Thoughts from VMworld, Day One

Our team of analysts in San Francisco offered their thoughts on the highlights of the first day of VMworld:

VMware DRaaS Announcements are a Good Thing!

Today, VMware announced enhancements to both its vCenter Site Recovery Manager (SRM) and vCloud Air Disaster Recovery. In both cases, VMware is essentially asking, “Why just BaaS when you can DRaaS?” 

Topics: Data Protection VMworld

Anticipating VMworld

It’s the end of the summer of 2015—the nights are getting cooler, the leaves are starting to change colors, and flocks of students are abandoning the beaches of Cape Cod bound for college campuses. The seasonal change also signals another annual ritual: VMworld in San Francisco. 

Topics: Cybersecurity VMworld Cloud Services & Orchestration

VMworld 2015 Prelude: 4 Ways to Secure Agility

The last time I attended VMworld, virtual desktop infrastructure (VDI) was the cool new kid on the block and tools to control VM sprawl were getting a lot of looks on the show floor. Fast forward a few years to next week’s event and the complexion of the data center is under a fundamental shift best characterized by agility, the core business benefit of cloud computing and software-defined infrastructure. I return to VMworld with a keen interest in understanding how VMware, and its ecosystem of partners, are working to secure today’s agile data center and hearing from customers on how the way they view the cloud computing paradigm affects their cybersecurity posture.

Topics: Cybersecurity VMworld

The battle between containers and VMs

A titanic battle is looming over the IT horizon: containers vs. virtual machines. Hypervisors like VMware’s vSphere have held hegemonic sway over the virtualized server infrastructure landscape for more than a decade. But now the age of the hypervisor seems to be in peril.

Topics: Cloud Services & Orchestration

Today’s Database Landscape at a 50,000 Foot Level

We all know the drill—data is exploding in size, but it’s not just the volume of data that is wreaking havoc on organizations. It’s how quickly it’s growing, how many different forms it can take, and how it’s constantly changing. And that’s just scratching the surface. How can the potential of data truly be harnessed? The database technologies for organizing the data that we generate and manipulate continue to morph and multiply. The hugely successful relational database management systems (RDBMSs) continue to soldier on using principles now over 40 years old, while newer database technologies have come along and been widely adopted to address specific needs in the data storage, management, and analytics space. Over the next few weeks, I’ll be going through the evolution of database technology at a 50,000 foot level to highlight the old and the new, how they’re used today, and what vendors to keep an eye on.

Topics: Data Platforms, Analytics, & AI ESG Validation Services

SimpliVity OmniStack 3.0 - The Hyperconverged Power of 3

Numerologists point to the significance of the number “3” as holding great physical and spiritual import. It is linked to multiplicity, creative power, and growth. Hyperconverged player SimpliVity is looking to tap into this triad of abundance with the release of OmniStack 3.0, a major operating system release for its OmniCube hyperconverged platform solution. 

Topics: Networking Cloud Services & Orchestration

Looking Forward to VMworld 2015

I will be visiting VMworld in San Francisco next week, along with many other ESG staff. Here are my thoughts on what we may see and what matters as enterprises build solutions from the VMware ecosystem.

Topics: Networking

Docker Networking - Keeping it Simple

I have written an ESG brief on Docker Networking.  The brief is available to ESG subscription clients only, but I have summarized a few points below.

Topics: Networking Cloud Services & Orchestration

Getting It with Big Data

Long time readers will know I'm passionate about customer service and fussy about bad marketing. Nothing gets my goat faster than the call center agent who can't or won't help answer a question because it's off script. Except maybe the marketing department that clearly has no clue who I am.

Topics: Data Platforms, Analytics, & AI

Facebook’s Threat Intelligence Sharing Potential

Enterprise organizations are actively consuming external threat intelligence, purchasing additional threat intelligence feeds, and sharing internally-derived threat intelligence with small circles of trusted third-parties. Based upon these trends, it certainly seems like the threat intelligence market is well-established but in this case, appearances are far from reality.

Topics: Cybersecurity

Seagate Enhances Cloud Infrastructure Portfolio with Agreement to Acquire Dot Hill

This week, Seagate Technology announced its intention to acquire Dot Hill Systems Corp. According to the press release, Seagate plans to commence with a tender offer for all of the outstanding shares of Dot Hill in an all-cash transaction valued at $9.75 per share. If you do the math, that will equate to approximately $694 million. Dot Hill does, however, have approximately $49 million in cash, so the deal reflects a value of $645 million. Depending on how you project out DotHill’s revenue for the rest of the year, the acquisition price reflects around 2.3X to 2.6X revenue. As far as prices go, this one can be considered affordable or expensive depending on which other acquisitions you use as a comparison, so I guess that means it is probably a reasonable price.

Topics: Storage Cloud Services & Orchestration

Incident Response: More Art than Science

Five to ten years ago, the cybersecurity industry was mainly focused on incident prevention with tools like endpoint antivirus software, firewalls, IDS/IPS and web threat gateways. This perspective changed around 2010, driven by the Google Aurora and the subsequent obsession on advanced persistent threats (APTs). 

Topics: Cybersecurity

IO Visor Project - Virtual Machines for IO and Networking

This blog is a based on a posting on, but modified slightly to suit the needs of ESG blog readers.

What is the IO Visor Project?

This is a low level discussion compared to a typical ESG blog, but we wanted to provide some insight into how new low level technology placed into the Linux kernel can have potentially far reaching affects into practical uses and into the products you may use in the future. Read on if you are interested in virtualization, software-defined data centers, and networking.

IO Visor Project is an IO hypervisor engine that resides between the Linux OS and hardware, along with a set of development tools. It is an in-kernel virtual machine for IO instructions, somewhat like Java virtual machines. You see apps and a runtime engine atop a host and hardware layer. It's not a replacement for a hypervisor like ESX or KVM since it just does IO. Being software-defined, it has the flexibility for modern IO infrastructure and can become a foundation for new generations of Linux virtualization and networking.

The IO Visor project was announced on August 17th, 2015 as a project hosted by the Linux foundation, and is composed of the IO Visor engine and a set of dev tools, management and operation tools, apps, and IO modules. It's not unlike Java - you can write portable programs, and an engine runs that program. It has support from a range of founding members including major ones such as Cisco, Huawei, and Intel.

Topics: Networking

Video Recap of Black Hat 2015

I recently attended the Black Hat 2015 conference in Las Vegas, along with ESG Senior Analyst Doug Cahill and Research Analyst Kyle Prigmore. This video summarizes our impressions of the event. 

Topics: Cybersecurity Black Hat

Enterprises Are Analyzing Lots of Internal Cybersecurity Data

The cybersecurity industry has been talking about the intersection of big data and cybersecurity analytics for years, but is this actually a reality or nothing more than marketing hype? The recently published ESG research report titled, Threat Intelligence and Its Role Within Enterprise Cybersecurity Practices, only reinforces my belief that big data security is tangible today, and enterprises will only double down in the future.

Topics: Cybersecurity Data Platforms, Analytics, & AI

Supporting Enterprise Mobility: An End-user’s View into the Workspace

From a user’s perspective, a workspace is a window into an environment that includes all the necessary tools and information for performing her job. In some sense, this is akin to the consumer view of an app store, but there is more to the story in a business setting. We covered the details of Supporting Enterprise Mobility: How to Create a Workspace in a previous blog and discussed the options IT has to create Supporting Enterprise Mobility: Cloud Assembled Workspaces. Let’s cover two of the key ingredients that a user should expect:

Topics: Enterprise Mobility

Two CISO Priorities from Black Hat: Endpoint Security and Cloud DLP

With the frenzy of the largest Black Hat to date in the review mirror there is much to reflect upon. The range of hacks demonstrated highlight the massive expanse of the attack surface area with mobile and IoT exploits front and center including the now famous car hack of 2015. While the sheer scope of IoT vulnerabilities is staggering, CISOs and practioners I spoke with cited the endpoint attack vector and preventing the loss of data via the use of unauthorized cloud apps as two of their more immediate concerns. The high level of competition between vendors in the advanced endpoint threat protection and cloud access and control security markets correlate to this demand; their markets have indeed arrived.

Topics: Cybersecurity Black Hat Cloud Services & Orchestration

Black Hat Boogie

I spent all of last week in Las Vegas at Black Hat 2015. I used to pass on Black Hat, but no longer – it is a great opportunity for getting into the cybersecurity weeds with the right people who can talk about evasion techniques, malware, threat actors, and vulnerabilities. Alternatively, RSA Security conference conversations tend to center on things like IPOs, market trends, and PowerPoint presentations.

Topics: Cybersecurity Black Hat

Supporting Enterprise Mobility: How IT Vendors Are Helping Create Workspaces

In my recently posted blog, Supporting Enterprise Mobility: Cloud Assembled Workspaces, I touched upon how IT vendors are taking the ingredients that include multiple delivery models, identity and access management controls, device management, and granular persona management to create policies and assemble workspaces for end-users. The idea can be compared to how we interact with our TVs today via smart TVs (or TV add-ons like Roke and Apple TV). They have become the media center in our homes and while there may be different services from many different sources (legacy broadcast and modern web-based) that we can subscribe to, the basic idea is that you connect to WiFi and immediately start browsing TV shows, movies, pictures, the weather, YouTube etc. Once this connection has been made, the service provider can add new features and services without the consumer being directly aware of the new capabilities, but if we want them, they are at our fingertips. And while the TV may be the main consumption device, the same applications and services are available via phone, tablet, or PC/Mac/Laptop.

HP and Big Data: Is there a "there" there?

Over the last few years, I've had the opportunity to engage with more than a hundred vendors of big data solutions. While each has its own distinct view of the market and its own particular offerings, most can be readily understood after a quick conversation. For example, I spoke with a startup company today, Cambridge Intelligence, that has a Java developer toolkit for visualizing graph analytics in browser-based applications—pretty straightforward, even if they don't have a big marketing department to communicate this broadly. Conversely, sometimes the bigger players are the hardest to pin down precisely, if only because they have so many more products and organizational boundaries to reconcile. 

Topics: Data Platforms, Analytics, & AI

What I Want to Talk About at VMworld 2015

In 2015, the question is no longer “Can I get a reliable backup of a VM?” 

With vStorage APIs for data protection (VADP) now being mature since 5.5, through 5.8 and up and coming in 6.0, shame on any backup solution that cannot reliably back up VMs using host-based APIs. Shame on vendors who only back up VMware and not Hyper-V with parity--but that is for a different blog, after VMworld.

Today, here are the questions that folks should be asking on the topic of “How agile can my restore of those VMs be?

Topics: Data Protection VMworld

Converged Infrastructure Vs. Disaggregated Systems

We hear a lot about disaggregated and converged systems being hot technology trends that enterprises should adopt. But isn’t disaggregated the opposite of converged? How can that be? Let’s take a closer look at the terms to sort through their meanings and how they impact choices for IT organizations.
Topics: Networking

OpenDaylight Summit: Pick and Choose

At the OpenDaylight (ODL) Summit, we got news about the development of its controller infrastructure. It’s important to remember several things about ODL:

  • It has a set of northbound APIs through a variety of methods such as REST. An example project is the Virtual Tenant Network, which NEC has contributed to ODL. The apps that are created to use the NB API directly deliver the value of the SDN system to end-users.
  • A set of southbound plug-ins enables interactions to data plane elements via different devices or protocols, such as Open vSwitch, or OpenFlow. This is the part that makes the system work with the real-world of devices.
  • There’s lots of infrastructure code in the middle, that is mostly hidden from end-users, but technically defines ODL’s architecture.
  • ODL isn’t a product per-se, but a set of projects under one umbrella. There are common components, of course, but many other elements are optional, due to the modular architecture. It’s possible for an end-user to download pieces of this open source project and construct their own ODL controller, but many choose to rely on a distribution that packages it for you. These create different flavors of ODL.

Topics: Networking

Supporting Enterprise Mobility: Cloud Assembled Workspaces

The demands of mobile are driving change at an incredible pace inside businesses. As a result, IT organizations are tasked to deliver applications securely and without compromising the end-user experience. It’s also extremely likely that all the applications are not neatly lined up in a row inside the data center, ready to be broadcast out to a variety of devices. The reality is that applications are going to be hosted and executed from a variety of locations—some corporate-owned and some publicly hosted. This very real scenario creates a bit of a dilemma for IT.

OpenDaylight Summit: NFV strong

I attended the OpenDaylight (ODL) Summit last week, and saw progress, especially in the NFV area. Some of the early skeptics of the project seem to be taking a second look, and new members are joining the ODL project.
Topics: Networking

VMware's Project Bonneville - Containing the Container Contagion?

Containers, Docker, Kubernetes. What do all of these things have in common? From VMware’s perspective, they represent an existential threat to their hypervisor world order. Enter “Project Bonneville” - a VMware initiative to maintain the vSphere order of things by intertwining the roles of containers and VMs on server infrastructure. 

By VMware’s own admission, containers and hypervisors essentially do the same thing. They both abstract resources on a physical server. The difference is that hypervisors, like vSphere, virtualize the hardware while containers virtualize software--in this instance, the host operating system. 

Topics: Cloud Services & Orchestration

Black Hat PreGaming Thoughts

With the current vibrancy of the cybersecurity industry on both sides of the ledger, there is much to learn this week at Black Hat in Las Vegas. As I prepare for my trip across the country, I thought I’d borrow a term from today’s college student vernacular and offer a few Black Hat pre-gaming thoughts.





Topics: Cybersecurity Black Hat

Cloud Security Challenges for Enterprise Organizations (Video)

IT organizations are dealing with security issues and an increased use of cloud computing. This leads to a perfect storm of problems. In this ESG Blog Video, I discuss an upcoming ESG research project on these cloud security challenges for enterprise organizations. We will be looking to answer a lot of your questions and remove much of the confusion in the market.

Topics: Cybersecurity