Category Archives: Everything

February 1, 2008

Loosening my coupling with Yahoo (excuse my SOA-speak)

For those of you who still have my @yahoo.com personal email in your address book, now is a good time to replace it with the more portable one composed of my first name @vambenepe.com. This way there won’t be any problem when I move away from Yahoo (which is where my personal emails are currently redirected) after the Microsoft acquisition.

This is not a knee-jerk anti-Microsoft reaction. It’s just an intuition that their attempt to acquire Yahoo is driven more by lust for Yahoo’s audience than anything else (Tim Bray seems to agree). And that having acquired the audience, Microsoft is going to want something more for its $44.6 billions (or whatever the final price ends up being) than the few dollars I send to Yahoo every year for freedom from ads and a few additional services. Things like promoting Silverlight for example (did you hear that the Web broadcast of the 2008 Olympics will supposedly require Silverlight? Since I don’t own a TV, that would make me a little upset if I cared about the Olympics).

When the time comes (I am willing to give Yahoo-Microsoft a chance to prove me wrong), I’ll probably just move to my own server unless I find a provider who offers a great email-and-only-email service. It won’t be GMail.

In the meantime, whether this acquisition succeeds or not, thank you for updating your address books.

1 Comment

Filed under Everything, Off-topic, Yahoo

January 31, 2008

+1 to the FTC

I noticed two patent-related news items tonight that could be of interest to those of us who have to deal with the “fun” of patents as they apply to IT. The first one is an FTC settlement that enforces a patent promise made in a standard body. It is not uncommon for participation in a standardization group to require some form of patent grant (royalty-free, RAND, etc). This is why employees in companies with large patent portfolios have to jump through endless loops and go through legal reviews just to be authorized to join a working group at OASIS (one of the organizations with the clearest patent policy, patiently crafted through a lot of debate). Something similar seems to have happened at IEEE during the work on the Ethernet standard: National Semiconductor promised a flat $1,000 license for two of their patents (pending at the time) that are essential to the implementation of the standard. And we all know that that little standard happened to become quite successful (to IBM’s despair). Years later, a patent troll that had gotten hold of the patents tried to walk away from the promise. In short, the FTC stopped them. If this is of interest to you, go read Andy Updegrove’s much more detailed analysis (including his view that this is important not just for standards but also for open source).

At my level of understanding of intellectual property law as it applies to the IT industry (I am not a lawyer, but I have spent a fair amount of time discussing the topic with them), this sounds like a good decision. But it is a tiny light in an ocean of darkness that creates so many opportunities for abuse. And the resulting fear prevents a lot of good work from happening. The second patent-related news item of the day (a patent reform bill driven by “major U.S. high-tech companies”) might do something to address the larger problem. Reducing damages, strengthening the post-grant review process and ending the “forum shopping” that sends most of these suits to Texas sounds like positive steps. All in all, I am more sympathetic to “major U.S. high-tech companies” (which include my current and former employers) than to patent trolls. At the same time, I have no illusion that “major U.S. high-tech companies” are out to watch for the best interest of entrepreneurs and customers.

Comments Off on +1 to the FTC

Filed under Business, Everything, Patents

January 30, 2008

HP’s GIFt to the SOA world

I just noticed a press release from HP to announce the release of GIF (the Governance Interoperability Framework). In short, GIF is a specification that describes how to use the HP SOA Registry for governance tasks that go beyond what UDDI can do. It has been around for a long time inside Systinet then Mercury then HP and some partners had been somewhat enrolled in the program (whatever that meant) but it wasn’t clear what HP was really planning to do with it. Looks like they have decided to put some muscle into it by attracting more partners and releasing it. Or at least announcing that they would release it. I can’t find it on the HP site so I can’t see if and how the specification changed since when I was in HP. It will be interesting to see if they present it as a neutral specification of which the HP SOA Registry is one implementation or as something that requires that registry.

I also looked for it on Wikipedia since the press release declares that it will be made available there but to no avail. That part puzzles me a bit since this would be pretty atypical for Wikipedia. At most there could be an article about GIF that links to the specification on hp.com. And even then, you’d have to convince Wikipedia editors that the topic is “worthy of notice”. Or maybe they meant to refer to an HP wiki and some confused editor turned that into Wikipedia?

The press release has a few additional items (yet more fancy-sounding SOA offering from HP Services and some new OEM-friendly packaging for the Registry) but they don’t seem too exciting to me. The GIF action is what could be interesting if things really get moving on this. In any case, congratulations to Luc and Dave.

[UPDATED 2008/2/4: turns out Luc isn’t at HP anymore, he’s joined Active Endpoints as Senior Director of Product Management. Double congrats then, one set for the past work on GIF and the other for the new job.]

[UPDATED 2008/2/5: there is now a Wikipedia page with a description of GIF. But still no sign of the specification itself on the HP GIF page.]

[UPDATED 2008/3/16: you can now download the spec (but you’ll need to register with HP first).]

1 Comment

Filed under Everything, Governance, HP, Specs

January 29, 2008

Freeform Dynamics on IT management

We can find on the Register site a Microsoft-sponsored report by Freeform Dynamics on the daily frustrations of IT management work. The results are introduced as “surprising and interesting” but I don’t see where the surprise comes from. The main take-away is that the tools and systems that support IT management are fragmented and that better integration is needed. This is very true but hardly qualifies as a surprise unless you’ve been living in a PowerPoint world (where the boxes are always nicely layered and connected – after all there even are built-in functions in PowerPoint to polish this lie by ensuring that objects look well distributed and aligned). But the report is still an interesting short read.

1 Comment

Filed under Everything, IT Systems Mgmt, Mgmt integration

January 29, 2008

WSO2 Mashup Server

I see that WSO2 has just released version 1.0 of their Mashup Server. Congratulations to Jonathan and the rest of the team. I haven’t played with the earlier betas of the Mashup Server but I have read enough about it to be interested. Now that it’s been released, it might be a good time to invest a few hours to look into it (I just downloaded it and I filled a small documentation bug already). I know (and like) many of the WSO2 guys (Jonathan, but also Sanjiva and Glen) from the early days of the W3C WSDL working group. Plus, you have to give credit to a company that offers visibility on its web site not just to its board and management team but also to its engineers.

But the Mashup Server is not interesting to me just because I know some of its authors. There are tow more important reasons. One is that it is the integration product in WSO2’s portfolio that is the most different in its approach from the many integration products in Oracle Fusion Middleware. We want Oracle Enterprise Manager to do an outstanding job at managing Oracle Fusion Middleware, but we also want it to manage other integrations approaches as well (we manage Tomcat for example). At this point there is of course no market demand for managing WSO2’s Mashup Server, but from an architectural perspective it’s a good alternative to keep in mind along with the BPEL, ESB, ODI, etc that are already in heavy use. I am always interested in perspectives that help make sure that the most abstract application/service management concepts remain suitably abstracted, so learning a bit about the Mashup Server can’t hurt. I’ll know more once I’ve looked at it, but my impression is that the Mashup Server is somewhere between BPEL and Ruby on Rails (or TurboGears) in terms of declarativity and introspectability (yes I like to make up words) for management purposes.

This may well be sweet spot and it’s my second reason for being interested in the Mashup Server. I am always interested in tools that help with quick prototyping and the best tool is different for each job. The Mashup Server is pretty unique and I can imagine it being a nice tool for some management integration prototypes once the participating services have been suitably XML-ized (something that that Oracle Fusion Middleware makes easy).

Interestingly, the release of this JavaScript-based platform comes on the same day that Joe Gregorio declares JavaScript to be the new SmallTalk.

Comments Off on WSO2 Mashup Server

Filed under Everything, JavaScript, Mashup, Mgmt integration, Tech, WSO2

January 28, 2008

Lyon shares

The New York Times published an article describing a plan to partially replicate the city of Lyon in Dubai. I wasn’t born in Lyon but I grew up there. At the cost of another off-topic post, I will take this opportunity to tell my American friends, whose itineraries in France tend to take them from Paris straight to the French Riviera, that they are missing out on a great city located half-way between these two spots.

The Lyon apartment building I lived in stands on what used to be a trading post for Gauls and Romans. Napoleon Bonaparte presided over the earth breaking ceremony for this building. A couple of windows in the apartment were later blocked with bricks because of a 19th century tax that was assessed based on the number and size of windows in your home (*). Through the remaining windows, the view from the apartment is over place Bellecour on which you can see a statue of king Louis XIV that was melted during the French revolution to make cannons and replaced during the Restauration period. There was also a guillotine in action there during the revolution. During WW2, the Gestapo took over the building (my elderly same-floor neighbor told me about being evicted by them – he came back after the war). And Antoine de Saint Exupery was born next door. That’s a lot of history for just one apartment building. Good luck replicating that in the desert.

Of course that’s not necessary and there is a lot you can be inspired by in Lyon without emulating its past (I don’t recommend cutting a few heads in public just to “capture the feel” of Lyon’s revolutionary history). The Times article lists a few challenges. The importance of pork and wine in the local cuisine is manageable. Once you accept that you’re not going to get a carbon copy, the challenge of Lyon-inspired cooking without these ingredients is one chefs could rise to (a generic prohibition on heavy sauces would be more problematic). The role of the rivers in the “feel” of the city seems more challenging to me. I lived in the peninsula formed by the meeting of the Rhone and Saone rivers. The rivers and the wide walking areas by their sides make for great (sometimes windy) walks during which you can see nice bridges and historic buildings (universities, a hospital, a courthouse and many Renaissance apartment buildings). And even if they manage to create an equivalent body of water in Dubai, the strong flow of the water coming down from the Alps is likely to be missing. There is a reason why the picture that illustrates the Times article shows a pedestrian bridge (looks like Passerelle Saint Vincent over the Saone river).

I am not sure what it really means to replicate an old city but there certainly is a lot to learned about urban life from Lyon’s long evolution. I am sure the people of Lyon don’t mind the money but even more they probably love being told that they represent a model to emulate. And it must feel good to steal the limelight from Paris just once. I don’t have millions to invest in the city like Dubai does, but I too am happy to speak highly of Lyon and encourage people to visit. Feel free to contact me if you plan such a visit and would like recommendations.

(*) the number of doors was also part of the tax calculations. The goal was to achieve some degree of proportionality in taxation since rich people presumably had more doors and windows in their homes. It wasn’t a new idea, Julius Caesar imposed similar taxes (called ostiarium and columnarium) on the numbers of doors and columns respectively. Looks like he didn’t care for McMansions either. Maybe it’s time to resuscitate the columnarium in US suburbia.

Comments Off on Lyon shares

Filed under Everything, Off-topic

January 27, 2008

IT management in a world of utility IT

A cynic might call it “could computing” rather than “cloud computing”. What if you could get rid of your data center. What if you could pay only for what you use. What if you could ramp up your capacity on the fly. We’ve been hearing these promising pitches for a while now and recently the intensity has increased, fueled by some real advances.

As an IT management architect who is unfortunately unlikely to be in position to retire anytime soon (donations accepted for the send-William-to-retirement-on-a-beach fund) it forces me to wonder what IT management would look like in a world in which utility computing is a common reality.

First, these utility computing providers themselves will need plenty of IT management, if not necessarily the exact same kind that is being sold to enterprises today. You still need provisioning (automated of course). You definitely need access measuring and billing. Disaster recovery. You still have to deal with change planning, asset management and maybe portfolio management. You need processes and tools to support them. Of course you still have to monitor, manage SLAs, and pinpoints problems and opportunities for improvement. Etc. Are all of these a source of competitive advantage? Google is well-known for writing its infrastructure software (and of course also its applications) in house but there is no reason it should be that way, especially as the industry matures. Even when your business is to run a data center, not all aspects of IT management provide competitive differentiation. It is also very unclear at this point what the mix will be of utility providers that offer raw infrastructure (like EC2/S3) versus applications (like CRM as a service), a difference that may change the scope of what they would consider their crown jewels.

An important variable in determining the market for IT management software directed at utility providers is the number of these providers. Will there be a handful or hundreds? Many people seem to assume a small number, but my intuition goes the other way. The two main reasons for being only a handful would be regulation and infrastructure limitations. But, unlike with today’s utilities, I don’t see either taking place for utility computing (unless you assume that the network infrastructure is going to get vertically integrated in the utility data center offering). The more independent utility computing providers there are, the more it makes sense for them to pool resources (either explicitly through projects like the Collaborative Software Initiative or implicitly by buying from the same set of vendors) which creates a market for IT management products for utility providers. And conversely, the more of a market offering there is for the software and hardware building blocks of a utility computing provider, the lower the economies of scale (e.g. in software development costs) that would tend to concentrate the industry.

Oracle for one is already selling to utility providers (SaaS-type more than EC2-type at this point) with solutions that address scalability, SLA and multi-tenancy. Those solutions go beyond the scope of this article (they include not just IT management software but also databases and applications) but Oracle Enterprise Manager for IT management is also part of the solution. According to this Aberdeen report the company is doing very well in that market.

The other side of the equation is the IT management software that is needed by the consumers of utility computing. Network management becomes even more important. Identity/security management. Desktop management of some sort (depending on whether and what kind of desktop virtualization you use). And, as Microsoft reminds us with S+S, you will most likely still be running some software on-premises that needs to be managed (Carr agrees). The new, interesting thing is going to be the IT infrastructure to manage your usage of utility computing services as well as their interactions with your in-house software. Which sounds eerily familiar. In the early days of WSMF, one of the scenarios we were attempting to address (arguably ahead of the times) was service management across business partners (that is, the protocols and models were supposed to allow companies to expose some amount of manageability along with the operational services, so that service consumers would be able to optimize their IT management decision by taking into account management aspects of the consumed services). You can see this in the fact that the WSMF-WSM specification (that I co-authored and edited many years ago at HP) contains a model of a “conversation” that represents “set of related messages exchanged with other Web services” (a decentralized view of a BPEL instance, one that represents just one service’s view of its participation in the instance). Well, replace “business partner” with “SaaS provider” and you’re in a very similar situation. If my business application calls a mix of internal services, SaaS-type services and possibly some business partner services, managing SLAs and doing impact/root cause analysis works a lot better if you get some management information from these other services. Whether it is offered by the service owner directly, by a proxy/adapter that you put on your end or by a neutral third party in charge of measuring/enforcing SLAs. There are aspects of this that are “regular” SOA management challenges (i.e. that apply whenever you compose services, whether you host them yourself or not) and there are aspects (security, billing, SLA, compliance, selection of partners, negotiation) that are handled differently in the situation where the service is consumed from a third party. But by and large, it remains a problem of management integration in a word of composed, orchestrated and/or distributed applications. Which is where it connects with my day job at Oracle.

Depending on the usage type and the level of industry standardization, switching from one utility computing provider to the other may be relatively painless and easy (modify some registry entries or some policy or even let it happen automatically based on automated policies triggered by a price change for example) or a major task (transferring huge amounts of data, translating virtual machines from one VM format to another, performing in-depth security analysis…). Market realities will impact the IT tools that get developed and the available IT tools will in return shape the market.

Another intriguing opportunity, if you assume a mix of on-premises computing and utility-based computing, is that of selling back your spare capacity on the grid. That too would require plenty of supporting IT management software for provisioning, securing, monitoring and policing (coming soon to an SEC filing: “our business was hurt by weak sales of our flagship Pepsi cola drink, partially offset by revenue from renting computing power from our data center to the Coca cola company to handle their exploding ERP application volume”). I believe my neighbors with solar panels on their roofs are able to run their electric counter backward and sell power to PG&E when they generate more than they use. But I’ll stop here with the electric grid analogy because it is already overused. I haven’t read Carr’s book so the comment may be unfair, but based on extracts he posted and reviews he seems to have a hard time letting go of that analogy. It does a good job of making the initial point but gets tiresome after a while. Having personally experienced the Silicon Valley summer rolling black-outs, I very much hope the economics of utility computing won’t be as warped. For example, I hope that the telcos will only act as technical, not commercial intermediaries. One of the many problems in California is that the consumer don’t buy from the producers but from a distributor (PG&E in the Bay Area) who sells at a fixed price and then has to buy at pretty much any price from the producers and brokers who made a killing manipulating the supply during these summers. Utility computing is another area in which economics and technology are intrinsically and dynamically linked in a way that makes predictions very difficult.

For those not yet bored of this topic (or in search of a more insightful analysis), Redmonk’s Coté has taken a crack at that same question, but unlike me he stays clear of any amateurish attempt at an economic analysis. You may also want to read Ian Foster’s analysis (interweaving pieces of technology, standards, economy, marketing, computer history and even some movie trivia) on how these “clouds” line up with the “grids” that he and others have been working on for a while now. Some will see his post as a welcome reminder that the only thing really new in “cloud” computing is the name and others will say that the other new thing is that it is actually happening in a way that matters to more than a few academics and that Ian is just trying to hitch his jalopy to the express train that’s passing him. For once I am in the “less cynical” camp on this and I think a lot of the “traditional” Grid work is still very relevant. Did I hear “EC2 components for SmartFrog”?

[UPDATED 2008/6/30: For a comparison of “cloud” and “grid”, see here.]

[UPDATED 2008/9/22: More on the Cloud vs. Grid debate: a paper critical of Grid (in the OGF sense of the term) efforts and Ian Foster’s reply (reat the comments too).]

11 Comments

Filed under Business, Everything, IT Systems Mgmt, Utility computing, Virtualization

January 24, 2008

Spring flowers

Via Greg, some interesting adoption data on Spring vs. EJB. Of course Rod Johnson (Springsource CEO and Spring inventor) is anything but unbiased on this. I haven’t seen any corroboration of his data but it is consistent with the zeitgeist. Greg’s take on what it means for standards is interesting too. I think what he says is especially true for standards that target portability (like J2EE and SCA) versus those that target interoperability. Standardization (including de-facto) is a must for a protocol but a “nice to have” for a development framework. But then again, now that even IT management has BarCamps, maybe even boring IT management interoperability protocols could emerge from the bottom up.

1 Comment

Filed under Everything, Standards

January 23, 2008

TAG you’re it for Ashok

Congratulations to Oracle’s Ashok Malhotra for his election to serve on the W3C TAG. Coincidentally, I met Ashok face to face for the first time today. This is good news for the Semantic Web, good news for W3C, good news for Oracle and, I hope, good news for Ashok too. If the name sounds familiar it may be because of his key role in the XML schema datatypes specification, which is arguably the most useful thing that came out of XSD.

Comments Off on TAG you’re it for Ashok

Filed under Everything, W3C

January 23, 2008

Microsoft’s Bob Muglia opens the virtualized kimono

In a recently published “executive e-mail”, Microsoft’s Bob Muglia describes the company’s view of virtualization. You won’t be surprised to learn that he thinks it’s a big deal. Being an IT management geek, I fast-forwarded to the part about management and of course I fully agree with him on the “the importance of integrated management”. But his definition of “integrated” is slightly different from mine as becomes clear when he further qualifies it as the use of “a single set of management tools”. Sure, that makes for easier integration, but I am still of the school of thought (despite the current sorry state of management integration) that we can and must find ways to integrate heterogeneous management tools.

“Although virtualization has been around for more than four decades, the software industry is just beginning to understand the full implications of this important technology” says Bob Muglia. I am tempted to slightly re-write the second part of the sentence as “the software marketing industry is just beginning to understand the full potential of this important buzzword”. To illustrate this, look no further than that same executive e-mail, in which we learn that Terminal Server actually provides “presentation virtualization”. Soon we’ll hear that the Windows TCP/IP stack provides “geographic virtualization” and that solitaire.exe provides “card deck virtualization”.

Then there is SoftGrid (or rather, “Microsoft SoftGrid Application Virtualization”). I like the technology behind SoftGrid but when Microsoft announced this acquisition my initial thought was that coming from the company that owns the OS and the development/deployment environment on top of it, this acquisition was quite an admission of failure. And I am still very puzzled by the relevance of the SoftGrid approach in the current environment. Here is my proposed motto for SoftGrid: “can’t AJAX please go away”. Yes, I know, CAD, Photoshop, blah, blah, but what proportion of the users of these applications want desktop virtualization? And of those, what proportion can’t be satisfied with “regular” desktop virtualization (like Virtual PC, especially when reinforced with the graphical rendering capabilities from Calista which Microsoft just acquired)?

In an inspirational statement, Bob Muglia asks us to “imagine, for example, if your employees could access their personalized desktop, with all of their settings and preferences intact, on any machine, from any location”. Yes, imagine that. We’d call it the Web.

In tangentially related news, David Chappell recently released a Microsoft-sponsored white paper that describes what Microsoft calls “Software + Service”. As usual, David does a good job of explaining what Microsoft means, using clearly-defined terms (e.g. “on-premises” is used as an organizational, not geographical concept) and by making the obvious connections with existing practices such as invoking partner/supplier services and SOA. There isn’t a ton of meat behind the concept of S+S once you’ve gotten the point that even in a “cloud computing” world there is still some software that you’ll run in your organization. But since, like Microsoft, my employer (Oracle) also makes most of its money from licenses today, I can’t disagree with bringing that up…

And like Microsoft, Oracle is also very aware of the move towards SaaS and engaged in it. In that respect, figure 11 of the white paper is where a pro-Microsoft bias appears (even though I understand that the names in the figure are simply supposed to be “representative examples”). Going by it, there are the SaaS companies (that would be the cool cats of Amazon, Salesforce.com and Google plus of course Microsoft) and there are the on-premises companies (where Microsoft is joined by Oracle, SAP and IBM). Which tends to ignore the fact that Oracle is arguably more advanced than Microsoft both in terms of delivering infrastructure to SaaS providers and being a SaaS provider itself. And SAP and IBM would also probably want to have a word with you on this. But then again, they can sponsor their own white paper.

Comments Off on Microsoft’s Bob Muglia opens the virtualized kimono

Filed under Everything, Mgmt integration, Microsoft, Virtualization

January 17, 2008

Book review: Xen Virtualization

Someone from Packt Publishing asked me if I was interested in reviewing the Xen Virtualization book by Prabhakar Chaganti that they recently published. I said yes and it was in my mailbox a few days letter.

The sub-title is “a fast and practical guide to supporting multiple operating systems with the Xen hypervisor” and it turns out that the operating word is “fast”. It’s a short book (approx 130 pages, many filled with screen captures and console output listings). It is best used as an introduction to Xen for people who understand computer administration (especially Linux) but are new to virtualization.

The book contains a brief overview of virtualization, followed by a description of the most common tasks:

  • the Xen install process (from binary and source) on Fedora core 6
  • creating virtual machines (using NetBSD plus three different flavors of Linux)
  • basic management of Xen using the xm command line or the XenMan and virt-manager tools
  • setting up simple networking
  • setting up simple storage
  • encrypting partitions used by virtual machines
  • simple migration of virtual machines (stopped and live)

For all of these tasks, what we get is a step by step process that corresponds to the simple case and does not cover any troubleshooting. It is likely that anyone who embarks on the task described will need options that are not covered in the book. That’s why I write that it is an introduction that shows the kind of thing you need to do, rather than a reference that will give you the information you need in your deployment. You’ll probably need to read additional documentation, but the book will give you an idea of what stage you are in the process and what comes next.

Even with this limited scope, it is pretty light on explanations. It’s mostly a set of commands followed by a display of the result. Since it’s closer to my background I’ll take the “managing Xen” chapter as an example. There is nothing more basic to management than understanding the state of a resource. The book shows how to retrieve it (“xm list”) and very briefly describes the different states (“running”, “blocked”, “paused”, “shutdown”, “crashed”) but you would expect a bit more precision and details. For example, “blocked” is supposed to correspond to “waiting for an external event” but what does “external” mean? Sure the machine could be waiting on I/O, but it could also be on a timer (e.g. “sleep(1000)”) or simply have run out of things to do. I don’t think of a cron job as an “external event”. Also, when running “xm list” you should expect to always see dom0 in the “running” state (since dom0 is busy running your xm command) and on a one-core single-CPU machine (as is the case in the book) that means that none of the other domains can be in that state. That’s the kind of clarification (obvious in retrospect) that goes one step beyond the basic command description and saves some head scratching but the book doesn’t really go there. As another example, We are told in the “encryption” section that LUKS helps prevent “low entropy-attacks” but if you’re the kind of person who already knows what that means you probably don’t have much to learn from the “encryption” chapter of the book. In case you care, it is a class of attacks that take advantage of poor sources of random numbers and you can read all the details of how entropy is defined in this classic 1948 paper (it doesn’t have much to do with how the term is defined in physics).

Among the many more advanced topics that are not covered I can think of: advanced networking, clustering, advanced storage, Windows guests (even though it’s not Xen’s strong point), migration between physical and virtual, relationship to other IT management tasks (e.g. server and OS management), performance aspects, partitioning I/O so domains play well together, security considerations (beyond simply encrypting the file system), new challenges introduced by virtualization…

Xen documentation on the web is pretty poor at this point and the book provides more than most simple “how-to” guides on installing/configuring Xen that you can Google for. And it brings a consistent sequence of such “how-to” guides together in one package. If that’s worth it to you then get the book. But don’t expect this to cover all your documentation needs for anything beyond the simplest (and luckiest) deployment. I would be pleased to see the book on the desk of an IT manager in a shop that is considering using virtualization, I would be scared to see it on the desk of an IT administrator in a shop that is actually using Xen.

[UPDATED on 2008/02/01: Dan Magenheimer, a Xen expert who works on the Oracle VM, highly recommends another Xen book that just came out: Professional Xen Virtualization by William von Hagen. I haven’t seen that book but I trust Dan on this topic.]

Comments Off on Book review: Xen Virtualization

Filed under Book review, Everything, Virtualization, Xen

January 16, 2008

DevCampTivoli

Our esteemed competitors at IBM Tivoli are organizing a BarCamp focused on the use of ITM for BSM. Should be very interesting if they manage to convince a good group that this is a valuable way to spend a weekend. BSM on Tivoli seems like an ambitious topic for a “getting your hands dirty” kind of session since by definition BSM involves managing complex systems and solving the needs of the kind of people who don’t necessarily attend BarCamps. Very different from the more typical BarCamp environment in which people bring code (typically open source) they know in and out and try to get these projects to do things that they themselves plan to make use of.

Just setting up a realistic (even if fake) environment to get your “hands dirty” on can take a lot of time. Long downloads and complex installation procedures aren’t your friends when you only have a few hours (and when participants don’t have to stay in the room if they’re bored). It will be an interesting challenge for the organizers to decide how much (if anything at all) to prepare ahead of time while keeping the whole thing open and participant-driven.

My guess is that even if they don’t get a lot in terms of BSM insight per se, they will learn a lot about the ease of installation, integration and extension of the various products involved and how to increase it, which will be beneficial all the same. Good luck to Doug, John and the other participants, I think you’ll do well and I hope you’ll achieve even more than I predict. Kudos for the initiative.

Of course the real challenge only starts after the BarCamp: it is to take the lessons back to the mothership…

And for those who say I only speak critically of IBM on this blog, this post is the proof that you are as prejudiced as a WebSphere architect. ;-)

[UPDATED on 2008/01/17: Make sure to read John’s clarifications in the comments section, including the link to BarCampESM which is happening this coming weekend in Austin. I hadn’t heard about it before.]

6 Comments

Filed under BarCamp, BSM, Everything, IBM

January 15, 2008

SPARQL is a W3C Recommendation

SPARQL is now a W3C Recommendation (which is how W3C calls its approved standard specifications). Congratulations to those who made it happen, including my esteemed ex-colleagues at HP Labs Bristol. Just on time for the DMTF CMDBf working group to consider it as a candidate for its query language… :-)

And just below that SPARQL announcement we see a notice that the SML working group has released a third set of working drafts (SML, SML-IF). Just on time for the DMTF to be reminded of the goodness of open access to developing standards… :-)

Comments Off on SPARQL is a W3C Recommendation

Filed under DMTF, Everything, RDF, SML, SPARQL, W3C

January 13, 2008

A sign of life from the CML working group

In a recent entry on this blog I remarked that “apparently restaurant owners are easy preys for incompetent Web site designers” because they often end up with stupid Flash-only web sites. Well, it’s not just restaurant owners apparently, it’s also leading technology companies like IBM, Microsoft, HP, Cisco, etc. For proof, have a look at the web site for the CML effort: http://www.cml-project.org/

The only reason I would subject you to this awful site is that there is some news about CML. The group of companies involved in this effort has released a white paper to explain what CML is. You can spare yourself the Flash part by getting the white paper directly. If you want to spare yourself even more, you will also skip reading the white paper and just read my not-so-enthusiastic summary bellow. And you need neither Flash nor Acrobat to do so.

CML is going to solve parts or all of all problems related to IT management, and it will be based on SML. So much we can tell from the paper. Any other information that we glean there is contradicted somewhere else in the same paper.

No, really, isn’t CML a set of model elements expressed in SML? Yes, it says so:

“At its core, CML is a collection of models which are expressed as XML documents that describe IT entities and their relationships. As the basis for common modeling elements and semantics, the models describe information which can be exchanged between management tools and managed resources. This information is about IT systems and includes infrastructure (e.g., servers, application servers, Web services), logical entities (e.g., software license, incident reports, IT roles), and relationships (e.g., hosted, is hosted by, supplied by).”

But the next paragraph says:

“However, CML does not attempt to present a single model or single set of models which will ensure integration. Instead, CML provides a means for creating new models or extending, combining, or evolving existing models.”

We are also told that even though it provides a model of a server, it doesn’t supercede CIM. Oh, and it may not be just models either, it will also tell you about on-the-wire protocols:

“recommendations in the documentation, including the need to transmit models in an interoperable manner via an agreed upon set of wire protocols”

The “CML overview” picture leaves us with the same impression that it does everything and across the entire lifecycle at that. And I must admit that the nuance between “common modeling elements” and “shared modeling elements” escapes me, even after reading the definitions. I sounds like they are all reusable but some are more reusable than others…

If you are looking for a ray of hope, I found mine in the acknowledgement of the potential role of RDF/OWL which, combined with section 4.1.5, can be seen as hinting at an effort towards creating some simple ontologies for management integration. Which could be very useful if well-scoped.

If you are wondering about timelines, you’re out of luck. When referring to CML the white paper mixes present and future tenses, and also throws in some conditionals for good measure. Hard to guess how much is real at this point. And the next steps are? More scenarios and some guidelines. See you in 2009 (which BTW is consistent with my little theory about Oslo’s impact on CML).

All in all, this doesn’t mean nothing valuable will ever come out of CML. It just means that the group still hasn’t figured out what it wants to be when it grows up.

[UPDATED on 2008/01/24: Good news! They revamped the site to remove the stupid Flash interface. I hope my rant provided ammunitions to those inside the CML group who pushed for sanity. Also, they have put out a press release to announce, retroactively, the white paper. No surprise in the content of the press release and the associated vendor quotes. I wish that whoever wrote the quote for my ex-boss Mark Potts knew the difference between “compliment” and “complement” though.]

1 Comment

Filed under CML, Everything, Flash, Specs

January 11, 2008

21st century phrenology

This is very much off-topic for this blog but if I read another article (like this one) that draws conclusions about the mind based on what areas of the brain light up under MRI, I am going to bang my head against the wall until my “anterior insula” switches places with my “ventromedial prefrontal cortex”. That should nicely mess up their models if I ever get in the MRI machine.

Brain science is in its early stages and there’s nothing wrong with that. Of course scientists need to progress step by step and for now MRI images might be the best we have. Go ahead and use the tool. But can we be spared statements about what area of the brain processes “soft-drink preferences”? These stories are so 19th century.

Comments Off on 21st century phrenology

Filed under Everything, Off-topic

January 10, 2008

An interesting business process query language

While doing some research on the different ways to probe and squeeze business process definitions to extract insight relevant for IT management I ran into this very interesting paper: Querying Business Processes. It defines a query language (called BP-QL) to query process definitions. Not much in common with CMDB Federation at first sight, and CMDBf was not on my mind at the time. Until I looked at the description of the query language that the researchers came up with. It is strikingly similar to the CMDBf query language. This is not very surprising since both are graph-based query languages that rely on patterns (where the patterns mix topological aspects with constraints on node/link properties).

CMDBf is more complete in some respects. It supports properties on the relationships, not just the items. The “depthLimit” element provide more control than BP-QL’s double-headed edges. BP-QL has its own extra features, including support for joins (something we discussed in CMDBf and that could be added to the specification) and negation at the graph level (e.g. A and B are not connected by any relationship of type “foo”, which may be useful but one should remember that CMDB discovery is rarely guaranteed to be comprehensive so an open-world approach is often preferable).

Assuming a suitable CMDB model for business processes, a CMDBf-compliant CMDB should cover many of the simpler use cases addressed by BP-QL. And reciprocally, the more advanced features in BP-QL are not really specific to business process definitions (even though that’s the scope of the paper) and could well be applied to CMDBf. I was also very interested by the BP-QL “compact representation” and the implementation choices. I hadn’t heard of Active XML before, something to look into especially if, as the paper hints, it does a better job than XQuery at dealing with idrefs. And Active XML introduces some interesting federation (or at least distribution) capabilities that are not currently exploited by BP-QL but which I find intriguing and which reinforce the parallel with the declared goal of CMDBf.

Is this similarity between the query languages just an interesting pattern to notice? Or is there more to it? The parallel between BP-QL and CMDBf invites the question of whether one should model business processes in a CMDB. And if so, is a business process represented by just one CI or do you break it down into a model similar to the one the BP-QL query language works on? You would need to go that far if you wanted to use queries to the CMDB to answer questions such as those handled by the BP-QL engine. And by doing this in the context of a CMDB that contains a lot more than just process definitions, you’d be able to enrich the queries with considerations from other domains, such as application or host topology. Modeling business process steps/activities may seem like very fine-grained modeling for a CMDB, but isn’t this part of the sales pitch for federated CMDBs, that participants in the federation can provide different levels of granularity? Of course, CMDB federation might never work out. If it does work and if we use it that way, we are not talking about just supporting change management processes (which are more likely to take place at the level of the overall process definition than the individual step) but rather about management integration for a wide variety of use cases. If that means we need to drop the term CMDB along the way (and leave it for the sole usage of the IT process people), I am more than happy to oblige.

[UPDATE on 2008/01/11: Prof. Milo pointed me to this follow-up paper that proposes a similar looking query language except that this time it is targeted at monitoring process instances rather than analyzing process definitions. And the monitoring runs as a set of BPEL processes within the monitored BPEL engine. Her group is doing some very interesting work.]

2 Comments

Filed under Business Process, CMDB Federation, CMDBf, Everything, Graph query, Mgmt integration, Query, Research

December 25, 2007

Top 10 lists and virtualization management

Over the last few months, I have seen two “top 10” lists with almost the same title and nearly zero overlap in content. One is Network World’s “10 virtualization companies to watch” published in August 2007. The other is CIO’s “10 Virtualization Vendors to Watch in 2008” published three months later. To be precise, there is only one company present in both lists, Marathon Technologies. Congratulations to them (note to self: hire their PR firm when I start my own company). Things are happening quickly in that field, but I doubt the landscape changed drastically in these three months (even though the announcement of Oracle’s Virtual Machine product came during that period). So what is this discrepancy telling us?

If anything, this is a sign of the immaturity of the emerging ecosystem around virtualization technologies. That being said, it could well be that all this really reflects is the superficiality of these “top 10” lists and the fact that they measure PR efforts more than any market/technology fact (note to self: try to become less cynical in 2008) (note to self: actually, don’t).

So let’s not read too much into the discrepancy. Less striking but more interesting is the fact that these lists are focused on management tools rather than hypervisors. It is as if the competitive landscape for hypervisors was already defined. And, as shouldn’t be a surprise, it is defined in a way that closely mirrors the operating system landscape, with Xen as Linux (the various Xen-based offerings correspond to the Linux distributions), VMWare as Solaris (good luck) and Microsoft as, well Microsoft.

In the case of Windows and Hyper-V, it is actually bundled as one product. We’ll see this happen more and more on the Linux/Xen side as well, as illustrated by Oracle’s offering. I wouldn’t be surprised to see this bundling so common that people start to refer to it as “LinuX” with a capital X.

Side note: I tried to see if the word “LinuX” is already being used but neither Google nor Yahoo nor MSN seems to support case-sensitive searching. From the pre-Google days I remember that Altavista supported it (a lower-case search term meant “any capitalization”, any upper-case letter in the search term meant “this exact capitalization”) but they seem to have dropped it too. Is this too computationally demanding at this scale? Is there no way to do a case-sensitive search on the Web?

With regards to management tools for virtualized environments, I feel pretty safe in predicting that the focus will move from niche products (like those on these lists) that deal specifically with managing virtualization technology to the effort of managing virtual entities in the context of the overall IT management effort. Just like happened with security management and SOA management. And of course that will involve the acquisition of some of the niche players, for which they are already positioning themselves. The only way I could be proven wrong on such a prediction is by forecasting a date, so I’ll leave it safely open ended…

As another side note, since I mention Network World maybe I should disclose that I wrote a couple of articles for them (on topics like model-based management) in the past. But when filtering for bias on this blog it’s probably a lot more relevant to keep in mind that I am currently employed by Oracle than to know what journal/magazine I’ve been published in.

Comments Off on Top 10 lists and virtualization management

Filed under Everything, IT Systems Mgmt, Linux, Microsoft, Oracle, OVM, Tech, Virtualization, VMware, XenSource

December 21, 2007

Taking control of the Flash player

As far as I can tell, Flash is an advertising delivery platform for the Web. This is why I have not installed the Flash player in my Firefox browser. It saves me (especially when combined with the Adblock Plus Firefox add-on) from a lot of obnoxious animations. And a few security vulnerabilities too, (this latest one is what prompted me to write this quick entry to help readers protect themselves while retaining the option to use Flash).

Despite all the hype about Flash, I very rarely run into a page that requires it for something useful. A few sites are Flash-only (mostly restaurant web sites from my experience, apparently restaurant owners are easy preys for incompetent Web site designers) and when I find one I usually take that as a sign that I am saving myself a lot of frustration by taking my business elsewhere.

Still, once a while I need to view a Flash applet. Ideally, I would like to have Flash installed but disabled, such that I can enable it for a given page with a single click. This doesn’t seem to be possible (my guess is that Adobe knows very well that Flash is mostly used in ways that are not welcomed by users and that they would likely disable it most of the time if given the option). So here is a convenient way to achieve the same effect:

While I have not installed the Flash player in Firefox, I have installed it in IE. I have also installed the IE Tab Firefox add-on which allows one to switch from the Firefox rendering engine to the IE rendering engine within a given Firefox tab. It can be configured to place a small icon in the status bar. Clicking on that icon switches the rendering engine, which means that suddenly the Flash player is enabled for the page you are looking at. One-click enable/disable as requested!

You can also configure IE Tab to automatically switch to IE rendering for some pre-configured sites. So if there are Flash-dependent sites that you use on a regular basis, just enter them there and the IE rendering engine will automatically be used whenever you are on those sites. Again, this all happens inside your Firefox tab, it doesn’t start a separate IE browser. Enjoy.

[UPDATED on 2007/12/24: I wrote this entry to try to help readers and it turns out I am the one who’s getting helped after all. Many commenters pointed to the Flashblock firefox add-on which is designed specifically to do what I get done in a round-about way with IE Tab. I looked for such an add-on some time ago and didn’t find it, which is why I devised the work-around. Thank you all for the info.]

[UPDATED 2008/5/14: Another reason to keep Flash turned off: Crossdomain.xml Invites Cross-site Mayhem.]

[UPDATED 2008/6/9: Looks like Flashblock can be circumvented (in a way that my more basic FF vs IE setup cannot). BTW, I closed comments on this entry because for some reason it was attracting a lot more comment spam than all the others combined. Email me (see about page) if you want to post a comment here.]

9 Comments

Filed under Everything, Flash, Off-topic, Security

December 19, 2007

How not to re-use XML technologies

I like XML. Call me crazy but I find it relatively easy to work with. Whether it is hand-editing an XML document in a text editor, manipulating it programmatically (as long as you pick a reasonable API, e.g. XOM in Java), transforming it (e.g. XSLT) or querying an XML back-end through XPath/XQuery. Sure it carries useless features that betray its roots in the publishing world (processing instructions anyone?), sure the whole attribute/element overlap doesn’t have much value for systems modeling, but overall it hits a good compromise between human readability and machine processing and it has a pretty solid extensibility story with namespaces.

In addition, the XML toolbox of specifications is very large and offers standard-based answers to many XML-related tasks. That’s good, but when composing a solution it also means that one needs to keep two things in mind:

  • not all these XML specifications are technically sound (even if they carry a W3C stamp of approval), and
  • just because XML’s inherent flexibility lets one stretch a round hole, it doesn’t mean it’s a good idea to jam a square peg into it.

The domain of IT management provides examples for both of these risks. These examples constitute some of the technical deficiencies of management-related XML specifications that I mentioned in the previous post. More specifically, let’s look at three instances of XML mis-use that relate to management-related specifications. We will see:

  • a terrible XML specification that infects any solution it touches (WS-Addressing, used in WS-Management),
  • a mediocre XML specification that has plenty of warts but can be useful for a class of problems, except in this case it isn’t (XSD, used in SML), and
  • a very good XML specification except it is used in the wrong place (XPath, used in CMDBf).

Let’s go through them one by one.

WS-Addressing in WS-Management

The main defect of WS-Management (and of WSDM before it) is probably its use of WS-Addressing. SOAP needs WS-Addressing like a migraine patient needs a bullet in the head (actually, four bullets in the head since we got to deal with four successive versions). SOAP didn’t need a new addressing model, it already had URIs. It just needed a message correlation mechanism. But what we got is many useless headers (like wsa:Action) and the awful EPR construct which solves a problem that didn’t exist and creates many very real new ones. One can imagine nifty hacks that would be enabled by a templating mechanism for SOAP (I indulged myself and sketched one to facilicate mash-up style integrations with SOAP) but if that’s what we’re after then there is no reason to limit it to headers.

XSD in SML

The words “Microsoft” and “bully” often appear in the same sentence, but invariably “Microsoft” is the subject not the object of the bullying. Well, to some extent we have a reverse example here, as unlikely as it may seem. Microsoft created an XML-based meta-model called SDM that included capabilities that looked like parts of XSD. When they opened it up to the industry and floated the idea of standardizing it, they heard back pretty loudly that it would have to re-use XSD rather than “re-invent” it. So they did and that ended up as SML. Except it was the wrong choice and in retrospect I think it would have been better to improve on the original SDM to create a management-specific meta-model than swallow XSD (SML does profile out a few of the more obscure features of XSD, like xs:redefine, but that’s marginal). Syntactic validation of documents is very different from validation of IT models. Of course this may all be irrelevant anyway if SML doesn’t get adopted, which at this point still looks like the most likely outcome (due to things like the failure of CML to produce any model element so far, the ever-changing technical strategy for DSI and of course the XSD-induced complexity of SML).

XPath in CMDBf

I have already covered this in my review of CMDBf 1.0. The main problem is that while XML is a fine interchange format for the CMDBf specification, one should not assume that it is the native format of the data stores that get connected. Using XPath as a selector language makes life difficult for those who don’t use XML as their backend format. Especially when it is not just XPath 1.0 but also the much more complex XPath 2.0. To make matters worse, there is no interoperable serialization format for XPath 1.0 nodesets, which will prevent any kind of interoperability on this. That omission can be easily fixed (and I am sure it will be fixed in DMTF) but that won’t address the primary concern. In the context of CMDBf, XPath/XQuery is an excellent implementation choice for some situations, but not something that should be pushed at the level of the protocol. For example, because XPath is based on the XML model, it has clear notions of order of elements. But what if I have an OO or an RDF-based backend? What am I to make of a selector that says that the “foo” element has to come after the “bar” element? There is no notion of order in Java attributes and/or RDF properties.

Revisionism?

My name (in the context of my previous job at HP) appears in all three management specifications listed above (in increasing level of involvement as contributor for WS-Management, co-author for SML and co-editor for CMDBf) so I am not a neutral observer on these questions. My goal here is not to de-associate myself from these specifications or pick and choose the sections I want to be associated with (we can have this discussion over drinks if anyone is interested). Some of these concerns I had at the time the specifications were being written and I was overruled by the majority. Other weren’t as clear to me then as they are now (my view of WS-Addressing has moved over time from “mostly harmless” to “toxic”). I am sure all other authors have a list of things they wished had come out differently. And while this article lists deficiencies of these specifications, I am not throwing the baby with the bathwater. I wrote recently about WS-Management’s potential for providing consistency for resource manageability. I have good hopes for CMDBf, now in the DTMF, not necessarily as a federation technology but as a useful basis for increased interoperability between configuration repositories. SML has the most dubious fate at this time because, unlike the other two, it hasn’t (yet?) transcended its original supporter to become something that many companies clearly see fitting in their plans.

[UPDATED 2008/3/27: For an extreme example of purposely abusing XML technologies (namely XPath in that case) in a scenario in which it is not the right tool for the job (graph queries), check out this XPath brain teasers article.]

4 Comments

Filed under CMDB Federation, CMDBf, Everything, IT Systems Mgmt, Microsoft, SML, SOAP, SOAP header, Specs, Standards, Tech, WS-Management, XOM

December 14, 2007

Manageability, management integration and WS-Management

It is pretty clear by now that, whether or not it becomes ubiquitous, WS-Management will be around for quite some time as a protocol for resource manageability. Its inclusion in a large number of manageable products with long development cycles (servers, devices, operating systems…) ensures this. But I wonder whether it will also be useful for management integration.

The difference between manageability and management integration may not seem obvious, but it is important. To simplify, a manageability protocol is something that allows you to remotely manage a resource without having to deploy an agent on it. It lets you read the CPU load on a server. It lets you retrieve a list of instances running in a process engine. It lets you reboot a machine. It lets you access the logs of an application. It lets you receive alerts about a resource. Management integration, on the other hand, lets you create management solutions. For example, it’s what you do when you create a management dashboard that presents information aggregated from several management data repositories (e.g. a CMDB, a metrics store and a SOA registry). Or when you run system-wide validation rules to govern a complex system. Or when you perform automated root cause analysis.

Here is another way to illustrate the difference: CIM is useful for manageability. The more recent standardization efforts in the management world (SML, CMDBf) have been focusing on management integration. To some extent, you can even use that difference as the shortest answer to the common question “what is the relationship/difference between SML and CIM”: CIM is designed for manageability and SML for management integration.

The difference between manageability and management integration isn’t alway clear-cut. There are scenarios that could be argued to fall in either category. And management integration scenarios often involve manageability interactions. But if you try to implement management integration scenarios by working at the manageability level, you very quickly get bogged-down. And even if you fight your way to completion, the resulting integration is too brittle to be of any long-term use. You need a level of abstraction over manageability. This is very similar to integration problems in other domains, and this is where SOA comes in, as a design approach to provide resilience and flexibility for management integration. SOA doesn’t help much in manageability scenarios. It can be useful for management integration.

People working on using Web services for management never had a shared understanding of this distinction. If you look at Microsoft’s early scenarios for WS-Management (and their partner list), it is clear that they were focused on manageability, mostly of the Windows OS, the computers it runs on and the devices connected to these computers. On the other hand, when my colleagues at HP Software and I produced WSMF and later worked on WSDM and WS-Management, it was management integration that we cared most about. We didn’t really care much to put a SOAP wrapper around manageability operations. But we understood that this was also happening and it made sense to share tools and expertise between the two sets of scenarios, especially since, as mentioned above, they overlap.

What happened is that manageability is the only place where WS-Management took hold. One reason is that Microsoft was the main force pushing this adoption and this is where they were pushing it. Another is that, with CIM/HTTP and SNMP, the use of standard protocols for manageability was understood (and the prospect of better tools and better alignment with mainstream distributed software technologies was mostly welcomed by that community).

But in my mind, the use of SOAP made by WS-Management is mostly suited for management integration scenarios. In the manageability case, it’s mostly overhead. You don’t really need security beyond what SSL offers. You don’t really need routing through intermediaries. You don’t really need reliable messaging or the flavor of “transactionality” that the WS-* specifications provide. You don’t really need asynchronous messaging. You don’t really need fine-grained get/set operations (when dealing with one resource, operations at the level of the entire representation are often sufficient). Which is why I can’t help shaking my head when I see WS-Management used for manageability and not for management integration. Kind of like using an SUV that can carry eight people over mountains to carry one person to the hairdresser. Crazy, I know.

Leaving the SUV analogy aside, it’s not that WS-Management is perfectly designed for management integration either, not by a long shot. Which takes us to a third reason (and there are more) why WS-Management is not being used in management integration scenarios: it has technical deficiencies as do many of the other specifications recently created for management integration. That’s the topic of the next post.

[UPDATED 2009/6/26: EMC’s Chuck Hollis explains “management versus manageability” (he calls management “service orchestration” and manageability “element management”) in a much simpler way than I was able to. And he hints at upcoming management orchestration software from EMC (time will tell whether they missed out on BladeLogic and Opsware or made the right choice to let others acquire them). It will be interesting to see which of the 7 roads to IT automation middleware they take.]

4 Comments

Filed under Everything, IT Systems Mgmt, Manageability, Mgmt integration, SOAP, WS-Management