NextNext >>>>

Next

THE BUSINESS VALUE OF TECHNOLOGY FEB. 6, 2012

PLUS How to write a SAN RFI >>

SAP’s database, cloud push >>

New spec aims to stop phishing >>

IT pros lament RIM’s demise >>

InterContinental CIO’s big regret >>

Bully bosses end up losers >>

Table of contents >>

IT’s diving in with too much custom code and too little planning >> By Michael Healey

Six Flags and Yelp show what works >> By Charles Babcock

informationweek.com Previous Next

COTHE BUSINESS VALUENTENTS OF TECHNOLOGY Feb. 6, 2012 Issue 1,323 This all-digital issue of InformationWeek is part of our 10-year strategy to reduce the publication’s carbon footprint 23 Write A SAN RFI COVER STORY A properly crafted RFI will get 12 Leap Of Cloud Faith vendors to address your needs IT’s jumping into cloud services on your terms with too little planning, our annual survey finds 3 Research And Connect InformationWeek in-depth reports, events, and more 19 Success Stories How Six Flags and Yelp make the 4 CIO Profiles public cloud work for them InterContinental Hotels’ CIO regrets not venturing out on his own

5 Global CIO When it comes to bosses, bullies lose out QUICKTAKES 8 Phishing Fight 11 Number Crunching 6 Practical Analysis Email providers to promote A closer look at Apple’s A new CEO won’t stop RIM’s bleeding, IT pros say DMARC authentication spec record first quarter

9 SAP’s Next Moves Vendor takes aim at Oracle and Salesforce CONTACTS 9 28 Editorial Contacts 29 Business Contacts informationweek.com Feb. 6, 2012 2 Previous Next

Table of Contents Links Resources to Research, Connect, Comment

INFORMATIONWEEK REPORTS Biometrics FOLLOW US ON TWITTER AND FACEBOOK Before You Sign That Cloud SLA ... Best Bets Follow our four-step process to ensure Biometrics can cloud app providers live up to their be used to @informationweek fb.com/informationweek service-level agreements. provide strong informationweek.com/reports/cloudslas access control, MORE INFORMATIONWEEK but you must weigh added complexity Be Part Of The InformationWeek 500 Protect Your Sensitive Data and costs against assurance that users Nominate your company for the 2012 InformationWeek Concern that users could expose or steal are who they say they are. 500, our annual ranking of the best business technology a company’s sensitive data has spurred informationweek.com/reports/biobest innovators. Deadline is April 27. debate over the best way to protect it. informationweek.com/500/preregister informationweek.com/reports/insider Keep Up With Emerging Threats It’s not if you get hacked, but when. Dark Clouds, Outsourcing, And Security Services Compliance From The Inside Out Reading takes a look at ways to measure In this all-day virtual event, experts will offer insight on Defend against internal incidents while your security and the challenges that lie how to keep your data safe when working with third satisfying industry mandates. ahead with emerging threats. parties. It happens Feb. 15. informationweek.com/reports/insideout informationweek.com/reports/logs informationweek.com/1324/event

NEVER MISS A REPORT GET INFORMATIONWEEK HEALTHCARE How To Write An Effective SAN RFI Just released Healthcare providers must

What you need to know. Now. Buyer’s Guide: Tablets Just released collect all sorts of perform - Strike A Security/Usability Balance Just released ance data to meet emerging Download Our Free iPad App 2012 Enterprise Project Management Just released standards. The new issue of State Of Database Technology Just released InformationWeek Healthcare Data Center Networking Just released delves into the task ahead. informationweek.com/gogreen/ Get our 800-plus reports at reports.informationweek.com 013012hc informationweek.com Feb. 6, 2012 3 Previous Next Table of Contents CIOprofiles

TOM CONOPHY to be particular about the challenges I took on ing down. We need to listen to our consumers, Executive VP and CIO, and bold in delivering on them. and make sense of that information, then use InterContinental Hotels it to drive our business. Decision I wish I could do over: I regret not Leisure activities: venturing out on my own when I had industry- One thing I’m looking to do better: Skateboarding, travel, moving ideas. Technology should be simple and virtually history invisible to our users with real-time data at ON THE JOB their fingertips, regardless of device type. Favorite pro team Size of IT team: More than 1,000 globally coach: Vince Lombardi Lesson learned from the recession: Keep Top initiatives: pushing to make technology investments even Tech vendor CEO I >> Creating a new global reservation system in down times. Innovate, innovate, innovate! respect the most: CAREER TRACK to support business needs for 15 to 20 years. Scott McNealy of Sun How long at InterContinental: Six years Kids and technology: My wife, Jody, and I >> Focusing on security, including the integrity have three daughters. We didn’t directly steer Business pet peeve: Career accomplishment I’m most proud of: of our environment and protection of data. them toward tech careers, but they’re naturally Lack of timely decision I’ve had the opportunity to be part of several gravitating that way by immersion—technol- making large-scale system implementations; one that Metrics used to measure success: We meas- ogy is everywhere. One of my daughters won’t stands out is my first job, with an insurance ure success against shareholder value, based eat in a restaurant without first checking out If I weren’t a CIO, I’d company in Seattle, where I built an auto- on the Dow Jones World Hotels Index as well the Yelp ratings. They’re up to speed—at times be ... a pilot, computer mated billing system on my own that’s still in as a set of key performance indicators. ahead of me—in regard to mobile technology science teacher, or pro place. My initials are still watermarked into and are examples of our next-generation hotel baseball player the system! VISION guests and owners, so I’d better pay attention. The next big thing for my industry will be ... Biggest career influencer: Brad Boston, of variations of mobile computing. It’s how peo- Ranked No. 25 in the 2011 Cisco, a fantastic mentor. Brad encouraged me ple manage their lives already and isn’t slow- informationweek.com Feb. 6, 2012 4 Previous Next Table of Contents globalCIO

Why Bully Bosses End Up Losers JONATHAN FELDMAN

When dealing with human resources man- Leaders make the mistake of treating groups So if the research shows that kindness, con- agement, it’s important to have academic of people as if there is a group. There isn’t. There sideration, warmth, empathy, and optimism backup. That’s because often you’ll get pres- are just individual people who come together to create a competitive advantage, why are there sured by short-term, bottom-line thinkers who make a group. The distinction is important. still pockets of IT that don’t believe this? Could dismiss anything but scorched-earth personnel Groups don’t have complaints about work-life it be that we’re hiring the wrong people? management tactics as soft, weak, or a waste of balance; people who make up the group do. ”Attitude, rather than technical skill, is what’s money. Nothing could be further from the We generally consider someone “nice” when most important in a prospective employee,” truth. IT is a service business, and being a “nice” he takes our feelings into account when tak- says Micah Solomon, author of the forthcoming boss is the only way to create excellent service. ing actions. We still think a boss is “nice” when book, High-Tech, High-Touch Customer Service . Tony Schwartz at Harvard Business Review re- someone else gets the promotion, as long as Employees can have all the technical skills in cently blogged that using old-fashioned positive we understand that there was a rational basis the world, but unless they’re focused on the hu- feedback builds higher-performing teams. “Sure, for the selection, and as long as we aren’t hu- man element, you’re never going to get the if you have the time, but we have real work to miliated. So that’s what “nice” is: the ability to level of customer engagement needed to be do,” might be what a scorched-earth manager include others, be mindful of others’ feelings, successful,the book says. would say. But Schwartz pulls out the academic be considerate. But, guess what? In Manns’ Scorched-earth thinkers may say you’re research, showing that higher-performing teams model, this is also good change management. weak, but it’s really the reverse. As they chase have a significantly higher ratio of positive-to- Manns’ research shows that participation— people away with horrible management and negative feedback than lower-performing ones. even just a little bit—in decision-making pro- leadership tactics, they’re wasting one of the Of course they do, but, with research to back it cessesis a key way to avoid project failure. It’s most precious resources: talented, capable up, this assertion becomes more powerful. not much of a stretch to apply this to daily people. And that’s not an academic problem. Mary Lynn Manns, a professor, researcher, and tech work. Leaders who use the hammer to author of Fearless Change, a handbook on or- get people to comply will be subject to am- Jonathan Feldman is director of IT services for a rapidly ganizational change, goes further, saying that bushes, passive-aggressive behavior, and growing city in North Carolina. Share a digital version of this how people are treated can determine the suc- other issues, Manns says. This all translates to story or read others at informationweek.com/jonathanfeldman. cess or failure of the projects they work on. a low-performing team. Write to us at [email protected]. informationweek.com Feb. 6, 2012 5 Previous Next Table of Contents practical Analysis

New CEO Won’t Stop RIM’s Bleeding: Exclusive Research ART WITTMANN

Investors and pundits have had their say on dents left comments about RIM’s plight. Their on an Android phone is nothing but problems. Research In Motion’s recent management sentiments wandered from sadness to anger The built-in application for mail is worthless, shake-up, and they’re almost universally neg - to resignation. Their overarching view: Regard - and programs like TouchDown for Exchange ative. The company’s stock, which traded at less of how IT pros feel about RIM products, on the Android are a pain to manage. With the more than $140 per share in 2008, now trades users are simply moving on. iPhone we have no central management, but for about one-tenth of that. While worldwide One IT director in an educational institution at least it usually runs the first time when con - sales of RIM BlackBerrys don’t look that bad, put it this way: “The system is fantastic from necting to Exchange via ActiveSync.” the company’s share of the U.S. smartphone the IT admin perspective but archaic and irri - You can hear the echoes of Wang, DEC, and market is plummeting, from 43% three years tating to the user.” Another summed it up this Novell admins who sorely missed the IT- ago to about 6.5% today. Now that RIM co- way: “BlackBerry used to be our dominant friendly capabilities of their favored platform founders Jim Balsillie and Mike Lazaridis have smartphone. BES integrated perfectly with Ex - after it had been rendered obsolete. given up their co-CEO jobs, handing the reins change, and devices were easy to manage Whether IT pros are happy to show RIM to former COO Thorsten Heins , we wanted to from a central location. Recent outages, slower products the door or harken back to their hear what IT pros think about RIM’s prospects. browser and network speed, and the lack of heyday, the outlook for RIM in the enterprise More than 500 IT pros took our RIM survey, compatibility with applications have put is bleak. Currently, 70% of the respondents to and not surprisingly, what was once the domi - BlackBerry at the end of the line.” our survey report buying BlackBerrys for nant smartphone for U.S. business users is being While the BlackBerry is a fine device for mo - their users, followed by iPhones at 25%, An - relegated to the IT history pages. When we bile unified messaging, iPhones and Android droid phones at 15%, and Windows Mo - asked about RIM’s market position, just 1% of phones are mobile computing platforms. So it’s bile/Phone at 2%. But only 35% of them ex - survey respondents said the company is a not surprising that when there’s a competition pect to buy BlackBerrys 24 months from now, leader positioned to grow its influence. Most re - for pocket space, the more capable device wins. while 45% plan to buy iPhones, 25% Android spondents, 56%, said the company is a former But that doesn’t mean IT managers are phones, and 6% Windows phones. leader whose best days are behind it, while 43% happy with this state of affairs. One IT pro of - Two years is a long time, particularly with new said it’s a strong player that’s losing its lead. fered this lament: “We really never have issues phones rolling out at a consumer market pace, More than a quarter of the survey respon - with our BlackBerrys. Now, running ActiveSync but RIM will have to move quickly and deci - informationweek.com Feb. 6, 2012 6 Previous Next Table of Contents practicalAnalysis

sively to shore up its brand—something few survey re- spondents think will happen as a result of the recent management shake-up. Only 5% of respondents think the former co-CEOs were not a factor in RIM’s woes, but only 11% think the shake-up is sufficient to help the company. The largest percentage, 47%, think that the shake-up wasn’t bold enough and that RIM needs new blood. Another 39% are even less hopeful, saying RIM is in trouble no matter who the CEO is. The bottom line is that RIM is losing ground in the enterprise. Only 7% of respondents said their com- pany’s use of RIM products would increase in the fu- ture, and just 15% said they’d maintain the status quo. The largest percentage, 45%, said they’ll support an array of phones, including fewer BlackBerrys. Fif- teen percent said they’re looking to replace RIM prod- ucts, and 12% said they’ve already gotten rid of them. RIM’s newest phones address fundamental shortcom- ings, such as their small screen and lack of touch screen capabilities. But the genie is out of the bottle; iPhone and Android are set to dominate. The BlackBerry will have its place, for a while, in highly secure environments, but the preferences are clear for most everyone else.

Art Wittmann is director of InformationWeek Reports.You can write to him at [email protected]. informationweek.com QUICKFACT Previous Next Table of Contents As many as 25,000 phishing Quicktakes campaigns are launched a month.

AN END TO SPOOFING? New Spec Aims To Stop Phishing

Leading free email providers AOL, Google, new spec lets message senders designate to the Anti-Phishing Working Group. Microsoft, and Yahoo have banded together which authentication mechanism they’re using Being duped by a phishing message often with financial, social media, and email security to protect messages and provides instructions leads to compromises of multiple online ser - companies in hopes of making it easier to ver- vices, because people tend to use the same ify the authenticity of email messages and Losing control of your account “is password across different websites, says Goo gle fight phishing. product manager Adam Dawes. Losing control one of the worst experiences that The companies have formed DMARC.org to of your account “is one of the worst experiences promote the DMARC specification, which de- a user can have.” —Google’s Adam Dawes that a user can have,” he says. scribes how email senders should authenticate The DMARC group has worked on the spec messages and communicate their authentica- to receivers on how to handle messages if au- over the last 18 months, Dawes says. Other com- tion practices, and how message recipients can thentication tests fail. It also provides a report- panies participating include Bank of America, Get A Free Tablet Buyer’s Guide discover and implement senders’ policies. ing mechanism that lets senders assess the de- Fidelity Investments, PayPal, American Greet- DMARC stands for Domain-based Message Au- liverability of a message. ings, Facebook, LinkedIn, and several security Our buyer’s guide for enterprise tablets is free with registration. thentication, Reporting, and Conformance— It’s too easy for malicious email senders to companies. The tablet market has been the think of it as a set of rules that can make email make their messages appear to come from Agari, an email security provider involved in iPad market, but innovation by Google and manufacturers is more secure. someone else’s Internet domain, and such the effort, implemented DMARC last year. The making Android an enterprise Various forms of email authentication exist, in- messages often are used for phishing—mean- company’s Email Trust Fabric turns raw DMARC option. Our report includes: cluding SPF, DKIM, and Sender ID, but there’s no ing attempts to dupe message recipients into data into reports with information on email in- > Analysis of six tablets with a common standard. Currently, companies that providing sensitive information under false frastructure and message deliverability. Agari focus on enterprise readiness authenticate their email have to coordinate in- pretenses or through malware. About 20,000 claims it has rejected about 4 billion threat mes- > Predictions of new tech likely to be added to tablets this year dividually with each email provider. to 25,000 unique phishing campaigns are ini- sages since the technology was deployed in DMARC ties existing specs together, offering tiated a month, each targeting hundreds of January 2011. Download a standard way to authenticate messages. The thousands to millions of email users, according —Thomas Claburn ([email protected]) informationweek.com Feb. 6, 2012 8 Previous Next Quicktakes Table of Contents

FIVE-POINT PLAN Hagemann Snabe eyes SAP To Expand Database And Cloud Reach $2 billion [in the cloud After a record year financially, what’s next for thereby accelerating financial analyses. And, as SAP? A five-point plan to extend its momentum SAP said last year, Hana can serve as the under- in enterprise applications, analytics, and mobil- lying database for the SAP Business Ware- tion. Exadata and OBIEE are both six- to ity while stepping up efforts to crack into the house, an analytic environment used by 16,000 seven-figure investments, and are required for database and cloud computing markets. customers. Exalytics to make sense. It’s going to be a hard SAP ended its 2011 fiscal year with a 25% SAP is getting right in Oracle’s face with sell to get an Oracle shop that’s in that deep jump in software revenue and 4.8 billion euros Hana and with its planned next step—possi- to add SAP Hana and the separate hardware ($6.2 billion) in profit on 14.2 billion euros bly as soon as early next year—to offer Hana required. ($18.6 billion) in sales. Its gains were largely at as a replacement for the databases running If an Oracle customer running SAP apps isn’t the expense of Oracle, which has lagged SAP its apps. There’s more to SAP’s database story, using either Exadata or OBIEE, I’m guessing as well as Infor and Epicor in application soft- notably Sybase ASE and IQ, which have solid sales reps from both companies already are ware growth—at least in the most recent and growing shares in financial services and all over them. quarter. big data analytics, respectively. But Hana is SAP’s five-point plan expands on its in-mem- the biggest bet. When SAP floated a plan to Cloud Attack ory, mobile, and on-demand theme of the past become the second-biggest database player SAP’s push into cloud computing is where two years. SAP’s Hana technology will no by 2015, it described it as “a great big, auda- it will go head to head with Salesforce.com, longer be just a standalone in-memory appli- cious goal.” among others. SAP plans to be a $2 billion ance. It will run a bunch of new applications The question is whether Oracle customers player in cloud computing by 2015, says SAP that are part transactional and part analytical, will buy Hana. An estimated 60% of SAP cus- co-CEO Jim Hagemann Snabe. That’s about like Sales & Operational Planning (a soon-to- tomers use Oracle databases to run their ap- where Salesforce is today in terms of revenue. be-released supply chain module) and Smart plications. Oracle has its own in-memory ap- In the cloud, however, and without its Meter Analytics for utilities (released late last pliance, Exalytics, a fairly low-cost add-on for planned acquisition of SuccessFactors, SAP year). Hana can also now run SAP’s core CO-PA any company that owns Oracle Exadata and wouldn’t hold a candle to Salesforce. Even with (Controlling-Profitability Analysis) module, Oracle Business Intelligence Enterprise Edi- SuccessFactors’ 15 million end users, SAP’s ac- informationweek.com Feb. 6, 2012 9 Previous Next Quicktakes Table of Contents

quiring a broad but shallow footprint. That number is based largely on a performance-review app that’s used by every employee in a company four times a year at most. Is that really a big foot in the door for, say, Business ByDesign, SAP’s cloud enterprise suite of ERP, HR, CRM, and other apps? SuccessFactors has only about 3,500 companies as customers, whereas Salesforce has more than 87,000 (with some 3 million end users). In my estimation, Salesforce is in a better position to sell more licenses to end users and additional services to customer firms—so long as it can broaden its app portfolio, which it has been doing quite steadily. SuccessFactors CEO Lars Dalgaard, who will lead SAP’s cloud strategy once the acquisition is com- pleted, needs a plan to grow Business ByDesign and SAP’s other on-demand apps much more aggres- sively this year than SAP has done so far. To SAP’s credit, it’s not overextending itself with its five-point plan. The goals on apps, analytics, and mobility are nothing new. As for the database and cloud goals, saying “we’ll be No. 2” isn’t impossible, but some formidable, long-term players stand in the way. In database, IBM and Microsoft aren’t going to step aside for SAP anymore than Oracle will. And in the cloud, Oracle, Microsoft, Workday, NetSuite, and others will fight tooth and nail alongside Salesforce and SAP. —Doug Henschen([email protected]) informationweek.com Previous Next Quicktakes Table of Contents

BY THE NUMBERS Apple’s Record Revenue And Other Figures Of Note

Apple had a record-breaking fiscal 2012 first 15.43 million quarter, the period spanning the last 14 weeks That’s the number of iPads sold, 111% more Nearly15.5 million served of 2011. The company reported record quar- than the number sold in the year-ago quarter. [ terly revenue of $46.33 billion and record quar- While iPad sales are cannibalizing Mac sales, 5.2 million terly net profit of $13.06 billion, which trans- they’re cannibalizing PC sales even more, Cook The number of Macs sold during the quarter lates to $13.87 per diluted share. says. “It’s winning market by market by mar- was up 26% from the year-ago quarter. IDC CEO Tim Cook attributes Apple’s success to ket,” he says. Apple has sold more than 55 mil- saw a 0.2% decline in worldwide PC shipments “the breathtaking customer reception” of the lion iPads since April 2010. during the fourth quarter of 2011. company’s products. He also promises that more exciting products are coming. Here’s a $97.6 billion 110 million look at some of the more interesting numbers: That’s how much cash Apple has on hand. That’s the number of people who visited It’s huge amount of money, enough to buy Apple stores during the quarter, up from 76 $46.33 billion Sony five times or about half of Google. Apple million in the year-ago quarter. That works out Apple’s revenue for the quarter was 73% CFO Peter Oppenheimer noted that Apple is to 22,000 visitors per store per week during higher than it was in the same quarter the year actively discussing with its board what to the quarter based on an average of 358 before. The company’s $13.06 billion net profit spend it on. stores during the period (Apple now has 361 was more than Google’s net revenue of $8.13 stores). More than half the customers buying billion during the same quarter. 85 million Macs from Apple stores haven’t previously That’s the number of customers iCloud has owned a Mac. 37.04 million attracted in three months. “We’re thrilled Apple sold 37.04 million iPhones, up 128% with it,” Cook says. “It solved a lot of prob- What Apple Left Out from the same quarter a year ago. IDC has lems that customers had.” No word on how Apple said nothing about revenue from iAds pegged overall growth for the smartphone many of them are paying for extra storage or about whether anyone is using its Ping social market at 40%, Cook says. and services. network. —Thomas Claburn([email protected]) informationweek.com Feb. 6, 2012 11 Previous Next [COVER STORY] Table of Contents

IT’s jumping into cloud services with way too much custom code and way too little planning, our annual State of Cloud survey finds By Michael Healey

N ext time someone starts in about how “the cloud is going to change everything,” feel free to point out that “everything” has already changed. So say the 511 busi- ness IT professionals responding to our InformationWeek 2012 State of Cloud Computing Survey. Adoption of public cloud services has been on an upswing for the past four years, since we began keeping track. Today, just 27% give a thumbs down. In our 2008 cloud survey, people couldn’t even agree on a definition—21% agreed that cloud was

informationweek.com Feb. 6, 2012 12 Previous Next 2012 STATE OF CLOUD SURVEY [COVER STORY]

Table of Contents “pretty much a marketing term used haphazardly.” OK, so not everything has changed. Still, frustration with vendor hype aside, all types of public cloud services—software, infrastructure, and platform as a service—are gaining followers. A third of companies use cloud services, and an additional 40% have plans for or are considering it. So we’ve got this figured out, right? Not so fast. Among cloud users, we’re seeing major gaps in how IT organizations are selecting, integrating, and monitoring the services their employees depend on. The bulk of cloud initia- tives are reactive, in response to line-of-business re- quirements or demands. IT rarely has an overarching vision of how it all fits together. Don’t believe us? Then explain why only 28% of IT organizations assess the potential impact of a cloud service on their internal architectures prior to going Get This And All Our Reports live—that’s especially troubling given the upheaval our data centers are going through, as evidenced by Our full 2012 State of Cloud Computing report is free with the 71% of respondents to our IT Pro Ranking report registration. This report includes on data center gear who are either in some stage of 29 pages of action-oriented analysis, packed with 20 charts. a network rearchitecture project or expect to be What you’ll find: within 24 months. Or that 24% have no performance > All cloud all the time? Check monitoring of cloud services. out our cost and ROI analysis. It gets worse. Almost half of companies have opted > Ratings of nine inhibitors to to custom code each cloud application into internal cloud adoption. back-end systems, with only 9% leveraging cloud in- tegration providers. That’s an expensive strategy Download given the aforementioned rearchitecture and conver- informationweek.com Previous Next 2012 STATE OF CLOUD SURVEY [COVER STORY]

Table of Contents gence projects, and it’s not money we need Big Pipes ment. For now, companies have to do serious to spend: Integrators large and small have The first and most obvious issue to tackle is customization, by combining existing suites, ready-made online integration tools, which bandwidth, with consideration of user activity like those from CA, HP OpenView, and IBM can help you conserve bandwidth, as we’ll dis- as well as integration traffic and planned Tivoli, with one or more of the native tools of- cuss. Combine this customization nightmare backups. IT needs to consider redundancy for fered by platform providers like Amazon, with the fact that 73% of cloud users already data lines as well as the cloud application it- Salesforce.com, and VMware. It’s also worth use multiple providers, and we foresee a fu- self. Ensuring good service requires monitor- looking at the new breed of monitoring serv- ture where performance and reliability are ing, yet only 28% of respondents already in ices from the likes of AppDynamics, Logic- bound to suffer. the cloud do what we consider proper over- Monitor, and New Relic. Fortunately, only a minority are feeling the sight of their setups, including status monitor- Monitoring will get a lot more important, pain so far. Just 14% of respondents fired a ing, application tracking, and throughput/per- and the 67% of respondents who say their cloud provider, with 22% of those saying it formance monitoring. companies aren’t yet making use of a public had a major or catastrophic impact on the To be fair, IT teams generally don’t have cloud service may be in for a rude awakening. business, while 81% think the performance of much experience optimizing networks for in- Box.net is an online storage service that their cloud services is as good or better com- tegrated connectivity with public cloud ser- claims more than 5 million users from 60,000 pared with what could be delivered in-house. vices; most just focus on getting the biggest businesses—very likely including yours. And We expect the march to the public cloud pipes they can afford. And just as importantly, don’t just blame the rank and file for rogue to continue unabated, with companies traditional network management platforms tech, because the IT staff is likely guilty of drawn by lower costs, quicker implementa- have not evolved fast enough to handle the spinning up a few GoGrid virtual servers or tion, and less need for internal staff. But IT complex traffic, application, and environmen- an Amazon instance here and there. It’s noth- has a critical role in making sure companies tal monitoring needed to truly understand a ing to be ashamed of, but ignorance isn’t go- get what they’re paying for. hybrid internal/external computing environ- ing to be an excuse if an online storage serv-

informationweek.com Feb. 6, 2012 14 Previous Next 2012 STATE OF CLOUD SURVEY [COVER STORY]

Table of Contents ice like Dropbox goes dark and employees How Do You Integrate Your Cloud And SaaS Applications? lose access to important documents, or Custom code directly to our internal system using each vendor’s API worse, gets hit with a major breach and you 47% learn a salesperson put an unencrypted Leverage an internal integration platform 14% spreadsheet containing customer informa- tion in her file share. Leverage a traditional VAN for data integration 10% Find out exactly how much cloud you al- Leverage a cloud-based integration platform ready use. The audit needs to start with some 9% good old-fashioned log file analysis of in- Other bound and outbound traffic. It should be fairly 11% easy to identify usage and track it back to the Don’t know individual or department. Not only does such 27%

an audit help close the loop on rogue proj- Data: InformationWeek 2012 State of Cloud Computing Survey of 166 business tech pros using cloud computing services at companies with 50 ects, it gives IT teams hands-on experience or more employees, December 2011 building out monitoring and performance 11% provide a template that providers must has data centers worldwide, was eventually tracking. This is a critical step, especially for conform to. Fifteen percent are honest awarded the contract, and 17,000 GSA users larger enterprises. Once you have a true pic- enough to admit they just accept the terms have migrated so far, though the data center ture of what’s in use, determine what employ- they’re offered. location debate continues. ees have agreed to. If a department has opted In truth, only the largest companies will SLAs or not, you bear the risk with cloud in to a vendor’s standard offering, it’s likely it have the leverage to negotiate terms. (We dis- services. Last year when Microsoft had its big just signed the contract and accepted a stock cuss how to get the best cloud SLA in more Office 365 outages, which included downed service-level agreement. depth here and here.) Even the U.S. govern- email, customers got a paltry 33% refund on ment has to bend a bit. With the General Ser - their monthly service fee. Dig out the “cost of The Reality Of SLAs vices Administration’s recent email contract, downtime” calculator from your last business Cloud SLAs are like speeding tickets. Every- the original request for proposal required that continuity plan and see if that covers lost rev- one claims to have “beaten” one, but in reality, data reside in the continental United States. It enue estimates. Doubt it. most of us get exactly what’s coming. While was modified partway through the bidding It comes down to this: No public cloud ven- 71% of cloud users review the general vendor process to allow any location that met the se- dor will ever agree to the same SLAs that you agreement and then negotiate terms, only curity requirements of the bid. Google, which can create in-house. A hosting provider like informationweek.com Feb. 6, 2012 15 Previous Next 2012 STATE OF CLOUD SURVEY [COVER STORY]

Table of Contents AT&T or Rackspace might match the gold- before cloud computing, and this won’t the majority of cloud users have multiple standard five nines for a specific service or change when incorporating outside services. cloud providers—64% do business with two hosted data center, but you’ll never get such There were outages last year from almost to five. Respondents are fairly split over an agreement on end-to-end connectivity. every big provider—Microsoft, Amazon, whether they favor best-of-breed vs. platform While most IT organizations accept this as VMware, even RIM. The calls come to you, not consistency; 29% select based primarily on common sense, they don’t do a very good job them. Proactive monitoring is the only way to the end product, regardless of who the educating business users. Time Warner and ensure that your team knows what’s going on provider is, while 27% value having a manage- scores of other Internet service providers had before the phone rings. able set of vendors. Most, 44%, opt for a bal- problems last year related to Juniper switches anced weighting between the two. and faulty firmware. This caused immense Integration Is Key Regardless of the strategy, you’re still on the pain for scores of remote workers, many of Given that most IT teams today support a hook to get everything communicating. Data whom called the help desk in a panic. IT al- mishmash of applications, operating systems, integration internally has relied on standard ways got the blame for any technology failure and hardware platforms, it’s no surprise that plug-ins, custom code, or letting users pull data together via business intelligence or data Weigh The Risks warehousing apps. Sharing data among inter- When comparing cloud service providers with traditional outsourcers and third-party suppliers, nal applications, however, is quite a bit differ- how do the risks stack up? ent from making public cloud apps play well. 2012 2011 And yet we see companies treating these Greater with cloud providers 44% challenges the same way, with an astounding 38% 47% writing custom code using each vendor’s About the same API to integrate cloud services with internal 39% 44% applications. That hub-and-spoke approach could end up Lower with cloud providers 6% crippling the network. Let’s say, for example, 6% that your company uses SaaS-based CRM, Don’t know project management, marketing platforms, 11% 12% and hosted email. All data is synced back to in- ternal accounting and ERP systems via custom Data: InformationWeek 2012 State of Cloud Computing Survey of 511 business tech pros using cloud computing services at companies with 50 or more employees in December 2011 and 399 in October 2010 code. Not only have you increased your in- informationweek.com Feb. 6, 2012 16 Previous Next 2012 STATE OF CLOUD SURVEY [COVER STORY]

Table of Contents bound traffic fivefold, you’re stuck supporting others are focused on data integration, but we and Symplified—services that either started five custom integration points. In response, “in- can see this integration and a service role ex- as cloud apps or were retooled for it. It’s a big tegration as a service”companies continue to panding to data analysis and enterprise field that will get bigger if, as we expect, enter the fray. This is a compelling alternative, search. Don’t wait for a standards body to sort VMware, Symantec, and others join the fray. and you have plenty of choice. Upstarts like Jit- this out; we don’t see any of these efforts— terbit and SnapLogic compete with larger ven- and there are a lot now, with more springing All Cloud, No IT? dors, including IBM and Informatica, that have up like dandelions—bearing fruit soon. Almost no one expects to go all cloud: just built out their portfolios internally (Informat- In addition to integration, there’s also the 4% of respondents say that, in 24 months, ica) or by acquisition (IBM bought Cast Iron). touchy question of how to manage em- they expect 75% or more of their IT services While only 9% of cloud-using respondents ployee access rights to disparate internal and to be delivered from the cloud. But cloud leverage these systems today, they should be external services. Internally, the “enterprise computing will continue growing, and many a core part of your long-term cloud strategy, single sign-on” space has long been domi- early adopters we spoke with are just now nated by a mix of large and niche players, like grappling with the monitoring, management, CA, IBM, Oracle, ActivIdentity, and Imprivata. and integration requirements they somehow Recent high-profile breaches may These vendors don’t have a good answer, ignored during the honeymoon phase. be why, even as worries about though, for cloud services like those from “The cloud has brought much higher prices cloud features and vendor lock-in Amazon, Google, Microsoft, and Salesforce. and lower customer service,” says an infra- have declined, security is still a That’s because, while Microsoft Active Direc- structure lead for a federal agency. “However, tory tends to dominate internal network ac- since we outsourced, we cannot bring the sticking point. cess, there’s no such de facto authentication functions back in-house.” schema in the cloud. As we discuss in our re- That’s an important point: Once a capital especially when it comes to maintaining links cent Identity Management research report, budget line is gone, it tends to stay gone, and and managing the growing amount of data cloud-based IdM and federation vendors are cloud computing means a lot more emphasis residing off-site. Individual cloud vendors looking to ease your pain; the idea is that you on operating expense. (See more on how to have to provide connectivity to end clients, grant the vendor access to integrate your manage this transition in our recent report on but they have no incentive to work together. user directory with its IdM system. The the morphing IT budget.) But companies That makes these integration vendors a nat- provider then connects out to various inte- can’t just look a year or two out to compare ural outgrowth of the cloud industry. gration points. Leaders in this category in- the cost of a service versus buying and run- Today, the likes of Jitterbit, IBM Cast Iron, and clude Apere, OneLogin, Okta, Ping Identity, ning software. Go five years out and factor in informationweek.com Feb. 6, 2012 17 Previous Next 2012 STATE OF CLOUD SURVEY [COVER STORY]

Table of Contents Cloud’s Impact On Architecture requirements, integration guidelines, and stan- Have you scoped out the potential impact of a cloud service on your Internet-facing architecture? dard service levels everyone can understand. Offer monitoring and management options as 2012 2011 a core part of the provisioning process. Yes 28% Speaking of security, it’s dominated our list 26% of cloud concerns for the last several years. Re- Not yet, but we plan to cent high-profile breaches continue to shine 32% 32% a light on the problem and may be why, even as worries about cloud features, vendor lock- Not yet, but we will before adopting any new services 28% in, and viability of providers have all declined, 28% in some cases fairly significantly, security is still No, and we have no plans to do so a sticking point. It’s also a main reason to de- 4% 6% velop guidelines. We found it interesting that Don't know one-third of respondents to our Information- 8% Week Services-Oriented IT Survey who are of- 8% fering security services through their service Data: InformationWeek 2012 State of Cloud Computing Survey of 375 business tech pros using, planning to use, or considering cloud computing catalogs say they do so expressly to enable services at companies with 50 or more employees in December 2011 and 272 in October 2010 business users to purchase external cloud some rate increases and downtime. We offer ects, so they just slip around the side.” This is services that are approved by security. a customizable cloud ROI modeler that breaks a major gap that we see in multiple industries. The 40% of respondents to our cloud survey down a 500-GB storage cloud that will be uti- IT needs to be looped in, and that means put- who are still in the planning stages can avoid lized by 500 users across the United States. ting in place a streamlined, nonpunitive the pitfalls that have plagued early adopters. process for business units. The key is to step up and actively manage the Forgiveness Vs. Permission If you make this too onerous, businesses will growing use of cloud services, alongside a Lastly, IT needs to figure out a rational ap- try to route around. Get a handle on the healthy core of on-premises IT. proval procedure for cloud services. amount of usage, identify festering security or “Cloud never goes through the governance performance problems, and lay out guidelines Michael Healey is president of Yeoman Technology Group, a process,” says one enterprise systems archi- so people will approach IT early on. A success- technology research and engineering firm. Write to us at tect. “Finance only cares about capital proj- ful cloud policy establishes baseline security [email protected]. informationweek.com Feb. 6, 2012 18 Previous Next [COVER STORY] Table of Contents

Where Cloud Works

Six Flags and Yelp reveal ots of IT organizations are taking Consider how Six Flags Entertainment is quickly add capacity to meet demand. how they’ve made the a hard look at public cloud ser vices. using cloud services. To commemorate the Prior to using Rackspace’s cloud service, public cloud work for L Two cloud users, Six Flags Enter- 50th anniversary of its Six Flags Over Texas a promotion like this would have required their businesses tainment and Yelp, gave us a look at prob- park this year, the company cut the online expensive newspaper, radio, and TV adver- lems they’re facing adopting these services ticket price, announcing on its blog: “Yup, tising. Six Flags runs 19 theme parks and the value they’re getting from them. less than $20 will get you into the park’s across the country that more than 25 mil- By Charles Babcock Picking the right service for your business first weekend.” (The usual online admis- lion people visit a year, and it makes ex- need is a process loaded with pitfalls. For sion price is $40.) To get this price, cus- tensive use of the Rackspace public cloud example, will your public cloud provider’s tomers had to buy their tickets on the Six service. Besides its website and WordPress data service match the needs of your ap- Flags website. Both the blog and the blogging, Six Flags hosts three Face book plication? Will your provider have enough website are hosted on Rackspace’s pub- applications, email marketing cam paigns, network bandwidth to guarantee quality lic cloud service, where Six Flags uses and other “public” information there. service, or will it fluctuate widely when servers shared with other Rackspace cus- Rackspace’s public cloud has a multi- other users’ activities hog the bandwidth? tomers, pays based on usage, and can tenant infrastructure where customers pay informationweek.com Feb. 6, 2012 19 Previous Next 2012 STATE OF CLOUD SURVEY [COVER STORY]

Table of Contents by the hour. The cloud “has the flexibility to be Memorial Day, when it spiked to about 600 GB N.Y., post pictures of their families with Oakley, fired up quickly,” says Sean Andersen, director a day. To capitalize on these traffic cycles, Six the Timbertown bear, and then comment on of Six Flags’ interactive services. It’s easy to Flags must quickly get its message out about them. The goal is to attract more business as change things and bring in partners, he adds. new rides and attractions, then get as many at- visitors share their experiences on the appli- tendees as possible to repeat the message. cation. “We try to keep the excitement that What Works In The Cloud The public cloud provides the elasticity that a fans create going without hitting them over The company also uses Rackspace’s equip- seasonal business needs: When demand spikes the head to buy, buy more,” Andersen says. ment dedicated to Six Flags’ use, because it con- in the summer, the cloud supplier provides On its Facebook page, 2.5 million people have siders that more auditable, private, and secure. more servers to meet it. The cloud also allows clicked on the “like” button in a Facebook app Transactions, including ticket sales, accounting, frequent changes without taking the site down. that tells about each theme park. (That may be and back-office systems, as well as analysis of Much of Six Flags’ social marketing strategy because clicking on “like” is the only obvious sensitive business data, are kept at Six Flags’ relies on cloud computing. Getting people to way to get to information on the parks—but a own data center in Grand Prairie, Texas. Data that talk about events, such as the 50th anniversary couple million “likes” are worth something.) must be audited to meet compliance require- celebration, is deeply embedded in the com- Another Facebook application running in the ments and information that’s deemed sensitive pany’s strategy. One of Six Flags’ Facebook ap- cloud tells prospective customers about restau- to the $976 million-a-year public company’s plications running in the public cloud lets vis- rants, places to stay, and other attractions that business are kept out of the multitenant public itors to the Great Escape park in Queens bury, are near each theme park. By putting the Face- cloud and held either on its dedicated servers at book applications in the public cloud, Six Flags Rackspace or in its Grand Prairie data center. is able to drive large bursts of traffic to the main But the public cloud has been a boon for website without needing to expand its data marketing. Amusement parks are a highly sea- center, Andersen says. Six Flags CIO Michael Is- sonal business, so “marketing is our lifeblood,” rael and other top execs back the cloud and so- Andersen says. Business picks up in May and cial strategies, with Six Flags CEO Jim Reid-An- June as schools close, reaches a summer peak, derson’s name on the May 27 blog touting the and falls off, with a slight bump in October SkyScreamer, Dare Devil Dive, and ZoomAzon around Halloween. Falls additions to the parks this year. Last May, for instance, Six Flags started the Six Flags also finds it easier to share systems

month with about 300 GB of traffic per day. Traf- Six Flags uses cloud services to find out what its with partners using the public cloud. Last year fic increased slowly until the week leading up to [ customers really want from its parks and rides it did promotions with event producer Dick informationweek.com Feb. 6, 2012 20 Previous Next 2012 STATE OF CLOUD SURVEY [COVER STORY]

Table of Contents Clark Productions, which Six Flags co-owns, Six Flags IT out of the business of patching, ratings and reviews. Recently Yelp went further, and Coca-Cola and Discover Card. It did that maintaining, and upgrading Exchange. using Amazon’s EC2 online computing service by giving those partners access to specific “When Microsoft has a big fix, we don’t have running Elastic MapReduce to sort and manage public cloud systems, which would have been to deal with it,” Andersen says “We have more its increasingly large quantity of data. more difficult for systems in the Six Flags’ data pressing issues.” But for now Six Flags is stuck The 7-year-old company had 61 million center, where there are more barriers to bring- on an older version because its Exchange email unique site visitors a month in the third quarter ing in a new partner. is tied into other systems, including one for its of last year. Site visitors have generated 22 mil- Andersen wants to do more application de- BlackBerry users and an archiving system for lion reviews of local businesses, and the site pro- velopment in the cloud. So far only a small compliance. Six Flags IT has been too busy to duces several terabytes of data a day. portion of Six Flags’ app dev is done there. upgrade Exchange and its related systems. Yelp stores and analyzes its server log data “We still do 90% of development in Grand Overall, Six Flags proceeds cautiously with in Amazon S3, thus taking Yelp’s largest com- Prairie,” Andersen says. cloud services. It’s focused on the public cloud puting task and putting it in a cloud that can Hosted applications are an- for applications and uses, better adjust to fluctuating demand for stor- other area where Six Flags ex- from marketing to app devel- age and analytical processing. Doing so has pects to do more. Rackspace opment, that can benefit from freed internal resources to focus on its top pri- offers SharePoint 2010 as a the cloud’s elasticity. But rev- ority: supporting real-time, online user activ- multitenant application in its enue-generating and compli- ity, says VP of engineering Mike Stoppelman. Managed Hosting service, a ance-related apps will likely Yelp hosts its website in its own data center separate business from Rack- stay on-premises. in San Francisco. Its IT group concentrates on space Cloud. Six Flags runs its managing website traffic and improving site own version of SharePoint in- Amazon Rates With Yelp functionality to generate more traffic and en- house for business intelligence Yelp is a large-scale user of courage visitors to review and comment applications but relies on the Amazon Web Services’ S3 on- more. “That’s core to the business functions of Rackspace application for gen- line storage. By providing stor- Yelp,” Stoppelman says. eral business purposes. Ander- age that’s expandable on de- Yelp also is a big user of the Apache Hadoop sen would like Rackspace to mand, Amazon enables the distributed data processing platform for big become its hosted supplier of rapid growth of Yelp.com, data sorting. When a Hadoop job runs, it needs

Exchange 2010, as well. If that Yelp IT focuses on spurring user which serves up user-gener- multiple servers. No matter how big a company were to happen, it would get [input, not running systems ated content such as restaurant designs its Hadoop cluster, some developer informationweek.com Feb. 6, 2012 21 Previous Next 2012 STATE OF CLOUD SURVEY [COVER STORY]

Table of Contents will think of a job that exceeds it, Stoppelman says. However, Yelp developers don’t have a blank check to use as much Amazon computing power as they like. They must justify any use of Elastic MapReduce, using an Excel spreadsheet that shows the projected cost per hour of the job to developers and business managers. A typical job uses a 10- to 20-node cluster. “When we need to collect stats for an important meeting, when the CEO or COO has impromptu re- quests, we’re able to satisfy them,” Stoppelman says. “You’re not pre-empting another production system. All these folks who need resources don’t have to clob- ber each other as we launch these jobs.” Creating a large server cluster in-house from scratch would involve a three- to four-month procurement process, he says. Stoppelman was formerly technical lead of Google’s AdSense Traffic Quality team, where knowing which ads to present to which user was a critical skill. “I learned a lot of these lessons at Google,” he says. “I didn’t want Yelp to end up going through the same experience,” where various business units competed for the same internal resources. Using the public cloud is “game changing” for Yelp, Stoppelman says. For now it’s taking a limited approach to the services it uses. But it plans to raise money through a public stock offering and expand its use of Amazon S3 and Elastic MapReduce as business grows.

Write to Charles Babcock at [email protected]. informationweek.com Previous Next [STORAGE AREA NETWORKS] Table of Contents How To Write A

Storage SAN RFI RFI Storage IT teams are rethinking their storage and data architectures. Here’s how to gather the right information to guide decisions. By Kurt Marko

n our information-driven world, tiable consumption, but data capacity is only baseline expectation, but throughput in IOPS storage is voraciously consum- half the story. Networks for storage and data (input/output operations per second) is more ing IT budgets and staff time, with no sign of will be the next great enterprise upgrade important than ever. Get This And relief. Our 2012 InformationWeek State of wave. Architectures will be based on virtual- All this puts storage strategy teams in the All Our Reports IStorage survey found that 32% of respon- ization and private clouds, not discrete servers spotlight at IT budgeting sessions. Are you Our full report on writing a SAN RFI is free with registration. This dents actively manage more than 100 TB and local disks as they were in the past. The ready with a forward-looking plan? report includes: of data, and 24% are coping with growth proliferation of server virtualization means The IT equivalent of duct tape isn’t going > Our complete sample SAN RFI, rates in excess of 25% annually—a trajectory that application workloads are changing, af- to work, and many IT organizations are re- which can be adapted for a that doubles capacity requirements every fecting both the mode of storage access thinking their entire storage and data archi- midsize enterprise few years. Meanwhile, pundits are hailing (shared is in, direct attached is out) and per- tectures. Upgrades of this magnitude need > A sneak peek at 2012 State of Enterprise Storage data 2012 as the year of big data—as if that’s a formance demands (there’s much more high- to follow a well-thought-out, comprehen- good thing. speed server-to-array traffic). Databases need sive strategy that sets parameters for prod- Download It’s difficult enough to keep up with insa- lightning-fast access. Scalable capacity is a uct and vendor evaluations. Here’s how you informationweek.com Feb. 6, 2012 23 Previous Next [STORAGE AREA NETWORKS]

Table of Contents can make vendors address your specific Which Network Interfaces Do You Use On Your Storage Arrays? needs on your terms through a formal request process. 2012 2011 Gigabit Ethernet NAS 54% What’s Driving SAN Demand? 54% The changes buffeting enterprise storage Gigabit Ethernet SAN (iSCSI or FCoE) are reflected in our recent InformationWeek 39% 43% Data Center Convergence Survey, in which 4-Gbps Fibre Channel SAN 79% of respondents have deployed virtual 31% servers on production or test environments. 41% Consolidated application workloads, encapsu- 10-Gbps Ethernet SAN (iSCSI or FCoE) lated in virtual machines that are easily moved 24% 16% from system to system with the click of a 10-Gbps Ethernet NAS mouse—or even automatically in response to 24% changing user demand and hardware fail- 23% ure—render legacy environments based on 8-Gbps Fibre Channel SAN 22% direct attached storage impractical. While our 21% storage survey found that direct attached stor- age is still the most common deployment Data: InformationWeek State of Storage Survey of 313 business technology professionals in January 2012 and 377 in November 2010 model, a growing number of shops are turning This transition in storage topologies is no formal document, an RFI or RFP needs to to various storage area network technologies, doubt why IT teams have ambitious plans cover a standard set of topics and set some whether native Fibre Channel (FC) or Ethernet- around improving storage allocation and us- ground rules. Start by outlining your goals based alternatives such as iSCSI or FCoE. age efficiency. This transition is also why a re- and purpose. Are you just trying to gather Other big changes to consider include the quest for information or request for proposal background information, or is the request maturation of once esoteric (and costly) stor- is so important: Ask questions that get at the part of an established project with well-de- age technologies like solid state drives, dedu- heart of your storage needs, and you’re likely fined scope, budget, and schedule? For exam- plication, 10-Gbps Ethernet, and automated to be rewarded with some ideas you’d never ple, in the case of our sample SAN RFI, which storage tiering—features that sweeten the considered. is available in our free report, our mission is appeal of a wholesale storage refresh. Although it’s not a binding contract, like any purely to gather information; the described informationweek.com Feb. 6, 2012 24 Previous Next [STORAGE AREA NETWORKS]

Table of Contents storage architecture and requirements are how you use them, although it’s not unrea- >> Mandatory criteria: Include automatic based on a hypothetical midsize to large sonable for vendors to ask for a nondisclo- disqualifiers, such as whether FCoE must sup- enterprise. sure agreement before revealing forward- port a particular legacy FC switch. Lay out the scope of your request. Will the looking statements about road maps and Wrap up with a timeline: when responses unannounced products. are due, how long you’ll spend in evaluation, Clearly indicate how you expect responses when vendors can expect notification of your Big changes in the storage zeitgeist to be structured and your evaluation criteria. findings, and how you’ll act on the results. Be include the maturation of once For an RFP, specify evaluation categories and reasonable; don’t expect a 20-page response esoteric (and costly) technologies their priority or weighting. For example: in a week, otherwise you’ll just get marketing like SSDs, deduplication, 10-Gbps >> Technical capabilities: Address perform- brochureware. ance, capacity, scalability, virtualization sup- Typically an RFI will generate a short list of Ethernet, and automated tiering. port, efficiency, functionality. You may want to three or four candidates for a follow-on RFP, break technical criteria into subcategories fo- while with an RFP, the next step is detailed storage system be confined to a single data cusing on, say, raw performance and capacity contract negotiations with the top finisher. center, or will it span multiple sites and re- vs. features and functionality. mote offices? If you’re beyond the tire-kicking >> Operations and management: This in- Problem Statement stage and launching an actual implementa- cludes management software, legacy integra- The meat of a storage RFI is a description tion project, describe its timeline and the per- tion, ease of use, and software features. of your existing environment and require- sonnel involved. >> Vendor qualifications: Address quality of ments. For our sample RFI, we represented Set the terms, format, and ground rules for support, responsiveness, presales follow-up, the IT strategy of a hypothetical midsize the vendor’s response. The basics include and customer references. manufacturing enterprise called SmartCom- providing points of contact for submissions >> Financial: Factors include hardware pany as follows: “SmartCompany has ag- and questions and preferred methods of pricing, software licensing, hardware/soft- gressively embraced virtualization technol- communication, whether written (email) or ware maintenance, documentation and ogy and is rapidly migrating most of its via a scheduled conference call, and if infor- training fees, professional services and de- applications to a VM environment. Given mal media, like direct phone questions or ployment expenses, and hardware operat- that VMs rely on central, shared storage for IMs, are acceptable. Specify ownership and ing costs. operating system and application images, as confidentiality. Ideally, responses should be- >> Weightings: Attach importance to each well as hosted application data repositories, come your property with no restrictions on category. we are very interested in storage hardware informationweek.com Feb. 6, 2012 25 Previous Next [STORAGE AREA NETWORKS]

Table of Contents that is optimized for VM workloads. Storage Consolidation Plans “SmartCompany’s vision is to consolidate Have you consolidated, or are you planning to consolidate, storage into fewer, centrally managed systems? storage to our primary data center at the headquarters site, replicating to a secondary Don’t know disaster recovery facility at one of our man- 9% Yes, we’ve already consolidated ufacturing sites. At the same time, some of 25% the data files used in our manufacturing pro - cesses are quite large, and we seek to mini- No 17% mize the performance degradation of such Yes, we’re planning to do so in the next 12 months large data transfers over our WAN. Thus, we 18% are interested in systems that can provide both remote site replication, for business Yes, but there’s no specific time frame 31% continuity and disaster recovery, and branch- office caching to allow employees to access

local copies of data as often as possible.” Data: InformationWeek 2012 State of Storage Survey of 313 business technology professionals, January 2012 The request should list the major storage problems you’re trying to solve. Common is- models, their installed capacities, and net- as the type of access-layer switches; 10-Gbps sues include explosive data growth rates, work interfaces); server software environ- Ethernet usage; and, if applicable, type of SAN problems unique to virtualization like server ment (rough breakdown by operating sys- switches. Be specific so vendors can give a rel- and disk image sprawl, limited staff, lack of tem and hypervisor); and network and evant, tailored response. If you have deployed storage and SAN expertise, physical limits on systems management software. For exam- (or plan to) 10-Gbps Ethernet, ask the vendor floor space and energy use, and a tight imple- ple, does your company use vendor-sup- to provide a converged network design. The mentation timeline. plied tools for each storage system, or have response details may include everything from Next, enumerate your existing storage you tied arrays and the SAN fabric into a a native Ethernet iSCSI proposal to a hybrid platforms and operating environment, comprehensive, third-party systems man- FCoE/native FC design. highlighting the equipment you will retain agement platform? The description should also outline your and that thus must be integrated with any The network is a SAN’s nervous system, so service availability requirements and how new system. Include your storage, network, go into some detail on your existing Ethernet your current data center network and system and server hardware (including equipment LAN and FC SAN (if any), covering such areas architecture address equipment failures and informationweek.com Feb. 6, 2012 26 Previous Next [STORAGE AREA NETWORKS]

Table of Contents facility-wide outages; go into some detail on might want the vendor to quote a couple of formance specs. While overall performance your redundancy, backup, and disaster re - options, like one using SSDs and one using a across vendors is less variable than it once covery strategy. wide stripe of high-performance HDDs. Alter- was, it’s still an important factor, particularly natively, if one of your challenges is dramatic I/O throughput. Unfortunately, this is an easy Must-Haves growth in rich-media content, ask about fea- category for vendors to game, so ask for re- After describing your existing IT ecosystem tures to automatically store data on the most sults from the Storage Performance Council’s and outlining your goals and challenges, drill efficient storage tier (auto-tiering). Ask ven- SPC Benchmarks. into more detail about what you want in a dors to break these upgrades out from the You can’t write a comprehensive SAN SAN. Don’t feel obligated to provide a fully de- base quote. proposal in a vacuum. It must be devel- signed storage architecture. You want to leave The storage industry has gone through sev- oped within the context of an overall en- enough freedom so that vendors can cre- eral rounds of vendor consolidation, leaving a terprise application and information man- atively apply their strongest products to your handful of major players—Dell, EMC, Hitachi, agement strategy. Dwindling storage overall needs and not so over-specify that you Hewlett-Packard, IBM, NetApp—fighting for capacity is a real crisis, and IT shouldn’t eliminate many of the candidates—an unin- the same customers. This translates into prod- waste this opportunity by just plugging tentional form of vendor bias. But don’t force uct lines that have a lot in common, particu- holes. Instead, use the data and virtualiza- vendors to be mind readers, since they’ll likely larly in terms of basics such as capacity, per- tion surge as a chance to re-evaluate both interpret any ambiguities in ways that favor formance, and reliability. So don’t expect to enterprise storage and content manage- their own products. separate vendors on specs and feature check- ment strategies. Express requirements in abstract, concep- lists alone. Develop specific questions that To craft an effective SAN RFI or RFP, you tual terms, not speeds and feeds. Concentrate zero in on new and emerging challenges, like must first be very clear on which data set on system-level performance, array and man- coping with virtualization, optimizing storage must be actively managed (and for how agement features, resiliency, scalability, and efficiency, and lowering energy use. Your goal long) and which applications will be virtual- power efficiency. is to probe the technical boundaries, identify ized (and thus, reliant on networked stor- If you have business-critical applications features that address current and future age). When it comes to vendor requests, up- that have special storage needs, describe needs, and ultimately gather enough detail to front thought and planning translate into them. For example, maybe there’s a legacy differentiate vendors. better, more useful responses. database that can’t be virtualized and has Areas to drill into with specific questions in- high IOPS requirements. Particularly in the clude standards support, management soft- Kurt Marko is an IT pro with broad experience, from chip case of high throughput requirements, you ware, operational costs, warrantees, and per- design to IT systems. Write to us at [email protected]. informationweek.com Feb. 6, 2012 27 Previous Next ADVISORY BOARD Jerry Johnson Steve Phillips CIO Senior VP and CIO Table of Contents Print, Online, Newsletters, Events, Research Dave Bent Pacific Northwest National Avnet Laboratory Senior VP and CIO M.R. Rangaswami United Stationers Kent Kushar Founder Rob Preston VP and Editor In Chief Stacey Peterson Executive Editor, Quality Robert Carter VP and CIO Sand Hill Group E.&J. Gallo Winery [email protected] 516-562-5692 [email protected] 516-562-5933 Executive VP and CIO Manjit Singh FedEx Carolyn Lawson CIO John Foley Editor Lorna Garey Content Director, Reports Michael Cuddy CIO Las Vegas Sands [email protected] 978-694-1681 Oregon Health [email protected] 516-562-7189 VP and CIO David Smoley Toromont Industries Authority Fritz Nelson VP and Editorial Director CIO Chris Murphy Editor Laurie Douglas Jason Maynard Flextronics [email protected] 949-223-3608 Managing Director [email protected] 414-906-5331 Senior VP and CIO Ralph J. Szygenda Publix Super Markets Wells Fargo Securities Former Group VP and CIO Art Wittmann VP and Director, Reports Eric Lundquist VP and Editorial Analyst, InformationWeek Business Technology Network Dan Drawbaugh Randall Mott General Motors [email protected] 408-416-3227 Former Sr. Exec. VP and CIO [email protected] 978-289-7306 CIO Peter Whatnell University of Pittsburgh Hewlett-Packard CIO Laurianne McLaughlin Editor In Chief, David Berlind Chief Content Officer, TechWeb Medical Center Denis O’Leary Sunoco InformationWeek.com [email protected] 978-462-5315 Former Executive VP [email protected] 516-562-7009 Chase.com READER SERVICES InformationWeek.com The destination for UBM TECHWEB UBM LLC NetworkComputing.com breaking IT news, and instant analysis REPORTERS CONTRIBUTORS INFORMATIONWEEK.COM Networking , Communica- Tony L. Uphoff CEO Pat Nohilly Sr. VP, Strategic tions, and Storage Doug Henschen Executive Editor Michael Biddick [email protected] Electronic Newsletters Subscribe to Paul Travis Managing Editor John Dennehy CFO Development Mike Fratto, Editor Enterprise software InformationWeek Daily and other newsletters at Michael A. Davis [email protected] [email protected] 516-562-5217 David Michael CIO and Business Administration [email protected] informationweek.com/newsletters/subscribe.jhtml [email protected] 201-660-8467 Jonathan Feldman [email protected] Roma Nowak Senior Director, Scott Vaughan CMO Marie Myers Sr. VP, InformationWeek Events Get the latest on our live events and Net Charles Babcock Editor At Large Randy George [email protected] Manufacturing events at informationweek.com/events Online Operations and Production David Berlind Government Open source, infrastructure, virtualization Michael Healey [email protected] [email protected] 516-562-5274 Chief Content Officer, INFORMATIONWEEK John Foley, Editor Reports reports.informationweek.com [email protected] 415-947-6133 Kurt Marko [email protected] TechWeb, and Editor in [email protected] for original research and strategic advice Tom LaSusa Managing Editor, Chief, TechWeb.com VIDEO Thomas Claburn Editor At Large InformationWeek How to Contact Us Newsletters informationweek.com/video Security, search, Web applications EDITORS Ed Grossman Executive VP, Healthcare informationweek.com/contactus.jhtml [email protected] InformationWeek Business [email protected] 415-947-6820 Jim Donahue Chief Copy Editor Fritz Nelson Executive Paul Cerrato, Editor Technology Network Editorial Calendar informationweek.com/edcal [email protected] Jeanette Hafke Web Production Manager Producer [email protected] Paul McDougall Editor At Large Martha Schwartz Executive Back Issues [email protected] [email protected] InformationWeek SMB Software, IT services, outsourcing VP, Group Sales, E-mail: [email protected] ART/DESIGN Joy Culbertson Web Producer INFORMATIONWEEK Technology for Small Phone: 888-664-3332 (U.S.) [email protected] InformationWeek Business and Midsize Business 847-763-9588 (Outside U.S.) Mary Ellen Forte Senior Art Director [email protected] Technology Network BUSINESS Marianne Kolbasuk McGee Senior Writer TECHNOLOGY Paul Travis, [email protected] rector, Joseph Braue Sr. VP, Reprints Wright’s Media, 1-877-652-5295 IT management and careers Nevin Berger Senior Di NETWORK Site Editor Associate Art Director User Experience Light Reading Web: wrightsmedia.com/reprints/?magid=2196 [email protected] 508-697-0083 Sek Leung [email protected] Email: [email protected] [email protected] [email protected] Communications Network DarkReading.com Security Dr. Dobb’s J. Nicholas Hoover Senior Editor Beth Rivera Senior VP, List Rentals Merit Direct LLC Steve Gilliard Senior Director, Tim Wilson, Site Editor The World of Software Email: [email protected] Government IT, cybersecurity, INFORMATIONWEEK REPORTS Human Resources Web Development Development Phone: (914) 368-1083 federal IT policy [email protected] reports.informationweek.com [email protected] John Ecke VP of Brand and Andrew Binstock, Media Kits and Advertising Contacts [email protected] 516-562-5032 Product Development, Editor In Chief Art Wittmann VP and Director createyournextcustomer.com/contact-us Andrew Conry-Murray Senior Editor Please direct all inquires to reporters InformationWeek Business [email protected] [email protected] 408-416-3227 Technology Network Letters to the Editor Email Information and content management in the relevant beat area. [email protected]. Include name, title, com- [email protected] 724-266-1310 Lorna Garey Content Director, Reports Fritz Nelson VP and pany, city, and daytime phone number. [email protected] 978-694-1681 Copyright 2012 UBM LLC. All rights reserved. Editorial Editor, Eric Zeman InformationWeek Business Subscriptions Heather Vallis Managing Editor, Research Web: informationweek.com/magazine Mobile and Wireless Technology Network, and Email: [email protected] [email protected] [email protected] 508-416-1101 Executive Producer, Phone: 888-664-3332 (U.S.) TechWeb TV 847-763-9588 (Outside U.S.) informationweek.com Feb. 6, 2012 28 Previous Next

Table of Contents Business Contacts

Executive VP of Group Sales, Account Executive, Kevin McIver MARKETING UBM TECHWEB InformationWeek Business Technology Network, (212) 600-3036, [email protected] VP, Marketing, Winnie Ng-Schuchman Tony L. Uphoff CEO Martha Schwartz (631) 406-6507, [email protected] Inside Sales Manager East, Ray Capitelli John Dennehy CFO (212) 600-3015, [email protected] (212) 600-3045, [email protected] Director of Marketing, Angela Lee-Moll David Michael CIO Sales Assistant, Salvatore Silletti Sales Assistant, Bill Myers (516) 562-5803, [email protected] (212) 600-3327, [email protected] Scott Vaughan CMO (212) 600-3163, [email protected] Senior Marketing Manager, Monique Kakegawa SALES CONTACTS—WEST Strategic Accounts (949) 223-3609, [email protected] David Berlind Chief Content Officer, TechWeb, and Editor in Chief, TechWeb.com Western U.S. (Pacific and Mountain states) District Manager, Mary Hyland AUDIENCE DEVELOPMENT and Western Canada (British Columbia, (516) 562-5120, [email protected] Ed Grossman Executive VP, InformationWeek Alberta) Director, Karen McAleer Business Technology Network Account Manager, Tara Bradeen (516) 562-7833, [email protected] Western Regional Director, JohnHenry Giddings (212) 600-3387, [email protected] Martha Schwartz Executive VP, Group Sales, (415) 947-6237, [email protected] Subscriptions: informationweek.com/magazine InformationWeek Business Technology Network Account Manager, Jennifer Gambino Email: [email protected] Sr. VP, Light Reading Strategic Account Director, Mark Glasner (516) 562-5651, [email protected] Phone: (888) 664-3332 (U.S); Joseph Braue (415) 947-6245, [email protected] Communications Network Account Executive, Elyse Cowen (847) 763-9588 (outside U.S.) Account Manager, Kevin Bennett (516) 562-3051, [email protected] Beth Rivera Senior VP, Human Resources (415) 947-6139, [email protected] ADVERTISING AND PRODUCTION Account Executive, Kathleen Jurina John Ecke VP of Brand and Product Development, Account Manager, Ashley Cohen (212) 600-3170, [email protected] Publishing Services Manager, Lynn Choisez InformationWeek Business Technology Network (415) 947-6349, [email protected] (516) 562-5581 Fax: (516) 562-7307 Sales Assistant, Michelle Freeman Fritz Nelson VP, Editorial Director, Account Executive, Silas Chu (212) 600-3157, [email protected] MAILING LISTS InformationWeek Business Technology (415) 947-6330, [email protected] Network, and Executive Producer, TechWeb TV MeritDirect LLC (914) 368-1083 SALES CONTACTS—NATIONAL Account Executive, Rose Lin [email protected] UBM LLC (415) 947-6157, [email protected] Dr. Dobb’s REPRINTS AND RIGHTS Pat Nohilly Sr. VP, Strategic Development and Business Strategic Accounts Sales Director, Michele Hurabiell Admin. (415) 378-3540, [email protected] For article reprints, e-prints, and permissions, please Account Director, Sandra Kupiec contact: Wright’s Media, (877) 652-5295, Marie Myers Sr. VP, Manufacturing Account Executive, Shaina Guttman (415) 947-6922, [email protected] [email protected] (212) 600-3163, [email protected] Sales Manager, Vesna Beso Back Issues Phone: (888) 664-3332 (U.S.); (415) 947-6104, [email protected] SALES CONTACTS—MARKETING (847) 763-9588 (outside U.S.) Account Executive, Matthew Cohen-Meyer AS A SERVICE Email: [email protected] (415) 947-6214, [email protected] Director of Client Marketing Strategy, Jonathan Vlock BUSINESS OFFICE SALES CONTACTS—EAST (212) 600-3019, [email protected] General Manager, Marian Dujmovits Midwest, South, Northeast U.S. and Eastern Canada Director of Client Marketing Strategy, (Saskatchewan, Ontario, Quebec, New Brunswick) Julie Supinski EDITORIAL OFFICE District Manager, Jenny Hanna (415) 947-6887, [email protected] (Fax) 516-562-5200 (516) 562-5116, [email protected] UBM LLC District Manager, Michael Greenhut SALES CONTACTS—EVENTS 600 Community Drive (516) 562-5044, [email protected] Senior Director, InformationWeek Events, Manhasset, N.Y. 11030 (516) 562-5000 Robyn Duda Copyright 2012. All rights reserved. District Manager, Cori Gordon (212) 600-3046, [email protected] (516) 562-5181, [email protected]

informationweek.com Feb. 6, 2012 29