Rolled a “7”…

February 18, 2008

Last week SignaCert was named one of the “7 Virtual Management Companies to Watch” by Network World. Wow, that came a bit out of left field…

Yes, we have been doing a lot of work in this space (configuration and image management for virtualization) but we were surprised, and a bit humbled by the recognition.

We are also coming off of a big week in New York City where we spent some quality time with the tier one and two financial firms exploring where they are in their thinking about systems management and information security in the enterprise. It was very interesting really….there were several independently validated trends that emerged out of these great customer meetings.

1) Virtualization remains a bit of a curiosity today in most large enterprises. It was a bit uncanny to hear from several of them that they were “10% or less (much less) deployed in their current enterprise IT environments” and that they “expected to be” 40-60% deployed in the 2-4 year time frame.

2) Deployment of MS-Vista on the user endpoints (desktops, workstations, laptops) is going to be “delayed” by at least a year—maybe two. This is somewhat a function of the current financial environment in the Financial Services sector—but likely more a function of not having a compelling reason to switch, coupled with a resounding “we’re not ready.”

The other thing that came thru was common thread of “how do we take this time out and get our stuff together as we prepare for the next wave?”

What was clear is that standardized configuration and image management is a *precursor* to what our customers need to achieve NOW. That is – do more with less by:

1) Delivering more productive IT Business Process cycles with their existing infrastructure WHILE lowering costs and improving compliances.

2) Doing that while optimizing CapEx and lowering OpEx.

Sounds like IT measurement and automation to me. No choice. No more excuses.

Another very interesting normalized data point is that the traditional (read: already in house and validated as suppliers) need to do more to address these needs AND the only – underscore ONLY new vendors that will make the cut to supply in these times are ones that can address the More with Less demand. Period.

So connecting all of these dots……

Our prospects and customers must acquire tools and knowhow to make sure that what they build and deploy in their IT environments STAY deployed as intended through out the IT business process lifecycle.

And if we can’t understand and maintain our S/W builds NOW in our mostly monolithic (1 computer – 1 Operating System and Application Stack)—then how are we possibly going to do this in the Virtualized IT World that we all know is coming?

Thank you Network World for “getting it”… Software measurement and IT controls methods built on high resolution software stack management is not a luxury today… and increasingly crucial to manage the current and future enterprise IT.

IT in Transition turns the page…..



Microsoft and Veridian

February 7, 2008

Over the last few weeks Microsoft (MSFT) announced more details of their long awaited virtualization strategy (drum roll please) and their expanded partnership with Citrix/Xen (with an emphasis on servers) and simultaneously announced the acquisition of Calista.

When Citrix originally announced the acquisition of XenSource a few months ago we thought that is was apparent that MSFT had to be “in the know” as Citrix and MSFT have been in a love/hate relationship in within the enterprise markets for nearly 18 years.

The prior relationship was much to do with terminal services and “backracking” and streaming of applications to the end-point.  In many ways these uses are a pre-cursor to virtualization – an enterprise “Petri dish” to see what and how customers find value around alternate enterprise usage of platforms and software delivery. Now the next shoe is dropping.

With the success of VMware―both in terms of early enterprise acceptance and deployment AND the IPO (giving VMW a huge warchest)―Microsoft has been forced to move.  Some would see it as “late”, but the virtualization market is really very nascent.  The bulk of VMW revenue is made up of deal sizes $100k or less….(likely ASP’ing at <=$70k right now)….so the bulk of the $1B+ in revenue by VMW is still “pilot” and for development usage.  So we are very early stage.

But the shift is happening quickly and the full transition is inevitable in short order (Less than 5 years for leading sectors to cross over to more than 50% virtualized infrastructure.)

While it is clear that the Virtual Memory Manager (VMM) and Hypervisors (HV) are ultimately commodity delivery mechanisms for the stack and software in the Virtual Machine (VM) enablers, control of VMM and HV is important to the big guys until the other layers of the value-add opportunities develop and evolve.

The longer term question for the “little guys” (every one with less than $100b market cap) is “where are the defensible 3rd party value-add areas” as the paradigm shift fully reveals itself?  What “goes away” as the shift from the one-to-one (hardware to OS) monolithic platform yields to the one-to-many virtual platform.

What happens to traditional IT security in this brave new world?  Where can we hang our respective 3rd party hats as the elephants trample the old ground in search of new and fertile new areas?

It is in these questions that the “positive” security and systems management model really begins to stand out.  Knowing that VM instantiations are ASSEMBLED FROM trusted code by validating them against a platform and vendor agnostic, high-quality “white list” resource becomes critical.

Also knowing WHAT CODE IS LOADED WHERE AND FOR HOW LONG becomes an enabling capability, regardless of which VMM and HV is used to create the VM software stacks.

Also, compliance and software licensing become even more important, but can be easily handled with trusted code and stack measure/validate methods.  Being able to “attest” the stack to an external “white list” reference built from a rich supply of high-quality software reference measurements becomes a highly-defensible and long-term way of adding value to the new virtual compute paradigm.

Interestingly for those that get the jump on this, this represents a huge, content-based, recurring revenue model that the first-party players will have a difficult time displacing (because they don’t have ready access to software measurements from other vendors and due to the “trusted third party” implications).

Will we really trust Microsoft to validate Microsoft?

So let’s just view this as another card in an unfolding game of mammoth proportions and implications.

Stay tuned.  This is going a lot of fun to watch, and to participate in.