Desktop-as-a-Service: Now, Near or Never?

Presenter: Brian Gammage

This is a change in approach, not a change in technology.

• What does Desktop-as-a-Service mean?
  
• What issues get solved or introduced with desktop-as-a-service?
  
• How do you deliver Desktop-as-a-Service?
  

"Desktop-as-a-Service is an emerging model for provisioning a user environment."

Four perspectives:

• Contractual View: Negotiated SLAs, cost constraint, outsourcing
  
• Technology View: agility and lower management effort, virtualized delivery
  
• Financial View: centralized procurement, leasing
  
• User View: give me freedom, cloud computing
  

It is a pay-per-use approach to delivering client computing in a scalable fashion across shared infrastructure. Provides capabilities on an as-needed basis. Leverages shared services. Not just applications as a service; not just outsourcing; not just leasing; not just a delivery model. Treating IT assets just as we treat other business assets.

The desktop is the user personality, the software infrastructure and physical infrastructure. It is not the applications. A service approach is about redefining the responsibility and risk.

Costs as a driver, maturing technology as enabler as well as sophisticated, mature management tools.

Support business agility: faster reactive and proactive time to market; rapid redesign of user environment; leverage broad external skills; refocus internal skills.

Improve financial position: share common services across larger user base and lower costs; free up committed capital; shift costs and gain flexibility with financial obligations.

Internal to external provisioning can be time-consuming and costly. Co-ordinating multiple players takes work. Users often don't know exactly what they want. Users may not like the experience. The cloud doesn't solve all the problems. Does the "good enough" baseline change?

How might Desktop-as-a-Service be delivered?

Look at whole lifecycle: acquisition; deployment; operations; support; disposal. Split into categories: user environment, operational platform and devices. It is not a single decision—there are many aspects of the "desktop" that could be delivered as a service. We can look at each of those separate decision points.

Virtual Worlds: Beyond Second Life

Presenter: Steve Prentice

Virtual worlds represent an emerging environment which will be incredibly valuable in the future. There is much more to virtual worlds than second life. Second life is still the primary focus of attention. But what are the alternatives? Rule of thumb: 9 out of 10 Virtual World projects within organisations fail. Why have they failed?

Synthetic environments, not games (no goals or mandatory objectives), online platforms, immersive environments—allowing people to meet, interact etc. Best not to fixate on the technology.

What can virtual worlds be used for? Education…

Non-verbal communication; teaching social skills (medical and training applications); one-to-one, one-to-many, several-to-several, educational courses, political canvassing. Particularly useful for teaching social skills—learning through interaction with peers.

Application for Virtual Worlds: Role-based, scenario-driven training exercises; complex situational simulation; presentation of complex data sets through 3D visualization. When training in real-life can be very expensive, consider virtual worlds—simulating an emergency in a city centre, military simulations.

Avatar-enabled Enterprise Collaboration: keep the scope small and tight, allowing people to get together in an immersive environment.

www.qwaq.com : provides a secure, persistent, interactive virtual workspace.

https://lg3d-wonderland.dev.java.net : Open source toolkit to support the creation of 3D virtual worlds using Project Darkstar, jVoiceBridge, Java 3D and Project Looking Glass.

"If you want to see what business leadership may look like in three to five years, look at what's happening in online games."Byron Reeves, PhD. Professor of Communication.

Generating valuable skills for running global teams.

Social networking: understanding demographics and demands.

Questions:

• What are you trying to achieve?
  
• How will you define success and what metrics will you use?
  
• What feature set do you need?
  
• Can you define your intended audience?
  
• Why use Virtual Worlds rather than WebEx or other Web-based tools?
  
• How does this technology relate to your infrastructure now and in 2-3 years time?
  

  
   

We are heading into the trough of disillusionment so exercise extreme caution with new investments and projects (but don't abandon hope).

 

I came here wondering if there was a virtual world solution to recruitment and admissions processes, but come away thinking that there is not a good application for those technologies right now.

Greening the Datacenter

Presenter: Rakesh Kumar

Considering a data-centre as a living breathing dynamically changing organism.

Which critical forces will drive enterprise data-centre strategies during the next five years?

Tier one cities in on Europe and US are maxed-out—there is no capacity left for new data-centres.

Most immediate concern is server efficiency, cooling technologies, processor design, facilities design. In the next 2-5 years: assessing the green credentials of suppliers; PC power management; energy management tools. Longer term still—using alternative energy sources, recycling, data-centre heat recycling, carbon offsetting.

The green data-centre can't look only at the efficiency of the servers themselves—they take little of the energy (6%)—only 1% to the processor itself. Look at the whole data-centre, including cooling and so on. More and more processors are being packed into the same space that contained mainframes 30 years ago. New design envelop needs to see flexibility of cooling. Design in a modular way, with each module's design with a lifecycle of 3-5 years so that you can continue to take advantage of new technologies as you move forward.

What are the best practices and processes that users should follow when designing a green data centre?

Mixing chilling of different kinds: liquid, air. Looking at alternative energy sources for data-centres. Green data-centre can cost about 20% more. Recycling the air is worth considering. Green data-centre is highly monitored—thermal images, thermometers, power management tools.

Considering the data-centre as an organism makes us think about how the data-centre can respond to changing requirements—consider adding more server resources to Agresso in the approach to year-end.

There is research from Gartner that allows the comparison of servers vendor to vendor. Some vendors are more forthcoming than others. Look also at the software tools provided for power management. Consider waste management for the end-of-life for the assets.

Which key green technologies will help us design a green data centre?

Software for power and energy management, maybe just showing what energy consumption looks like (this is consistent with what Simon Mingay has been saying earlier in the week).

Virtualization, consolidation and utilization (again, making sure that every service is still being used).

Green Grid looks at data-centre efficiency: http://www.thegreengrid.org

Proposes KPIs for data-centre efficiency. Maybe we can look at their metrics (which are likely to become standards) to examine energy efficiency in our data centres.

Look also at Gartner "Green ICT Scorecard Model".

Projects and Programs: The Future Must be Smaller, Faster and Easier

Presenter: Donna Fitzgerald

"Current PPM best practices are optimized for a world gone by."

• What business trends will force us to radically transform our project, program and portfolio management practices in the future?
  
• What technology trends will enable the business to move faster?
  
• What should PPM leaders do to prepare for the upcoming change?
  

Moving mail and packages as an example of process change. Sporadic and expensive to start with (1000 BC); government involved, governance increases reliability (400 BC); infrastructure built makes things more efficient (200 AD); competition and classes of mail (1400 AD); tracking of progress via the web (1998 AD); real-time tracking via RFID, mash-ups, wireless.

Time-based competition: focuses on the customer; embraces quality improvements; strategically manages costs—speed as the most versatile competitive weapon.

Projects are no longer change activities between one stable point and another. Instead there is constant change with no points of stability. "Toyota doesn't have corporate convulsions, and it never has. It restructures a little bit every work shift." No Satisfaction at Toyota, fastcompany.com January 2006.

Stakeholders judge a project's success by: product meeting client requirements; gets used by clients; effectiveness for the client organization. NOT: on time, on budget, compliance with process.

WebKinz – research…

Business process goals were: consistency. Now, quick and agile.

Business information/intelligence evolution. From: local, limited. To: end-to-end.

Need to get slides for this presentation: slide showing quadrant diagram with business process goals mapped to business intelligence goals. Relates lower risk, local impact to lower control, more agility.

Looking at "change operations" rather than "project management." Governance focuses on developing the rules for making decisions and monitoring results; management by exception; push decision making down; unit of interest is the process. Contrast with PPM today…

"I get more questions about governance that I do about how work's going to get done. How are you going to govern that project? Who's going to be involved? What's the governance model? Who cares?" Jeff Smith, CIO SunCorp, October 2007. Focus instead on what the real measures of project success should be.

Use a "just enough" approach to project process. Stop watching something, meeting about something; start providing intervention policies, managing only what matters. Mix business and IT staff; hire/use experimenters. Narrow the focus on what needs the executive touch. Adjust project processes to optimize business trade-off and flexibility, not just process consistency.

 

Great Debate: Does Green Information Technology Matter

Chair: John Mahoney

Debaters: Simon Mingay, Mark Raskino (for) David W. Cearley, Rakesh Kumar (against)

The format of this session is quite different from the others I have attended so far. There are four debates and the audience are armed with devices that allow us to vote (like sophisticated, wireless "ask the audience" devices). Two debaters are "for" the proposition that Green IT Matters, and two against.

The audience:

• 91% Believe human activity is driving dangerous climate change
  
• 79% Would spend money to reduce their business' impact on the environment
  

Initial vote: Does Green IT really matter? 77% yes, 0% No, 23% undecided

550 million cell phones retired in 2007. End-to-end, they'd circle the earth and then some. Consumers, regulators, investors and employees are all pushing business leaders to green-up.

Research from the university of Tokyo: For every 1000 tons of carbon expended on IT (efficiently and focused in some key areas), 3000 tons can be saved

End vote: Does Green IT really matter? 73% yes, 19% No, 8% undecided

Key issues: increasing the efficiency of IT (which has a similar size global impact as the airline industry) is easier than increasing the efficiency of aircraft. More important still, IT is a key part of reducing an overall carbon footprint—even if the IT carbon footprint increases, it can have a 3-1 impact on an overall carbon footprint.

The Low Carbon Economy and IT's Role in It

Speaker: Simon Mingay

A 60% to 80% cut in carbon emissions will demand doing different things, not just doing things differently. The winners in a low-carbon economy will think differently.

Exposure for Green issues has exploded over the last year or so. EU is trying to work out how to create a low carbon economy that sustains growth. We are looking at the beginning of a significant and long-term change, and IT is only just starting to look at the issues. Cuts required by 2050 cannot just be on the supply side (by choosing lower carbon alternatives for energy generation). Cuts must also come from the demand side.

Key question: "Do we understand how we would thrive in a low carbon economy?"

A Low-Carbon economy:

• Greenhouse gas emissions is halted and reduced
  
• Carbon becomes a constraining resource
  
• Energy from a fossil fuels is made a constraining resource
  
• Enterprise stakeholders take action based on carbon
  
• Carbon presents both a risk and an opportunity to the enterprise
  

How can we in ISS help the university plan to reduce carbon emissions? We need to fix our own footprint and then help, through application of IT, can reduce the university's carbon footprint. Need to be able to measure advantage of initiatives based on carbon savings. Comparing video conference with in-person meeting for example. Metric used to normalise carbon abatement is Euros per metric ton. So what is the cost of putting in a video conference facility in Euros per metric ton of carbon saved—compared with (say) train travel saved for attending a meeting in person.

What IT can do to help:

• Dematerialization: the process of taking materials out of value propositions (e.g. CD – MP3 download); replacing travel with video conference.
  
• Analytics and knowledge sharing: information management, environmental management; business process analytics (looking at business process from the perspective of reducing carbon emissions)
  
• Process Control: operational technology—e.g. presence based power management; smart metering—real time metering.
  

The Building Blocks of an Environmental Program:

• Energy efficiency
  
• Material efficiency
  
• Water reduction and management
  
• Waste reduction and management
  
• Pollution prevention
  
• Emissions management
  
• Supply chain management
  
• Environmental reporting & EMS
  

Points of focus:

• Paper reduction
  
• Energy efficiency
  
• Travel
  
• Transport
  
• Buildings
  
• Waste reduction and recycling
  
• Real estate
  
• Procurement
  
• Product/service design and development
  
• ICT itself
  

KPIs:

Carbon emissions per student per lecture? Carbon emissions per graduate? Carbon emissions per hour in a lab? Carbon emissions per hour in the library? Carbon emissions per night in residence? … We need to work that out.

Steps towards reducing carbon footprint:

1. Eco-efficiency (internal): travel substitution; flexible working; remote collaboration; materials efficiency (paper reduction)
   
2. Eco-efficiency (external): product lifecycle management, remote support, remote printing (if we need 1000 prospectuses in Malaysia, why not print them there, to reduce the costs (in carbon) of shipping
   
3. Changing the mindset-doing different things: carbon accounting; challenging the principles of "just-in-time" delivery, instead aiming at efficiency of carbon use;
   
4. Changing the value chain: dematerialization; products becoming services (car to public transport; SaaS; zipcar, whizzgo, goloco); localization of the supply chain.
   

"As human numbers continue to increase, casting an evermore unsustainable ecological footprint, it is hugely important that business and industry engages with the problem." Lord Bob May

 

Taming the Rogue User: Coping with Risk, Compliance and Other Business Realities of Socialization

Presenter: Nikos Drakos

Who are the rogue users at the university? An element of "individuality and initiative" is in the definition of a "rogue user." End users finding unusual ways to achieve what they need to—how can we embrace the initiative shown by rogue users to provide additional value…

"From a dozen applications for thousands of users… …to thousands of applications for dozens of users." Highly specific tools, solving individual problems…

Change and risk is increasing as the cost of access to computing is reducing. Risk is higher and change is higher as the number of ways in which an end can be achieved increases—all of which need to be managed.

A graph showing users per application, with an elongating tail—with e-mail, office and windows at the front of the graph, wikis, blogs SaaS Open Source and mash-ups in the middle and spreadsheets, browser plug-ins and PDAs at the tail. Micro-targeted software at the tail—claim is that there is value in the micro-targeted software. 70% of informal survey says that employees should be allowed uncontrolled use of consumer devices, applications and services. More than 60% said that IT does not need to endorse every piece of software or device an employee will use. As an institution, we already live in the world described.

As long as we watch out for: security, privacy, integration, duplication, fragmentation of repositories, data ownership and portability, can we not fill tactical gaps with quickly deployed solutions? Can we not find stop-gap solutions? Could we have used "basecamp" as a project management system during the deployment of Asta Teamplan? Can we be using del.icio.us to track vendors for specific purchases? What are: pbwiki; sprout; zoho; vyew; mindmeister…? Can we continue to engage with web owners across the institution by building "mashable" application interfaces?

Given that we cannot gamble with mission critical services; cannot risk security, quality, reputation; don't want people to waste their time—but in the same way we need to engage people to build momentum for WIP by looking at and re-using existing web infrastructure—shouldn't we determine how we can continue to engage their creativity…? Rather than looking at risk as the reason to say "no", look for opportunities which have low risk and high business value.

IT as Process Innovator and Owner: Achieving the Next Level of IT Organizational Contribution

Presenter: Colleen Young

Every business has processes. Not every business manages them. Even fewer innovate them…

• What is IT's opportunity to innovate?
  
• How should IT leaders take advantage of those opportunities?
  
• How will traditional roles and responsibilities change as a result?
  

Process innovation is not the same as continuous process improvement. Innovation means paradigm shift, not incremental change.

NYPD Example: Between 1994 and 1996, felony crime fell by 39%; murders decreased by 50%; theft decreased by 35%; public confidence increased from 37% to 73%.

Operational innovations: changed booking process to make it quicker (from 16 hours to less than 1 hour). 16 to 1 is not an incremental change, but a paradigm shift.

What are the operational processes that we need to generate? For us, is the PGA process, as described, really a process innovation, or an incremental improvement? What would we need to do to innovate to increase the number of applications and to increase the number of enquiries that turn into registered post-graduate students?

If changes are at level of product, sales & marketing or strategy and finance, there are other people to blame. To make operational changes, when they fail there is no one else to blame (this is why operational innovation is relatively rare). "In general… the CIO is not in a position to drive and lead this effort. It can only be done by a senior, business line executive." ("this effort" refers to BPM). Seems that there is no clear role for a COO (Chief operations officer). Does this mean that there is a vacant space that could be inhabited by CIO to look at process management?

If IT stature is high enough, and the business is sufficiently committed to strategic process management, then we have a significant opportunity to direct BPM for the university. We need to take a close look at Colleen's "IT credibility curve" slide, to determine what it is we need to do to increase our credibility. There doesn't seem to be anything particularly surprising here, but may help us work out which changes we can make within ISS that will have the biggest positive impact (bearing in mind our own change bandwidth).

Innovation is doing what no one else is doing—if we look for best practice, if we look for what other people are doing, we limit ourselves—I suppose that, at some level this is an obvious point, but challenging to some of my current thinking for both PGA and WIP in general. However, as Colleen already made the point—if you want to innovate in operations, it can feel pretty exposed.

This presentation makes me think about a Gartner style quadrant diagram looking at change bandwidth and change appetite. When change bandwidth and change appetite are both large, then that's when the real process innovation happens. Big question is "how do we determine the change bandwidth and change appetite of the organization, or part of an organization that will be affected?"

Why Green IT is Good for Your Business and Good for You

Presenter: Dr. Helmut Reisinger (Senior Vice President Europe, Orange Business Services)

It is interesting that "green awareness" figures from this speaker are different: only 21% indicate that energy efficiency is the number one or a big consideration. Note also the difference between this speaker (talking about energy efficiency) and Simon Mingay talking about carbon emissions—being energy efficiency is good, but not good enough. 57% of companies have a strategy to reduce the carbon produced by their companies. Less than 50% of those companies mentioned ICT as a part of their plans to reduce CO2 emissions. Nearly no CIOs are involved in setting environmental agenda.

A Green IT strategy: gives quick return on investment; enhances efficiency (by providing a smart-workplace); easier information sharing; a reassuring "green" image; can position a company as "green". We need to determine how much we would save in carbon footprint if we could let people work from home—how much does the average commute cost in carbon terms? How many times does someone need to work at home to cover the cost of setting them up to work from home? Compared with ISS team members working from home, finding ways to reduce the amount of distance travel done by the university would have a much larger benefit.

Gartner and WWF's Green Rating for Major Vendors

Presenters: Simon Mingay (Gartner); Dennis Pamlin (Global Policy Advisor, WWF)

For the last five months, the two presenters have been working on a vendor assessment for environmental impact. Should help us determine with whom we'd like to have strategic partnerships. Report coming out in July, but the results are "hot-off-the-presses". Will explain the framework and then present the results based on the framework. Green IT is an oxymoron, until you consider use of IT to "green" the business. "Greener" is doable. Minimize the negative impact, maximize the positive impact. 65% of IT professionals think that environmental criteria are at least as important as price as they make IT buying decisions.

Be wary of "Greenwash." Unspecific aspiration, superficial, absence of proof; framework is to provide an alternative. Framework provides insight into commitment to reducing IT impact and increasing their ability to use their technologies to reduce overall carbon footprints. It seems like this framework will be a useful for determining the green credentials of vendors. Does not tell which is the most energy efficient PC, or what materials are used.

The five sections of the questionnaire: environmental basics; supply chain basics; carbon basics; carbon delivery; carbon champions.

Response is a positive sign; use it to compare companies in similar sectors. Use it in combination with other measures to determine

Non-responders: Accenture, Acer, AT&T, Deutsche Telecom, EDS, Microsoft, Oracle, Sun, TCS. Not sure of the individual reasons why companies didn't respond, but seems likely that they didn't respond because they know the answers are not good.

The results were very interesting and it will be useful for us to go through them. It would also be useful for us to look a the framework and determine how well we would do if we were audited along the same lines. Need to get hold of the updated slides from Simon.

Unified Communications and Collaboration: The Next Strategic Advantage

Presenter: Steve Blood

Different approaches to unified communications. Telephony centric offerings most mature, though only a little more than e-mail and collaboration. From our perspective, UCS is where they think the value will be long term.

• What are the benefits of unified communications and where is the value?
  
• What are communications-enabled business processed and why are they important?
  
• What does the magic quadrant tell us about the vendors?
  

There is no single UC product. It is a portfolio of products. IM is going to change the way people work—next generation dial-tone. Presensivity will drive activity. If these technologies are not taken up across the institution, they are still very valuable for ISS and can make us more efficient as we move forward. Consider also whether access to stakeholders' presence information becomes requirement for engagement in an ISS project… that would be possible if we can measure and prove the advantage.

Users more easily escalate to the most effective combination of collaboration services for the task at hand. Click-to-call is neat, but doesn't necessarily provide business value. Business value comes from collaborative unified communication. Strategic value comes from enterprise unified communications. We will need to work out what stops people from embracing the technologies—is there an analogy with e-mail—what was the tipping point for e-mail and how can we bring forward the tipping point for IM and collaboration?

Context-specific presence lists: create a list of individuals based on specific current needs (I need to speak to some one on the Agresso project team—who is on-line). This is a very powerful notion and is provided to an extent through Sharepoint. But to see this through IM would be that much more useful.

Flexible conferencing and escalation: switching between different tools as the content of the communication changes. Making the switch as easy as possible helps ensure that issues get resolved.

Intelligent Notification Services: notification is by end-users' preferred methods. Using location services and presence to notify nearest person based on role or responsibility. This notion seems related to the context-specific presence lists.

Microsoft is in the top of the magic quadrant: OCS is the product that puts them there. Cisco are trending down and in the challengers quadrant. "IBM is the largest installer of MSFT Exchange in the world…" (wow).

We need to look at whether there are strategic themes of communication and collaboration that require of us that we take forward unified communications—maybe as much to ensure that we don't get left behind as to provide a clear advantage to researchers: to give them seamless, frictionless communications across the university and across the world.

Portable Personality: Freeing your users to work anywhere on any device

Presenter: Neil MacDonald

"A portable personality is a set of tools and technologies that decouples users from dependence on a specific computing workstation or device, by enabling them to recreate their preferred environment on any device."

What technologies are available? How will portable personalities evolve?

Looking at convergence between:

• Portable personality (ensuring I get my stuff)
  
• Secure workspace (ensuring the workspace is secure anywhere)
  
• Provisioning (getting a user's environment to them quickly).
  

My stuff: preferences, applications, data and workspace. User content is decoupled from the device. Packaged in a logical container (e.g. USB Stick, a server—one that we own, or one in the cloud, cell phone). Deliver it to the end machine (either physically or through the network). All has to happen in a secure and trusted environment.

Approaches:

• Remote presentation (Citrix, Sun Ray)
  
• Trusted Remote Access (RedCannon, MobiKEY) don't take data or applications
  
• Modified Portable Application (U3, PortableApps) do not virtualize, so does not work for Office Applications
  
• Portable Windows Application (RingCube, Ceedo) applications think they are working on windows.
  
• Portable operating system (VMWare, Sentillion, Moka5, Kidaro) need a licenced copy of windows
  
• Portable processor (Realm Systems) – ARM Processor running Linux on a package as small as a memory stick…
  

Security is a key consideration. How does the USB key protect itself from the kiosk into which it is inserted? Examines the kiosk at the point that it is inserted into the kiosk.

Inhibitors:

• Drivers: demand to leave notebook at home; growing broadband availability; desktop virtualization; increasing flash densities.
  
• Inhibitors: lack of tools for personality packaging, distribution and updates; vendor licensing for portable OS and applications; non-trusted target systems. Security is the single biggest inhibitor.
  

Moka5 needs 1-2GB, MojoPac needs 2-3GB, VMWare Pocket Ace 3-4 GB. Could every student get a 16 Gig memory stick to carry their personality with them anywhere—all the applications go with them, any machine in the library (or anywhere) becomes their machine when they sit down.

Management of the device is a new kind of headache—remote kill of lost devices; ensuring that devices are updated…

Key questions to determine a vendor:

1. Will users ever require off-line access?
   
2. On your network?
   
3. Do you want Microsoft windows applications off-line?
   

   Either application virtualization (RingCube Softricity), or virtualize hardware (Pocket ACE Moka5, Kidaro)
   

   
    

Worth looking at RingCube MojoStation—used to virtualize a working environment on any PC running windows.

Worth looking at Moka5 LivePC—encrypted USB stick with full copy of windows—to establish secure VPN to home office and data.

 

By 2010, there will be significant growth in portable personality. Mobility, security and provisioning will be transforming. For the university, can we use portable personality to make our IT provision greener (for example, will this help us to ensure that the complete workspace is available for remote working, remote learning?).

 

 

09:00-10:15 Tuesday May 13th 2008, Emerging Trends, Technology-Powered Business Acceleration

Speakers: Gene Hall (CEO); Peter Sondegaard (SVP, Research); Steve Prentice; Partha Iyengar (VP Research); Jeff Mann (VP Research); Mary Mesaglio (VP Research)

Six emerging mega-trends to watch: what IT will become. Given the economic downturn is deepening—cutting costs now, and cutting budgets for the future. Mainstream business effects are yet to be felt. IT impacts lag economic downturn. What then the impact on IT for HE? Conditions will remain difficult throughout 2009. Meet with executives and prioritize post-recession investments—get ahead of the curve now. Suggesting new metrics, much more granularly—interesting thought that leads to ideas like: IT spend required to recruit a post-graduate applicant.

IT contributes 2% to carbon emissions globally (Gartner, as of two years ago). Assess opportunities and risk and energy independence. Manage carbon as an enterprise resource, up and down the supply chain. Implement carbon accounting. Assess technology providers on their green credentials. We should look at benchmarking infrastructure from a carbon perspective. What is the carbon impact of a student? What is the carbon impact of a student studying a particular subject, and look at variance.

Innovate: prepare for the business growth that will follow recession. Streamline essential activities. Focus on Green IT: demonstrable environmental record will be increasingly important. Determine how social software can help make us more efficient.

Industrialize: cloud computing, business process management. There are potential problems (like SLA with a cloud). Develop a usage metric; prepare to move capital budget to a variable cost model. Team needs to learn about contract negotiation. Service provision focuses us on what people need to do, irrespective of how the service is provided.

Connect: Intelligent networks: networks that anticipate need through context. Connectivity needs to be more than a generic fat pipe.

Advance: Taking risks. First opportunity is strategic information management. Focus on the I, not the T of IT. Using Information as a competitive weapon. IT leaders need superb communication skills (speaking to non-IT people in their language, not ours) and the ability to influence.

Socialize: Understand the power of the social networks. IT delivers power to the individual. Mobilize communities and capitalize on their power. Uses Tom Sawyer painting a fence as a metaphor for socialization.

Globalize: perspective and operations. 38000 people joined Infosys in one year to do so, they processed 1000000 resumes. The impact of India and China will be enormous. How will this change the skills that students want to leave university with?

16:00-17:00 Monday may 12th, 2008 The Futuristic CIO

Speaker: Coleen Young

Introductory presentation; what the future will look like for IT leaders. Will point forward to other sessions this week; providing context for other presentations. “The futuristic CIO must THINK and BEHAVE differently.” Everything you know about what it takes to succeed, is potentially irrelevant, insufficient or obsolete. There are new behaviors, principles etc that will replace the existing ones. How and why will the evolving CIO role change?

Business has changed from rigid hierarchy, through matrix organizations to more changeable organizations, less based on control—instead based on partnerships (since not everyone involved in the business necessarily works for the same organization).
· IT as cost center: supply driven, cost obsessed; technology centric; functionally and technically siloed; insulated and monopolistic.
· IT as a service and solutions provider: demand driven; internal customer centric; process based; competitive and engaged; service obsessed
· IT as business innovator: opportunity driven; external customer–centric; ecosystem based; inventive; market or industry obsessed

We seem to be moving away from the first and towards at least the second, if not the third model. The third model is that to which we should aspire (IMHO). For example, that might make us focus on delighting external customers like RAE, or HESA. With the right balance,w e can ensure we delight external and internal customers. Delighting some of those external customers will, in turn, delight internal customers too.

Business expectations of CIOs in 2008 (top four priorities):
· Improving business processes
· Attracting and retaining new customers
· Creating new products or services (innovations)
· Expanding into new markets or geographies
Interesting how all four of these priorities relate to WIP and specifically to the needs of post-graduate recruitment and admissions.

Business expectation is likely to be innovation; so to be able to innovate for the business we need to see IT provision as transformational. Question arises: how do we find the time to innovate and transform while we support the set of services we currently provide? IT plays a valuable role in building business differentiators.

Need to show business leadership to be considered a business influencer. Expand scope of competencies and skills to reflect the business leadership that is required of the transformational CIO.

“The futuristic CIO holds many opposing realities and choices in her head and reconciles tem with holistic, unconventional thinking. This is the DIO’s true role in innovation. Rejects the need to choose between two undesirable alternatives; finds opportunity where others see constraints.”
· Stop: being a victim; dictating standards; wasting energy on incremental efficiency; worrying about cost transparency; managing projects; focus on alignment; on making internal customers happy
· Start: questioning; developing a vision; establishing alliances; experimenting; reading; volunteering; travelling; investing in talent; exploring the more “out there” web neighborhoods; tapping into social networks; researching non-corporate IT; spreading risk/investing in options; monitoring micro-trends; leveraging intellectual property
Interesting lists for us to look at—until this point I had been wondering how we would make the time to develop a futuristic IT organization. Now I realize there are things we could stop focusing on, which might buy is the time to innovate.

The theory of constraints: why process management matters. Worth investigating, as this might make it clearer why implementing ITIL matters.

This was a very interesting and dense presentation, and I have not captured it all here. As a result, a lot of this entry looks like my notes rather than a well thought-out response. I will be going back to re-listen to this presentation and make sure I have internalized everything that Coleen had to say.

13:30-14:30 Monday, May 12, 2008 Radically Transforming Security in a Virtualized World

Speaker: Donna Fitzgerald

This talk is targeted at professional project and portfolio managers. Project management tools are not enough; you need collaboration and social networking. These tools are not just a requirement for digital natives, there is a value case for this provision for everyone.

Can new tools help generate better project results?

People who might not share valuable information in a repository, might share that information in-person. Employees still more likely to share things in writing as long as their name is on it. Does this draw us away from the conventional, depersonalized project documentation and towards something more personal? Knowledge consumption depends on Social Capital. Social capital relates to human capital, physical capital and information capital. Relates to reputation:
· Trust: ability; past actions; openness; sincerity
· Reciprocity: shared vision; shared norms
· Levels of Cooperation: Consistency; commitment

If we think that project management documents might be there simply to ensure the success of the project, they might look quite different, rather than ending up with a formal project management document set, instead ensure that the right kinds of interactions can happen between the stakeholders in the project.

Four Phase Knowledge Loop:
· Socialization: discussion about tacit knowledge
· Defined Approach: sequential explicit knowledge
· Informed Action: Experience plus explicit knowledge
· Double loop learning: reflective insight on tacit knowledge

Tools for knowledge creation:
· Quiet and/or dialog
· Kinesthetic aids (mind mapping, lists)
· Capture Tools (blogging, wikis or podcasts)

These are forms of knowledge some of which work better for different personality types—we should not be requiring particular formats, but ensuring that the formats on which we focus are ones that work for both the person capturing the knowledge and the person that is receiving the knowledge.
Check-out tools: “TheBrain”, “OnFolio”, “Spurl”

1-to-1 Real time: Webcams; IM
1-to-1 Asynchronous: Blogs; Podcasts; Videocasts; Web pages
Many-to-many Real time: Conference calls; Chat; Videoconference
Many-to-many Asynchronous: Wikis; Threaded discussions; P2P File shares (like Groove); Email discussion lists

Different kinds of tools for different kinds of communication (speaker very surprised how few in the audience have IM infrastructure in their environments).
The PMO can facilitate:
· A connection path to the employee “who knows”
· Information sharing around a common problem or set of goals
· Effective collaboration for geographically dispersed teams
· Communities of practice for more freeform collaboration
· Project-based networks

Even if we are successful at using social networking tools and collaboration tools to get more value from , only a relatively small number of people will participate: 10-20%. Don’t let that stop us from putting in place the IM system, the blogs, the wikis etc. Different kinds of tools for different kinds of people:
Extrovert, High input: IM and blackberries
Extrovert associational: Want search and blogs to find thoughts and express them—produce most of the content
Introvert visual: Will want as much as possible in a video format they can watch at their desk
Introvert kinesthetic: Will want tools that let them build things and then share the results—mind maps or other open source repositories

Overall, this was an interesting talk, and makes me think that we should look very carefully at how we can ensure people are comfortable with using wikis and blogs to develop the knowledge required to progress projects. We also need to ensure that we are clear about where blogs and wikis provide additional information, and where they become the format in which formal project documentation is generated. Imagine for example, an issues log becoming an issues blog…

13:30-14:30 Monday, May 12, 2008 Radically Transforming Security in a Virtualized World

Speaker: Neil MacDonald
I decided to attend this session on the basis that we are embarked on a program of virtualization and, if that means that we need to re-think how we ensure the security of our systems, having a strategic view on how security paradigms are impacted by virtualization would be useful.

“Virtualization will radically change how you secure and manage computing environments.”

Two main topics: How can virtualization be used today to improve security; what will we be able to do that radically changes security in the longer term.

Today:
There are multiple layers of virtualization: presentation; applications; operating system/hardware. VMWare is 85% of the market. Citrix, Microsoft and VMWare are all looking at having offerings at all the different layers of virtualization. Most of today’s talk will be around virtualization layer between the hardware and the operating system.

Moving from having a host operating system to a hypervisor (like VSX or Hyper-V) is a good move from a security perspective, as the attack surface of a hypervisor is much smaller than that of a whole host operating system. Clearly securing the hyper-visor is critical—a successful attack on the hypervisor takes down everything above it.

At the guest operating system level, virtual machines can become virtual firewalls and virtual intrusion detection systems. The vendors are different and much less expensive. The hardware vendors are slow to produce these virtual systems as the costs for virtual versions are so much less expensive (think of them as software based appliances—as opposed to more expensive hardware based appliances). [Maybe we should consider looking at virtual IDS and virtual firewall vendors as an alternative to hardware solutions—proof-of-concept is much less expensive, as the up-side. Down side is that we know less about what the software appliance is composed of—whether, for example, it is based on an embedded, older version of Linux which is vulnerable to certain attacks].

OVF (Open VM Format) package the VM in XML-based meta-data, digitally signed. Can’t necessarily trust the meta-data; might still be low quality code; might be signed after it is tampered with—not a silver bullet.

Virtualizing a browser allows the browsing of sites that might have malicious content—but the virtualization layer protects the PC from the mal-ware (GreenBorder, AppSense). Might try to check out “portable personalities” tomorrow where the notion of creating a boundary between trusted and untrusted is turned on its head—making a trustable space in an untrusted environment.

Longer term:
VM State Inspection via the hypervisor. Configuration management can be done at the hypervisor level, not at the virtualized OS level (via a security VM—consider it a security appliance VM: state information like: processor state; memory pages; network state; disk blocks; process control blocks; threads and processes; services; applications; files; handles; kernel modules). Need to control what the virtualized OS does not what it is. MacAffee claim that, in that environment, they could have just one instance of anti-virus software for the hardware, rather than one for each virtualized operating system. The protection is provided outside the virtualized operating systems so protection can be provided to out-of-support operating systems; security software cannot be turned off by mal-ware, as the scope of control provided by the virtualized OS does not extend to the protecting software (like anti-virus).
Security workloads can be applied quickly and dynamically, just as we can start and stop virtual machines dynamically. Applying hot patches; changing policies—and doing so at the VMM/hypervisor layer rather than the individual virtualized workloads.

We need to ensure that security is a mandatory part of evaluation of virtualization solutions:

Gartner will help with more specific recommendations.

Welcome

Here I am back in Barcelona at the Gartner Symposium. I will be blogging my thoughts on the presentations as I see them. Check back to see what I have to say.