This post is intended to document some of the product, service, and peer benchmarking information taken away from the Midmarket CIO Forum. The event was run by IT Business Edge and had 15 vendors hosting 80 IT Executives. Information was exchanged in various settings:
- Boardroom Case Studies: Vendors presenting to a group of 12 IT Executives
- Luminary Presentations: Speakers presenting the entire group
- Vendor Roundtables: Vendors presenting to a group of IT Executives interested in a specific topic
- Vendor One-on-Ones – scheduled or ad-hoc meetings with individual vendors
- Peer-to-Peer Roundtables: discussion among IT Executives interested in a specific topic moderated by IT Executives
- Informal Peer-to-Peer exchanges
Virtualization and Cloud computing seemed to be at the top of the list for many participants and vendors. Not surprising, as Gartner’s 2010 CIO Agenda survey of more than 900 CIOs listed them as the No. 1 and No. 2 tech initiatives for 2010 (they didn’t appear in the list at all for 2009).
We seem to be a little ahead of most groups in our server virtualization efforts. In our boardroom, when asked who had virtualized more than 40% of their production environment, the majority of the group (12 IT Executives) raised their hands. Some were halfway there or just finishing up their projects.
Two companies were using Hyper-V for virtualization, 10 were using VMware. Most companies were using Exchange, a few had virtualized Exchange 2007 and were happy with the results.
Desktop virtualization was a different story. Although a fair number of companies were using application virtualization (mostly with VMware ThinApp) and enjoyed the benefits, very few were using Desktop Virtualization in a production environment.
Three CIOs I spoke with were either starting or finishing up what they called their “last” desktop refresh project. Two of them plan to host Virtual Desktops on ESX Servers using VMware View, and access through thin clients such as Wyse or “Zero Clients” from Pano Logic.
The Pano box is an endpoint device for virtual desktop computing that contains no processors, no operating system, no memory, no drivers, no software and no moving parts. Pano Logic has a starter kit with 5 devices available for $1,899.
Pano Logic was the hardware winner and VMware View 4 was the Clear Choice Test winner for NetworkWorld’s VDI Shootout last year.
The third person contemplating the end of the desktop refresh was the CIO of mid-sized city. Having just moved from Lotus Notes to Google Mail, he is thinking about weaning his users from Microsoft Office to Google Apps, and wonders if the Chrome OS and a browser will be all he needs by the time the next refresh cycle comes up.
I moderated a peer-to-peer roundtable on cloud computing at the Forum’s first event on Sunday. While there was the expected amount of confusion over what cloud computing actually is, there was some agreement on what it isn’t.
Most participants felt that traditional hosting and outsourcing did not qualify as cloud computing, since they could leave you with the same basic infrastructure and vulnerabilities (e.g., single point of failure). The only difference is that the potential problems are located off-site and managed by someone else.
There was even more puzzlement over the concept of a “private cloud”. I will examine this topic further in a later post, but the consensus at the roundtable was that there are real benefits to some aspects of cloud computing, and it’s more important to realize those benefits in a way that makes sense for the business than to worry about meeting the particular requirements of evolving definitions. (See Why Larry Ellison hates Cloud computing.)
From a practical perspective, a lot of companies are talking about cloud computing, but other than email filtering, very few are actually doing anything with it. The one exception at our table was the city CIO (see above), who seems ready to go all in with the cloud crowd. He was even questioning whether he needs to bother with Windows 7 at all, since a browser may be all the city needs to conduct business in a year or so.
Rob Enderle gave a Luminary presentation on Windows 7, and had an interesting backstory on the internal dynamics at Microsoft that produced the “train wreck” that was Vista.
Only one person in the audience had rolled out Vista in production. Most were using Windows 7 within IT and with pilot groups. Rob’s opinion was that a big-bang rollout was best, but that nobody can afford it, so most upgrades will be done incrementally.
Rob’s opinion of Windows 7 was very favorable, which matches what I heard from most attendees. The Office 2010 Beta received high marks as well. Here are the tips and best practices presented by Rob:
- Best to rollout with new hardware
- Deploy by group to avoid PC Envy
- Most hardware these days is built to last 3 years with a cushion to avoid in-warranty repairs; don’t hang on or delay upgrades too long
- Consider employee purchased HW connecting to virtual desktops
- Consider SSD for notebooks (heard a lot of this one)
- Transition from 32-bit to 64-bit; next platform will be pure 64-bit
- In addition to improved performance and memory usage, 64-bit machines are more stable; some viruses can’t execute in 64-bit machines
- Get Matched Memory for best performance (with dual-channel architecture) and to avoid problems
- Most PC problems are memory problems, but present in different ways
- Most everything built after 2008 has matched memory (same size, speed, vendor)
- If problems arise with older machines, replace single or unmatched DIMMs with matched memory
Miscellaneous T. Below are vendors I spoke with at the conference, most made presentations to our boardroom.
Tango/04 – Pretty slick BPM, Data, SLA, and Infrastructure Monitoring package. Has solutions configured specifically for compliance and for IBM iSeries data monitoring.
Conclusion: More than we need internally. Requires an estimated 1 week of professional services for basic infrastructure monitoring, and 4 weeks for BPM. Ongoing administration requires Python programming expertise.
Sanbolic – Interesting product that sits between servers and storage and virtualizes your SAN with a clustered file system and clustered volume manager. Designed for use with Windows Servers, it allows you to aggregate multiple storage arrays into a single pool of storage. Uses de-duplication and replication to reduce storage needs and provide active-active SQL Server clusters.
Has solutions for Citrix and VMware, but focuses most heavily on Hyper-V. $16K for base license covering 2 physical servers and 8 virtual servers. $400 for each additional virtual server. No training or professional services required.
Conclusion: Seems geared primarily to fill gaps in Hyper-V implementations. We already get many of the benefits it offers through features of VMware and EMC, and will get more with Avamar.
Message Labs – Provides hosted email, IM, and web security, recently acquired by Symantec. Provides 100% SLA for Anti-Virus solution. Plans to offer Hosted Endpoint Protection.
Asked about package deals with Symantec Endpoint Protection. Currently no bundled offerings, they are working on it. Client level protection may always be needed to protect from internal threats, but hosted solution may be better for external threats. They are planning to offer client software with a smaller footprint than Symantec, designed to be used in conjunction with hosted solution.
Conclusion: Message Labs was included in evaluation when message filtering was moved from on-premise to cloud. Product was good but relatively expensive. Email filtering, Continuity, and Discovery products are most mature.Would like to evaluate current security tools, including Cisco ASA modules, Symantec Endpoint Protection, and Postini, and see if there is an opportunity for consolidation.
Cast Iron Systems – The last time I saw this company at the Gartner Midsize Enterprise Summit, their offering was a fairly expensive appliance for on-site enterprise application integration. They now call themselves “The #1 Cloud Integration Company” and offer their solution through a physical or virtual appliance, or as a hosted service.
They have a pretty impressive list of partners, and connectors to allow for point-and-click integration between and among both on-premise and cloud-based applications. In the cloud, they provide integration services for Microsoft Azure, Amazon EC2, and Google Apps.
They have moved to a subscription pricing model, and charge $250 per month for endpoint. An endpoint can be an application, database, or other datasource such as Active Directory. Multiple integrations can be created between endpoints with no additional subscription charges.
They will perform a no-charge scoping and analysis for proposed integration projects. They suggest that a company’s first integration project be done together, and can be completed in an average of 8 days. Training is offered so that most future integrations can be done internally, and integrations are shared freely within a customer community.
Conclusion: Integration with ADP has been, and remains a challenge for us, mainly because there is no test environment for us to work with. Cast Iron Systems has a formal relationship with ADP, and plans to build a connector to their systems. They are also in talks with Ultimate Software. If they can provide connectors for those systems, we should consider a scoping and analysis session.
Google Enterprise – Google’s boardroom presentation focused mainly on Google Apps, with a bit of time devoted to Enterprise Search. On the Apps front, the big news is the Google Apps Marketplace, which launched March 9, 2010. Since I’ve covered Google Apps in previous evaluations, I won’t repeat those findings here.
One offering that may be of interest to us is Google Web Security for Enterprise. This is an add-on to Postini that provides real-time scanning of web requests to protect against spyware, viruses and malware. It also provides content filtering to manage, monitor, and report on internet usage.
The Google Search Appliance (GSA) is licensed in two or three year contracts, with pricing based on the number of documents crawled. Pricing for up to 500,000 documents would be $30,000 for two years.
Google claims that the GSA can be deployed in 2 to 3 days, versus 2 to 3 months for a FAST implementation. The GSA is delivered with a SharePoint connector. Google mini is limited to 300,000 documents, and will not index SharePoint, only file shares.
Conclusion: Microsoft has two flavors of Enterprise Search (one from their FAST acquisition) that will be available with SharePoint 2010. We will wait to see what’s available from Microsoft and evaluate before looking at other search products.
Considering our current tools and user habits, if we were to consider a hosted productivity suite, Microsoft BPOS would be a more likely candidate than Google Apps.
We may want to evaluate Google Web Security as part of a consolidation / rationalization of security tools as mentioned in the conclusion for Message Labs.
TriGeo – TriGeo sells a Security Information and Event Management (SIEM) appliance that provides real-time, in memory log analysis, event correlation, and active response/threat mitigation. The device also includes a bundled Intrusion Detection System (pre-configured Snort), and USB detection and prevention to protect against data breaches. TriGeo has a good reputation as a regulatory compliance solution, and bundles over 300 reports and out-of-the-box compliance packs.
Conclusion: TriGeo seems to show up at every Midmarket conference I attend, and there usually a few attendees who use it and give it high marks. Most TriGeo deals are in the $30-40K range, and some of its functionality is provided by products currently in use here. Might consider in a green field situation, or where there is an urgent need for compliance with PCI, GLBA, FDIC, NCUA, NERC-CIP, HIPAA, SOX, FISMA, ISO 1799/27001/27002, or other regulations.
SpectorSoft – Spector 360 monitors web sites visited, emails sent and received, chats and instant messages, keystrokes typed, files transferred, documents printed and applications run. For web usage, it monitors active time, focus time, total time. It can record the user’s desktop with snapshots at rates up to one per second (default is every 30 seconds).
Prices for the Network Edition start at $1,995 for 15 PCs. There is also a more targeted version to monitor individual PCs, Spector CNE Investigator, starting at $495 for a 3 PC license.
Conclusion: One person in our group was using Spector 360 and was happy with it. Most everyone else felt it was too intrusive and were shaking their heads after the vendor left the room. Probably overkill for us, but may be of interest to our more security-minded clients.
In addition to the vendor presentations, the boardrooms had working sessions where we discussed topics of our choosing. The items below are drawn from those conversations.
- Some are using Cisco or MS Certificates to control access to their Corporate Network (Wired or Unwired)
- 4 of 12 don’t allow Facebook due to Malware; one other limits usage to 1 hour per day
- Wireless Device Management – 10 companies pay for device and plan; 1 employee provides device, receives stipend for plan; 1 employee pays for everything
- A few companies are now using Netbooks instead of aircards
- Some are also using Netbooks as loaners
- That’s it.