehl: That’s right.

Gardner: So, I get all this for $100 a year?

Schiehl: No, that’s for one of the particular PC Oil Changes. We recommend a couple of those a year. So, we have a fixed product package, called the one-year security guarantee that we offer at $225. For that we will install anti virus software, we will install anti-malware software, specifically Spyware Doctor.

Then we will monitor your system for one year and guarantee that no malware gets into it, no viruses get into it, plus we’ll do two of these cleanups per year. So, for one year you have peace of mind that if anything happens we are going to come in there, and fix it for free.

Gardner: And that means that I don’t have to go out and get my own anti-virus malware programs. You are going to include that software within that price?

Schiehl: That’s right.

Gardner: Wow. Well, I've got to tell you, that’s like half what I'm paying now and I'm paying for the software on top of that.

Schiehl: Right, and we are picking up what we feel is better software -- more compatible for the users' needs.

Gardner: Okay, so this is a no-brainer for me. And what's really enabling this is your ability to scale with this remote connectivity benefit?

Schiehl: That’s correct, because now we can leverage ourselves by being able to watch and monitor thousands of computers out there. One technician can simultaneously work on up to 10 people. Typically, four is my mental maximum, before I start falling apart, losing track. But the nice thing is when I'm working on someone’s computer, I can start a scan, which is going to take 30 minutes, and then I can work on an another session at the same time, do all the work leading up to the scan -- and then move on to another system, eventually going back to the first, and then second, and then third again.

Gardner: And because your customers can be in four continents, I'm going to guess that probably your "geeks" can be on four continents too, right?

Schiehl: That’s correct, however, we are building a model that’s not going to quite work that way. We won’t go too much into it because its right now it’s in the funding phase, the venture capital phase. But, nonetheless, we are looking more for a centralized model for sure.

Gardner: Let’s look at one of the big issues in the news right now that could have an impact on all of this, I guess both positive and negative. And that’s the arrival of Microsoft’s new operating system, Windows Vista, coming into the consumer base and the business base in 2007. Does Vista have tools built into it that changes your approach, and do you expect that the people transitioning to it or buying new PCs with Vista are going to actually give you more business?

Schiehl: We think that effect, the later effect, will be big, will be huge. But we feel that it will be slow at first, as the adoption takes place with Vista and the upgrade process. Bear in mind, yes, there are tools in there, but there are also tools in XP. There's the remote desktop feature or the remote support feature in XP, but both of these products -- and we have already tested the Vista one as well -- are absolutely inferior to the one from LogMeIn, the Rescue product, because the Rescue product is made specifically for technicians to do outsourced IT. So, it is filled with features that we won’t get on the other products.

Gardner: So, the features that are in Vista are designed probably more to let people access their home PC from a browser, but not designed for a maintenance and remediation function?

Schiehl: Right, or they allow access for your IT person within your office, with the lower level of security -- and not as feature-rich.

Gardner: I see. Their approach is to say, "Listen, we sell these to large enterprises and we want to help the IT desk in that enterprise be able to reach across the LAN and do some patch and other distribution types of functions."

Schiehl: Sure. One feature, for example, in the LogMeIn product, is System Information. As soon as we are connected, there is a tab on there for system information. Without having to ask the client, I know everything about their system, every driver in there, the processor, the RAM memory, the capacity of the hard drive used. I have an advanced view of all this information without actually having to ask the client. Those aren't in the built-in products in Windows XP or Windows Vista.

Gardner: Okay, so there are some elements here that are going to make your job easier. You are going to have a big churn in the marketplace, which is going to have people get a little bit confused and needing some help. And then you’ve got a better remote product and service than what's provided internally -- and you are doing that at a competitive price point.

Schiehl: Absolutely. Again our clients, our typical clients, are small-office, home-office users. They like things to look familiar, to feel familiar. So, there is going to be some huge hand-holding needed because Vista looks different, it feels a little different. So, in that aspect, yes, we feel there will be a huge opportunity in supporting these. But at the same time we feel it won’t be one great huge impact on release. It will be a slow roll-out.

Gardner: Very interesting. Well Keith, I think that about covers it. I’ve learned a lot more about this remote managed services business. I just wish there were some companies I could invest in. To be honest, it sounds like a very good growth industry. It’s been nice speaking with you.

We've been speaking with Keith Schiehl, president of Rent-A-Geek, about remote remediation and PC administration, and the use of LogMeIn products. And we also want to thank our sponsor, LogMeIn, for making this podcast possible. Keith, thanks for joining us.

Schiehl: Thank you, and thanks to LogMeIn for a creating a great product. We always feel thrilled when they come out with an update.

Gardner: This is Dana Gardner, principal analyst at Interarbor Solutions. You’ve been listening to BriefingsDirect. Thanks very much.

For an instant trial of LogMeIn Rescue, the solution Rent-A-Geek relies on for its highly successful remote support business, visit www.LogMeInRescue.com/podcast. Within five minutes of signing up, you can conduct your first remote support session. And, through this special link, you’ll receive an automatic three-week trial (a full week longer than the standard trial). Get your trial going at www.LogMeInRescue.com/podcast.

Listen to the podcast here.

Podcast sponsor: LogMeIn, Inc.

Transcript of Dana Gardner’s BriefingsDirect podcast on PC remediation and remote access technologies. Copyright Interarbor Solutions, LLC, 2005-2006. All rights reserved.

Monday, October 23, 2006

Transcript of Dana Gardner's BriefingsDirect Podcast on Application Modernization

Edited transcript of BriefingsDirect[TM] podcast with Dana Gardner, recorded Aug. 21, 2006. Podcast sponsor: Hewlett-Packard.

Listen to the podcast here.

Dana Gardner: Hi, this is Dana Gardner, principal analyst at Interarbor Solutions, and you’re listening to a sponsored BriefingsDirect podcast. With us today are two executives from Hewlett-Packard (HP) to discuss application modernization. The idea is to deeply analyze an enterprise's applications and legacy code base to determine what could -- and just as importantly, should -- be redeployed on modern, agile platforms.

We are told that there are some 10,000 mainframes operating worldwide, consisting of some 200 billion lines of code. These are mostly on older systems. Today’s modern architecture allows for a great deal of lower-cost standardization and agility. How do we bring these two trends together? With us to discuss this are Rick Slade, the America’s practice principal for HP’s Application Modernization Service. Welcome to the show, Rick.

Rick Slade: Hi, Dana.

Gardner: Also, joining us is Paul Evans, the worldwide practice leader for application modernization for HP Services. Welcome to the show, Paul.

Paul Evans: Hi, Dana. Pleased to meet you.

Gardner: As I mentioned in our set up, we have a vast amount of mainframe applications worldwide. There is also a move now toward some finalization of architecture benefits around Services Oriented Architecture (SOA). There is a need for companies to become agile and fleet.

So I am wondering, are we just talking about mainframe applications, or is there a larger set of applications inventory involved? What is the addressable resource or asset library, if you will, for what we’re discussing around application modernization?

What’s the inventory here? Why don’t you try to take that, Rick?

Slade: Sure, Dana. Inventory, it’s a big subject. It certainly is a lot more than just mainframe applications. You talk about the big number of mainframe installations in the world today, and it is a big number. But there are also a lot of applications that many would consider legacy, that are running on more modern platforms or other platforms -- even on our own platforms from HP.

And so, what we’re looking to do is to help our customers transition or transform those applications to platforms and to software architectures that allow them to respond to change quicker, and hopefully cheaper. As far as an appropriate application ... for us it is any applications that constrains your business -- by not allowing you to move as you quickly as you’d like, due to competitive pressures or regulatory requirement changes.

Our goal is to look at these older applications built on more linear monolithic architectures, and transform those onto platforms and server architectures that promote flexibility. Architectures that actually let an organization achieve the "Adaptive Enterprise" vision that HP has been talking about for years.

Gardner: This is a scary proposition for a mainframe CIO, for someone who has been living in the mainframe world for a long time, and [where the systems have] been actually performing quite well and living up to expectations. I suppose the old adage, “If it’s not broken, don’t fix it,” plays into their thinking. What do you tell someone who seems to be in the mainframe environment and is satisfied with it?

Slade: That’s a great question, Dana. Let me say this, the mainframe is a stable platform, it’s a solid platform. The problem is, it’s a very expensive platform on which to deliver business services. The problem that organizations are having today are not so much from a stability standpoint, their problems are their inability to respond to change fast enough.

I read an article recently from Gartner, and their contention, based on research that they’ve done, is that 80 percent of an information technology (IT) budget is typically spent in maintenance -- in just maintaining their existing application stacks. Our objective would be to reduce that maintenance cost. If we can take that down by 20 percent for an organization, that’s a substantial amount of money. And then resources that can be applied to new value creation by the IT organization.

I think these modern architectures will allow our customers to ... respond [better] to these competitive pressures, as well as regulatory requirement changes -- certainly faster than they are today. We recently had an instance where a customer took their time-to-market, regarding adding new customers to a particular system, from nine months down to six weeks. That’s real business value that IT can now deliver back to the business due to use of these more modern application architectures.

Gardner: Now, we’ve seen a tremendous improvement in the functionality of hardware. We’ve seen a wide embrace of open standards and open source approaches. What are we talking about when we look at targets?

We’ll talk about a little bit later about the "how," but we’re still into the "why" to do application modernization. In order to understand the benefits of this change, this disruption, what is it that we are going to take these applications and their logic to? What are the typical targets these days for application platform modernization?

Evans: I’ll answer that one, Dana. I think the point is that there are several forces out there. And I think that Rick has hit on some of them. But in addition to that, this whole emergence of the SOA is making customers look at what they’ve got, and begin to ask themselves the question, "If we like some or all of the aspects of SOA, are we ready for it? Can we embrace it? Can we move toward it easily?"

So for most customers that have legacy applications ... running a stable but costly environment called the mainframe, this becomes quite a complicated task. What we’ve been trying to do is work with customers to begin to understand where the biggest bang for the buck is. Where should you go first in order to start gaining improved agility, lower cost, and the reduction of the maintenance cost of the software.

A lot of organizations spend upward of 70 percent of their IT budget just keeping what they’ve got going, just doing the routine adds, moves, and changes that keep those applications delivering to the business. But the challenge is that a lot of those applications are written in COBOL. For a lot of those applications, we’re seeing that the actual amount of COBOL written is still going up by 10 percent a year. That’s not because people are writing new applications, it’s because they’re just amending the old ones.

And many senior-level IT people understand this is a one-way street. We just have to turn around at some stage and begin to identify the sort of applications that would respond well to a modernization approach, and that may well take them toward this sort of infrastructure Nirvana, as it were, called SOA.

But sometimes it's difficult to understand, "Where do I start?" Do I start with a simplistic application that would have limited business impact? Or do I go to the other end of the scale and choose very complicated applications that run the business, which could be viewed as risky.

So, what we’ve been trying to do is go with an approach that allows us to identify where you should move first, to gain an accepted service level. But more importantly, we believe in taking the essential step of actually modernizing the software architecture.

Gardner: All right. So perhaps I was not thinking of it in quite the right way. It's not so much about where I'm going in terms of a definitive destination, but how can I actually take these assets and resources and put them on an architecture journey -- perhaps a lifecycle journey -- that might end up on a number of different targets over a period of time. Is that the end goal here?

Evans: It is very much so. I think most people in IT would state that the systems they have today have been relatively organic. There was never a master plan. Most mature, large companies have grown their IT resources over 20, 30, or 40 years. They have seen enormous change in technology during that time -- especially in the hardware platforms. The amount of power we can put into a system today has just grown beyond anybody’s wildest dreams.

So, once we’ve been able to harness that power -- to produce systems that are smaller, faster, cheaper, and develop less heat output -- we can effectively shrink datacenters. I think the IT industry has responded extremely well in harnessing that capability and delivering it to customers. Users have similarly utilized virtualization or consolidation. But we see a lot of customers today reducing their datacenter footprint because they can harness a lot more power in a much smaller space.

The days when mainframes were run by people with white coats behind locked doors are gone. The point is, we have seen enormous growth on the hardware side, and software technologies have grown up and matured, too. The real benefits, we believe, for customers to really exploit that power comes when you apply a similar amount of focus and attention to the software environment; just as you’ve done in the past to the hardware environment.

Rather than take an organic approach, I think customers and companies and organizations are striving for a master plan. It doesn’t have an end date, but it's like a journey. They know where they’re going. They want to develop a system architecture that allows them to make the decisions of what am I going to include going forward, and what am I not going to include. And that will help them make the decisions about choice and moving forward.

Slade: I'd like to make a point. I believe that architectural-targeting decisions are driven by business requirements. I think you said it properly earlier, in that we don’t have pre-defined targeting solutions. Our attempt, our goal, is to look at the business requirements and to help the customer determine what is the right platform -- what is the right application architecture -- on which to deliver that business service.

That doesn’t mean we don’t take into account existing corporate standards or existing corporate policies. Those things are important, and they feed into the decision-making equation. But again, the belief is to let business requirements dictate technology solutions, so that the organization can respond as cost-effectively and as quickly as possible.

Gardner: And just expanding on that point about business requirements, what is the business rationale typically? Is this strictly a dollars-and-cents thing? Is it a bit more qualitative than that? Obviously we want to cut down the ongoing operating costs. When it comes to bringing the chief financial officer (CFO) and the chief executive officer (CEO) in on this to get the funding -- to get the go-ahead -- what typically are the business rationales for embarking on application modernization?

Slade: Cost is always a part of the discussions, but it's not strictly the only element. In fact, most organizations that are talking to us today have a need to be more responsive to their business users.

I was talking to a chief operating officer (COO) not long ago, and he made it very clear to me about the potential cost reductions that he could have by modernizing his application stack. His response was, "That’s good, Rick, and that’s certainly something we need to talk about. But my problem is more about time than cost." And that’s an important point.

It takes IT organizations too long to respond to business-change requirements today. We, as IT professionals, have to determine how we can be more responsive to the business. Quite often the only way to do that is to change the software architecture, to use more modern architectures that allow us to make changes fast.

I think that is what this is all about. So cost certainly is an issue. I certainly believe that we can reduce the cost every time. I think that’s been proven time over time. But I think the big issue that is causing organizations to look at this today is through their inability to respond as fast as a business would like.

It’s been an age-old problem between the business users and the IT departments -- businesses always complain that IT can’t respond quickly enough. And the problem is that typically it takes so much time to do impact-analysis and impact-testing on these very monolithic and linear software applications. If we can reduce that time-of-maintenance, we can improve their time-to-market as an IT organization.

Gardner: Before we get into the "how," let’s probe a little bit into the "what" of application modernization.

It seems to me that we are going to have to look at identifying code, cleansing code, making logic extractible, looking at the data set and separating that out and allowing it to emerge into another environment. And then there’s presentation logic, and going from one type of user interface (UI) to other accepted standards. Can you give us a sense of what is required, what does the process boil down to? What do we have to do in order to extract and modernize some of these typical applications?

Evans: The first thing that we don’t do is look at code, because that just wouldn’t tell us anything. I think, as Rick said, it’s the alignment between IT and business that counts.

Today, any business manager will complain, "It takes IT too long to innovate or change anything." Business wants to innovate. Their idea of maintenance is that it’s sort of interesting, but not essential. What they are interested in is innovation: "I want to do something, I want to improve my business, and I expect IT to be right by my side."

In some instances, there is lag -- there is a significant lag -- from when innovation is sought and when it happens. It’s as Rick said, what we want to buy people is time. And what we want to do is synchronize to some degree where the business wants to be and where IT is. And in many instances that’s just not the same. Business asks for something, and then six, eight, 12 weeks -- whatever it is -- later there’s a response. And in some business managers’ minds, that’s not acceptable. So, the first thing we are trying to do is to align these two -- business and IT -- much better.

But in terms of responding to a modernization request, the first thing we have to do is to understand just what is in the applications portfolio. You would be surprised, there are a lot of large customers we work with who are more than happy to admit that they don’t actually know all of the applications they have, and what those applications do. Because they grow up organically, no one has kept track of all these things.

So the first thing we may have to do is to perform an inventory of the critical applications a customer has, and then determine how they constructed them. We perform an Applications Rationalization. And what we are looking at here is the intersect of the criticality of an application to the business, versus its technical quality. What we are looking for is applications that are critical to the business, but that their technical quality is below par, below standard, holding the company back.

A typical example would be a mainframe-based application running in COBOL, monolithic in nature, very difficult to make significant changes to, where the documentation may have been lost or may have been never been produced, in which maybe the original architect no longer works for the company. And therefore it becomes quite a challenge if you are going to make significant adds, moves, and changes to those applications.

We are looking initially for the applications that are critical, and yet the technical quality is not what the customer needs. There’s really no point spending time on an application that is well-written, well-documented, and is actually not in the mainstream. And that application could be running on a mainframe too. As Rick said, we are not going in there just to get things off the mainframe -- we are going in there to help a customer understand what is critical to their business, what we could improve for them, irrespective of the platform it is running on.

Gardner: Anything to offer on that, Rick?

Slade: I agree completely with Paul. The first thing to do is to identify where you have a problem. And then to attack it from a more technical perspective. We look at the application stack and categorize different components that make up that stack.

From our perspective, most applications are made up of three major categories or components. We have runtime, development, and management components. From a runtime standpoint, you’ve got source-code, you’ve got data, you’ve potentially got a third-party or utilities purchase. As Paul indicated, we have got to take inventory of all those components to understand what the mapping strategy will look like.

So before moving to a target environment ... we have to understand how are they maintaining those applications today, especially those custom applications. I think one of the problems in the industry today is not looking at those components. [We need to examine] the management components before making this type of move, transformation or modernization.

One of the things that we try to do is take a very holistic perspective of modernizing an application, by looking at what it's going to take to support and maintain all of the application. We want to understand what is being used today to manage a particular application, what are the tools that you going to use to monitor it in production, and to make sure that we have the same capabilities going to the new target environment. These are critical to being able to provide the reliability and the availability of the business customers’ needs and demands in their production application stacks.

Gardner: Now, this does not sound in anyway trivial. Not only are you talking about finding and auditing all of the applications, but weighing those applications in terms of their use -- and not just in terms of their quantitative use but also their qualitative value to the company. And not only now, but perhaps in the future.

So, this sounds pretty tricky. Is there a secret sauce? Is there a specific methodology? How do you go about searching for these applications and then rating them in such a way as to say, “Here are the sweet spots, here are the ones that are going to be important, here’s what’s going to bring business agility and reduced-time-to-market?" And, at the same time, then move these customers to platforms that will reduce the total cost of ownership.

What’s the secret sauce here?

Evans: We would look very silly in front of a customer if we said, "This was easy." Because he would say, "Well, if you think it’s easy, then you don't understand." So, the first thing: This is complicated.

That’s why customers turn to the outside of their own organizations, because they are then dealing with people who have done these things before. It’s like anything, you know. But in terms of what customers ask for, they are looking for a process. They are looking for methodologies. They are looking for experience. They are not looking to be the guinea pigs.

They are looking for organizations that have done it all before. But they also need a methodology that can be explained to them, and that makes them understand the steps in order to start extracting data. And also to understand the basis of how we are going to make a decision.

This is not just about coming in and saying, "You are running a mainframe in COBOL. You need get rid of it. We’ll do a rip-and-replace over the weekend. And by Monday morning, we are back online." That isn’t going to happen. Anybody who says that will be out of the door by any credible customer.

This is a process that we have to move quickly in order to demonstrate to the customer that there is money to be saved and money to be made. So, our whole approach is to get in and at least do an initial exploration that will define where are we going, and what we are going to do and not do. And then after that, we begin the deep-dive to look at the code. Then we can determine, “Hey, is this good code, is this bad code, is this dated code?” We can find out if the code hasn’t been used in years, whether it supports any form of business process, or whether it is just sitting there taking up space.

So, those are the things we have to demonstrate to a customer in order to give him confidence. Those are the things that help us with the application modernization decision-making process. Rick?

Slade: Oh, I absolutely agree. I think the key, Dana, in modernization efforts -- especially against these mission-critical production applications -- is a very systematic process. And we believe that we have put one together that is very robust. It's very disciplined. Quite honestly, a lot of engineering rigor is built into the system -- all for the purpose of mitigating risk.

Risk mitigation should be one of the key characteristics of modernization efforts. Again, we are talking about your production applications. Transitioning those, as Paul indicated, is a complex task. We believe we have built a rigorous approach based on our own experience. And we have implemented best practices from software engineering to our overall methodology to help us manage risk, and then to extrapolate the information we need to properly diagnose and determine what the targeting strategy should be.

The other key component in our solution -- and maybe a part of that secret sauce, as well -- is in the use of technology and tools to help us with the different phases of modernization and analysis. I think that to manually go through a lot of these systems is a complex, difficult, and expensive proposition. To do it manually is unacceptable.

So the use of the right technology is essential -- and we have spent a tremendous amount of resources, time, and money looking at this technology. We’ve developed in-house technology, as well as technology available in the market. And we are constantly looking at technologies to help us be more efficient in the analysis work that we do. Once that analysis step has been completed and a strategy developed in the proper use of technology, then we actually assist with the transformation process.

Again, it is not a simple exercise. It’s a very complex exercise. The use of technology allows us to minimize risk because we are working in an automated fashion, a consistent fashion. And I think that’s critical in transforming these applications. So, two major components that are key to our success: The proper use of process, and the proper use of technology -- both are needed to manage and mitigate risk.

Gardner: I would like to understand a little bit more about how you’ve applied this internally at HP. HP to me symbolizes a perfect organization for this sort of activity. You are decades old. You have gone through some massive mergers and acquisitions. There probably has been Digital mainframes, there’s a lot of HP UNIX platforms. You’ve been running a lot of systems. You are a global company.

How successful have you been at modernizing your own applications, and what have been some of the unanticipated consequences of going about this?

Evans: I think we would love to answer that with, "No, no, HP has never had this problem." [Laughter]

Unfortunately, you are absolutely right. I mean, mergers, acquisitions, etc. And therefore our internal IT folks are challenged just like everybody else’s. We may have a slight preference on supplier, but putting that to one side, the challenges faced in terms of an applications portfolio are no different than for any other organization.

So, we have seen significant gains. As I started off saying at the beginning of the chat, the situation is that we have seen significant gains when we have investigated our applications portfolio and then aligned that to the business need. This is especially true if you are in mergers and acquisitions -- and every major organization today is either been acquired or is being acquired.

And the point being is, it can lead to massive duplication. And like I said, if you’re going to be spending 70 percent of your IT budget to stay exactly where you are, you are not innovating. You’ve to go to look around and start to understand where the lower-hanging grapes are, to address application duplication, and determine which applications are absolutely critical.

And inside of HP, one of the first things we’ve done, is to really have the dialogue with the businesses, to ask, "What do you need? And more importantly, what do you not need?" And that’s very difficult, because everybody is obviously keen to start new projects and to develop new applications.

It’s amazing what we have found internally, that applications have been identified as being redundant and not supporting the current business processes. It's amazing. As soon as you claim that an application is redundant, then overnight it becomes strategically important. But you’ve got to get through that. You’ve got to understand the business processes that you are really looking for. And, of course, the challenges here are with the older applications, those business processes that are embedded in COBOL.

They are not exposed. They are business processes that are just mired away in millions of lines of code. And in the market today there are tools that can bring to the surface these business process. So you can say to a business unit manager, "Do you need this, really? Do you want us to spend 500,000 pounds, dollars, Euros, or whatever, per year in keeping this alive? Is it necessary for your business?"

The more of these processes that they agree are no longer required, the less money is spent on modernizing and maintenance, and the more that can be spent on real innovation. And that is where we have seen some really significant strides forward internally. There is this rationalization of the portfolio and by retiring applications in a well-managed and graceful way.

You are not walking in on a Friday night and turning it off. This is communicating to people that as of a certain day, an application is going to be shut down, and that you’ll be using a new application that is probably centralized and that works across a group of organizations rather than in a siloed one. And that process also puts in place a strategy that takes the old data and the application and archives it. For many of our customers, it’s a legal requirement for them to do that. They just can’t throw it all away.

Gardner: Okay, Rick, any unintended consequences in terms of what HP has discovered internally in going about application modernization?

Slade: The learnings are great, Dana, from a practical standpoint. I think that most people are aware of the huge datacenter consolidation network project that’s under way at HP. It’s been in the press. We in the consulting side do work with our IT organization. Quite honestly, our IT organization provides a lot of information back to the consulting organization. So it’s been a very nice environment. We have learned a tremendous amount in our own experience in the consolidation and modernization work that’s still in progress. But I think that we have also been able to share with our own IT organization some of the best processes that we have incorporated into our methodology. That allows them to move a little faster. It’s been a good marriage, and the work continues.

Gardner: Now, in trying to then put this into a larger context, application modernization isn’t happening within a vacuum. There are other larger trends afoot in a simultaneous fashion, which perhaps leads to the notion of, "A whole greater than the sum of the parts." I am thinking of virtualization, SOA, IT shared services, portfolio management, application life cycle management.

Are there other payoffs to application modernization? When we look at application modernization and we put it in the context of these other trends, is this a cog in the gear that grinds toward the fruition of some of these other productivity trends?

Slade: Well, absolutely. I was involved in meetings just recently about work occurring at HP and with their architecture and strategy groups in helping transform IT organizations. Application modernization simply becomes a component of that overall IT transformation. All of the initiatives that you talked about are things that companies are looking to do to help them deliver services better and more cost-effectively.

IT transformation is a major issue right now with HP. It's something that we are looking at and, in fact, are proving out. What we are doing now is to take those different services and roll them up under a common IT transformation umbrella framework. The possibilities are very exciting. The Adaptive Enterprise vision that HP came up with a few years back is an incredible vision. I think what we are seeing now is the realization of that vision -- how to achieve that vision -- and we are helping our customers with the services to actually make that vision a reality.

Gardner: Are there some larger competitive economic issues here? For example, let's say you are an established enterprise, you have been around for decades, you’ve gone through mergers, you’ve built out geography after geography. And now, perhaps, you’re going to be competing against a greenfield company that has just sprung up. Perhaps a Web 2.0-type of concern, built of outside services, using SOA. And they can be fleet. They can also be run inexpensively.

It seems to me that to compete with some of the newer companies that application modernization becomes a bit more critical. Is that overstating it?

Evans: No, I think this is where the "agility" word comes in. I think that’s why large companies, or parts of large companies, understand why this term "agility" has resonated so well. It's not a marketing buzz word -- it's what people want to be like.

When each of us gets out of bed in the morning, goes in the bathroom and looks in the mirror, we would like to look and see agile, nimble, you know, people that can respond to change extremely well. Organizations are no different. Things happened that they can’t predict.

As you say, new, very fleet-of-foot, greenfield company startups -- they have no legacy. They could move extremely quickly into markets, and large organizations have appreciated that. You know that painfully from the past. I now understand that if there is one attribute that IT systems need to be, it is agile. I want to do something in the morning that’s going to effect something in the afternoon. I do not want to be told when I want to do something in the morning that it is going to take six months. Because that’s just not acceptable.

Gardner: Well, I think that’s a good closing point. I want to thank you both very much for sharing your thoughts on application modernization.

We’ve been discussing this topic in a sponsored BriefingsDirect podcast with two executives from Hewlett-Packard: Rick Slade, the America’s practice principal for HP’s Application Modernization Services, and also Paul Evans, who runs the worldwide practice for application modernization for HP Services. Thank you both for joining in.

Slade & Evans: Thank you.

Gardner: This is Dana Gardner, principal analyst at Interarbor Solutions. Thanks for listening.

Listen to the podcast here.

Podcast sponsor: Hewlett-Packard.

Transcript of Dana Gardner’s BriefingsDirect podcast on IT shared services. Copyright Interarbor Solutions, LLC, 2005-2006. All rights reserved.

Sunday, October 22, 2006

Transcript of Dana Gardner's BriefingsDirect SOA Insights Edition Vol. 2 Podcast with Analysts Steve Garone and Jon Collins

Edited transcript of weekly BriefingsDirect[TM] SOA Insights Edition, recorded Oct. 13, 2006.

Listen to the podcast here.

Dana Gardner: Hi, this is Dana Gardner. I'm principal analyst at Interarbor Solutions, and you are listening to latest BriefingsDirect SOA Insights Edition. This is a weekly discussion and dissection of Services Oriented Architecture (SOA)-related news and events. We bring to this subject a panel of independent industry analysts and guests. Joining us this week, we have Steve Garone. Welcome to the show, Steve.

Steve Garone: Great to be here, Dana.

Gardner: Steve is an independent analyst, a former program vice president at IDC (responsible for software), and he is also founder of The AlignIT Group.

Also joining us today is Jon Collins, principal analyst at Macehiter Ward-Dutton. Jon comes with a number of years of experience with other research firms including Bloor and IDC, and has worked as a consultant, network manager, and software engineer for such companies at Admiral Management, Alcatel, Philips and Sun Microsystems. Welcome to the show, Jon.

Jon Collins: Hi, everyone, and good morning to you.

Gardner: Yes, we should mention that you’re joining us from the U.K. today. Well, the subject this week -- and we’re talking about the week of October 9, 2006 -- includes some interesting developments in SOA. Among them is the rising specter of SOA and virtualization. I don’t know about you guys, but I got an invite from Sun Microsystems to an announcement that apparently has quite a bit to do with virtualization and SOA. As we know, Sun has quite an offering in greater utility computing.

If you want to expand the definition of virtualization, they are able to create instances of operating systems as well as instances of Java virtual machines, I believe, and support of other operating systems through their Janus Project. And they're running applications in a closed individual environment that's secure and can exploit the power of the hardware, and threading in multicore, as well as to provide a high-performance series of instances of an operating system environment or an application environment. That is, I suppose, virtualization on the level of operating system and perhaps middleware as well.

So, let me go around our small table of three analysts here today and get your take on the role of virtualization in SOA. Are they distinct, do they crossover, and what do you expect you hear from Sun? Let’s start with you, Steve.

Garone: Thanks, Dana. This is a particularly interesting area, and one of the reasons is because many organizations are being confronted with these two new “paradigms” -- granted an overused word -- and they require adoption of two new ways of doing things pretty much at the same time. They are related in a lot of ways, and complementary in a lot of ways.

When you look at SOA, you look at high-level advantages in terms of greater business agility and flexibility, lowering costs, being able to interact and interoperate with others more easily through integration at a high-level of abstraction, and so on. Operationally, with SOA you have to deal with issues around deployment, provisioning, monitoring the environment, scaling -- sometimes virtually in real time -- meeting the requirements of service level agreements and so on.

When you think about it in terms of the operational aspects, the two paradigms really do share drivers in terms of lower costs and greater efficiency. You see, in fact, a lot of complementary relationships between the two. If you think about being able to flexibly deploy operating systems and virtualized environments on top of platforms and monitoring them and being able to manage them efficiently, that is really sort of a management and infrastructure underpinning for effectively doing SOA. You’re going to have to deploy services and understand where they are, and understand how to use them, within the context of a virtualized environment. To me they sort of go hand-in-hand. So it’s no surprise that both end-users and vendors, in response to end-users, are taking a great interest in the overlap between these two areas.

Gardner: It sounds like a very efficient way to deploy services instead of having a monolithic approach of full stack infrastructure. You can put underneath that service just the amount of infrastructure that's required by virtualizing it; and therefore creating a data center or an application services environment that uses less electricity, smaller foot prints, and -- as the demand on that service increases -- the provisioning of additional resources beneath it should happen at a fairly automated basis, along with the clustering and other virtualization benefits.

Garone: I agree, and, in fact, one of the potential end-points of this is a scenario in which vendors will create a virtual environment that includes the required operating system functionality needed to make it work and basically be sort of bare-bones and tailored to the specific application type being deployed. VMware (Oct. 12, 2006) actually had a pretty interesting announcement around virtual appliances that addresses just that.

Gardner: So you can approach this from an appliance perspective or virtualized instance of an operating system environment, and either way you’d be basically approaching this from the same value proposition -- just doing it in a different way.

Garone: Right, and again, all of this sort of forms the underpinnings for where you build, deploy, and manage the services that are part of an SOA environment.

Gardner: Okay, Jon, over to you. If you can do virtualization for an operating system and/or a business application, why not do it for services?

Collins: Absolutely. I can only agree with everything that Steve said. I think one of the complications comes when you start thinking in terms of software services rather than in terms of software applications. They have a little different life cycle and a different approach to traditional -- let's call them siloed -- software applications. If you've got virtualization managing the infrastructure and helping you actually serve up the right type of the infrastructure in the right way, the right size and scale, and so on, to run the services, then you’ve got SOA. That’s managing the demand side, if you like, that can consume those resources and allocate what runs where, and how things communicate with each other. There is a definite fit.

Gardner: I suppose what’s less clear at this point is the relationship between SOA governance and the provisioning and resource allocation that will be taking place as part of the virtualization. Are these going to be going off in their own orbits with no relationship? Or will there be an opportunity to bring them together somehow?

Well there's the rub. But there is also a difficulty, because of the way they traditionally have been done. SOA governance has been the evolution of software development and application development, and people working together to procure and deploy applications. The whole IT operational governance side traditionally has been two very different parts of the organization. So, while it's easy to say, yes, let's do it in a service life cycle approach -- where the service starts in one place and goes from development to operations very smoothly -- we’ve got to get two sides of the organization talking to each other.

Now, we mentioned Sun Microsystems having an announcement around this, and that makes great deal of sense, given where they are coming from. But the other big vendor in this space, in my thinking, is IBM. They’ve been talking about the virtualized corporation for sometime, and they take this even further than Sun in terms of conceptualizing the virtualization of data, the virtualization of applications, the virtualization of infrastructure -- and now increasingly the virtualization of services. And if you look at the total picture, what you start to see is a highly increased productivity and agility around how IT is consumed, but also perhaps significantly reducing the operating and maintenance costs for these services. How do you understand the IBM virtualized corporation?

If you just a step back for a moment, you talked about two vendors, Sun and IBM. You’d expect Sun to be playing to some extent in this sandbox that brings together virtualization and SOA because they are obviously an important SOA player, at least in terms of their support for technologies that are going to be used to build SOA-type implementations. But there are all sorts of system vendors, and all system vendors are going to have to deal with this some time or another. And, of course, they are also storage vendors. You didn’t mention storage in your list although that could be considered that part of the infrastructure.

Gardner: Yeah, that would be certainly virtualized as well.

Garone: Yes, and so you’d expect Sun to be there. IBM, if you ask me, based on what I’ve seen from them, as it has done with SOA, is probably going to be sort of a champion in this area. I’ve spoken to them, and they pretty much get it. Are their products there yet? Probably not.

IBM is burdened -- as it usually is, when it tries to put these comprehensive strategies together -- with the fact that it's got a lot of legacy products that it should, and it does, want to integrate into this strategy. But its legacy products need to be adapted for it. So, they IBM has a ways to go in terms of giving a comprehensive vision. I think you're going to hear more and more from them in a leadership sense in terms of defining what the space looks like.

Gardner: Jon, who are the vendors to be keeping an eye on in terms of the intersection of virtualization and SOA?

Collins: All of the big players obviously -- meaning IBM, Microsoft, and HP -- who are talking about their virtualization offerings.

Interestingly, if you are taking IBM as an example, virtualization can mean very different things, depending on which part of the organization you're talking to. If you are talking about, for example, virtualization of information access, that’s almost a middleware question of how to access multiple types of structured data.

But, if you're talking about virtualization as infrastructure, then it’s very much about the resource management question. So, any one of the organization may have different virtualizations. And I can credit Steve in this case, it's a question of how you bring those together. One company that’s probably coming up alongside -- it’s trying to get as far up as it can before people stop it -- is EMC.

And, yes, obviously EMC has VMware, so they have done a great deal in virtualization on the server side, but equally with their nLayer acquisition, and other management-type acquisitions, they're putting in place a lot of the pieces they need to be able to manage the virtualized infrastructure they end up with. I think they're doing that quietly and hoping that no one sees they're trying solve that problem.

Gardner: I'm actually a little bit surprised we haven’t seen even more acquisitions out of EMC moving up toward this SOA deployment capability. Perhaps they are not interested in going into it for design-time, but clearly they seem to be heading in that way for the runtime. Does anybody have any quick, blue-sky thought about who EMC might look at in that regard?

Collins: That’s a good question. Why did I just think of BEA?

Gardner: A BEA-EMC fit?

Collins: That does make EMC a very different company.

Garone: I'm not sure if that’s a likely scenario, but from the functionality and product standpoint, maybe.

Gardner: Yeah, technical fit but not cultural or geographic one -- and I don’t think Wall Street will look at it as a whole greater than the sum of the parts; probably as a whole less than some of the parts.

Garone: Well, for every acquisition that EMC makes, it's constantly having a battle with Wall Street, which wants it to remain a storage company.

Collins: And that’s another reason I think it’s acquiring its portfolio by stealth, buying a company like RSA to say, yes, we need to get into the security space, which is partially true. But then look at what it’s doing with Smarts and the potential incomes between RSA and Smarts from the identity management side and on the event’s profiling and behavioral analysis sides. There’s a lot more to its acquisition than it's letting on.

Gardner: I think Documentum was the first big signal that they are moving aggressively outside of just storage.


There's another nuance to this company relationship issue, getting back to the question you asked earlier about other players. There are some, and I’ll call them pure play, although I am not sure it really applies to all of them. We mentioned one before -- VMware. There’s also Intel, which is doing a lot work in the virtualization area, given the fact that it makes a large number of the processes that are out there. While they are focused on virtualization, in some cases they have a narrow view in terms of platform coverage, but they also are not necessarily expert on things like SOA. So, I think you’ll find a lot by way of partnering between companies like those and some of the large vendors who are providing parts of those solutions.

I’ll just make one more point on the virtualization and the SOA thing. I’m reminded of when Microsoft stood up and said: "Of course we’ve always been a virtualization company." They tend to say that they've always been a "this" company, they’ve always been a "that" company. The reason they said they’ve always been a virtualization company is, of course, virtual file systems -- caching and paging and swapping all these mechanisms inside the operating system.

I think extreme virtualization ... will succeed ... (and) ... we’ll stop talking about it, and it will become parts of the distributed platform of the future. And it will just be an expectation -- SOA will run and run because it’s a way of doing things. Virtualization should just become part of the standard, if you like.

One of the things we haven’t gotten into with virtualization is the impact it has on how a vendor would price. Per-processor, per-seat, per-client access license, perpetual enterprise license? It gets rather murky. And I don't think that the high-margin approach to up-front licensing for software will hold up in the virtualized world. Therefore, some companies might actually be interested in dragging their feet on this trend to preserve some of their fat profit margins.

Collins: It’s a huge problem for Oracle and companies like that who have charged for everything in the past.

Garone: I agree. I think it is a huge problem for them. In fact, there are a couple of problems. One is virtualization, and the other is just how many processors, given the multi-core designs that are coming out today, are you actually deploying on?

What’s Intel talking about now? It's 64 cores on a chip, right?

Garone: Yeah. So, it is a big problem. Whether or not they’ll have a choice of dragging their feet is really debatable at this point. I think there are going to be other factors that are going to affect just how fast or slow they go into that area.

Gardner: Let's move on to another subject. We’re certainly going to be revisiting the notion and the concept of the intersection of virtualization and SOA. But there’s been another topic in discussion around SOA recently, and that's about the impact of SOA on ERP, and CRM, and other packaged business applications.

On one side of the fence, we have people saying that SOA is going to be the death-knell, if you will, or certainly diminish the role and impact of packaged applications. We’ve had some large analyst firms come out with reports and some sensational headlines to that effect. And, yet, when I speak to people in the field they say, "No way"; that SAP and Oracle and other packaged application vendors are in for the long haul, and that they’re entrenched.

And, they say that SOA might become a layer above those packaged applications in order to create a data services layer and perhaps a transactional and logic services layer above those. But that doesn’t mean you’ve ripped them out. And, like the mainframe, they'll be there in 20 years. Let’s talk a little bit about the impact of SOA on the packaged business applications field.

Jon, let's go to you first over in the U.K. Should SAP and Oracle be very worried, vis-à-vis SOA?

Collins: I think they’ve been worried for years, but not because they’re worried about the impact of other people coming and stealing their markets. You can only sell these things once, and once you’ve got it in place, you put it under consultancy. The massive number of man-hours that went into implementing things like ERP in enterprise companies then becomes an issue.

What you are going to make money from this year? Yes, of course, we've got the Computer Associate scenario with repeat licensing of old software, but the real revenue streams and increases come from how you get people to do newer and more innovative things with your products. So, I know that probably three, four, or five years ago SAP started to talk about how it’s going to componentize it’s platforms. We’ve seen NetWeaver. We've seen MySAP port. We've seen a whole number of different ways of essentially adding a level of distribution to SAP.

Now, to be honest with you, with your initial preamble, I actually find I can read the line from my notes, which says pretty much exactly the same thing. When I’ve spoken to actual customers of these things, no one is looking to go and replace them. And if they are, that it's not because they are thinking about SOA. What I’ve written here is that at the bottom line, you’ve got a database, you’ve got a rules engine, you’ve got a workflow engine, and it's been crafted and customized for that organization. Why on earth would they want to rip it out and put something else in place? Probably other analysts think about it in terms of market segments and products, and so on. But that’s not the way that we need to think about this.

Gardner: What I think has been happening is that some analysts are confusing a will or a desire to rip them out with an intention.

That may be part of it, but I'm not even sure there’s a will at this point. First of all, I have a lot of faith in end-users. The more I talk to them, the more I believe that they worked very, very hard to make the right decisions. And in fact, with the AlignIT Group, the company you mentioned earlier, my goal was to be able to help them do the massive amount of work that they need to do to get to a short list of vendors and products they look at as quickly and as inexpensively as possible.

But they do a lot of work. And so, I am confident that, generally speaking, they do make the right decision. It’s not always trendy, and it's not always what the analysts say. And, I think that when you’ve got something that really works for you, there’s a lot of inertia there that says, “Stick with it and see how you can adapt the new paradigms that exist, that will help you do your business better, to what you currently have.”

There is a little bit of that deja vu all over again. We talked earlier about SAP and components. I remember discussions like this back when software components started to appear in the mid 1990s, and even before then, when people were talking objects and CORBA and how we're going to get all this stuff to work. If you go by those kinds of predictions and supposed trends, SAP and PeopleSoft -- well, PeopleSoft isn’t independent now -- but an Oracle and the other enterprise app vendors would have been out of business a long time ago.

The fact is that people will want to stay with their current solutions, especially in the case of the ERP, where that high level of integration that brings a lot of the benefits of ERP, has been established and is working for you. And then, tack on to that the technologies that will allow you to say, “Manage the supply chain better,” "Bring your supply chain in better contact and better integration with the systems that you currently have."

All right. Let me just push back a little bit on this. If you look at a lot of large organizations, they're spending somewhere between 60 and 80 percent of their total IT budget just keeping these systems up and running. They're spinning their wheels, not really adding anything new or innovative. That leaves them with a very small section of their budget for discretionary spending, to be innovative, to get out in front with some alternatives and to try to be a competitive in their environments and their markets. If they can somehow get out of this vise of being 60-80 percent in maintenance of a monolithic business packaged applications, back office and front office, wouldn't they want to do that?

Well, it’s hard to say "no" to that question. The question is, what's the trade-off, what’s the ROI, and to what degree does the business has to be upended and set on its ear to get that accomplished? And if the cost-benefit case can be made, then certainly, they’re going to look seriously at it. My suspicion is that the trade-off is not all that clear cut and, at least for the time being, many enterprise application vendors are going to be able to sort of buy time in convincing their customers that the short term is not the right time to make that move.

Gardner: Okay.

Collins: Absolutely. I think we’ve seen in the past two or three years that infrastructure consolidation projects were very popular. And now, we’re seeing a lot of application rationalization and consolidation projects. People are trying to reduce the number of processor cycles they are using, looking for legacy applications that not many people are using anymore, and seeing how they can merge the data from those into other applications. And, that’s all well and good -- that’s all about, giving them more flexibility in the budgets.

But I admit it doesn’t necessarily mean that they are putting up lots of money for innovation. It might just mean that they’re making the place more efficient, just so that they can cut costs, but that doesn’t mean that they are going to go out of their way to remove the large amount of investment they’ve put into ERP system, or the CRM applications.

So, perhaps the way to look at SOA is not what we’ve been hearing a little bit of lately, which is SOA kills ERP. It's not rip and replace. It's not either-or. It's both. From my perspective, SOA’s main value proposition in the short- and medium-term is about risk reduction.

If you can put in some buffer around your legacy systems -- if you can use SOA for more greenfield development, too -- if you can use it for extended enterprise opportunities where you can share services in a close-knit trading or supply chain environments, or a business ecology environment -- then you’re reducing your risk for being backward compatible because your services can continue to be modernized. That is to say, your legacy can be modernized into services and the investments can be exploited. You can reduce your risk in terms of flexibility by being fast to business process development in the current day, and you can reduce your risk in terms of being ready to accept what’s going to be new and interesting, innovative, and productive in the future. What’s wrong with this logic about SOA, as a risk reducer and not a displacer of packaged applications?

Collins: I’ve got the phrase written down here, "augmentation not replacement." I think that you're absolutely right to see everything in terms of reduced risk. I would say that companies are always looking for reduced risks, but they are not necessarily saying that they’ve got high levels of risk, and need to reduce them. But, maybe I would re-phrase it to, “Increase flexibility without increasing risk.” With the idea of replacing something and starting from scratch, there’s an inordinate amount of risk involved, because potentially you go through the same problems you went through last time. Whereas if you create an interface to the tried and tested, you can develop new ways of using that tried-and-tested business logic and tried-and-tested the data management logic without being held back.

Gardner: Okay, Steve, what’s the risk in looking at SOA as risk reduction?

Garone: No, that's a great point. What I was alluding to earlier is that the core enterprise application functionality that organizations have trusted and have used for some time -- and that's well integrated and working for them -- is something that they’re going to want to keep. On the fringes of that, if you will, is the use of SOA-type scenarios and implementations that will allow them to increase their flexibility, keep up-to-date on new technologies, and integrate with those that are outside the realm of that ERP application. And, I think that, in the short term, is what’s going to happen over time. In fact, I think SOA will become the new way to do applications and deploy and manage applications. Then, they will gradually move in that direction, and be either followed by or pushed by the enterprise. Apps vendors are going to move in that direction as well.

Okay, we have been looking at ERP versus SOA through the lens of the enterprise. What if you're a software as a service (SaaS) provider? What if you're an ISV who is moving from packaged apps to services? Wouldn’t you want to build that for the way you are going to go to market -- on an SOA -- and therefore it might be a rip-and-replace; if you are providing your services, your business services as a service?

It’s certainly a desirable option for all the reasons that all of us talk about when we talk about using an SOA-based approach. Again, they’ve got decisions around, being able to make sure that the services to their customers are not interrupted and, once that migration has occurred, that they are as good, if not better, than they were before. But, certainly they can take advantage of all the benefits that end-users can, when moving toward SOA.

I think this is the "dark horse" trend here, around the SaaS provider. If they can start delivering solid business services for something along the lines of $20-$40 per user per month, and mid-sized companies can latch onto this -- probably quicker and easier than a large enterprise where they’ve got entrenched monolithic applications and large investments in them -- then, suddenly, a company that has 200 to 2,000 seats of users can start doing business processes far more fleet and productively than a big, lumbering enterprise (that's) locked into some older paradigm of development and applications. Wouldn’t that perhaps provoke a tipping point, whereby there could be a move towards rip-and-replace?

Garone: I think you are pretty much right on. In fact, I think you are making a very important point in terms of the type of end-user organization that will go for that initially, and will start that ball rolling. And, yes, I think when you are talking about a solution provider -- software as a service provider in terms of enterprise applications -- then absolutely pricing is going to be an issue. The business model is going to be an issue, but if they can get that together -- it has been proven in the case of companies like Salesforce.com -- then, yes, they are going to be on to something, and that will, I think, push larger organizations and providers to start thinking in those terms as well.

Gardner: Do you buy into that, Jon? Do you think that SaaS could actually be a catalyst to SOA and create a tipping point that changes of the dynamics of packaged business applications business?

Garone: I think it can, and it should in certain domains. If you look at when Salesforce.com saw its initial success, it was delivering a very generic, what I usually call a CRM application, to the widest possible audience and lowest common denominator. And, it did it very well.

So, despite everyone saying, "ASPs are dead and so on and so forth," Salesforce.com kind of rose like a phoenix from the ashes of the ASP, and it's done very well ever since. I’ve just finished a consultancy with an ISV that is looking directly these issues, and it seems to me that there are companies like that. They're having to balance and manage the risks from two sides. The first is that, for example, they do have a lot of, let’s call it "legacy business logic."

So, let’s say, if you had health care, for example, you’ve already developed some quite complex logic in terms of how you are going to manage in terms of compliance regulations and so on and so forth. We don’t want to just throw that out and start again, because you’ve already put a lot of work into that. At the same time, if you do take an existing system and you try to open it up to much a wider user base, you could be very likely to have issues with scalability. So, you can’t necessarily just take your existing application and say, "There you go -- everyone come in" because you'll all just get jammed in the door.

So, it’s about balancing the risks of both sides. It’s not going to be a tipping point, but it's definitely going to be a route toward the tipping point. And the [accelerant] will come from something -- as typically the tipping point starts from -- that no one expects. At the moment, we're seeing that there's a whole mash-up. Everyone is trying out stuff like that -- everyday things that actually encourage and capitalize on these more old-fashioned applications.

Gardner: So, if we consider that Rich Internet Applications (RIAs) have the front end, allowed for a mashing up, if you will, of services from an entrenched internal enterprise packaged application infrastructure, as well as using SaaS provider services, as well as some greenfield customized SOA services internally -- then you get the best of all worlds, and that probably would be very attractive to a lot of companies.

To an extent. I think Steve very early on made a good point about, when it comes down to operational management, service management, and service delivery and so on. In India, you’ve got a scenario where you just have all of these things available to you and you can pick and choose -- decide which ones you’re going to need. Then how are businesses going to differentiate themselves?

They’re going to differentiate themselves by being able to make very fast decisions about what’s best for them as a company, or what’s going to best serve their business activities and their customer relationships. And how to do that faster than the competition is largely going to come down to how well they’ll manage their IT and how well they’ll manage that process of change and ongoing adoption.

So, that’s why most companies still have to wait. Most companies still are very slow in terms of adoption and adaption of big technologies. So, that’s where the battleground's going to be.

If I read you correctly then, the companies that will do well in terms of their competitive advantage in their fields are not necessarily the ones that master a particular technology, but master the ability of picking and choosing and moving among these technological innovations in a way that benefits them and their particular situation. That reduces their risk but gives them more choice and agility. I am afraid that, of course, these things are much easier said then done. But clearly the intersect between ERP packaged applications, SOA, SaaS and the ability to manage all of them and keep the plates spinning -- this will be an issue of great importance in the next decade. I don’t think we can say too much more with a 90-percent authority, but we’re getting closer.

We're out of time, but we’ve hit on two major subjects today that affect SOA. We’ve discussed the virtualization issue and SOA, as well as this notion of business applications and the effect on that market and industry. Joining us to discuss these have been two noted industry analysts, independent Industry analysts: Steve Garone, a former VP at IDC and a founder of the AlignIT group. Steve, I want you to give us your disclosure at this time. We’ve discussed a lot of companies. Would you just list the ones that you had a business relationship with, so they we're all, on the up-and-up here?

Garone: Great. Yes, currently, based on the ones we talked about, it's IBM and Sun.

Gardner: Superb. And also helping us weed through these issues, has been Jon Collins, of Macehiter Ward-Dutton. He is the principal analyst there. And I wonder if you could do your disclosure exercise as well, please?

Collins: Sure, I’ve been working recently with IBM, and I think I mentioned Mercury. And Microsoft, we’ve done some work with them.

All right, and for me on disclosure, I’d been doing work basically through sponsorships of podcasts with HP and, I think that’s perhaps the only one that we’ve mentioned right now.

Thanks for joining us. I would also like to point out to our listeners that if you'd like to learn more about BriefingsDirect B2B informational podcasts or to become a sponsor of this or other B2B podcasts, feel free to contact me, Dana Gardner, at 603-528-2435. This is Dana Gardner, the principal analyst at Interarbor Solutions, and you’ve been listening to Briefings Direct SOA Insights Edition. Come back and listen next week too. Thanks.

Listen to the podcast here.

Transcript of Dana Gardner’s BriefingsDirect SOA Insights Edition, Vol. 2. Copyright Interarbor Solutions, LLC, 2005-2006. All rights reserved.