HP Innovation for the Financial Sector

The HP Financial Advisor HP innovation for the financial sector

What’s Inside

In the News ...... 2 Letter from the Editor ...... 2 EDS Merger ...... 4 HP CEO View ot IT ...... 6

Reduce Costs ...... 7 Greening the Data Center ...... 7 Transformation and Virtualization ...... 14

Mitigate Risk ...... 26 Security, Operations and Governance ...... 26

Revenue Growth ...... 34 Business Intelligence ...... 41 Payments ...... 43

Drew Caola Editor in Chief David Keith Contributing Editor Betsy Walton Contributing Editor Letter from the Editor

Drew Caola, VP of Sales and General Manager, Financial Services Industry Strategic Accounts, is responsible for HP’s strategic accounts in financial services. Drew has been with HP since 1984, in a variety of services and sales manage - ment positions. Before joining HP, he worked for Arthur Andersen & Company.

Dear Reader,

We’ve certainly witnessed some interesting events recently. Congressional rescue plans and market volatality are adding to the unrest in our country.

On top of all the upheaval, chief information officers (CIOs) at financial services firms still need to focus on improving return on investment (ROI), mitigating risk, improving performance, increasing agility, and facilitating regulatory compli - ance—all of which will involve the effective use of information technology. HP is a leading provider of Many financial services companies are undergoing significant shifts in revenue sources, particularly in the capital infrastructure products, solu - markets and consumer banking areas. They need the right information to better understand the needs of customers and markets so they can cross-sell products and services. And of course everyone is trying to figure out how to drive higher tions and services for the quality and greater profits by more effectively automating processes. financial services industry (FSI). We focus on three key HP is a leading provider of infrastructure products, solutions and services for the financial services industry (FSI). We focus on three key markets—banking, capital markets and insurance—with a significant worldwide presence in all of the markets—banking, capital largest banks, brokerage firms, and insurance carriers, and every major stock and commodities exchange. Our job as a markets and insurance— technology and services provider is to help companies reduce costs, mitigate risk, increase efficiency, and deliver with a significant worldwide greater customer value. presence in all of the largest The reason so many FSI customers rely on HP is because we’re so focused on applying our technology expertise to your banks, brokerage firms, and business problems. We’re helping CIOs solve key business challenges by leveraging the wide breadth of our products insurance carriers, and and services in combination with our valued channel partners. In this premier edition of the HP Financial Advisor, we’re every major stock and com - pleased to present our efforts at helping you explore technology and services options for your company. Here’s a brief modities exchange. sampling of what you’ll find inside: When EDS speaks... Over the past year, HP has made a number of acquisitions, in both our business technology and business information areas, EDS being the most recent example. On page 4, you can read our interview with Mark DeBenedictus, EDS’s Vice President for the financial sector. Mark has plenty to say about how EDS is helping customers address business challenges, and he also shares his thoughts on future market trends and how technology will help both address the current financial crisis and prevent its recurrence.

Page 2 — The HP Financial Advisor Greening the data center If you’ve been in contact with HP recently, then you’ve probably heard about our own data center transformation. It was a huge undertaking, and a very successful one, I might add. We’ve learned a lot, and now we’re using those lessons to help companies of all sizes achieve the benefits of transformation, including how to use green technologies to achieve major cooling and energy cost savings and rapid ROI. You can read about it in our Greening the Data Center section. HP is helping companies Transformative reading with data center transforma - You’ll also find out how HP is helping companies with data center transformation and virtualization, in articles such as tion and virtualization. Learn How Virtualized are You? and The Storage Virtualization Story. Learn how we’ve joined forces with a number of ISV partners to help our customers virtualize solutions and modernize applications, to help achieve a more robust and how we’ve joined forces with efficient enterprise. Of course part of transformation is making sure your data center is secure and compliant, so don’t a number of ISV partners to miss HP Helps Financial Institutions Defend Against Web Attacks With New Application Security Offerings, and help our customers virtualize Musings on Web App Security. solutions and modernize Intelligence you can use applications, to help achieve Business intelligence (BI) is another topic of significant interest for our customers, and it’s easy to see why: BI can help a more robust and efficient companies master the increasingly vast amounts of available information and grow their businesses by mining the infor - enterprise. mation for useful intelligence. That’s what business intelligence is all about—turning raw data into useful information. Companies that succeed in the BI arena become more competitive, increase revenues, and understand customers better. Read about it here, in articles such as Data, Data Everywhere and The Future of EDW.

You’ll also find plenty of interesting reading for individuals in banking, capitol markets or insurance, along with specialty topics like radio frequency identification (RFID) and how it will impact the financial services sector. There’s something for everyone, and if your company relies on information technology, you’re sure to discover some interesting nuggets.

I’d like to thank you for your interest in The Financial Advisor. I hope you find it interesting and relevant, and I invite you to contact me or your HP sales representative with any questions or comments you might have.

Best regards,

Drew

The HP Financial Advisor — Page 3 A conversation with Mark DeBenedictus from EDS an HP company

Mark DeBenedictus knows his way plus financial services clients, including their customers in this “always on” envi - around information technology for the nine of the top-ten global financial serv - ronment. And three: by simplifying their financial services industry. In his current ices firms. We originate more than one environments. We have capabilities that role as Vice President of U.S. Financial million loans for more than 20 financial enable companies to unlock their legacy Services for EDS, he’s responsible for services companies. We handle 45 mil - environments, creating “speed-to- driving growth across banking, insurance, lion credit card accounts and 1.3 billion market.” We’ve seen where we can and capital markets, overseeing strategy credit card transactions in 18 countries, reduce test and development time in half and go-to-market plans in Canada, Mex - and we service more than 2 million con - by introducing major changes in these ico, and the U.S. sumer loans. We’re one of the top three environments. In his 25 years with EDS, Mark has processors of outsourced mortgage HPFA: What types of solutions is EDS EDS supports spent 17 years working in the financial loans, servicing more than 2 million offering within your primary segments— and insurance services industries. He existing loans and originating more than banking, capital markets, insurance, 200-plus financial has led all lines of business and delivery 500,000 new loans. We provide servic - and professional services? es and systems for more than 10 million components: credit processing BPOs, MD: There are three areas of focus that services clients, insurance policies. Every year, EDS large transformation and application we provide in these segments. We deliv - processes 1.5 billion checks and 100 including nine of projects, account management and new er network services solutions that help million remittance transactions and 83 business development, and, most recent - clients transition and consolidate dispute million ACH transactions. To put all this the top-ten global ly, delivery of all existing accounts in networks, and move to a digital in perspective, EDS touches one-in-five Australia and New Zealand focused on backbone. We provide a host of specific households in the U.S. through our net - financial services financial services, across all lines of busi - application development and testing work of services. firms. ness and industries. services that require domain expertise; The HP Financial Advisor (HPFA) caught HPFA: How is EDS helping its customers for example, we’re currently developing up with Mark recently to find out how in the U.S. address their business chal - a state-of-the-art portal for a client that EDS is helping the financial services lenges? we believe is game-changing in the industry face current and future MD: There are three key ways that we’re insurance industry. And, finally, we’re challenges, how the company is using helping our clients succeed in today’s focusing on bringing our Financial SOA to enable powerful new capabili - market. One: by reducing cost, which Services Industry Service Oriented Archi - ties, and to learn about the role of we do by bringing to bear best-in-class tecture to lethargic environments that technology in preventing future sub- services and leveraging our investments. exist in this market. prime mortgage crises. We can usually find a 20 percent cost HPFA: Does EDS offer any line-of- HPFA: Why don’t we start out with a efficiency in key offerings. Two: by business applications for things like high-level overview of EDS’s business? increasing quality; our capabilities can credit fraud detection? drive outage reductions and provide MD: Sure, let me just throw out a few MD: Good question. We actually do—in end-to-end stability. This allows our numbers to give you an idea of the scale two different dimensions—through our clients to eliminate idle time and service of what we’re doing. EDS supports 200- alliance embedded in our services, and

Page 4 — The HP Financial Advisor in specific market niches where we like ours. Our deep process and techni - provide reliable information to investors. level of information, they probably believe we have a competitive cal knowledge of securitization, trust HPFA: So you think one of the problems would have had a different point of view advantage. For example, in commercial reporting, and regulatory requirements was that some of the information just for that investment. and life insurance with our EDS puts us in a unique position. Guarding simply wasn’t there? HPFA: Do you anticipate that if the SOLCORP entity. against fraud will take more data MD: Yes, absolutely. If you think about capability you described is perfected, storage, more real-time analysis, and HPFA: What are some of the major what caused the problem, it’s similar to it’ll successfully evaluate risk by taking new checks and balances. We can do trends impacting financial services in the the reinsurance loop: the process got so those outside-the-industry factors into all of these things and thus add a lot of near-to-medium term? complicated that people were offering play? value to this market for investors and MD: This year, 2008, the first of 78 mil - risk and no data to support it. It became MD: Yes, when investors want to buy a financial institutions. lion baby boomers are turning 62, and a blind acquisition of risk. Because that CDO—collateralized debt obligation— the number of people age-60 and over HPFA: Looking at last year’s sub-prime information wasn’t there, they took they’ll know in great detail what they’re will increase by 55 percent over the next mortgage meltdown, do you see tranches—parts of the interest rate— buying. So what will happen when 20 years. The major issue our clients will technology playing a role in preventing and sold them, and it became so far someone tries to sell a CDO that’s face is that this population will want that from happening again? removed from the actual asset, there was based on extremely risky sub-prime open access to security and planning MD: Yes, I do. One way technology can no way to see what kind of risk was mortgages is that no one will buy them. tools. Reliable networks that can deliver help is by providing the capacity to involved. Eventually, after about twenty Because right now, what’s happened is data and capabilities on demand will access data that wasn’t there before. different companies portioned that out that nobody can buy anything, so you be key. All of this plays well to EDS’s The thoroughness and the robustness of and the financial instrument got back to see Fannie and Freddie as 70 to 80 per - strengths given that innovation in these the data you’re going to have to capture the pension funds, there was a lot more cent of the mortgage business out there types of products and processes mean will require more storage and more risk in them than was being communicated . today, where they were only purchasing more multi-sourcing and integration, and infrastructure to cool that storage. Anoth - So let’s say, if there were data available 40 to 50 percent prior to this meltdown. that’s where we come in. er way has to do with parsing the data that said that property A, which is part No one will buy even the good stuff HPFA: There’s been some very grim in totally different ways. That’s the only of security B, is located in Michigan, because no one knows how to decipher economic news these past few weeks— way investors can get the information and the auto industry is having it anymore. If you want to start charging how is EDS addressing some of the they need to make appropriate problems, then there’s an additional higher interest rates, people are going trends around that? decisions based on an accurate view of level of risk that’s going to come into to want to get back in the market, but the overall risk involved. So technology play. Then you would know that real risk only if they can get visibility. And that’s MD: Well, the credit crisis will certainly firms will need to bring faster storage you held and possibly all others who where technology providers and create significant market dynamics capabilities into play, along with better share that risk with you in some way. If enablers like us will play a big role. through 2008 and 2009, and there will applications to process the data and investors would have had access to that also be significant opportunities for firms

The HP Financial Advisor — Page 5 HP: The CEO’s view of IT Mark Hurd’s Advice — IT Is An Investment By Laurie M. Orlov, Forrester Group with Merv Adrian and Bo Belanger

In a recent contacted 800 million times per year Mark’s Advice To CEOs—Deceptively shutting down applications—the hubs keynote for support, service, or help; and has Simple determined which data centers closed address to 160,000 people facing customers. He Mark firmly denied that HP is an exam - down first.” He noted: “We are just at industry translated that scale into units: “We ple of a turnaround—instead, he the crest of our CapEx beginning to analysts, Mark ship three printers every second, two believes that it is a transformation story decline.” Hurd, CEO PCs every second, and one server and still a work in progress. His actions of Hewlett every 11 seconds.” So tiny changes and advice: Packard, have huge impacts. Half a percent • Hire the right CIO. Shortly after his surprisingly improvement can equate to hundreds arrival at HP, he hired former Dell CIO focused a sub - of millions of dollars. Randy Mott to run HP’s global IT stantial portion of his remarks on the • IT complexity mirrored business com - organization. He was quick to point efforts underway at HP to transform plexity. Mark was blunt about his out that Randy previously had spent each of the dimensions of HP’s IT: what reaction to IT when he arrived at HP: 22 years at Wal-Mart where he devel - technology the firm uses, how technolo - “We were spending substantially more oped a reputation for efficiency and gy is used across the firm, and the than the industry average IT cost per was particularly noted for helping with management of the IT organization. He employee and growing IT spend at Wal-Mart’s supply chain automation. believes that HP wants much of the same between 5% to 6% per year, with the Said Mark: “Most CEOs struggle to from its own IT that its customers want maintenance/operations percent of trust the CIO. Their firms have figured from their IT, which includes driving total spend in the range of 70%.” And out how to work around system Accelerate maintenance as a percentage of IT where was the spending going? “We processes—but you must have a CIO spend from 70% to 20%, halving IT cost, had 85+ data centers in 29 countries, whom you trust to stay the course with providing instant access to information between 3,500 and 5,000 applications, the process changes you need.” your across the corporation, lowering risk, 21,700 servers, and 762 data marts— • Set straightforward business objectives and producing a measurable suite of stuff everywhere.” He joked that when for IT. Mark stated that he gave Randy products along the way. Although the someone entered a query, it triggered a “simple” set of objectives when he business. HP IT transformation is a work in the world’s largest telecom bill. progress, every firm can benefit from came onboard: “1) Lower the cost of IT • “The world doesn’t stop for IT to catch Mark’s advice. significantly and materially and have it up.” Mark noted that the firm process - show up on my P&L; 2) I need better Although CEOs and CIOs aren’t always es 50 million line item orders per year information, so integrate across the on the same page in terms of communi - and generated $12 billion of growth in service, supply, and customer part of cation and expectations of IT, some the last two years. Despite the substan - our organization—we can’t have 700 CEOs see the potential quite clearly. HP tial IT spend and its 5% to 6% growth, slices of data; 3) I can’t have HP CEO Mark Hurd, speaking at the HP the firm was underspending in capital. break while you do this; and 4) do it Technology Services Group Industry So for him, the question was how to all with HP technology and technology Analyst Summit in Boston, provided a streamline, simplify, and absorb the from our partners.” In addition, Randy context for why it is so important to growth. He believed the firm had to has a scorecard that measures conver - streamline, simplify, and absorb the spend money to save money and capi - sion of IT initiatives into products for growth at HP through smarter IT: tal spending had to go up. “I would HP services that yield revenue. • Business scale and growth—and recommend this to any CEO—you • Spend money to save money. Mark’s therefore opportunity—are staggering. have to have the courage to go to the IT transformation, planned and driven HP’s CEO outlined a few of the basic investment base and tell them ‘I am by Randy, was mapped over a three- facts about HP’s business today that going to raise CapEx (capital expendi - year period, showing how capital help place what the CIO is doing into ture) with a strategic objective to lower spending would go up—and then context: He noted that the firm sustained operating expense over down. As he noted, “We had to build approaches $100 billion in revenue; is time.’” the data centers before closing any doing business in 179 countries; is [and] create application hubs before

Page 6 — The HP Financial Advisor Reduce Costs Greening the Data Center Environmental focus is good for business HP adding business value by helping to preserve the environment By Patsy Koetting Whether you call it environmental respon - Data center electricity usage in the U.S. • Support higher rack operating tempera - Various plastics and metals recovered from sibility, corporate citizenship or “going has more than doubled since 2000—now tures due to quick response times; and HP’s recycled products have been used to green”—as much of the media have accounting for more electricity per year • Operate fewer computer room air condi - make a range of new products, from auto coined it—one thing is clear: More and than all the television sets in the country tioners. body parts to plastic toys to fence posts to more IT companies are joining the move - combined. What’s frightening for many roof tiles. What’s more, last year, HP On the individual consumer product level, ment. In today’s highly competitive companies is that in the near future it will released the rp5700 Long Lifecycle HP has introduced products such as the marketplace, more and more enterprises cost more to power and cool a server over Business Desktop PC, made with as much dc5700, dc5750 and dc7700 desktop are realizing the financial benefits of its lifetime than it will cost to buy the server as 95 percent of recycled components. PCs, which offer configuration options to reducing energy use, a large and growing itself. use as little as half the energy of standard The business case expense. Companies are looking at energy One result of these ultra-intensive power computers. While there are a number of reasons why efficient IT products and solutions as a way consumption levels will be lower profits for conserving energy and reusing products Through energy-efficient projects, including to reduce costs and their environmental the companies and further depletion of makes good business sense, the most data center consolidation and using our impact. In fact, CEO Mark Hurd recently natural resources. In fact, HP scientists esti - straightforward example is that more and own energy-efficient products and solutions, declared, “Environmental responsibility is mate business technology consumes more more customers are requiring it. HP reduced our energy use by 27 million good business. We’ve reached the tipping than 400 million tons of coal and Translation: If you don’t play by our rules, kWh/year ($1.9 million) in 2006. The point where the price and performance of produces 864 million tons of CO2 green - you’re not invited to our game. For exam - company’s overall goal is to reduce its IT are no longer compromised by being house emissions each year. To counter this, ple, governments as well as enterprise global energy use by 20 percent below green, but are now enhanced by it.” HP has developed ways to use less power customers increasingly depend on eco- 2005 levels by 2010. Indeed, HP’s achievement in the environ - to both preserve resources and save labels, such as ENERGY STAR, as mental space is not going unnoticed. money—for Remarkable reuse and recycling standards for purchasing environmentally HP’s product reuse and recycling program In a recent Manufacturing Business Tech - itself and its customers. As a result, HP has responsible products. has long been renowned among the indus - nology article titled, “HP proves being introduced a suite of products and services “If we didn’t have products that meet the try’s best. HP offers customers several green makes good business sense,” Con - to reduce energy use from the desktop to criteria, we would be excluded from these choices to manage aging or unwanted tributing Editor Cole Ollinger summarizes the data center. markets,” said Tiernan. “That would not computers while also minimizing the HP’s leading environmental positions, not - One example is HP Dynamic Smart Cool - make good business sense.” impact on the environment. ing the company’s desire to not only gain ing (DSC) technology, which enables stature among the world’s greenest compa - customers to change their data center ener - “We feel it’s our duty as a business that’s nies, but also to cut energy consumption gy costs from a fixed to a variable cost. both environmentally conscious and by 20 percent while expanding its indus - This results in significant increases in IT bottom-line conscious to provide services try-leading product reuse and recycling scaling headroom and more efficient data for product reuse and recycling,” Tiernan programs. centers. DSC allows companies to: says. “The bottom line is that if there is In 2006 alone, HP recycled value to the product, we will buy it back. “HP sees its green efforts not just as fodder • Reduce cooling costs by 24-40 percent; the equivalent weight If not, we will recycle it.” for the annual report, but as critical to vari - • Ensure automatic re-tuning if changes or of more than 600 jumbo air - HP reuse and recycling services are avail - ous parts of its diverse business, including disturbances threaten air-conditioning able in more than 50 countries, regions liners globally— hardware and IT services,” Ollinger writes. reliability; “From product and packaging design, to and territories. In fact, last year, the a 16 percent increase manufacturing and the supply chain, to program became the industry’s first to over 2005. reuse and recycling programs and market - reach the milestone of 1 billion pounds of ing, HP uses green initiatives to cut costs recycled electronics, and HP expects to and gain market share.” recover (reuse and recycle) another billion pounds of materials by 2010.

The HP Financial Advisor — Page 7 HP Labs advances sustainable IT with new research projects

HP has new research initiatives from project will enable companies to dras - efficient than what is on the market HP Labs, the company’s central tically reduce the amount of electricity today and will save companies multi - research arm, aimed at developing consumed in the data center. ple gigawatts of power annually, thus new technologies and business models driving down IT costs. The photonic Under the leadership of Chandrakant that leave a lighter carbon footprint. interconnects, which range in distance Patel, HP Fellow and Director of the from 100 meters to 100 nanometers, Initially, HP Labs will focus its research Sustainable IT Ecosystem Lab, also enable more flexible system con - in sustainability on three major researchers will study how energy is figurations that can be quickly projects, including: an industry-first ini - used and managed for the entire life - redeployed based on business needs. tiative to reduce the carbon footprint time of a data center, from its design, of data centers by 75 percent; ground - synthesis, operation and end-of-life for New approach for modeling and breaking research to replace copper its components. The research team, measuring energy and material use wiring in servers with laser light which includes computer scientists, HP Labs also introduced a new beams; and tools for measuring and materials scientists, physicists, and project, to be led by Patel, focused managing the amount of energy used mechanical and electrical engineers, on developing a set of tools that can to develop products. will use this information to develop model, predict, measure and manage data center technologies that achieve the environmental impact of product Sustainability is one of five major a massive reduction in resource manufacturing, supply chains and research themes of the newly consumption while maintaining business processes. “HP Labs will lead the redesigned HP Labs, which recently performance, reliability and uptime refocused its efforts to address the HP will develop software and services industry in developing requirements. most complex challenges facing tech - tools to measure and manage key the technology that could nology customers in the next decade. HP expects this research to open up environmental impact metrics, such as new markets for its business by extend - carbon emissions, total energy usage dramatically reduce ener - “HP’s long-standing commitment to the ing the technology to other areas such and non-recoverable energy consump - environment is second to none in the gy consumption and the as smart buildings, grids and print fac - tion. HP will use the tools to help technology industry. Today, HP Labs carbon footprint of entire tories. customers re-engineer their businesses extends our dedication with these to be more sustainable and cost-effec - industries.” important research initiatives that will Replacing copper with light to improve tive through the innovative use of IT. advance the state of the art in sustain - energy efficiency This project will initially focus on three able IT,” said Prith Banerjee, senior A second sustainability research primary areas: vice president, research, and director, initiative is focused on replacing the HP Labs. “HP Labs will lead the indus - copper-based electrical connections • HP Labs researchers are developing try in developing the technology that used in today’s IT systems with optical analyses of commercial printing and could dramatically reduce energy con - laser communication links. publishing industries that compare sumption and the carbon footprint of the sustainability impact of their cur - The Photonic Interconnect project, led entire industries.” rent business models against a by HP Senior Fellow and Director of reduced impact that would result The ultimate sustainable data center Information and Quantum Systems from the deployment of new research HP Labs unveiled its Sustainable Data Lab, R. Stanley Williams, builds on technologies. The aim is to identify Center project, which is focused on years of research dedicated to build - and quantify how such research tech - reducing the carbon footprint of data ing photonic optical connections and nologies can be best deployed to centers by 75 percent while simultane - components. increase efficiency and reduce ously reducing the total cost of Photonic interconnections make it resource and energy use as well ownership. For example, an average possible to fit dozens, and eventually as carbon emissions. HP plans to data center that consumes five hundreds, of processors on server sys - extend this research to its customers megawatts of electricity annually could tem chips. In addition, the optical in other vertical industries. power more than 4,300 homes in the connections are 20 times more United States for a year. This research Continue on page 9

Page 8 — The HP Financial Advisor HP reduces environmental impacts By James Cook, VP Data Center Transformation

HP is a leader in designing green • Technology that optimizes DC power use technologies into our enterprise products, and provides cooling as-needed and we’ve applied these same technolo - • A 200,000 square foot reduction in gies to our own IT resources. For example, “white space” we’ve consolidated our eighty-five world - As a result of these steps, HP expects a wide data centers into six environmentally nearly 60 percent reduction in electricity friendly data centers in three locations. use—enough to power every home in Palo This consolidation has generated Alto, California for a year. significant energy savings through: • Energy-efficient power and cooling • Improved temperature management using “thermal zone mapping”

Even print cartridges go green By Terry Larsen

Consistent with HP’s approach to provide 1 billion cumulative pounds of electronics products and services with the environment and HP print cartridges with a goal of in mind—from product design through doubling our annual recovery rate to reach

HP Labs advances sustainable IT with new research projects (continued) manufacturing, use and recycling, HP print 2 billion pounds by 2010. cartridges are designed to help reduce From the design perspective, HP reduces • HP Labs researchers have dollars, so joules will be valued as energy consumption and waste. For exam - waste during use by engineering printers, developed a unique approach to much as currency. ple HP’s recent packaging innovations for cartridges and media to work together. quantify the costs and environmen - • To harness the knowledge of the HP LaserJet and inkjet products alone will Original HP print cartridges have fewer tal impact of a product by looking world’s leading experts in sustain - reduce greenhouse gas emissions by over waste-creating problems—such as at the amount of available energy, ability, HP Labs researchers plan to 37 million pounds of CO2 in 2007. That’s jamming, poor print quality, and inconsis - the equivalent to growing 325,000 tree known as exergy, that was used in create an open online resource, tent toner and ink yields. The design efforts seedlings for 10 years. that product’s lifecycle from extrac - called a “sustainability hub,” to also insure HP can effectively “demanufac - tion, manufacturing, shipping, gather and share data and informa - Over 15 years ago, HP’s industry-leading ture” and/or recycle printers and Planet Partners recycling program was cre - cartridges. usage and recycling. HP Labs and tion about the sustainable design of ated to make it easy to recycle HP print the University of California at Berke - products. Sustainability experts, cartridges, printers and other technology ley have jointly developed the researchers, scientists, engineers Lifetime Exergy Advisor, a software products responsibly. With operations in and academia from around the over 50 countries, HP has to date recycled tool designed to assess a product’s world are invited to contribute to the total environmental impact through hub, which will have a repository of joules, units of available energy. research information dedicated to The Lifetime Exergy Advisor can the development of tools and HP Data Center Consolidation Results: help organizations determine the methodologies for sustainability. environmental benefits gained from The sustainability hub is expected to • Decreased number of data centers from 85 to six using alternative materials and be available to the public in 2009. processes across every phase of the HP Labs intends to apply the data in • Decreased number of data marts from over 762 product lifecycle. HP believes that future research to quantify the to one enterprise data warehouse as the world’s energy resources are amount of available energy used increasingly tapped, companies will when new products and supply • Decreased number of applications used by 58% measure the amount of joules asso - chains are created across the entire ciated with the creation of a product global ecosystem. much they way they measure

The HP Financial Advisor — Page 9 HP offers technology to cut the Internet’s energy bill BY Jon Fortt, Big Tech CNN/ Fortune Blog

The Internet is hot. Not just hot as in popu - it hopes will convince customers that the Dynamic Smart Cooling works something a customer flips the switch and begins larity. Hot as in heat. technology works. like a high-tech home thermostat. In a typi - using the technology. It’s so hot, in fact, that data centers—those When HP installed a Dynamic Smart Cool - cal big-company installation, thousands of HP is one of several companies, including expensive warehouses full of computers ing system in a data center in Bangalore, tiny sensors measure how much heat com - Intel (INTC), Advanced Micro Devices that serve up information—are racking up it managed to cut cooling costs by 40 per - puters in a data center give off. The (AMD), and Sun Microsystems (JAVA), huge power bills. According to Hewlett- cent. If those results bear out in other sensors then pass the information to an looking for ways to make data centers Packard’s (HPQ) calculations, a large data settings, companies that operate multiple intelligent air conditioning system that more efficient. And the market for efficient center with 70,000 square feet of space data centers could see millions of dollars decides which areas of a vast server farm technology will probably be around for a might guzzle $10.4 million worth of power in savings. need to be cooled, and how much. while: According to the Department of in a year. Data centers require so much John Sontag, Director of Virtualization and That method is different from the standard Energy, U.S. data centers accounted for energy that over a three-year period, the Datacenter architecture for HP Labs, said practice in data centers, which is to blast 1.5 percent of country’s electricity use last computers inside could easily cost a com - HP had previously offered cooling numbers air conditioners all the time. Like a thermo - year, more than all the color televisions pany as much to plug in and cool as they based on an installation in a tiny 3,000- stat that cools a home only when it’s combined. did to purchase in the first place. square-foot U.S. data center. He expects hottest and when people are home, the As long as companies like Apple (AAPL) To deal with the power problem, and that these numbers will be more convincing . flexible approach of Dynamic Smart Cool - Google (GOOG), Yahoo (YHOO) and make some money in the process, HP “We’ve had a strong belief all along that ing uses less energy. Microsoft (MSFT) keep investing in audio, weeks ago began selling a homegrown our solution would scale,” he said. HP estimates that it will typically take five video and social networking services, there technology called Dynamic Smart Cooling. months from when it initially briefs a cus - will be demand for more data centers. Today, the company is releasing numbers tomer on Dynamic Smart Cooling to when

Accurate measurement is the key to improving HP launches solar power installation data center efficiency By Betsy Walton By Christopher G. Malone, Ph.D HP Fellow San Diego, California: A warm, seaside panels, which are made up of many small - haven known for its blue skies, sun- er “photovoltaic” cells will convert the sun’s Data center efficiency has been generating and data centers , and the EPA is in drenched beaches, and world-famous zoo. light energy into electrical energy. And increased attention over the past few years the process of drafting a report to recom - But for HP’s Kevin Cowen, the root of San best of all, the $8 million installation won’t due to ever growing demand for comput - mend government action for curbing Diego’s appeal lies in something much cost HP any money. There are no up-front ing resources. Increased server energy growing data center power consumption more practical. “Free energy!” he says costs or capital expenditures,” says consumption has affected not only energy In light of the increased attention given to excitedly. And lots of it. Cowen. “None.” costs, but also the infrastructure costs of server energy consumption, efficiency con - supporting the server, which in many cases That’s because San Diego is home to HP’s That’s because, under an innovative pro - tinues to improve dramatically each year. first-ever large-scale solar power installa - gram called a “power purchase have exceeded the costs of the servers they Server performance has increased approxi - support. tion—a project that, once completed, will agreement,” SunPower will turn much of mately 75 times between 1999 and late transform the region’s famously reliable HP’s roof in San Diego into something The importance of energy efficiency has 2006. In the same period, performance sunshine into 1,676,000 kilowatt hours of akin to a small, renewable power plant. led to the creation of a variety of green per watt has increased 16 times, essential - electricity—enough to provide more than “SunPower will pay for the installation and energy forums and activities. For example: ly doubling every two years. 10% of HP’s energy use locally. “That’s a maintenance of the system for the next fif - • The Green Grid consortium develops Demand for compute cycles has exploded huge amount of power, any way you cut teen years,” says Cowen, “and in exchange, and promotes energy efficiency in the wake of the steadily decreasing cost it,” says Cowen, who manages the project we’ll be able to buy back solar power standards, processes, measurements, of computation and the growth of the Inter - for HP’s Real Estate and Workplace Servic - from them at a reduced, locked-in rate.” and technologies net infrastructure. As the cost per cycle es (REWS) team. It’s all part of the California Solar drops, demand grows and more applica - • An industry white paper has been writ - How it will work: Initiative, a governmental program that tions achieve an acceptable ROI. ten for developing efficiency metrics for SunPower Corporation will soon install a aims to increase solar energy use by pro - servers As customers add denser, higher-power series of 5,000 solar panels atop five of moting the installation of small and • President Bush signed a bill authorizing equipment to meet growing demand, a key HP’s seven San Diego buildings. Those mid-sized solar power generators. The challenge lies in powering and cooling the Environmental Protection Agency Continue on page 11 (EPA) to study efficiency in IT equipment ever-expanding data centers. Gartner Continue on page 11

Page 10 — The HP Financial Advisor HP Launches Solar Power Installation (continued)

State provides rebates directly to solar at 12.2 cents per kilowatt hour—slightly That priority dovetails nicely with HP’s power providers, such as SunPower, lower than the current going rate—and rise commitment to reducing its impact on the who in turn share the benefits with their by a maximum of 4% a year, whereas environment. The company will earn customers, like HP, in the form of reduced electricity rates in the area typically “renewable energy credits” (RECs) for its San Diego is home to energy rates. “Thanks to the power increase an average of 6% per year. San Diego solar power system, since the purchase agreement,” says Cowen, “we “Energy costs are one of HP’s highest installation will reduce carbon dioxide HP’s first-ever large- estimate that HP will save hundreds of operational expenditures,” says Steve Bras - (CO2) emissions by over a million pounds thousands of dollars over the next fifteen hear, REWS vice-president. “As a result, per year, or nearly 16 million pounds over scale solar power years.” finding ways to reduce HP’s overall energy the next fifteen years. “That’s the equiva - That’s because the agreement allows HP to costs and usage is a major company priority.” lent of removing 106 cars from the roads, installation. lock in the rate it will pay for electricity for or not driving over 1.3 million miles each the next fifteen years. That rate will start year for the next fifteen years,” says Brashear.

Accurate Measurement is the Key to Improving Data Center Efficiency (continued) predicted recently that half of the world’s PUE captures the actual cost to the While PUE captures data center efficiency, and develop a comprehensive database. data centers will run out of power by the business per watt of IT equipment power. we still need a way to capture the efficiency Once we truly understand data center end of 2008. Hence, the industry is It is defined as the ratio of the total facility of data center power used for computing. design, implementation, and operation, we advocating efficiency metrics to set the power in the data center divided by the To determine computational efficiency, a can measure and improve efficiency much foundation for a server metric to promote power of the IT equipment on the raised new metric is introduced called Compute more effectively. further improvements. floor. Power Efficiency (CPE). Efficiency claims made on behalf of data Total facility power is the amount required CPE determines the percentage of total center infrastructure technologies are to operate the data center, including all IT facility power actually used for computing. IT Green Facts: essentially hearsay and marketing hype. equipment operation and cooling It compares IT hardware efficiency with • HP named as the only High Tech Firm In fact, there is no established method for infrastructure, e.g., switch gear, uninterrupt - data center infrastructure efficiency. This to the Fortune Magazine Top 10 Green benchmarking data centers and compar - ible power supply, chiller, cooling tower, metric can be applied to an individual Giants: ing them over time. Hence, we need a air conditioners, liquid conditioners, etc. IT server or an entire data center, as long as “HP has been recycling computer way to quantify actual improvements. equipment power is defined as the actual weighted average utilization can be deter - equipment, consolidating their data A useful metric would help customers power drawn by all IT equipment in the mined. In many data centers, enterprise centers, and offers customers a holistic solution for reducing power consump - answer the following questions: data center, not including power losses server utilization is typically 20 percent or associated with conditioning and reducing less. This means that, for a typical, well- tion in data centers. These efforts • How well are you running your data cen - resulted in the reuse of 2.5 million prod - voltage from the utility. managed data center with a PUE of 2.0, ter relative to others in the industry? ucts a year and contributed to more PUE is useful for understanding the total the CPE is 10 percent or 1W for every than 1 billion pounds of recycled elec - • Are your new data centers more efficient amount of energy consumed by IT equip - 10W of utility power actually used for tronic products since 1987.” (Fortune then the old ones? ment relative to total power. computing. Data centers with a PUE of 3.0 Magazine, April 2007) • Which data center(s) should you retire? have a CPE of 6.7 percent. • Next year, half the world’s data centers The annual energy cost for a server, stor - will be functionally obsolete due to • Does implementing best practices really Our preliminary CPE analysis indicates age unit, etc., is determined using the insufficient power & cooling. improve efficiency? following equation: tremendous energy waste from over-provi - sioning compute and cooling resources in • 90% of all companies over the next five • Do new technologies actually perform as Annual Energy Use Cost = (8760 hrs/yr) most data centers. To fully address the cost years will experience power failures suppliers promised? x (Average Utility Rate in $/kW-hr) x and limits on power availability that of an IT operation, CPE must be optimized. interrupt data center operations. Finan - Ultimately, there should be a standardized (Equipment Power in kW) x PUE The Power Usage Effectiveness (PUE) metric cial firms can lose as much as $6.5 rating for data centers. An efficiency metric The importance of this metric is highlighted is a useful benchmark for improving data million every hour due to outages. called Power Usage Effectiveness (PUE) by the Green Grid’s adoption of PUE as center operations. With broad industry • Virtualization cuts Data Center power was first introduced in 2006 and has since the efficiency metric that the industry adoption and the support of government bill by 30% to 40%. been adopted by the Green Grid for meas - should start using for both benchmarking agencies such as the EPA and the • Processors are 30% of server power uring data center efficiency, which purposes and calculating energy costs as European commission, we hope to capture consumption. Low power processors cut recommends that PUE be measured in shown in the above equation. PUE figures for data centers worldwide that in half. every data center.

The HP Financial Advisor — Page 11 Barclays selects HP to become first in Europe to roll out Dynamic Smart Cooling for new energy-efficient data center

HP and Barclays today announced that a clear commitment to focus on further Climate change targets for 2006-2010 they have signed a letter of intent to reducing the carbon impact of our build - include: introduce HP technology that is expected ings, technology and travel,” said • Reduce CO2 emissions by 20 percent to significantly reduce energy consump - Marcus Agius, chairman, Barclays by 2010 (using 2000 as the baseline tion and carbon emissions associated Group. “This announcement is an impor - year). with Barclays’ new major data center in tant step towards delivering just that. • Reduce carbon intensity from 16.8 Gloucester, U.K. Efficient energy management is at the tonnes to 12.9 tonnes CO2 per £m of heart of our technology infrastructure, HP Dynamic Smart Cooling technology UK income (using 2005 baseline.) and we are investing to use the best is part of a package of energy-saving Carbon intensity is a measure of emis - technology available. We are proud to Implementing HP measures that will allow Barclays to save sions relative to business growth and it be one of the first companies in Europe up to 13.4 percent of total energy used allows comparisons to be made Dynamic Smart to implement HP’s Dynamic Smart Cool - for its data center. These measures will between companies. reduce its carbon footprint by approxi - ing technology.” Cooling technology • Reduce energy consumption in offices mately 7,470 metric tons of carbon Francesco Serafini, managing director and branches by 20 percent per full- dioxide (CO2) per year. 1 for Europe, the Middle East and Africa is the latest of time employee (FTE) (using 2005 as at HP, said: “HP has a close working As a result of growing demand for tech - the baseline). several worldwide nology, energy costs associated with relationship with Barclays, and our com - data centers are rising rapidly. Many panies share a commitment to utilizing Barclays climate action program energy-efficiency centers are running close to the limit of technology to drive better business and At the center of Barclays’ approach to their air conditioning systems and the environmental outcomes. The letter of managing its impact on climate change initiatives between power they can draw from the grid. intent provides for HP to deliver a com - is a six-point program that sets out priori - the two companies. With their increasing need for power, plete solution that will allow Barclays to ties for carbon management across the data centers are becoming large contrib - transform its data center, enabling scala - company’s global operations. utors to the carbon footprint of many ble technology capability with energy • Reduce carbon dioxide (CO2) companies. cost savings that should significantly emissions by improving energy reduce its carbon footprint.” HP Dynamic Smart Cooling technology efficiency. actively manages a data center’s air- Implementing HP Dynamic Smart Cool - • Buy more renewable energy. ing technology is the latest of several conditioned environment to deliver the • Make operations carbon neutral by worldwide energy-efficiency initiatives right amount of cooling where it is need - offsetting remaining carbon emissions. ed most. The energy provisioning system between the two companies. Prior work • Work with suppliers to help reduce uses advanced control software fed by includes power-optimized servers, HP their carbon emissions. continuous, real-time air-temperature BladeSystem and HP Thermal Logic tech - measurements from a network of sensors nology adoption, and virtualization- • Develop products and services that throughout a data center. The system based consolidation. These initiatives help customers reduce their impact on then continuously monitors and adjusts have already achieved a range from 18 climate change. percent energy savings per server to 40 the air handlers to modulate cooling • Engage with key stakeholders and percent energy savings per data center energy based on demand from the contribute to the debate on climate for Barclays’ technology services around servers and storage devices. change action. the globe. The benefits to Barclays are clear: savings on energy consumption as the More information about HP Dynamic 1Based upon 100 percent utilization. Department for air conditioners are used more efficient - Smart Cooling is available at Environment, Food and Rural Affairs (DEFRA) Guideline www.hp.com/go/dsc. CO2 conversion factor. The amount of CO2 saved is ly; faster response to changes in calculated as 7,469 tonnes, calculated using the most temperature; and, generally less strain Barclays environmental targets up-to-date DEFRA guideline energy to CO2 conversion on the chillers that cool the air around Barclays set new environmental improve - factor. the data center. ment targets in 2005, which support its “Last November, as part of the CBI Cli - approach to managing its climate mate Change Task Force, Barclays made change impacts.

Page 12 — The HP Financial Advisor HP Labs proves existence of new basic element for electronic circuits “Memristor” discovery could lead to far more energy-efficient computing systems with memories that don’t forget, never need to be booted up.

Researchers from HP Labs, the compa - and team are the first to prove the storage systems. The memory and stor - ny’s central research facility, have existence of the memristor. age systems used by today’s cloud proven the existence of what had pre - infrastructure require significant power “To find something new and yet so viously been only theorized as the to store, retrieve and protect the infor - fundamental in the mature field of fourth fundamental circuit element in mation of millions of web users electrical engineering is a big electrical engineering. worldwide. surprise, and one that has significant Memristor-based mem - This scientific advancement could implications for the future of computer Memristor-based memory and storage ory and storage has make it possible to develop computer science,” said Williams. “By providing has the potential to lower power con - systems that have memories that do a mathematical model for the physics sumption and provide greater the potential to lower not forget, do not need to be booted of a memristor, HP Labs has made it resiliency and reliability in the face of power consumption up, consume far less power and asso - possible for engineers to develop inte - power interruptions to a data center. ciate information in a manner similar grated circuit designs that could Another potential application of and provide greater to that of the human brain. dramatically improve the performance memristor technology could be the and energy efficiency of PCs and data resiliency and reliability In a paper published in today’s development of computer systems that centers.” in the face of power edition of Nature, four researchers at remember and associate series of interruptions to a HP Labs’ Information and Quantum One application for this research events in a manner similar to the way Systems Lab, led by R. Stanley could be the development of a new a human brain recognizes patterns. data center. Williams, presented the mathematical kind of computer memory that would This could substantially improve model and a physical example of a supplement and eventually replace today’s facial recognition technology, “memristor”—a blend of “memory today’s commonly used dynamic ran - enable security and privacy features resistor”—which has the unique prop - dom access memory (DRAM). that recognize a complex set of erty of retaining a history of the Computers using conventional DRAM biometric features of an authorized information it has acquired. lack the ability to retain information person to access personal information, once they lose power. When power is or enable an appliance to learn from Leon Chua, a distinguished faculty restored to a DRAM-based computer, experience. member in the Electrical Engineering a slow, energy-consuming “boot-up” and Computer Sciences Department Williams is the founding director of process is necessary to retrieve data of the University of California at Berke - HP Labs’ Information and Quantum from a magnetic disk required to run ley, initially theorized about and Systems Lab, which is focused on turn - the system. named the element in an academic ing fundamental advances in areas of paper published 37 years ago. Chua In contrast, a memristor-based comput - mathematics and physical science into argued that the memristor was the er would retain its information after technologies useful for HP. For the past fourth fundamental circuit element, losing power and would not require 12 years, Williams and his team have along with the resistor, capacitor and the boot-up process, resulting in the conducted primary scientific research inductor, and that it had properties consumption of less power and wast - into the fundamental limits of informa - that could not be duplicated by any ed time. tion and computing, which has led to combination of the other three a series of breakthrough discoveries in This functionality could play a signifi - elements. nanoelectronics and nanophotonics. cant role as “cloud computing” Building on their groundbreaking becomes more prevalent. Cloud com - research in nanoelectronics, Williams puting requires an IT infrastructure of hundreds of thousands of servers and

The HP Financial Advisor — Page 13 Transformation and Virtualization

HP encourages CIOs to rethink virtualization in business terms New offerings vastly simplify virtualization implementation, management.

HP released new products, services and New offerings from HP support business • A new strategic development solutions designed to simplify the imple - needs that span the desktop to the data agreement with Red Hat simplifies the mentation and management of center. They are focused on lowering monitoring and management of virtu - virtualization so that the technology operational cost, mitigating the risk of a alized environments. delivers greater business value. heterogeneous environment and freeing • New and enhanced HP Virtualization Recent global research conducted on resources to deliver new business servic - Support Services achieve a smooth behalf of HP revealed that while 86 per - es. These offerings are designed around transition to, and ongoing cent of technology decision makers have three specific areas: applications and management of, new virtualization implemented virtualization projects, the operations management, overcoming technology while reducing the risk of vast majority of respondents expect to infrastructure barriers, and maximizing unplanned downtime. client architectures. have virtualized just 25 percent of their Rethink … infrastructure barriers technology environments by 2010.(1) Rethink … applications and Current infrastructure was not designed While many of those surveyed anticipate operations management to take complete advantage of virtualiza - HP’s approach to vir - eventually reaching 75 percent HP Business Service Management (BSM) tion. New HP offerings are designed virtualization of their total environments, and IT Service Management (ITSM) solu - to lower costs, mitigate the risk of down - tualization is focused only one-third of these technology imple - tions have been enhanced with new time and free up resources that can drive menters recognize virtualization as a virtualization monitoring and support additional business services to support on removing the tech - valuable business tool. Two-thirds of capabilities to seamlessly link business growth. services to the physical and virtual implementers relegate virtualization to • The HP ProLiant BL495c virtualization resources that deliver and manage them. nology inhibitors that the role of technology enabler. blade is the world’s first server blade This leads to faster deployments, lower “Virtualization is a powerful step in designed specifically to host virtual reduce virtualization’s costs and quicker problem resolution. transforming IT,” said Ann Livermore, machines. The BL495c eliminates key impact on the business. executive vice president, Technology • HP Operations Agent, HP Performance virtualization performance bottlenecks Solutions Group, HP. “To do it right Agent and HP SiteScope software of memory, data storage and network means successfully managing and have been enhanced with hypervisor connections. management capabilities, including automating mixed physical and virtual • HP StorageWorks 4400 Scalable NAS the ability to collect management data environments. HP delivers the industry’s File Services integrates the HP Storage - to automate event and availability broadest portfolio for virtualized environ - Works 4400 Enterprise Virtual Array, monitoring and management process - ments, covering applications and file servers, management software, es across heterogeneous operations management, infrastructure and Microsoft Windows ® or Linux sup - infrastructures. and client architectures.” port to virtualize the connection HP’s approach to virtualization is • HP Network Node Manager i-series between servers and storage. The solu - focused on removing the technology has been updated to monitor the per - tion lowers maintenance costs and inhibitors that reduce virtualization’s formance and availability of networks mitigates the risk of data loss with impact on the business. It highlights how supporting dynamic, virtualized envi - advanced replication software. ronments. This allows customers to applications and business services can • HP-UX 11i V3 and the HP Virtual Serv - proactively plan and monitor network perform well regardless of where and er Environment have been enhanced capacity. how they are hosted, networked or for mission-critical virtualization with managed. It dramatically simplifies man - • New HP Asset Manager software significant performance improvement, agement across a combined virtual and identifies and manages virtual automated optimization, improved pro - physical world, and it addresses the machine asset inventory and licenses, tection and simplified management issue of pooling infrastructure resources allowing customers to pay for only the capabilities. across an organization. licenses they need. Continue on page 20

Page 14 — The HP Financial Advisor HP helps customers manage business growth with compact, shipped-to-order data centers HP has a container-based data center tomers with more freedom to match data center design and planning PODs can deliver a wide range of offering that enables customers around their technology environments through EYP Mission Critical Facilities, servers, storage and networking equip - the globe to rapidly expand their data • Providing customers with more density a company of HP ment, ready to power on at the center capacity in support of their IT and than competitive offerings by support - “Customers have more flexibility to bal - customer’s site. business growth. ing more than 3,500 compute nodes, ance their capital expenditures and • More information about the HP POD Keeping pace with the demands of tech - or 12,000 large-form-factor hard operating expenses while quickly and products, software and services is nology growth in the data center and drives, in a 40-foot shipping container seamlessly meeting their needs for addi - available at rising energy costs is a constant • Delivering the equivalent of 4,000-plus tional capacity with HP PODs,” said www.hp.com/products/pod. challenge as companies seek to deploy square feet of typical data center Christine Martino, Vice President and • An HP POD virtual video tour is avail - the latest technologies. The extended capacity that ships within six weeks of General Manager, Scalable Computing able at www.hp.com/go/pod. time and significant costs required to and Infrastructure Organization, HP. the customer’s order • Behind-the-scenes commentary from update or expand data centers make “HP’s innovative POD approach allows • Offering flexible configurations the HP POD design team is available these challenges even more complex. customers to deploy world-class, scala - optimized for power or density, which on the new Server Reality Check blog ble, highly power-efficient data center As the first offering of its kind designed enables customers to quickly upgrade www.communities.hp.com/online/blo resources quickly and ships in just six specifically to deliver a wide range of or extend the capacity of their physical gs/reality-check-server- weeks.” industry-standard technology, the HP Per - infrastructures to meet their specific insights/default.aspx. formance-Optimized Data Center (HP Learn more about HP PODs business needs • Additional information about HP’s POD) addresses these challenges by: HP PODs are built to order and • Providing HP POD Infrastructure Servic - scalable computing and cloud delivered through HP Factory Express, • Supporting a wide variety of HP and es, including assessment, preparation infrastructure portfolio is available at HP’s customization, configuration and third-party technology, providing cus - and deployment services, as well as www.hp.com/go/massivescaleout. integration services organization. HP

HP BladeSystem for Oracle optimized warehouse Good business decisions require timely, to 4 TB (terabyte) data warehouse market al Connect delivers all the benefits of con - locate an authorized HP/Oracle VAR, visit accurate information, but deciding how to segment. ventional integrated Ethernet switching, www.hp.com/go/owi. store, access, and use information can Compared to other 1 to 4 TB Oracle including port aggregation, failover, stack - Benefits at a glance drive you crazy. Choosing the right Optimized Warehouse solutions, the ing and more, but unlike conventional HP BladeSystem is simply a smarter way to technology is key. BladeSystem OOW delivers 250 percent switches, HP Virtual Connect looks like a build your data warehouse infrastructure pass-thru device to your network. The Great news: Now you can get a scalable, better input/output (I/O) performance, • Consolidated from the start to reduce resulting simplified management can make optimized infrastructure, specifically config - using 65 percent less power per megabyte acquisition and operational costs ured as your data warehouse platform, in of I/O. adding the BladeSystem OOW to an exist - • HP Thermal Logic to pool and share the HP BladeSystem for Oracle ® Optimized ing network as simple as plugging in a Achieving performance like this in a pre- power and cooling to improve energy Warehouse (BladeSystem OOW). cable. configured, ready-to-run package is no efficiency Superior performance accident—it’s the result of exhaustive test - Headache-free deployment • HP Insight Control to manage infrastruc - A superior data warehouse needs a robust ing, detailed tuning, and the right HP HP and Oracle have collaborated to devel - ture and automate routine tasks from a infrastructure. That’s why HP built the Ora - hardware choices. For example, the HP 4X op a value-added reseller network with single console cle Optimized Warehouse on the HP DDR InfiniBand HCA and Switch Module world-class expertise in data warehouse BladeSystem c-Class. The BladeSystem for BladeSystem lets data move directly and business intelligence solutions. These • HP Virtual Connect to reduce cables by combines the essential elements of a data between server blades memory and stor - VARs can deliver a ready-to-run HP 94 percent without adding switches to warehouse infrastructure—compute, age blades for extremely rapid data BladeSystem OOW to or tailor a complete manage business intelligence infrastructure on top storage, interconnect, and management— transfer, low latency, and minimal burden Oracle is a registered U.S. trademark of of BladeSystem OOW to meet customers’ into a modular, self-optimizing unit. It cuts on other infrastructure resources. Oracle Corporation, Redwood City, Cali - exact needs. power and cooling costs by 40 percent The same holds true for the HP 1/10 Gb fornia. and cable count by 94 percent, and it Virtual Connect Ethernet Module. HP Virtu - To find out more about the HP BladeSystem delivers unmatched performance in the 1 for Oracle Optimized Warehouse, or to

The HP Financial Advisor — Page 15 The promises and risks of service-oriented architecture (SOA) in the financial services industry

Executive summary implementations, enabling IT leaders in • Increased commoditization of financial The paradox is unavoidable: In an era the financial services world to help verify products means banks and other insti - when firms aspire to agility, adaptability that services are designed, developed, tutions must now differentiate based and ease of maintenance in their appli - adopted, implemented and managed primarily on customer service. cation portfolios, many are still saddled properly. • The advent of “anytime, anywhere” with leaden systems built to last—not to HP offers a collaborative approach banking that enables customers to con - change. Meanwhile, the financial servic - across the service lifecycle—as well as a duct transactions 24/7 through a es industry faces two contradictory full set of integrated products and servic - variety of delivery channels means challenges: Increased commoditization es for SOA governance, SOA quality banks need to deliver a consistent cus - of financial products means banks and and SOA management—to help ensure tomer experience across all other institutions must now differentiate a successful SOA implementation. Part - channels—branch, call center, ATM based primarily on customer service. But nering with HP leads to better outcomes and the Internet. the channels through which they serve for SOA projects—which means achiev - • Due to industry consolidation and a customers are typically information ing all the benefits of SOA while taking legacy of operational independence, “silos” comprised of proprietary systems fewer risks. these channels are typically and custom interfaces that are unable Modern cities connected by dirt roads information “silos” comprised of pro - to provide a complete 360-degree cus - An astute chief executive officer (CEO) prietary systems and custom interfaces tomer view. Today’s institutions need a in the financial services world once that are often inefficient, overlapping flexible IT infrastructure that supports described the current state of most and unable to provide a complete change. corporate IT infra -structures as “modern 360-degree customer view—making it SOA governance is More and more of them are turning to a cities connected by dirt roads.” Transla - difficult to effectively manage the cus - service-oriented architecture (SOA) that tion: State-of-the-art systems are in place tomer experience across multiple about managing the supports the concept of delivering IT as to support various services, but integra - channels. a service in which business processes tion among them is minimal at best. In • The industry continues to consolidate quality, consistency, drive the definition, creation and execu - an age when terms such as adaptive, through mergers and acquisitions, tion of services. SOA unlocks the agile and easy to maintain are widely creating combined companies using predictability, existing dependency of business process viewed as ideals for application portfo - disparate systems that can’t communi - on the IT implementation. However, if lios, many institutions are still working cate with each other and compounding change and interde - not planned, designed and built proper - with systems seemingly made of cement. the challenge of complying with an ly, SOA can introduce a significant pendencies of Applications that were originally devel - increasing number of regulatory initia - degree of business and IT risk. oped as though the status quo would tives. services. To realize the full promise of SOA, insti - never change become more •Competition is intensified across the tutions must first understand that a cumbersome and expensive each time board, accentuating the importance of governance strategy is critical. SOA gov - organizations tweak them to fit new busi - customer retention and acquisition and ernance is about managing the quality, ness imperatives. Automation, while highlighting the need to grow new rev - consistency, predictability, change and regarded as a “nice-to-have,” barely enue streams by accelerating time- interdependencies of services. It’s vital materializes because systems require to-market with new financial products that SOA services and other artifacts be constant human intervention and IT rede - and services. managed not in isolation, but across a velopment. All too often, the alignment • The financial services industry is con - complete lifecycle. of technology with business objectives tinually challenged to improve its HP Business Technology Optimization becomes bogged down by integration cost-to-income ratio and return on (BTO) delivers a comprehensive strategy problems and the initiative seldom pro - assets. for SOA success, verifying that every gresses beyond the whiteboard. Service-oriented architecture: the key dollar invested in IT, every resource Meanwhile, the status quo has changed, allocated and every application in and the need for system integration at to business agility development or production meets busi - financial institutions has never been To address the challenges of a rapidly ness goals. BTO supports a complete greater. Today the industry is confronted commoditizing market space and siloed lifecycle approach for managing SOA with unique challenges: information systems, today’s financial Continue on page 17

Page 16 — The HP Financial Advisor The promises and risks of service-oriented architecture (SOA) in the financial services industry (continued) services institutions need a flexible IT • Adopting SOA brings an end to • Even after doing all the work on an should be on policy management to infrastructure that supports change. For monolithic application architectures SOA implementation, a firm’s applica - provide that quality issues and non-con - many organizations, this means a serv - and the associated maintenance costs. tions could end up more fragile and formance are detected before services ice-oriented architecture approach. SOA • The improved linkage between more likely to fail in production. are put into production. This means that supports the concept of delivering IT as business and IT delivers further cost • Even if the applications do run, there problems are confronted early—which is a service, where business processes savings; when business and IT are is a real chance that the organization less costly to correct and less disruptive actually drive the definition, creation aligned, it’s likely that the original won’t achieve SOA benefits such as to operations than dealing with issues in and execution of these services. This application IT delivers will meet busi - lower cost or increased responsivenes s. a production setting. Many institutions ability to adapt and create services rap - ness requirements—reducing the need SOA requires new processes around can also implement run-time policy man - idly enables greater business agility for rework. governance, development and opera - agement capabilities for monitoring and and, in essence, shifts the way we think automatically enforcing policies during By promoting a modular enterprise and tion. Creating these new processes is about traditional architecture. Bringing service usage. providing consistency with highly clearly a risky endeavor—but attempt - an end to monolithic application archi - reusable business services, SOA also ing to implement SOA without them is The only way to achieve the promise of tectures—and the associated addresses the need to improve even more risky. SOA is by managing services and other maintenance costs—is one of the under - operational efficiency and reduce com - SOA artifacts not in isolation, but across pinnings of service-oriented IT. Best practices for successful SOAs— plexity. a governance strategy is critical a complete lifecycle. In this sense, the SOA is the key to unlocking the existing management of the SOA lifecycle is an • Business operations are enhanced The promise of SOA is powerful. But as dependency of the business process on intrinsic part of SOA governance. because SOA-based services enable organizations peel back the layers, what IT implementation—delivering the agility a common architecture and approach becomes apparent is that SOA radically A comprehensive strategy for SOA to adapt to changing business require - in an enterprise containing heteroge - changes traditional IT architectures. success ments: neous legacy systems. While SOA promises untold opportuni - SOA success demands that financial • SOA encapsulates and defines ties, it also introduces new issues around institutions take an integrated approach • Introducing new technologies is easier business processes as services that can IT governance. And the reality is, with - that strengthens the bonds between since SOA’s coarse-grain modularity be readily redeployed into new, flexi - out a governance strategy, SOA can stakeholders and leverages assets across allows enhancements to services by ble business processes that are lead to chaos. SOA governance is the service lifecycle. HP Business Tech- introducing new, more-efficient available and discoverable throughout about managing the quality, consisten - nology Optimization helps firms feel technologies without changing the the financial enterprise—accelerating cy, predictability, change and inter- confident that every dollar invested in service interface. SOA also facilitates time to market. dependencies of services. It’s about IT, every resource allocated and every regulatory compliance by unlocking blending the flexibility of service orienta - application in development or production • SOA provides the ability to securely information formerly held in tightly tion with the control of traditional IT meets business goals. Unlike software and easily share information with part - coupled, brittle systems. ners and stakeholders by presenting a architectures. offerings and methodologies that focus Good intentions are not enough. standard, coarse-grained service that Full SOA governance cannot be on internal IT processes, HP Business Despite the patent advantages and ben - any authorized business partner can delivered out of the box by a single tech - Technology Optimization (BTO) optimizes efits SOA offers, if not done right, it can use, thereby extending the enterprise. nology vendor. Rather, it requires a the strategic functions between technolo - also introduce a significant degree of cohesive strategy involving multiple ele - gy and business. • SOA also enables institutions to rapid - risk—not just IT risk, but a real risk to the ments that collectively deliver the quality, • BTO supports a complete lifecycle ly reconfigure the business process by business: selecting from the available set of serv - predictability and trust necessary for approach for managing SOA ices. SOA facilitates the ability to • Building the wrong services, or build - reuse. Because SOA is composed of implementations, enabling IT leaders develop new business capabilities at ing them the wrong way, means a firm many moving parts, it’s critical that serv - in the financial services world to help lower cost while capitalizing on the won’t be able to compose new appli - ice rules are electronically codified as a provide services that are designed, need to respond to change: cations or business processes. set of standard, reusable policies that developed, adopted, implemented can be associated with services. Such a and managed properly. • Services only need to be designed • A bank could jeopardize a key busi - linkage between service and policy and built once, and then made acces - ness by using a service that is • BTO defines a process that spans from enables automated validation of services sible across the enterprise for reuse in untested, ungoverned and unmanaged. preproduction planning and develop - and the enforcement of specific policies. other systems. The cost savings in • There is a strong possibility that ment, testing and tuning through development staff time alone is significant . institutions may simply re-implement The goal is to first create a system of deployment into the production yesterday’s solution using today’s record that shows, for example, what environment. technology. services already exist and who is using Continue on page 18 them. In the design phase, the focus

The HP Financial Advisor — Page 17 The promises and risks of service-oriented architecture (SOA) in the financial services industry (continued)

• BTO maps directly to SOA governance, • SOA Management Service—helps that enables policies to be created and quality and management—which enterprises gain control of their SOA automatically enforced to make services become integral parts of an iterative adoption, including lifecycle manage - consistent and interoperable—before cycle, rather than discrete function per - ment, services management, they’re put into production. formed by separate teams. monitoring, auditing, analysis, service HP offerings help provide quality, HP SOA services help businesses level agreements (SLAs) and policies predictability and full transparency become more agile. The HP SOA delivery approach and between consumers and providers,\ By enabling businesses to become more process are based on a robust architec - increasing trust. Equally important, SOA agile, HP SOA services underscore the tural foundation; extensive research and governance helps customers manage the company’s strategy of helping customers benchmarks across vertical industries; a lifecycle of business services so transform their businesses into Adaptive global network of third-party providers; customers can effectively manage Enterprises in which business and IT are HP Services professionals with expertise change. synchronized to capitalize on change. in architecture, governance, HP SOA Systinet software, which The HP Services SOA portfolio includes: management and security solutions; and integrates with HP SOA quality solutions, a broad portfolio of SOA services. • SOA Envisioning Service—is intended includes: HP SOA governance for large enterprises to develop an Unique challenges of SOA demand a • SOA repository—manage services, understanding of SOA concepts, bene - unique approach. metadata, artifacts and relationships. offerings enable deploy - fits and potential impacts on their HP is working with numerous financial • Registry—achieve standards-based business enterprises, including one of the largest ment of a controlled yet access and interoperability. • SOA Assessment Service—uses the HP diversified financial service firms in the flexible service-oriented • Policy management—automate policy SOA Agility Assessment approach to world, to help address the challenges and conformance validation. environment. help customers develop a comprehen - related to implementing an effective sive roadmap to guide the adoption of approach to SOA. HP delivers • Contract management—formalize con - SOA across their enterprise innovative technology such as HP SOA sumer/provider relationships. Manager Software, which supports both • SOA Governance and Architecture SOA quality the overall creation and design of SOA, Service—establishes the SOA Architec - A market-leading SOA quality manage - as well as providing the capabilities to ture Program Office to oversee ment platform, HP SOA quality solution monitor individual Web services for enterprise architecture and the SOA covers all aspects of the quality availability, responsiveness and overall governance model as the enterprise is assurance lifecycle. It provides traceabili - conformance to SLAs. transformed ty, visibility and control, allowing quality HP BTO strategy is deployed via HP BTO stakeholders to make intelligent go/no- • SOA Enablement Service—is based strategy centers. These software product go decisions relating to the release of a on learnings from the Governance and centers provide specific solutions for service into production. Architecture Services; it prepares the each phase of the SOA lifecycle: Initiate, infrastructure for the implementation of The HP SOA quality offering consists of build and operate. SOA HP Quality Center and HP Performance SOA governance Center software. Integrated with HP • SOA Service Development—helps cus - HP SOA governance offerings enable SOA Systinet software, the centers pro - tomers define, develop and deploy deployment of a controlled yet flexible vide a full spectrum of capabilities for SOA business and IT services across service-oriented environment. Leveraging managing quality, automated functional the enterprise, line of business, depart - technology developed by Systinet and testing, business process and manual ment or at a project level deployed through HP SOA Center, the testing, load and performance testing, • SOA Software Development Service— products provide a system of record and and diagnostics for faster time to resolu - provides for volume and scale in a set of SOA governance applications. tion of issues. HP SOA quality offerings development and delivery of business By acting as a single system of record provide: and IT services through the SOA adop - for discovering and understanding busi - • Traceability from service requirements to tion; a global software development ness services, HP SOA Systinet software test cases and defects capability helps increase productivity gives customers greater visibility into from customer development teams • Automated creation of tests based on the what services exist. HP SOA Systinet soft - service definition ware also provides policy management Continue on page 19

Page 18 — The HP Financial Advisor The promises and risks of service-oriented architecture (SOA) in the financial services industry (continued)

• Full functional testing of services, provid - • Problem resolution—Maintaining The SOA services in the HP portfolio can ed by HP Service Test performance requires rapid resolution of be roughly grouped into two areas: • Validation and optimization of the per - problems. Using HP Business Availability 1.Up-front—the SOA Envisioning, Assess - formance of services Center, organizations can isolate ment, and Governance and Architecture performance issues in SOA distributed • Metrics for go/no-go decision making services are focused primarily upon help - environments and facilitate fast problem ing firms with strategy and planning. • Ability to diagnose and triage problems diagnosis so that they can quickly deter - 2.Follow-through—the SOA Enablement, mine the root causes of performance and SOA management Service Development, Software Develop - availability issues and reduce mean time HP’s approach to application management ment and Service Management services to repair. for SOA is focused on helping financial are focused on realization—that is, firms achieve the expected value from • Change impact—Change in SOA envi - designing, implementing, and operating SOA-based applications as they are ronments is rapid. Firms need to reduce an SOA. deployed in IT operations. the risk of frequent changes in SOA envi - From dirt roads to superhighways HP Business Availability Center includes ronments by predicting the impact of SOA has become nothing less than a capabilities to help manage and optimize planned changes, identifying the possi - strategic imperative for financial SOA environments so that business services bility of change collisions and institutions. Those without a strategy for deliver the levels of performance, quality monitoring changes that have been SOA risk being outpaced and HP Services offers a and business value that all constituents implemented so that they function outperformed by competitors that are bet - expect. HP Business Availability Center, correctly. complete set of services ter equipped to serve customers, seize which integrates with HP Quality Center • Discovery of SOA services—To achieve opportunities and respond to change in that cover the entire SOA and HP Performance Center, delivers value the previous benefits, institutions need to today’s fast-paced, high-stakes financial in SOA environments: have an up-to-date service dependency lifecycle, regardless of services world. However, institutions need map. HP lets them automatically discover • Run-time policy enforcement—systematic to be aware that SOA brings new where a bank is along services, their relationships and the control of services and their supporting challenges that must be addressed and underlying infrastructure supporting the SOA journey. infrastructure requires policy-driven, new complexity that must be managed them—as well as discover rogue services. model-based automation that can be before they can experience the many real induced at run-time. HP SOA Manager Start at the area of greatest pain. benefits and advantages that are the prom - treats a SOA as a single system, so that HP provides a complete solution across the ise of SOA. as disparate lifecycle changes occur, it entire SOA lifecycle: SOA governance, To help make this journey, HP provides a can keep business services and their sup - quality and management. complete solution across the lifecycle of porting infrastructure synchronized and While HP generally recommends that— SOA. With its BTO offerings, HP can help well behaved. after the basics of assessment and business financial IT organizations optimize the busi - • Service level management—Maintaining planning—financial institutions start by ness outcome of SOA projects. HP also trust between providers and consumers addressing governance issues first, they provides a full set of integrated products requires that they agree to specific serv - can easily start wherever they need to—at and services for SOA governance, SOA ice level agreements. Providers must then the area of greatest pain. While they will quality and SOA management. manage the services and provide visibili - eventually need to address all the different Implemented together, these offerings can ty into how the SOA is delivering the challenges that SOA poses, HP’s solution support a complete lifecycle approach for actual services in real time, as well as allows organizations to start where they managing SOA implementations. Firms provide a clear understanding of their feel pain right now based on the state of can start by targeting the area of greatest historical performance. their deployment and on their business pain in their SOA initiative. And, with HP’s • Availability and performance manage - needs. help, they can expect better outcomes for ment—The process of monitoring HP Services accelerates time-to-value. their SOA projects—which means achiev - services and composite applications HP Services offers a complete set of servic - ing all the benefits of SOA while taking in production in the complex SOA es that cover the entire SOA lifecycle, fewer risks. environment is challenging. HP is an regardless of where a bank is along the And the “dirt roads” currently connecting acknowledged industry leader in moni - SOA journey—whether it has just begun to siloed information systems? They morph toring performance and availability from think about SOA, whether it’s completed a into superhighways. the end user’s perspective, prioritizing few small SOA projects or even if it has events according to the impact to the already fully embraced and begun to business. HP also provides the service-to- implement SOA across the enterprise. service monitoring.

The HP Financial Advisor — Page 19 HP encourages CIOs to rethink virtualization in business terms (continued) • HP Virtualization Accelerator Services computing for the financial trading, Hotter than hot: storage blades are new, predefined consulting services public sector, mechanical computer- By Tom Ruetman for planning, designing and implement - aided design (MCAD), and oil and HP customers are already reaping the storage for all of the Blades in the enclo - ing virtualization initiatives. This yields gas segments. benefits the HP c-Class server Blades sure (3.5TB Blades are coming soon); a faster return on investment. • Enhancements to the HP Virtual provide in terms of improving Straight- integrated NAS, iSCSI SAN, and data Rethink … client architectures Desktop Infrastructure (VDI) solution Through-Server-Provisioning (STSP) via protection; and wizard-based storage Businesses can leverage client virtualiza - include new planning, quick-start its VirtualConnect capabilities. Now the allocation by application. It does this tion to achieve greater reliability, and implementation services. These c-Class server enclosure can also host while also using less power, providing security and improved management of services determine specific VDI storage Blades—a radically simple, inte - better cooling and density—and at the end-user computing. This decreases the needs and associated business grated and affordable network storage lowest cost. It includes tools to easily cost of client management and support value, so customers can implement solution. HP’s new StorageWorks All-In- migrate and manage data using best while increasing productivity. the right solutions. HP also unveiled One Storage Blade was designed to practice settings. As an example, iSCSI • The new HP t5630, t5545, t5540 the new HP VDI with Citrix XenDesk - provide shared storage for the c-Class storage for a Microsoft Exchange Stor - applications servers while also age Group can be expertly set up and and t5145 Thin Clients feature top, which is designed to enable providing enhanced file serving and migrated in fewer than 10 mouse scratch-resistant HP DuraFinish and everything from smaller, entry-level data protection software. The All-In-One clicks—a real boon to the STSP perform - provide expanded multimedia fea - implementations to enterprise-wide Storage Blade provides 1TB of shared ance improvements. tures, enhanced brokering desktop delivery. capabilities, greater performance • “Citrix Ready” blade PCs and thin and improved management support. clients are now certified for use with - • The HP ProLiant xw460c Blade in Citrix XenDesktop environments. HP’s new StorageWorks All-In-One Storage Blade is designed Workstation with Graphics They deliver a dedicated one-to-one to provide shared storage for the c-Class applications servers Expansion Blade supports a full remote computing experience at while also providing enhanced file serving and data range of graphics capability with radically improved economics for protection software. the latest NVIDIA Quadro FX graph - knowledge workers requiring a ics. This provides more secure, easily broad range of application support managed data center workstation and a rich graphics experience.

Dial up, dial down. Storage where and when it’s needed By Tom Ruetman Do not buy or lease hardware and demands. In the same way that hous - pany does not have to pay for more on Straight-Through-Storage- Provision - software any longer; instead, just pay es have a water or electric meter, HP storage capacity than is needed or ing (STSP) for a faster time to market, for what is used in exactly the same installs a storage meter that tracks stor - used, while retaining the flexibility to and also eliminates the need for the way as water or electricity is billed for age utilization and presents a bill for cope with unpredictable growth and company to budget for storage home consumption. the storage used. This includes both peak loads. Costs are directly related refreshes and/or capacity increases. the storage solution and the services to the amount of storage used and, With this new approach, storage HP’s aptly named Utility Ready Stor - that support it—the total package. therefore, true business consumption. capacity investment is now a thing of age Solution is an innovative new With the Utility Ready Storage, the This utility approach to storage the past —it’s simply a storage service. model for acquiring storage that immediate advantage is that the com - provides the ultimate vehicle to deliver accommodates flexible business

Page 20 — The HP Financial Advisor HP expands data center services with acquisition of EYP Mission Critical Facilities Aligning with IT and Business Goals in the Financial Industry By Kim Gilboord In February, HP completed its By acquiring EYP MCF, HP will be better tion by integrating IT infrastructure into What does this mean for HP customers? acquisition of EYP Mission Critical Facili - able to help customers transform their the planning and design of the data Peter Gross, EYP MCF’s CEO states, ties—joining two mission critical leaders data centers, optimize energy efficiency, center, enabling the customer’s whole HP’s acquisition of EYP provides the to create a new paradigm for the deliv - and position them for future business organization to be more energy framework for wider capabilities to ery of high reliability, energy efficient growth. Their capabilities—particularly efficient.” respond to a bank's stringent technology mission critical environments. EYP MCF, the expertise in energy-efficient “The data center is the foundation of IT objectives and to provide new solutions the leading mission critical consulting operations, complement HP’s extensive for enterprises, an essential building to meet their needs.” firm focused on strategic technology data center services and cost-saving block for driving business growth and planning, innovative design, and opera - power and cooling solutions, such as adapting to changing business tional support for large-scale data Dynamic Smart Cooling. According to objectives,” said John McCain, Senior centers, is remaining a wholly owned Peter Gross, CEO of EYP MCF, “World - Vice President/General Management, subsidiary of HP. Headquartered in wide data center requirements are HP Services. “Acquiring EYP Mission New York, EYP MCF has approximately rapidly growing, with significant year- Critical Facilities boosts HP’s ability to 350 employees with 13 offices in the over-year increases in power help customers transform their data cen - United States and the UK. consumption, which is fueling demand ters and build dynamic computing for energy-efficient power and cooling environments from the ground up.” strategies. HP and EYP will drive innova -

HP grows BladeSystem portfolio with Integrity blade for large data center workloads HP has expanded the HP BladeSystem To help take the guesswork out of build - unmatched and we’ll continue our BL860c, by offering twice the processing portfolio with an Integrity blade ing an Integrity blade solution, HP also ’blade everything’ strategy where it power and twice the memory capacity. designed to handle memory-intensive has created Solution Blocks for its helps customers align their technology It provides the choice of Microsoft Win - data center workloads while helping Integrity servers. These HP-tested config - with the needs of their business.” dows ®, HP-UX 11i v2, HP-UX 11i v3, businesses lower cost, save energy and urations allow customers and resellers to Business-critical computing OpenVMS, RedHat or SuSE operating space, and decrease deployment time. quickly deploy business-critical applica - advantages systems. Its large memory tions on the HP BladeSystem. capacity makes the BL870c well-suited As the company’s first four-socket Integri - The HP Integrity BL870c addresses more for high-performance computing appli - ty server blade, the HP Integrity BL870c “The BL870c expands the BladeSystem application workload demands by cations. With the BL870c, businesses combines the modular infrastructure and portfolio into the heart of the business- expanding the Integrity server blade requiring the highest levels of availabili - energy efficiency of HP BladeSystem critical market, combining the benefits of portfolio for the HP BladeSystem c3000 ty and greater scalability can better with the business-critical capabilities of blades around cost, time, change and and c7000 enclosures. The addition of streamline operational expenses to drive Integrity servers. energy, with the proven scalability and the BL870c to the HP BladeSystem family business growth. The new server can help businesses of availability of Integrity systems,” said will allow businesses to deploy and all sizes realize power savings of up to Mark Potter, Vice President, BladeSystem , manage Integrity or ProLiant servers in a Open Systems Technologies, an HP Plat - 25 percent. Space requirements also are HP. “With this server, we now address single blade enclosure with a set of com - inum Certified solutions provider and reduced because 2.5 times as many the broadest spectrum of workloads with mon management tools. systems integrator based in Grand a blade infrastructure in the industry. Rapids, Mich., has successfully helped BL870c server blades fit into the same The BL870c builds on the strength of Our commitment to innovation is many organizations move business-criti - space as a comparable rackmount. HP’s first c-Class Integrity blade, the Continue on page 22

Accelerate your core banking.

The HP Financial Advisor — Page 21 HP Grows BladeSystem Portfolio with Integrity Blade for Large Data Center Workloads (continued) cal applications to an HP bladed envi - tage of a bladed infrastructure with the resource planning (ERP), service-oriented “The Oracle PeopleSoft Solution Block ronment. new BL870c.” architecture (SOA), application integra - makes it easy for our customers to get “Many of our customers are looking for HP Solution Blocks simplify tion and product data management. their IT systems up and running quickly a high-performing UNIX server that also deployment The Oracle ® PeopleSoft Solution Block so they can focus on the most important aspect of their business – driving offers space and energy efficiency, as HP Solution Blocks for Integrity server for PeopleSoft Enterprise 9.0 is one growth,” said Doris Wong, group vice well as ease of management. Integrity blades simplify the deployment of enter - example. With this Solution Block, busi - president, PeopleSoft Enterprise at Ora - blades are an ideal solution,” said Jim prise applications and optimize the use nesses have the option of configurations cle. “This is the latest way in which HP VanderMey, vice president, Technical of the HP BladeSystem enclosure to save for basic, medium and high availability. and Oracle are teaming to address Operations, Open Systems time and money. Each Solution Block They include combinations of Integrity today’s business challenges by enabling Technologies. “As products become includes combinations of Integrity BL860c, BL870c and ProLiant BL460c the synchronization of infrastructure, denser and blade enclosures become blades, application software, HP storage server blades, and a range of storage applications, services and business pervasive, I foresee that a majority of and interconnect technology – all HP- options. Using a high-performance, high - processes to help companies be successful.” the entry to the mid-tier UNIX servers will approved based on best practices or ly reliable and modular infrastructure, HP be based on blade technology. Organi - testing. helps Oracle customers build long-term zations with certain business-critical IT strategies that can dynamically Initial Solution Blocks available for applications will be able to take advan change as the business environment Integrity blades include enterprise evolves.

Effective and efficient application modernization Transforming legacy applications to target IT architectures requires a sensible, methodical approach. Steve Woods, Master Solutions Architect Steve works in the HP consulting and and decomposition is the first step in options. If a particular application is and assess options as we move forward. integration, application modernization implementing this incremental option. meeting your needs, but the platform is Our goal is to aim at reducing services practice and has been Legacy systems may contain many thou - not, a sensible approach is to re-host uncertainty, to provide a business justifi - instrumental in the formulation of HP sands of lines of source code. Just as a your existing legacy code. If the appli - cation. Often this involves measuring mainframe modernization methodologies . physician uses blood tests to diagnose a cation is not agile and not meeting your both tangible and intangible benefits. He previously worked as a cryptologist patient’s condition, source code tells us needs, then you may explore other In transforming IT infrastructure, you with the national security agency. about complexity, level of transformation options. We aggressively seek opportu - have said, “the past can transform the effort, code quality and interdependence nities to modernize the system by Transforming legacy applications seems future.” How so? of a legacy system. HP begins its replacing code with agile architectural daunting at the outset. With this in Legacy systems have a story to tell. We decomposition by using source code components. If this is possible, it is a big mind, it is important to move forward rely on four sources of knowledge in tools to expedite the process. By doing win. methodically. shaping a story: present day application so, we too are able to diagnose the con - What are some of the risks and best characteristics, historical application How might legacy applications be dition of the legacy system and be more practices in using quantitative meas - evolution, source code derived charac - obstacles to creating a world-class IT effective in completing a transformation. infrastructure? ures in legacy transformation? teristics, and visually elicited knowledge Legacy systems tend to resist change. What is your advice to CIOs in Measurements are critical to decision from legacy stakeholders by using tools They drain resources and require hard making this transformation? making in planning and implementing a that employ color and patterns to visual - work to keep up with changing needs. Transforming legacy applications seems transformation. We begin with a series ly depict the system. Present day, Eventually the legacy systems do not daunting at the outset. The existing con - of questions: How much will it cost? historical, and source code derived add much value. The more dynamic the figuration is large and complex. How much code is there? How complex knowledge all intermingle. Suddenly, marketplace, the greater is the need to Nobody can figure out what to do. is it? Is there code to leverage? What there is clarity in understanding how be agile and respond quickly in Many approaches to transformation percentage will be replaced by other the system is constructed. With such transforming legacy applications. appear risky. With this in mind, it is architectural components? What is the complete knowledge, the past transforms important to move forward methodically. size of the legacy application? Then we the future by giving us context and com - To move away from a legacy design, Leaders need to assess their present need to look at the target architectures, prehension in what is required to is it first necessary to decompose that applications with regard to size, their expected benefits, cost savings and achieve our target. design? If so, how do you approach complexity and functionality, and then the overall economic impact. Such decomposing legacy applications? understand the target architecture analysis helps to quantitatively measure Incremental modernization reduces risk,

Page 22 — The HP Financial Advisor Virtual hosted desktops It’s all about the TCO By John Sarni, HP Distinguished Technologist

In the past, most enterprises bought one be the same configuration or maybe one ed PC. The job of or more physical servers for every appli - of several configurations for thousands provisioning cation to preserve the autonomy of that of users. desktops and mak - application. And, because that is how This remote PC concept is not new. ing connections to most of IT was funded, this paradigm Before virtualization became production them is synchronized turned out to be economically unsound. ready, users could connect to a remote so that when a user Over time enterprises ended up with PC blade in the data center. HP offers a wants a desktop 1000’s of physical servers, each of solution called “Consolidated Client there is one which was only about 20% utilized. Infrastructure” (CCI) that essentially uses available. When With virtualization they could put several this concept. Users with a thin client con - using a connection applications on a physical server each nect to a dedicated PC blade using a broker, the adminis - running in its own guest operating sys - remote display protocol. The major dif - trator just needs to tem and having a dedicated share ference is that with PC blades, users are have an idea of the (memory and CPU) of the physical serv - assigned a full blade and thus have user population and er. Great idea and virtualization was complete physical isolation. With this their roles. The adopted at a faster rate than originally approach there are no issues with shar - administrator, for predicted. ing the server I/O capabilities or issues example, would Why not just take some servers, add a of qualifying the application to run in a specify 10 manager hypervisor such as ESX from VMware, virtual environment. desktops, 50 teller desktops, and 30 load a bunch of guest operating systems The PC blade solution has helped blaze advisor desktops and the connection Terminal services and some have added with each one running Windows XP and the trail for the virtual hosted desktop broker would do the rest and make sure to the Citrix Presentation server. Industry a set of applications and then connect because it offers similar TCO and securi - that desktops are ready to go and gov - analysts now call this “Presentation Virtu - users with a remote display protocol and ty advantage by centralizing the PC into ern the connections to ensure users are alization” because the application runs Microsoft RDP? The client device could the data center. be a thin or fat client. Seemed like if you only connecting to their entitled applica - on the server and the presentation is manage all the desktops centrally there Different configurations for different tions. remoted to a thin or fat client using a would be some operational cost saving users The importance of shared images remote display protocol such as RDP for when new applications or Windows XP A best practice in deploying hosted In a virtual hosted desktop solution, the Terminal Server or ICA for the Citrix changes needed to be rolled out. desktop systems is to make a variety of virtual system disks are the same for a Presentation server. This same remote desktop configurations available. For display technique is used for the virtual This use case was too big to be ignored specific desktop configuration. Provision - example, there might be different config - hosted desktops but the difference is that and in April, 2006 VMware launched ing these virtual desktops can take a urations for tellers, advisors, and with the virtual desktops each user has a its Virtual Desktop Infrastructure program long time and use considerable disk managers. Each configuration has the full and isolated version of the operating called VDI. Interesting enough, VMware space. Emerging technologies for necessary applications for each user system. did not at the time engineer a different shared image management solves this and, perhaps more importantly, does product. Instead, they built an Eco- problem. One of these is the HP With Terminal services or Citrix presen - not have applications the user is not enti - system of partners that filled out the Neoware Image manager. Another tation server the operating system is tled to use. A “connection broker” grants solution with connection brokers approach is to have one master desktop shared with all server users that have and connects a user to a specific desk - (connects the user to the desktop) and image and then stream the applications connected to the server. Consequently, top configuration based on access image managers for sharing virtual sys - to it based on user entitlements. performance could be affected if too policies. Of course, the connection bro - tem disks across virtual desktops. With Beyond virtual desktops—more virtual many users are assigned to the same ker needs to have a provisioned hosted server. With hosted desktops, the key is server consolidation, a physical server client technology desktop to connect with. Therefore, most to figure out how many virtual desktops might run 5-6 guest operating systems, It turns out the virtual desktops are just connection brokers available today also can be provisioned onto a physical serv - each one with a different application. In one of several emerging technologies in provision the hosted desktop. In other er. VMware has published test results of a hosted virtual desktop solution many the area of Virtual Clients or Remote words, they load the desktop operating 26 heavy users and 42 light users on an thousands of virtual desktops run on a Client computing. For many years com - system and the applications on the host - HP ProLiant DL 385 G1 server with two handful of servers. Each desktop would panies have deployed Microsoft Continue on page 24

The HP Financial Advisor — Page 23 Virtual Hosted Desktops (continued)

dual-core 2.2 GHz Opteron processors. tingency workers bring their own note - security update to Windows XP presents The numbers will only get better. A user books or desktops. With streaming, a significant difference. With a hosted gets the entire desktop and the perform - the temporary workers can run the enter - solution the IT administrator only needs ance is not changed by other users that prise applications on their personal to create one new desktop template and get connected to the same physical server. devices. provision it in the data center. Users will In addition to presentation virtualization Yet another technology (which is also get the new desktop when they connect A best practice in and virtual hosted desktops, another sometimes called ‘streaming’) is the virtu - to the virtual desktop. Shared image deploying hosted technology has emerged, call streaming al C: drive or diskless PC. In this case technology can be used to reduce the (also called application virtualization). the operating system and the application provisioning time of the 1000’s of virtual desktop systems is With streaming, the application is are streamed. This is used in industries desktops to just a few minutes. A cost streamed to the client. The execution that must make sure the end user does analysis should focus heavily on the to make a variety takes place on the client device not the not have the capability to store data on operational costs since the capital costs server. After the application is streamed, local storage. Both financial institutions will be similar. In addition to reduced of desktop configura - it can run when the client is disconnect - and the healthcare industry have strict provisioning time, thin clients also use ed from the network. You might think regulatory compliance requirements and only a fraction of the power that is used tions available. that this is the same as downloading but must demonstrate that they have controls by traditional desktops—posing a signifi - there is a major difference. to prevent unauthorized copies of cant savings for large enterprises. With streaming, the application is still customers financial or health records. Secondly, the complete solution requires managed by the server and time bombs Considerations in deploying virtual a connection manager, which makes the can be set to disable the application client solutions connection of an end user to a hosted desktop. This is done based on enterprise after a period of time—say 30 days. The First, performing a realistic cost analysis. policy for end user entitlements . Engineers configuration of the PC is not changed. The trap that many people fall into is to get the engineering desktop and The ability to receive a streamed appli - ask, “How many virtual clients can I get marketers get the marketing desktop. cation is managed by access policies. on a physical server and then calculate The connection manager can also speci - This is great for software license the cost of a traditional PC to a virtual fy how to lock down the end user device management. Another more significant PC?” When adding the cost of a portion to disable USB ports or local printing. value to streaming is that the application of a server, the hypervisor, the guest OS, Think of the Virtual desktop solution not executes in an isolated environment on and the applications it is hard to under - as a PC alternative but rather a well- the client device. There is no worry that stand the cost advantage of a virtual managed enterprise endpoint. the application that has been streamed client over a traditional PC. Well, the will have conflicts with anything else on value proposition is operational costs Thirdly, the ease of applying enterprise the PC. If the PC owner has an older ver - not capital costs, which are much harder policies to virtual clients must be consid - sion of the application, it will not matter. to measure. The ease of updating desk - ered. If the true value of hosted desktops There will not be any conflicts. This solu - tops without desk side assistance or if is operational, the enterprise should ask tion works well when the enterprise hires using a desktop management solution how their investment in managing tradi - consultants and these consultant or con - the time it takes to roll out a mandatory tional PCs applies to virtual PCs. Can

Continue on page 25 Page 24 — The HP Financial Advisor Virtual Hosted Desktops (continued)

the policies defined in tools such as HP their applications using the streaming the value proposition is actually configuration manager also apply to technology. In reality, most users could delivered by policy based connection virtual PCs? What about streamed appli - use several styles. A user might have a management and configuration cations and diskless PC? Can a virtual fat client and run office applications management. A virtual client strategy The virtual client disk be provisioned with HP CM or locally that are distributed with a PC should have a central point of adminis - some other enterprise class tool? After management tool. A client/server CRM tration as opposed to a tool for every technology shows all, policies are not associated with the application may be run by publishing vendor and delivery style. The ability to device. Moving from a traditional PC to the client side on presentation server, manage both physical desktops and vir - tremendous promise a hosted PC is a change in infrastructure, and a home grown business application tual clients with the same policy will help not IT policy management. Employee that changes frequently may be enterprises migrate users across styles for helping entitlements are based on job function streamed and then made available for and optimize the delivery based on the organizations lower not client hardware. Given that several disconnected use. A CAD application end user’s role. styles (traditional PC, hosted, streamed, may be offered on a virtual desktop As hypervisors become commodities their operating costs diskless PC) will co-exist at the same because it is rarely used and the license and are basically in the server box it will time, will a different tool be required to cost is high. With the hosted desktop be important for enterprises to keep and demonstrating administer policies for each? If so, the approach only 10 licenses could support operational policies at the business level promise of lower TCO may not come 50 people based on the number of con - and not the infrastructure level. compliance to regula - true. current users that need to be supported. tory requirements. Lastly, user segmentation needs to be Moving forward considered. Enterprises attempt to divide The virtual client technology shows their employees by client type and role. tremendous promise for helping organi - For example, they would say that 40% zations lower their operating costs and will have a traditional desktop PC, 30% demonstrating compliance to regulatory hosted desktops, 20% will use Citrix requirements. The initial excitement has Presentation server and 10% will get been in the virtual hosting systems, but

NYSE selects HP to bring speed to online stock trading system

The New York Stock Exchange (NYSE) ket’s IT infrastructure, which routinely customers using the Hybrid Market to HP has supplied the NYSE with HP Stor - has selected HP servers to improve the handles more than 500 million automatically trade up to one million ageWorks XP12000 storage arrays to efficiency of its online stock trading sys - messages a day.” shares in a single order—up from run the critical applications that keep the tem, the NYSE Hybrid MarketSM. HP server technologies are helping the 1,099. That equals a potential 900-fold trading floor up and running. The arrays In a business environment where millisec - NYSE Hybrid Market adhere to the improvement in trade volume, which can connect to the ProLiant DL585, BL685c onds matter, the NYSE Hybrid Market is Securities and Exchange Commission- help improve the NYSE’s bottom line. and Integrity NonStop servers to verify relying on rack-based HP ProLiant DL585 governed Regulation National Markets “During the past several years, the that real-time data is always available. servers, ProLiant BL685c server blades System, which is a series of initiatives requirements of investors and securities HP also will use its expertise in Linux to and Integrity NonStop servers to grow designed to modernize and strengthen companies have significantly changed,” help the NYSE deploy a more flexible its business by verifying that its online the national market system for equity said Steve Rubinow, chief information and cost-effective operating system for trading transactions occur with the securities. officer, NYSE. “Although order commit - application development, deployment speed and accuracy customers expect. HP ProLiant servers deliver the process - ment reliability is certainly paramount, and maintenance. “We’re proud that the largest stock ing power required to manage daily users want a trading platform with flaw - exchange in the world chose HP to trading volumes that peak or spike at less execution and transaction speed. improve the performance of its IT archi - any given time without any execution HP is helping us deliver it all through tecture,” said Paul Miller, vice president, delays. The servers have reduced the these dependable server platforms.” Enterprise Servers and Storage, HP. “HP average trade-execution turnaround time In addition to assisting with its core trad - technology is ideally suited to serve as from seconds to milliseconds. In ing infrastructure, which has been driven the backbone for the NYSE Hybrid Mar - addition, HP technology allows by NonStop servers for nearly 30 years,

The HP Financial Advisor — Page 25 Mitigate Risk Security, Operations and Governance

HP acquires SPI Dynamics By Tari S chreider , CISM, SSCP HP acquired SPI Dynamics Inc., a lead - ities along the entire lifecycle of web applications,” said Jonathan Rende, ing provider of web application security applications. Customers can also use SPI HP’s Vice President of Quality Manage - “The number of vulnerabilities to business- assessment software and services, to fur - Dynamics software to validate applica - ment Software Products. (See why in critical applications has gone up exponentially ther strengthen its leadership in IT tion security and quality after related story by Caleb Sima, CTO and with the rise of web-based applications.” quality management. This was a big deployment to meet auditing and com - Founder of SPI Dynamics on page 11.) event for SPI as well as for HP and the pliance requirements, such as “Today, HP Software provides solutions —Jonathan Rende, HP’s Vice President of security market since WebInspect, QAIn - Sarbanes-Oxley. that ensure that business applications Quality Management Software Products. spect, DevInspect have already been The number of vulnerabilities to business- run well. Now, with the addition of SPI integrated into HP (Mercury) Quality critical applications has gone up Dynamics, we can make sure it is also Center software, thus allowing customers exponentially with the rise of web-based secure.” to assess and identify security vulnerabil -

HP Information Security Service Management (ISSM) reference model By Tari Schreider, CISM, SSCP Today, organizations must comply with a properties (attributes) and normalized depending on an organization’s INFOS - and regulatory security controls and myriad of legal and regulatory compli - according to their contribution to man - ec program maturity or investment level. their associated attributes. Attributes ance requirements; however, they lack a age and/or mitigate risk. These control 1) Risk Model – A Rapid Risk include control priority context, attesta - cohesive, holistic security control frame - attributes include the specification of Assessment (RRA) process that tion information, CMM level rating, work or model. This lack of guidance Capability Maturity Levels (CMM), con - captures an organization’s most likely etc. A powerful management engine often leads to misinterpretation of the trol governance, SLA/KPI metrics, threats, threat vectors, and threat tar - calculates compliance gaps between requirements and over/under investing enabling technologies, service manage - gets—calculating their likelihood and an organization’s present and future in asset safeguards. To address this lack ment constructs, and many others. The projected impact. The resulting risk state compensating controls in order of guidance, HP developed an ISSM “adjustable” control properties of the score is then compared to the organi - determine the level of adherence to Reference Model and associated Common Control Schema ensure the zation’s available or potential controls standards and regulations. The engine consulting methodology to pragmatically proper alignment of security controls to inventory where control value scoring also contains cross-mapping links and cost-effectively address compliance an organization’s risk appetite. HP’s is used to determine the most appro - between the baseline ISO 27001 stan - commensurate with the value of assets. unique P5 Model of IT governance (e.g., priate combination of controls to dard and dozens of other industry and In essence, ISSM is HP’s ITIL of security People, Policy/ Procedure, Process, address the determined risk. government specific security incorporating industry best practices Products, and Proof) ensures that requirements. 2) INFOSec Framework – A conceptual and international standards ITILv3, compensating controls are deployed in organizational structure, which articu - 4) Reference Guides – Authoritative CMMI, CobiT ®v4, NIST, Basel II, an objective and precise manner where lates the core Domains, Disciplines, guidance to provide detailed deploy - ISO/IEC 20000 and ISO 27001. governance “lives” at the control layer and Elements of an INFOSec ment knowledge for implementing rather than an amorphously ill defined The components of ISSM define an program. The Framework brings compensating controls. Reference management layer or buried within INFOSec program’s structure, together disparate/multiple IT security Guides are selected from leading ambiguous policies. interdependencies, and functionality standards and regulations by their industry and security standards bodies resulting in a highly operationalized HP ISSM is comprised of the following respective common denominators in making them universally accepted by IT security controls and governance seven (7) core components, which in order to reduce the effort and cost of all auditing and regulatory entities. framework. The core of the HP ISSM their entirety form the foundation of an achieving compliance. Each guide has been carefully Reference Model is its Common Control enterprise INFOSec program. HP ISSM researched for applicability to each 3) Controls Inventory & Compliance Schema, a method by which security components can be used individually, in compensating control and provides the Reporting Engine – A repository of IT controls have been defined by certain various combinations, or in their entirety depth of knowledge to be used in Continue on page 27 Page 26 — The HP Financial Advisor whole or part depending on the 7) INFOSec Knowledgebase – INFOSec desired maturity (CMM) level of a programs require a centralized reposi - compensating control. tory in order to facilitate the systematic 5) Reference Maps – An abstraction organization and retrieval of security view of compensating controls and and compliance documents. their associated process flows to guide SharePoint is ideally suited for the task an organization in deploying an in- of storing and managing all the asso - depth defense strategy. Reference ciated INFOSec program policies, Maps and process flows present logi - procedures, standards, diagrams, etc. cal associations between Preloaded with substantive INFOSec physical/logical security layers to program IP, organizations can jump- guide an organization in formulating start their asset protection initiatives. perimeter protection, infrastructure The secret sauce in HP’s ISSM Reference hardening, access control, and other Model resides in the definition of asset protection strategies. 16,000 control attributes, which have 6) Control Templates – Technical specifi - been normalized in a manner allowing cations and standards that provide controls to be accurately aligned to an detailed guidance on the implementa - organization’s risk posture. This provides tion of compensating controls. Control an unparalleled enterprise view and Templates ensure that ISO, CobiT, and security governance framework for serv - NIST security standards are accurately ice-level and operations-level patterned from their source as well as agreements, and ensures the integrity present CMM options, metrics, and protection of information and assets enabling technologies, and associated through an effective IT-related risk man - policies. The Control Templates also agement strategy. This approach document each of the P5 Model gov - reduces compliance costs, ensures that ernance attributes to ensure that security controls address all enterprise controls are objectively deployed risks, and helps achieve a best- in-class according to their CMM level. INFOSec program. Musings on web application security By Caleb Sima, CTO & Founder – HP Spi Dynamics To understand why web security is one The hackers adapted to this and started So here we are today with Firewalls, The web application has become the of the hottest issues today, we need to finding vulnerabilities in the services that patch management and IPS systems easy path straight to the crown jewels go back in time and look at the history were allowed such as email, ftp and along with complicated authentication for hackers. Every company has a web - of security and specifically network secu - web. This allowed them to bypass the and authorization systems, and yet hack - site. Almost every company does their rity. Back in the old days of security, firewall, exploit the service and gain ers are continuing to break into systems. business through their web application most of the networks and machines were access to the servers. The security com - How? and every website is typically all open and located directly on the munity responded by creating IDS The one area that security has not developed, managed and updated by Internet. Hacking was extremely easy (Intrusion Detection Systems) to watch touched is the web application. System people who know nothing about securi - and port scanning was the most popular the traffic flowing through the firewall, administrators and security people patch ty. As such, the website is the last layer method of finding machines and finding and to identify these attacks. Companies and watch the web server, but they typi - of security and is the most vulnerable. services. This became a huge problem figured out quickly though that an cally do not have permission to look at Most web applications are trusted thus, so firewalls became the most popular IDS system is like an alarm system and the application which runs on that web if the hacker can figure out how to solution. Shove a firewall in front of the no one pays attention to them because server. Firewalls allow the traffic manipulate the web application, then networks and pull them off the Internet attacks are so commonplace (Think of because it’s a permitted port. IDS and they can also manipulate anything that so that only allowed services could be how often car alarms are ignored). IPS systems don’t detect the attacks if the web application has access to— like accessible to the public. This worked Next, they created automated patch they are not ‘known issues’ which are the database, file system or—most fright - great for a short amount of time. management solutions and IPS (Intrusion posted on BugTraq or other security lists. ening, the users of that web application. Prevention Systems) in order to actually This brings us to the web security issue stop or prevent attacks from occurring. of the day: Cross-Site Scripting. Continue on page 28 The HP Financial Advisor — Page 27 Musings on Web Application Security (continued)

Cross-site scripting for dummies areas on web sites are search engines attacker’s creativity. This simple problem the first name field. When I went to the Cross-site scripting (also known as XSS and login forms. has produced amazing exploits that last stage of the application process range from an attacker being able to what do you think happened? or CSS) occurs when dynamically gener - Step 3. Once you have located a search steal your search history to infecting ated web pages display input that is not engine or login form, enter “test” into • ATMs: This is theoretical, but many your browser—capturing all keystrokes, properly validated. This allows an the search field or login name and sub - ATMs that use web based front ends recording entire browsing sessions and attacker to embed malicious JavaScript mit the request to the web server. may also be vulnerable. There is an code into the generated page and exe - sending them to the attacker. In fact, for ATM at the mall near my house that Step 4. Look for the web server to cute the script on the machine of any two consecutive years, SPI Dynamics says ‘Welcome Caleb Sima’ when I respond back with a page similar to: user that views that site. Cross-site script - presented at BlackHat about how hack - swipe my credit card. ers can build complete port scanners ing could potentially impact any site that 1.“Your search for ‘test’ did not find any I wonder what would happen if I and automated web attack tools in the allows users to enter data. This vulnera - items” rewrote the magnetic stripe to put victims browser to scan internal networks bility is commonly seen on the following: JavaScript as my name instead? 2.“Your search for ‘test’ returned the fol - and feed the data outside to the attack - • Search engines that repeat back the lowing results” er. The hot topic now is combining these • Collaborative software: A lot of software exists that allows you to pres - search keyword that was entered. 3.“User ‘test’ is not valid” things into web app worms which prop - agate themselves using XSS and search ent presentations online and to • Error messages that repeat back the 4.“Invalid login ‘test’”: collaborate with multiple users remote - string that contained the error. engines. This form of exploitation has If the word ‘test’ appears in the result become so advanced that we now have ly. Many of these are web based and • Forms that are filled out where the val - page, then an entryway for cross-site technology that mutates the XSS worms allow any participant to answer ques - ues are later presented to the user. scripting has been found. so that they become completely tions or chat. You will find many XSS possibilities here. During a recent web- • Web message boards that allow users undetectable. Now that little JavaScript Step 5. To test for cross-site scripting, based presentation for a large to post their own messages. input the string “” without quotes as done with of our presenters attempted to send JavaScript via the “ask a question” fea - ture. It did not appear to work, but we The web application has become the easy path found later that the moderator who was approving questions thought the straight to the crown jewels for hackers. software had been hacked because alert boxes kept popping up on his An attacker who uses cross-site scripting “test” in Step 3. Submit the request to Impact of XSS on non-traditional web screen. successfully can compromise confiden - the server. applications tial information, manipulate or steal Step 6. If the server responds back with Since almost everything is moving to a cookies, create requests that can be mis - a popup box that says “hello”, then the web front-end, this broadens the number Conclusion taken for those of a valid user, or web site is vulnerable to cross-site script - of places where XSS can be exploited. execute malicious code on the end user ing. For instance let’s look at some areas All of these examples systems. XSS has been around for a very Step 7. If Step 6 fails and the web site people overlook when they think about merely demonstrate the long time but never really became popu - does not return a popup box, click the XSS. lar until the use of AJAX emerged and ubiquity of web based ‘View’ menu in IE, and select the • Web based kiosks: Most kiosks that made the exploit payloads for XSS ‘Source’ option. This will cause notepad you see in bookstores, grocery stores, solutions that can extremely dangerous. to open with the HTML source of the train stations, hotels and airports have Let’s view this security issue through the page. In notepad, click the ‘Edit’ menu all become web based. This brings potentially be exploited mindset of the attacker. It allows you to and choose ‘Find’. A dialog will appear XSS to a whole new attack vector. For in some way, especially quickly understand how a hacker identi - that will ask you to ‘Find What’. Type example, in a bookstore try inputting fies the issue and how it is exploited, so the phrase “’ as a book if they are not designed let’s look at how you might find XSS in a (‘hello’)” and click ‘Find Next’. name sometime. Or, I have also filled and QA’d properly in the web application. If the text is found, then the web server out an employee application on a ter - is vulnerable to cross-site scripting. minal in a grocery store, and noticed beginning. They also Step 1. Open the web site in a browser. Now obviously, XSS goes beyond just that on the last page of the application serve as a testimonial for Step 2 . Browse the web site for areas popping up an alert box on your brows - I received a response that said ‘Thanks that accept user input and will return er window. The ability to act in the Caleb for your application’. I then why SPI Dynamics! back what you typed in. For example, context of the web server and executing filled out another application and the most common locations for these dynamic content is only limited by the input ‘ in

Page 28 — The HP Financial Advisor Regulatory compliance and document handling in financial services By Joe Wagle

Since the late 1990s, the financial serv - Today, increased sensitivity to privacy 1. Achieving regulatory compliance and Further ensuring compliance and mini - ices industry has undergone a broad concerns, and the need to maintain a maintaining a strong compliance pos - mizing risk, HP’s solution enables transformation as the result of increased transparent trusted, and competitive mar - ture; companies to respond more quickly to competition, new regulations, new trad - ket system have led to more stringent 2. Streamlining their workflows and compliance-related information requests ing and communication systems, new regulation of the financial services indus - increasing the efficiency and cost-effec - by streamlining the discovery and processes and technologies, and evolv - try—particularly among the capital tiveness of processing transactions; discovery request process. ing customer needs. In turn, these markets. Financial Services companies and In addition to achieving regulatory changes—along with the continued use are now governed by an ever-growing 3. Increasing staff productivity by help - compliance, many companies in the of legacy processes and systems—have body of complex regulations that are ing them focus less on paperwork and financial services industry are also seek - led the industry to conduct transactions often difficult to interpret and understand. processes, and more on building ing ways to streamline their workflows and support customers across a variety Billions of dollars in fines have been strong customer relationships. and processes to reduce costs and of new and existing media. Such media paid by financial services in the last few improve efficiency. To that end, HP’s To meet the regulatory compliance include online access to services and years, and the reputational damage is Compliant Document Capture solution challenge, HP’s Compliant Document products, phone banking, mobile bank - estimated to cost 10 to 20 times more. provides faster, more streamlined trans - Capture solution utilizes HP multi- ing, in person at branch offices, and Despite these stricter regulations, and action and document processing that is function products and HP ScanJet through couriered and posted mail. because of the significant cost of less costly. The solution also offers easy- devices to digitally capture paper docu - The reality of multiple banking channels comprehensive electronic document cap - to-use tools that help enable frontline ments, and HP Digital Sending and has created overlapping, inefficient and ture and archival, many financial staff to easily digitize, route, process third-party software to automatically redundant systems for processing and services companies still use a combina - and retrieve important information and process, route and archive those docu - managing investment and financial tion of systems, some of which rely on integrate the content into existing work - ments. This helps provide archival and transactions. While the technology used non-compliant, paper-based records flows—greatly improving product audit trails of all incoming and outgoing by financial services companies has management. Furthermore, those origination time while reducing costs. correspondence related to key process - grown more sophisticated in recent companies that have already implement - es, including new enrollments, securities By reducing the paper involved with years, some transaction processes—and ed a complete electronic records trading and account maintenance. To transactions, automating and streamlin - the records management supporting management solution often maintain dis - address industry regulations governing ing workflows, and providing easy these processes—have remained largely jointed silos of archival information that privacy and data security, HP’s integrat - access to important device functions, the paper-based. Although inefficient, this cannot be easily shared. ed solutions encrypt sensitive client data HP Compliant Document Capture solu - generally satisfied compliance mandates HP created the Compliant Document and control access to that data through tion can help free up frontline staff so in the past, but is inadequate for meet - Capture solution which is a combination authentication. They also help secure they can focus on the most critical ing the current demands of industry of HP hardware, software and services devices and network connections, as element of the business— their regulations. that helps enable companies to address well as the management tools needed to customers. three critical areas of concern: keep those security safeguards in place.

The HP Financial Advisor — Page 29 eDiscovery By Suzanne Prince

Financial Institutions today are subject to daunting compliance task. Most finan - As an example of how HP’s eDiscovery world-class records management and ever-increasing and seemingly unachiev - cial services enterprises have many solution enhances compliances and dra - archiving solution. eDiscovery allowed able regulatory mandates. These terabytes of email data translating into matically reduces costs, the experience them to reduce their email retrieval staff mandates neither help generate revenue billions of individual messages. And, of the Dubai International Financial Cen - from 30 people to 1 because of the nor reduce costs, but rather have since the regulations require long-term tre (DIFC) provides a stunning illustration. advanced search capabilities and the become a cost of doing business in an retention of emails, the capacity and DIFC aspires to become one of the instantaneous response—returning increasingly complex world. One of the corresponding cost cannot be addressed world’s leading financial centers—and, search results in less than 10 seconds most challenging regulatory issues con - by deleting old messages. in fact, run their own stock exchange. regardless of the search size. DIFC fronting financial services in the US is HP’s eDiscovery solution enables They license financial institutions to oper - gained a projected, cumulative 5-year SEC 17a-4 which governs the retention, customers to archive, search and retrieve ate in their 100-acre free zone. These net benefit of $1.2 million with an ROI accessibility and reporting requirements emails, files and databases. Using Refer - firms, in turn, are eligible for such bene - of 361% and a payback period of 15 for electronic communications—includ - ence Information Storage System (RISS), fits as a zero tax rate on profits, 100% months. ing email. SEC 17a-4 imposes specific it provides a low-cost, scalable and foreign ownership, no restrictions on for - If we look at the current volume of sent requirements for the capture, indexing, robust solution for email archival and eign exchange or repatriation of capital, emails— 87B per day, and the project - storage, search and retrieval of electronic compliance. It’s an all-in-one appliance operational support, and business conti - ed 27,000 petabytes of data that will be communications between the company with a unique, grid-enabled, SmartCell nuity services. Even with all those stored around the world by 2010, HP’s and its trading partners and customers. architecture—the latter provides the benefits, to be trusted in the internation - eDiscovery’s unlimited scalability and Given that in January, 2008, sent email capability to intelligently distribute al world of finance, DIFC needed to rapid search speeds will truly make com - volumes around the world reached 87 billions of objects across the Smart Stor - comply with the same level of legal and pliance possible in this era of billion per day, even the company’s age Cells. financial regulations as required in the information overload. modest portion of that volume creates a US and other key markets—including a

Page 30 — The HP Financial Advisor eMail archiving and Exchange 2007 migration By The Radicati Group, Inc.

As banks face the migration of messag - them due to government and industry ease email migration and ongoing mes - content of PST files into the RISS ing from Exchange 2000 to 2007, the regulations. saging operations. appliance for searching and archiving. prospect of moving the entire organiza - Storage – In a typical migration, The primary way archiving solutions In addition, selective archiving can be tion’s mailbox content to a new platform hundreds of gigabytes of mailbox con - help is by drastically reducing the size of performed on PST files to place “tomb - is daunting—and carries a number of tent is stored in the original messaging the original mail store so only a fraction stones” inside PST files in place of risks. For one, administrators must be system. Most migration tools involve of the data needs to be transferred to messages and attachments, allowing the careful not to lose important messages a period of co-existence where copies the target environment. This is achieved company to reclaim valuable storage during migration. After all, the messag - of mailbox content exist on both the by the use of single instancing technolo - space. ing system is home to extremely valuable original and target email systems. Unfor - gy which removes duplicate messaging RISS for Messaging can be implemented content including documents, business tunately, this approach is slow and from the mail stores. This greatly simpli - as compliance archiving where all mes - contacts, intellectual property, and digi - demands a great deal of both storage fies the migration process resulting in sages sent and received are archived or tal records. Secondly, it is imperative and IT resources which is expensive and faster deployments and major cost with selective archiving where it would that employees maintain access to their often impractical. savings. set archiving policies, and RISS mines inbox at all times which is not possible PST files – Aside from mailbox content, Depending on how aggressively mailboxes and messages that meet the for most migrations. Every hour the mes - many users maintain personal PST files customers archive, RISS for Messaging archive polices and sends them to the saging system is offline translates to a to retain old messages which are stored can reduce the data to be migrated by RISS archive. loss in productivity, lost sales and oppor - on local or networked disc drives. These as much as 80%. RISS “mines” The RISS technology is a completely inte - tunities, and frustration. files are usually large, unmanaged, and messages out of the Exchange Server grated appliance (HW + SW + With these risks in mind, some of the non-compliant. An ideal migration proj - mail store based on customized policies. services), making it the easiest archiving top challenges of email migration ect would eliminate the need for These policies are flexible and can be solution to implement. And… it uses include: creating PST files and free up the valu - based on a variety of factors such as the HP’s SmartCell Storage Grid system Message retention – Since users have able infrastructure resources they age or size of messages. Of course all which allows for virtually unlimited scal - become so comfortable “living” in their consume. messages can be tagged for archival if ability. It also comes with an advanced email client, many treat the inbox as if it Email migrations are complex and risky desired. A “stub” is left behind in the Web search tool that provides fast were a file cabinet. As a result, individ - on their own, so it may seem counter- inbox so users can access archived mes - access to archived records. Since mes - ual mailboxes hold project files, intuitive to introduce another new sages with a standard double-click. sage retrieval is so fast and simple, intellectual property, company records, technology into the email environment Suddenly, the most challenging aspect end-users can retrieve messages contact information, and other valuable prior to the migration project. However, of migration is no longer much of a chal - themselves. assets which can’t be purged. Not only email archiving solutions, such as Refer - lenge. Not only does RISS speed up Exchange is it essential to maintain the messages ence Information Storage System (RISS) The RISS for Messaging’s PST Importer 2007 migration, it is optimized for eDis - through the migration for productivity for Messaging from HP, can significantly tool allows administrators to import the covery. and legal reasons, but also to maintain

Accelerate your trading.

The HP Financial Advisor — Page 31 HP beefs up document automation with acquisition of Exstream Software By Patsy Koetting HP has acquired Exstream Software, a customer satisfaction and loyalty as well Ranked among the world’s fastest grow - privately-held leading provider of enter - as higher response rates. These in turn ing technology companies, Exstream’s prise software that streamlines the translate into higher returns on VDP solution has demonstrated the ability Exstream’s VDP solution creation and delivery of personalized investment and increased profits. to get communications to market as documents and other communications “Document management processes much as 85 percent faster, reducing doc - has demonstrated the abil - materials. Exstream’s technology (Vari - pervade all areas of the enterprise seg - ument production costs up to 80 percent ity to get communications able Data Publishing or VDP) is a system ment,” says Bruce Dahlgren, Senior VP and as much as tripling customer of enterprise software and printing infra - in HP’s Printing & Imaging Group. “As response. For one large HP customer, to market as much as 85 structure that enables financial an example, banks offer both online VDP has the potential to dramatically percent faster. institutions to increase sales productivity and paper statements for their reduce the cost of printing and storing by designing, managing, and publish - customers’ convenience; financial the approximately 180 different ing highly customized print and online services firms provide personalized port - brochures available in every store while documents, based on business rules and folio displays on account literature; call also increasing offer uptake via relevant information about a specific customer. center representatives populate Web personalization. Timeliness, accuracy and relevance are forms based on customer interactions.” key—and translate into improved

HP helps businesses defend against malicious web attacks with new application security offerings

HP recently announced major updates to This lifecycle approach helps companies Feiman, vice president and Gartner fel - "Technology underpins our entire busi - its application security software as well comply with government and industry low, Gartner. "Organizations must not ness, and our IT organization strives to as a new software-as-a-service offering regulations, such as the Federal Informa - only find security vulnerabilities in their deliver predictable outcomes," said to help businesses reduce the risk of tion Security Management Act, the applications, they must fix them and be Christopher Rence, chief information security breaches due to hacker attacks Health Insurance Portability and vigilant about prevention throughout the officer and vice president, Fair Isaac and safeguard against theft of sensitive Accountability Act, the Payment Card application lifecycle, from requirements Corporation. "One of the solutions we customer information. Industry Data Security Standard, and the definition, development and testing, rely upon to do this is HP Application The new release of HP Application Secu - European Union Directive on Privacy through production." Security Center, which provides a com - rity Center helps organizations discover, and Electronic Communications. In a recent survey of 1,000 IT profession - prehensive capability for testing, fix and prevent security vulnerabilities in "While customer-facing applications als worldwide, 80 percent said that remediation and prevention throughout their web applications. New features in may be the lifeblood of a business, if responsibility for application security our development lifecycle." the software help bridge the gaps that they are not secured, they can provide falls to their security or operations Continue on page 33 exist among development, quality assur - an open door for hackers to a compa - teams, while less than 27 percent said ance, operations and security teams ny's most sensitive data," said Joseph that their development or quality assur - within an IT organization. ance teams share the responsibility. 1

Page 32 — The HP Financial Advisor HP helps businesses defend against malicious web attacks with new application security offerings (continued)

According to the Web Application Secu - invent every day, the HP Web Security available for Microsoft Visual Studio ® minimize this risk," said Jonathan rity Consortium, an international group Research Group, which includes many 2008, Visual Studio 2005 and Rende, vice president of products, Soft - of application security experts and renowned experts in the security field, Eclipse. ware, HP. "HP is helping customers industry practitioners, more than 40 per - has added and updated checks in HP • HP QAInspect includes the first address their biggest application security cent of web hacking incidents are aimed Application Security Center for rich Inter - advanced security defect management challenges with new software- as-a-ser - at stealing personal information. Such net applications, including critical capability integrated with market-lead - vice offerings, product enhancements "personal records" are easily traded on vulnerabilities in Apache and MySpace ing HP Quality Center software. With and research breakthroughs from our the Internet, which makes them the easi - plug-ins. defect staging and consolidation security experts." est virtual commodity to exchange for The new security checks are automatical - capabilities, application teams can fil - HP also provides turnkey web applica - 2 money. ly updated for existing customers within ter, prioritize and assign defects based tion security assessment and penetration Customer adoption 24 hours. In addition, the group on risk to the business. This makes testing services performed by application Since the acquisition of SPI Dynamics in researched new security issues for Web security defect information available to security experts. These services use the 2007, HP has increased its investment in 2.0 technologies, including the whole application lifecycle team, HP SaaS offering to accelerate the research, product enhancements and Asynchronous JavaScript™ and XML including development, quality assur - assessment of an application's vulnera - new services in the application security (AJAX), Adobe ® Flash and Microsoft ® ance, operations and security. Security bilities and help customers reduce and area, boosting customer adoption. As a Silverlight™. problems are then detected and fixed manage risks associated with web appli - result, five of the top six banks, three of Major product updates boost lifecycle more rapidly. cations that affect their business. the top four food market companies, approach to application security. • HP WebInspect has been enhanced Availability four of the top six insurance companies, HP Application Security Center includes with faster runtimes and improved Enhancements to HP Application Securi - and five of the top seven public compa - HP Assessment Management Platform as scanning accuracy for the security ty Center are available today. The new nies in the world, as ranked by the the foundation of the solution, with HP vulnerabilities that hackers most services are planned to be available in 3 Forbes Global 2000, use HP Applica - DevInspect for developers, HP QAInspect frequently exploit. These include cross- August. tion Security Center to protect their web for quality assurance teams and HP site scripting and structured query HP Application Security Center is part of applications from security threats. WebInspect for operations and security language (SQL) injection. This helps IT the HP Secure Advantage portfolio, "As a mobile data services provider, our experts. This allows customers to operations and security teams more which helps organizations improve pro - clients require applications that are successfully find, fix and prevent security efficiently find and fix the security tection of data and resources while ready when needed, highly available vulnerabilities. Enhancements to HP defects that matter. validating regulatory compliance across and secure," said Jes Beirholm, director Application Security Center increase effi - New software-as-a-service offering their entire infrastructure. of information security at Denmark- ciency for these teams and help them HP Assessment Management Platform, To learn more, download a whitepaper based End2End VAS ApS. "HP integrate these security practices into the foundation of HP Application Securi - on preventing malicious web attacks at Application Security Center helps us stay their existing application lifecycle ty Center, will be offered through HP www.hp.com/go/stophackers. ahead of potential security issues so we processes. Software-as-a-Service (SaaS). Customers can provide our customers thoroughly • HP DevInspect provides improved can quickly and cost-effectively central - 1Vanson Bourne, Survey, May 2008. tested services and applications. It also hybrid analysis that combines static ize all of their web application security 2 helps us deliver on time by reducing our Web Application Security Consortium, "The Web and dynamic analysis to help find the assessment programs into a complete Hacking Incidents Database 2007 Annual Report," security testing time from a week to one true vulnerabilities. Remediation efforts solution maintained and managed by February 2008. hour." can then be focused on the highest HP SaaS. 3Forbes, "The Global 2000," April 2008. New research helps businesses stay risk security defects. It provides a clear "Hacker attacks are a critical concern ahead of hacker threats. path for developers to build secure for IT organizations of all sizes. Now To help organizations stay ahead of the code within their integrated develop - customers can get up and running quick - ever-changing security threats hackers ment environments. Support is ly and involve the right teams to

The HP Financial Advisor — Page 33 Revenue Growth

Helping customers turn challenges into growth By Steven McLaughlin, general manager of SunGard’s Phase3 solution One of the biggest challenges currently helps organizations automate securities • provide a greater ability to increase schedule. The conversion itself took one facing the middle and back offices is the processing, which helps reduce the capacity to support new products and weekend and was without incident. significant and consistent increases in delays and errors associated with manu - migrating product volumes from lega - Three weeks after going live, the trade volumes and customer holdings. al interventions and efficiently cy systems customer has already sent us numerous Financial services firms continually need accommodate large trade volumes. This customer, a very large diversified positive comments, including a note that to create new products in order to Phase3 also assists customers in consoli - financial services firm, uses Phase3 for senior management is “extremely remain competitive. These products often dating their records by helping them to its brokerage business, which already pleased.” result in a need to process large process all security types on a single has an extremely large base of customer platform and using a single database. Helping Our Customers Grow volumes of data in very tight timeframes. positions. Therefore, room for growth The new platform also helps us better Other firms are faced with large spikes Phase3 is part of SunGard’s Brokerage was also critical. serve firms with significant trade in volumes due to market activity or new & Clearance business, which supports With these requirements in mind, our volumes. One existing customer, a corre - business opportunities. In today’s com - the middle- and back-office functions for team at Phase3 looked at the latest plat - spondent clearing firm, already has petitive environment, these volumes and trade processing, clearance and settle - form from HP: the NonStop Itanium trade volumes nearing one million market spikes must be processed without ment, data management, tax reporting platform. trades per day and requires top perform - event and within aggressive levels of and accounting. The Brokerage & Clear - HP had made a number of promises ance levels. service. Yet even the biggest firms, which ance business helps broker dealers, about the new platform: it would typically have the most resources to banks, futures commission merchants Again, the Nonstop Itanium platform provide better availability, more power solve such a problem, are feeling the and asset managers streamline opera - seemed to be the answer. But first we to meet demanding OLTP and batch strain. tions, control risk and manage cost. ran the Phase3 system on NonStop Itani - Service Levels, and a greater processing um for about six weeks in HP’s Phase3’s Facilities Management (FM) Meeting the Challenges capacity to support a customer’s grow - Cupertino, California data center. Not customers, who use dedicated servers Our customers have not hesitated to ing transaction volumes while remaining only could the platform process five mil - that are owned and run by SunGard, voice their concerns about these trends. on a single production node. lion trades per day within the Service include such tier-one firms. They are pro - They are looking for more processing We were delighted to find that NonStop Level requirements, it could handle 10 cessing hundreds of thousands or even power and improved performance. Itanium was twice as fast as the platform million trades within minor exception to millions of trades that their clients send Through our partnership with HP, we that we currently use - with just a partial the SLA. In addition, we saw 49 percent them via file transfer. They rely on have begun to help our customers solve configuration. That result contributed to savings in batch run time and a 300 Phase3 to handle not only those bursts these problems. our customer’s decision to extend its percent gain in trade throughput. of activity but also the batch processing When the contract of one of our FM cus - contract with SunGard. By upgrading to Phase3 and the Non - for management reporting and regulato - tomers came up for renewal earlier this The migration for both Phase3 and the Stop Itanium platform, our customer will ry reporting. They need reliable, year, it issued us with several firm was pain-free. We didn’t have to be able to leverage a high performance accurate and fast service. challenges: make any material modifications to and scalable platform that can be eco - Phase3 has been at the forefront of • double capacity over the next five Phase3 in order to migrate our software nomically configured to meet future developing ideas to help customers man - years onto the platform. More importantly, it business demands. At the same time, it age this volume growth. A real-time, took less than three months from the can offer more appealing pricing to its order-to-settlement global securities pro - • provide a greater ability to increase installation of the hardware to live pro - clients and therefore attract new cessing solution for retail and capacity to support new products and duction, and the implementation was business. institutional broker-dealers, ECNs and migrating product volumes completed nearly one month ahead of Continue on page 35 correspondent clearing firms, Phase3

Page 34 — The HP Financial Advisor Helping Customers Turn Challenges Into Growth (continued)

Phase3’s migration to the HP Itanium tions or even re-architect our system. In addition, the growth potential of the umes rising and customer balances and platform is also helping us attract new Instead, we were able to leverage the system should allow us to stay on it for positions increasing throughout the secu - business, including an institutional equity NonStop Itanium platform to retain top- years to come, which means that our rities industry, the platform’s performance firm that handles large trade volumes. tier customers and compete for new customers won’t have to make any capabilities have helped us retain exist - This is a major opportunity, and the business. In fact, it will benefit all of our major system migrations. ing customers and provide a technology combination of HP’s technology with customers as we migrate to this platform Throughout SunGard’s 25-year partner - platform for years to come. Phase3 puts us in a position to be over time. ship with HP, we have enjoyed access to extremely competitive. NonStop Itanium also helps Phase3’s the latest technology and knowledge, Trust and Experience operations. We believe that our overall which has often been a significant factor We know that we can depend on HP total cost of ownership will be reduced in closing deals with new and existing because the product works as as result of the new platform and our customers. HP’s NonStop Itanium advertised. HP consistently hits its customers’ increased volumes. platform is no exception. With trade vol - performance metrics, which means that we don’t have to benchmark minor sys - tem upgrades in order to understand the performance impact. Moreover, we don’t have to modify our software for a system upgrade, which is rare nowadays. In addition, both our team and HP’s have decades of experience on the sys - tems. They know our applications and how they integrate with HP technology. These experts can fine-tune the HP plat - form for optimal integration with Phase3. That means that our customers get the full advantage of our offering. It also helps us maximize our own efficiency. If we hadn’t been able to partner with a vendor like HP, we might have had to make substantial modifica -

The HP Financial Advisor — Page 35 HP software portfolio expands through acquisitions targeting “optimal business outcomes” By Cecilia Gunning

While a significant player for almost 20 By the mid-to late-‘90s, HP joined other become the sixth-largest software busi - • Data center transformation: years in the area of enterprise manage - noteworthy vendors to back IT Service ness in terms of sales, which topped $2 Consolidating infrastructure, applica - ment software, HP, through a series of Management (ITSM), a revolutionary billion in 2007. tions and management technology aggressive acquisitions, aims to round approach to managing IT services root - According to Hogan, as a result of the and automating processes to reduce out its software portfolio to help ed with the vendor-neutral Information acquisitions, “HP Software is equipped capital and operational expenditures enterprise customers extract more value Technology Infrastructure Library or ITIL. to help businesses around the world The company links these strategic initia - from people, infrastructure, applications ITSM aims to redefine the IT organization align IT efforts with business goals, tives to underlying IT initiatives— and information. from a cost-centric overseer of comput - improve efficiency through automation, portfolio and financial management, Several key trends over the past 20 ing infrastructure to a profit-centric raise service quality, increase speed and ITSM, application project deployments years have fundamentally changed what provider of business services. agility, and reduce risk.” and upgrades, data center consolidation, IT people must do to ensure the quality, This transition laid the groundwork for How various vendors describe and cate - and others—that are designed to enable performance, availability and security of HP Software's latest evolution, which HP gorize enterprise management software IT managers to follow strategic their applications, and this is especially refers to as building and delivering soft - evolves constantly and seldom with con - mandates and optimize within domains. true for IT in financial services enterprises. ware to help optimize business sistency from company to company. HP BIO solutions With distributed computing taking off in outcomes. divides the portfolio into two major cate - The second category—also buttressed the ‘80s, the sheer number of computers According to Tom Hogan, Senior Vice gories: business technology optimization by recent acquisitions—targets the need to be managed rapidly increased, along President for HP Software, “CIOs are (BTO) and business information to manage and utilize for regulatory with the number of network devices determined to run IT more like a optimization (BIO). compliance and business advantage the upon which applications depend. business, to break down the traditional BTO solutions terabytes of structured and unstructured Just within the past decade, the Web silos within IT, and most important, to BTO solutions help financial institutions information that flow through an enter - has added dimensions of complexity deliver the results that the business is make sure that every dollar invested in prise. HP Software BIO solutions support unimaginable a few years ago. Now, looking for.” IT, every resource allocated, and every both information management and busi - the most important end-users are HP sees the importance of IT to financial application or service in development or ness intelligence: customers. institutions as just one part of a major production meets business goals. HP's • Information management: Protecting In addition, greater complexity is chang - trend in business today: the shift from IT strategy is to combine the capabilities of vital financial data against disaster, ing the nature of investment decisions IT technology to business services. Says the software product portfolio with the ensuring business continuity and build - must make to craft the best project port - Hogan, “Technology no longer merely expertise of the HP Services organization ing a cost-effective archiving folio. The stakes are higher, with many supports the business. For most compa - to support key initiatives that drive busi - infrastructure to mitigate the business businesses tying corporate strategy to nies, it has become the business.” ness results. HP has targeted 4 initiatives risk of legal discovery the successful deployment of new infor - The HP Software Division is HP’s of relevance to large financial • Business intelligence: Economically mation systems. The resulting data now response to that paradigm shift. Its man - institutions: capitalizing on enterprise information requires unprecedented levels of scrutiny date is to assemble the solutions, • Business and IT alignment: Prioritizing to drive revenue and abate risk to manage for regulatory compliance people, processes and enabling services IT efforts according to business HP is working to fulfill their mission of and business advantage. to help IT organizations become high- requirements, delivering value to the optimizing business outcomes by bring - In the financial industry, due to strict performing strategic partners to the business and making sure that value ing well respected solutions under the requirements for security, speed and business. Or, to use HP terminology, is recognized HP brand, capitalizing on the talent and compliance, the need for effective man - to “extract high value from people, infra - • Service management: Applying best technology within HP and beyond, work - agement of IT investments, services and structure, applications and information.” practices for IT service management, ing to innovate across its product line, data is particularly acute. Toward that end, HP Software has made change, configuration and release strengthening integration within its port - To give IT teams the tools to manage all acquisitions over the last few years, management, and business service folio and with third-party offerings. of these IT service dependencies, enter - including Mercury, the second largest management to make sure business prise management software for acquisition in HP's history. Other acqui - services meet service-level agreements distributed computing was born in the sitions also brought Peregrine, Opsware, • Application quality management: Effi - late ‘80s and has evolved ever since. ApplQ and Knightsbridge into the port - ciently and cost-effectively managing HP made a name for itself in this area folio, as well as software components requirements, testing applications in with HP OpenView, first focusing on net - from Tandem and Compaq. As a result, development and monitoring applica - works, and then systems and according to IDC, HP Software has now tions in production to make sure applications. applications deliver end users value

Page 36 — The HP Financial Advisor Next-generation core banking solutions from HP and Oracle

Oracle ® FLEXCUBE ® is a comprehensive leveraging open standards and Oracle rapid time-to-market, launching config - FLEXCUBE is service-oriented banking product suite that allows finan - 10g across all modules, banks can ured products being in the least possible architecture (SOA)-enabled, allowing cial institutions to standardize, optimize reduce costs as much as 90 percent over time. coexistence with the bank’s established and transform their processes. It’s mainframe systems (e.g., Shinsei Bank). Low risk solution architecture and leveraged ideal for retail, consumer, corporate, It delivers proven high performance for Combined expertise, leading technology, enterprise assets. It can be deployed investment and Internet banking, as well collective transaction loads of 3,000 and certified, high-quality implementa - centrally as a single instance, or as a as consumer lending, asset management branches and 20 million customer tion methodologies allow rapid time- number of instances, typically by geog - and investor servicing applications. accounts, with no performance to-implementation and reduced project raphy, language, etc., or as a FLEXCUBE helps financial institutions bottlenecks. risk. FLEXCUBE can be procured on a combination of centralized and decen - respond to market dynamics rapidly, FLEXCUBE enables effective limits and functionality needed basis and quickly tralized deployments, providing the defining and tracking processes while exposure tracking; allowing banks to integrated with existing applications. benefits of standardized product defini - facilitating compliance. It’s built on take a unified customer view, including tion, bank-wide general ledger Once the system is up and running, HP, consolidation, and data consistency. open architecture and runs on industry- tracking multi-entity corporate clients. along with partners i-flex and Oracle, standard HP servers, offering dramatic The ability to integrate with third-party verify that banks have dedicated Major IT operational savings cost reductions over legacy mainframe risk-management applications allows a support in virtually any geographic loca - The HP Adaptive Infrastructure portfolio infrastructure along with increased flexi - consolidated view of risk exposure tion. These three global service helps customers evolve their data centers bility. across the enterprise. organizations offer customers a full from high-cost silos to low-cost, pooled FLEXCUBE delivers the most comprehen - Improved customer intimacy range of consulting and implementation assets, while establishing IT as a valued sive banking functionality of any back- Banks can use FLEXCUBE to create cus - services. service provider for meeting business needs. HP helps customers create next- office solution, including front, middle tomized products for micro segments Integrated core system and back-office functionality for retail generation data centers that allow within their customer bases and deliver The FLEXCUBE core system lets banks and corporate banking. From accounts, automated 24/7 lights-out computing, products and services across any deliv - consolidate all of their systems, for loans, trade and cash management to helping customers create a roadmap ery channel, including branches, greater efficiency and cost savings. This foreign exchange, money markets and that aligns data center projects to busi - automated teller machines (ATMs), point capability benefits, for example, banks automated clearing house (ACH), ness priorities. of sale (POS), debit cards, call centers that need to replace multiple legacy customers have deployed FLEXCUBE and the Internet. core systems acquired as a result of HP takes a modular, standardized to meet a diverse set of needs, from With time-tested and proven implemen - merger activity, and firms that find them - approach. We offer engagement individual departments to multi-country, tation capability, banks choosing selves running many different versions of flexibility ranging from shipping indus - multi-entity deployments. FLEXCUBE can rely on HP and i-flex ® to their core systems due to country adap - try-leading products directly, to helping More than 40 percent of FLEXCUBE provide cost-effective, risk-mitigated, on- tations. our customers design and implement customers have chosen HP as their time deployment. Leveraging their next-generation data center environments , platform. Because FLEXCUBE runs on deployments, banks have achieved to managing or outsourcing part or all lower-cost, industry-standard servers, of their infrastructure.

The HP Financial Advisor — Page 37 HP banking innovation center Transforming branch banking

Retail branch banking has come full circle. Branch Transformation program services One of the primary areas of focus is help- oped specific response initiatives and With most banks now providing sophisti- are fully scalable. In one recent project, for ing banks examine what happens when a observed how they impact the customer’s cated online transaction capabilities, example, HP transformed 200 branches customer walks into a branch. The first step experience. Hence, the bank can use these managers are realizing that the retail within a single weekend after one of our is identifying that customer, i.e., perform- results to implement new processes in their branch still has significant value as a pri- customers acquired another bank. The ing an authentication process: Who are branches without costly trial and error. mary sales channel. Indeed, customer visits branches closed on Friday under the old they? Are they who they say they are? The Remote advisor comprise ideal opportunities to introduce bank and opened on the following Mon- second step is determining the reason for Certain branch locations, particularly those new products and services that offer signifi- day morning under the new owner, with the visit. Is it to conduct a transaction? To that are geographically remote, lack cant value. all the relevant technology and systems seek account servicing? Or is the customer access to specialists, e.g., investment advi- Transforming branches from a transaction connected and ready to go. seeking advice regarding loans, debt con- sors. The Banking Innovation Center is orientation to an information and new The other element is “branch innovation,” solidation, or perhaps investment equipped with remote advisor capability product sales orientation requires that they which relates to evolving customer service products? to demonstrate how customers can interact become much more customer centric. The delivery needs in retail banking. HP offers Technology can help optimize these with a virtual advisor via high quality HP Banking Innovation Center is helping a breadth and depth of products and serv- processes. For example, the Banking Inno- video and audio connection. Bank banks achieve this goal. The Banking Inno- ices that are unmatched in this area, vation Center showcases new technologies customers can connect with the remote vation Center focuses on four key including computers and PCs, servers and for identifying customers when they enter advisor, who can then share information transformation themes: 1. customer experi- blades, networking—all of the infrastructure the branch, through a radio frequency on the branch terminal. ence, 2. bank staff experience, 3. branch and services needed to support retail bank- identification (RFID) chip embedded in the What’s next? efficiency, and 4. infrastructure as the ing as an out-sourced business. customer’s credit or debit card, or using The Banking Innovation Centers were enabler. There are three centers currently Key customer challenges near field communication with the specifically conceived as labs, where HP operating under the program, in Palo Alto, The Banking Innovation Center shows how customer’s cell phone. If it’s a VIP experts and customers can collaborate to Milan and Singapore. HP’s innovative technologies, products and customer, the relationship banker can be tackle critical business issues that can The Banking Innovation Center was creat- solutions can help solve our retail bank notified that an important customer has just potentially improve their businesses. ed to encourage close collaboration customers’ business problems, rather than entered the branch, and even receiving a “What we’re really trying to do is show between HP Labs and our retail bank cus- simply fill a generic need for printing, profile of that customer on his or her desk- how the technology can positively impact tomers—the customer presents a specific servers or desktop PCs. Through the Bank- top before greeting the customer. the retail banking business across a broad business problem, along with its attendant ing Innovation Center, HP can apply broad Teller-assisted self service range of areas,” says Gordon Wiegand, requirements and constraints. When need- technological solutions to business Another area of focus is improving transac- Branch Solutions Manager. “The lab expe- ed, HP works with industry leading problems. tional throughput via teller-assisted self rience is wholly driven by HP banking independent software vendor (ISV) The process begins with asking basic ques- service. The Banking Innovation Center has customers’ needs, and by HP’s ability to partners to provide the technology and tions: What is the customer’s experience? a prototype system that’s analogous to self respond to them. Some of the interesting capabilities to develop effective solutions. What happens when a customer walks check-in at the airport. The customer initi- solution areas currently under The approach is flexible and highly into a given branch? What is the staff ates the transaction, and one employee consideration include paperless branches, customer centric. experience? What are their challenges can serve multiple customers with, say, account opening, and multimedia kiosks How the Banking Innovation Center works when interacting with customers? The cashier’s checks or cash withdrawals, or for virtual banking.” There are two elements comprising the Banking Innovation Centers look at both accepting funds for remittance. A single Engaging the Banking Innovation Center Banking Innovation Center program. One process efficiency—how can transactions, teller can help multiple customers in paral- For additional information on engaging is the HP Branch Transformation program, loans and new accounts become more effi- lel, rather than one-at-a-time, and the the Banking Innovation Center, contact which focuses on refreshing the hardware cient—and infrastructure efficiency, employee can also identify and respond to your HP representatives. and technology in the branch environment. whether the infrastructure is efficient and selling opportunities. This includes procuring and configuring cost effective. Then we explore specific sce- For each of the basic questions about the the systems down to the individual narios to determine which technologies customer and employee experience and desktops, staging the equipment, getting it might be applied to resolve specific issues. the challenges of interacting with to the site, installing it, testing it, and pro- customers, the Innovation Center has devel- viding ongoing support services.

Page 38 — The HP Financial Advisor From transactions to sales: The Changing Role of the Branch By Andrew Matuszeski Ten years ago, the future of the retail bank branch was As you might expect, HP is working with many of the Lesson #2: Color is coming to the branch in question. The Gramm-Leach-Bliley act was in the top banks around the world to help shape the role of Every bank prints brochures and signage in color works, and bankers were anticipating a wave of com - technology in the sales-focused branch. We have because studies show that well designed color petition from insurance and brokerage firms with lower learned a few things. Development focus includes such documents have greater influence. This approach to cost business models. Technology and the internet were areas as account opening (application forms; signature signage and collateral leaves every bank with a tough threatening to make branches irrelevant, it seemed. card, AML ID Checks, MICR starter checks, custom wel - choice. Including specific product details, like interest ATM use was exploding, and call centers were adding come kits, etc.); dispute resolution, compliance forms, rates, clearly add important information that the capacity. Every bank was scrambling to establish inter - remote expert, and document watermarking. customer needs. But when rates change, the brochures net banking. Lesson #1: Automate paperwork so the frontline must be reprinted, redistributed, and the old version is So what happened? Human nature happened. It staff can focus on the customer. trashed. The alternative is to produce collateral with a turns out, people prefer to make important financial Many banks are aggressively pursuing this path, and long shelf life, but reduced selling power because of its decisions face to face. Checking a balance is not an showing great potential returns such as with electronic generic content. important financial decision, so most of us have statements. Yet, they still move paper through millions Many banks are realizing that on-demand color print - changed our behavior for convenience sake. We use of truck trips each year with manual sorting and rout - ing applications in the branch are ready for prime the internet, ATM, call center, or mobile phone for this ing of bags. That represents cost, process latency, lost time. From custom offers in the welcome kit, to dynamic kind of transaction. But to select and open a new and misrouted items, poor process visibility, access pricing, to signage inserts, to saving and retirement account, most people still want to deal with a human control issues, and even potential fraud risk. Much of projections, it is becoming clear that on-demand color being. And that is why most bankers report that the that paperwork can be scanned in the branch, and printing will be a part of the sales-centric branch. This importance of the branch network is as key today as routed to the operations center in near-real time. is particularly true for Wealth Management customers it was 10 years ago. Image-enabled transactions shift low-value paperwork who expect high quality, customized collateral. But the role has clearly shifted. In the past, branch burden onto technology and/or the back office staff. This is another area in which HP is focusing its devel - strategy focused on delivering transactions efficiently. Paperwork skills become less important, which allows opment to create, distribute, control, and print high- With routine transaction flows shifting to alternative the bank to hire people with relationship skills. HP is impact color documents in the bank branch. This channels, the branch is rapidly becoming a sales cen - developing a comprehensive suite of solutions to auto - includes the capability to have corporate approved ter. This changes everything. Some of the changes are mate specific frontline banking transactions such as collateral printed locally on demand with customer obvious. Signage, lighting, and floor layouts have Account Opening, Dispute Resolution, Compliance specific acknowledgements and information. These changed. But some of the less obvious changes are j Forms Processing, Financial Planning Reports, Remote emerging solutions not only substantially reduce the ust as important: what kind of people are being hired, Expert, and Document Watermarking. costs of marketing collateral, but provide the ultimate real estate selection, and of course, how technology is 1:1 marketing experience for customers. being used.

The HP Financial Advisor — Page 39 Radio frequency identification (RFID) solutions from HP Every HP Radio Frequency Identification • HP RFID Infrastructure Deployment • Controls capital expenditures by reduc - (RFID) solution leverages proven global Services—HP combines procurement, ing redundant purchases experience that spans people, processes staging, tracking, shipping and project • Helps prevent loss of critical intellectu - and technology. HP RFID Services con - management services into a single al property stored on digital devices sultants have industry-specific knowledge offering to facilitate seamless deploy - Improves security to verify that companies get the most ment of the custom ITAM service, from their business technology supply chain service, on-site coordina - • Provides real-time reporting on asset investments in these critical areas: tion, hardware and software integration, location and movement with alerts when assets are tampered with or • HP RFID Assessment Service—HP con - and all reporting and tracking. enter restricted areas sultants work with organizations to • HP RFID Infrastructure Lifecycle Radio Frequency Identification (RFID) define the scope and goals of RFID Management Service—HP provides a • Extends security to remote, infrequently offers a proven, cost-effective means projects, based on business range of support services for RFID envi - patrolled and inhospitable areas for better managing your infor- requirements. By reviewing and assess - ronments. HP Lifecycle Services begin • Restricts information access to only mation technology assets. Reducing ing business processes, applications, with traditional remedial hardware those individuals with permission and infrastructure, HP will develop a and software maintenance, which can the time and effort required to • Helps prevent loss of critical intellectual realistic and cost-effective RFID deploy - be expanded to include additional deploy, locate and maintain these property stored on digital devices ment roadmap. services such as remote diagnostics critical business assets provides ben - Reduces cost and complexity of mainte - • HP RFID Pilot Service—HP experts col - and monitoring, on-site support, end- efits such as cost savings, risk nance and configuration laborate with organizations to develop user help desk, and outsourcing avoidance and improved security, and implement low-cost projects that services. • Asset tags can store additional while also enhancing your ability include thorough testing for integration Business benefits of RFID deployment information, including maintenance to meet internal and external compli - and compliance, impact analysis, Increases inventory accuracy histories, based on company require - ments ance requirements. scoping, cost/benefit analysis, and • Reduced per-inventory costs allow strategy determination for future phases . more frequent auditing • No line of sight required for asset identification, shortening time required • HP RFID Training Service—HP trains • Mitigated possibilities for human error for servicing organizations in the specifics of RFID, due to automation including basics, tags, hardware, mid - • Facilitates identification of assets need - • Real-time feedback immediately alerts dleware and data integration. ing reconfiguration or upgrades, or operators to any discrepancies • HP RFID Process Implementation Serv - coming off-lease • Enables remote locations or those with ice—HP implementation services • Enables automated work orders and few assets to be monitored at the same encompass the complete integration of preventative maintenance rescheduling RFID technology and solutions into level as larger headquarter locations • Facilitates regulatory compliance supply chain Information Technology Enhances asset utilization • Improves asset transparency across the Asset Management or (ITAM) opera - • Provides the ability to immediately and enterprise, potentially reducing audit tions. These services are designed to reliably locate specific assets wherever penalties help organizations reduce the human they are element in locating, tracking, record - • Enables rapid location of assets hold - • Improves responsiveness to shifting ing and communicating information ing compliance related data wherever equipment demands about objects throughout the corpora - they are • Improves return on asset by enabling tion. • Helps identify assets needing addition - full leverage of existing information al security protection technology components • Delivers a very detailed audit trail

Page 40 — The HP Financial Advisor Business Intelligence

Data governance: From golden thread to a fine fabric in financial services By Rodney Nelsestuen, FSI Analyst, The Tower Group

In Hans Christian Andersen’s fairy tale, data points in employees’ and From the vendor side, recent • Reducing latency or more narrowly The Emperor’s New Clothes, a king is customers’ hands. It also exists at many developments have led to improved aligning what a solution delivers for a duped into thinking that the fabric of his levels: as transaction data, metadata, results in data provisioning, but more specific need while at the same time new suit has been woven of such fine and reference data. Because it is a valu - needs to be done. Vendors must provide growing the number of technology golden thread that only the most worthy able corporate asset, it is critical to significantly better flexibility and respon - solutions in use will not meet the long- can see it. His subjects, and even the discover, capture, and leverage data siveness if FSIs are to effectively and term needs of leading FSIs king himself, refuse to believe there is no from its many sources and extend its dynamically leverage the exponential • Those FSIs that seek to build a market - suit at all, fearing they will be labeled value for tangible business results. Tech - growth in data to be governed. Some place and/or operational advantage ‘unworthy’. In the end, an innocent nology solutions, including software and key considerations: through superior use of dynamic infor - young boy exposes the sham when he hardware database systems, have • Technologists need to rethink the cur - mation flows must have that cries out, “But he has nothing on at all.” improved the ability to leverage data, rent trend of incremental improvement information delivered within the flow The marketplace has a similar message but not without significant cost and com - to existing data management of their business and not based on the to poorly planned and executed finan - plexity, an issue that vendors must approaches limits of the technology. cial products or services. Consider the continue to address. reaction of an elderly widower who is To achieve the best business sent an offer of spousal life insurance or results throughout the a college investment plan, both financial enterprise, FSI leadership must needs that his household satisfied address the challenges of data decades ago. Or, think of the number of management as follows: mass credit card offers sent to people • Develop an enterprise-wide who are already customers of the same data governance approach to issuer, or the home equity loan offers manage the proliferation and sent to renters. Missteps such as these quality of data in a holistic are often based on data that is incorrect manner or out of date, buried in unreachable or • Establish standardized unknown silos, heavily duplicated, or approaches to data manage - otherwise compromised. ment with well-defined Data is the thread with which a financial disciplines and quality stan - services institution (FSI) weaves its busi - dards, regardless of who ness. Data is fundamental to envisioning “owns” the data the future; developing and executing • Leverage technologies that long-term strategic plans; designing, are able to discover data to developing and delivering new products the finest detail and most fun - and services and structuring operations damental element while for a differentiated customer experience. meeting a variety of latency Without reliable data, an FSI cannot requirements deduce information and leverage knowl - edge. • Select the database technolo - gy, development, Data exists in many forms and in many management, and delivery locations within an FSI—in core systems, approaches that align with independent applications, and alliance enterprise needs for provision - and business partners’ systems, in both ing data over the long term structured and unstructured form, and as

The HP Financial Advisor — Page 41 Data, data everywhere Imposing Order on Information Chaos By Christopher Lawton Austin, TX – One of the world's largest sell - the cost to run the separate systems, many tems, into a single collection of information financial database over the course of three ers of information technology has spent the of which required specially trained IT staff called an enterprise data warehouse. months that it would have been able to past two years cleaning up a jumble of in- to operate. Mr. Mott pulled many of the employees before it began using Neoview. In one house data. “We needed better information,” says Mr. that were minding the hundreds of data month, the number of transactions peaked When Randy Mott joined HP in July 2005 Mott. “Setting management goals marts into a single team of roughly 300 at nearly 50 billion. to serve as its Chief Information Officer, he becomes very tough if everybody is using people. That team is creating a consistent Last Fall, HP began using Neoview to track found the software and systems HP used to different numbers to keep score.” way of framing information and modeling how much the company spends on market - track information about the state of its busi - To clean up the mess, Mr. Mott and the data across the entire company, and then ing across all its business units. The system ness numerous and messy. executive team made HP the first test case importing information from the various allows HP to track spending by media sec - Some systems, for instance, logged infor - for a business-intelligence system the com - data marts one at a time. tor and by customer segment, world-wide mation like sales and pricing by product, pany was developing called Neoview. But managing HP's information is too big or by country, something the company was while others recorded sales information Now over two years into the effort, HP has a job for even Neoview to handle alone. unable to do before. geographically. Making matters worse, consolidated nearly three-quarters of its HP works internally with several software Using Neoview, executives are now able to commonly used financial information such old data-storage systems. Meanwhile, it vendors, such as Microsoft Corp., Oracle make more-informed decisions about as gross margins, a measure of profitabili - has begun selling the Neoview system and Corp. and SAS Institute Inc., to keep its where to spend to get the biggest bang. ty, were calculated differently from even landed retailing giant Wal-Mart systems up and running well. HP says its next step is to integrate that business to business. Stores Inc. as an early adopter. In particular, SAS works with the compa - information with inventory and customer The lack of consistency was a drag on Companies typically use business- ny's internal teams to provide advanced order information. sales and profits. For one thing, executives intelligence systems built from numerous statistical analysis of information that Mr. Mott expects all of HP's information to had to make decisions based on relatively "data marts"— database software that comes from HP's enterprise data warehouse. be consolidated by July of this year into a stale data, because compiling any sort of tracks and measures just a portion of data Today HP has managed to consolidate the single data warehouse, and expects to information about the business from the from a given business. Analysts say com - hundreds of data marts it started with into have 50,000 employees trained and able various systems could take as long as a panies often start data marts as a quick fix just over 200—retiring systems at a rate of to access the system by 2009. Ultimately, week. Seemingly simple questions, such as for handling information they need to a dozen per week. By last November, the he'd like to increase the number of people how much the company was spending on track. But the systems can pile up and are company had all financial data across the with access to the system, both inside and marketing across its different businesses, costly to maintain. HP had more than 750 $100 billion company being accessed outside the company. were difficult to answer. data marts tracking information from oper - through Neoview. "Our vision of where this information goes Also, without a consistent view of HP's ations around the world when Mr. Mott in the future is to make it available to cus - joined the company. There are signs the company's efforts are entire business, executives had trouble paying off. HP says it is now able to per - tomers," Mr. Mott says. making decisions on matters such as the In November of 2005, he and his team set form 12 times the number of data queries, size of sales and service teams assigned to out to consolidate all those data marts, updates and other transactions involving its particular customers. Just as important was hosted on various server and storage sys -

Managing risk intelligence By Geoff Burkholder The Basel II Capital Accord requires banks In many banks, each LOB manages their data across lines of business for risk intelli - data provisioning consulting services to assess risk in each area of their business own credit risk, and the bank as a whole gence and regulatory compliance. In fact, addressing the acquisition of necessary and set aside adequate regulatory capital. has been consistently effective in establish - this comprehensive solution goes beyond data to make the application most Complying with Basel II qualification stan - ing its risk reserves. That said, when Basel II to incorporate international best effective. The solution compresses design dards requires a significant record of audited, it is more difficult to prove the practices for risk management. It permits time and implementation schedules with its consistent, accurate, and granular data capital reserves are adequate since there the consistent definition, storage, collation, fully defined and populated physical data within the credit management information is no enterprise-wide credit risk system or extraction, and analysis of risk data across model—the HP Risk Data Repository. systems. Over the long term, full Basel II data roll-up. all risk categories and asset classes. While detailed and comprehensive, the adoption calls for significant advancement Many banks have found themselves invest - HP’s Risk Intelligence Solution can be physical data model is completely modular in the way banks identify and manage the ing huge costs in terms of money, time and thought of as a “compliance appliance”— to enable implementation in manageable drivers affecting their risk portfolio. A criti - resources tying to comply with Basel II it is pre-integrated, prepackaged, and work streams. It can co-exist with existing cal success factor in enabling this requirements. With that challenge in mind, includes a comprehensive physical data LOB risk information systems—merely advancement is readily available risk data HP developed a Risk Intelligence Solution model, a high performance business intelli - adding enterprise-wide roll-up, cleansing, that is consistent, of high quality, and which is a complete solution for the acqui - gence platform, and consulting and quality and data certification. (most importantly) predictive of behavior. sition, data integration (cleansing, quality, integration services. This packaged risk Page 42 — The HP Financial Advisor and data certification), and correlation of intelligence application is coupled with HP Payments

Are you ready for the HP integrated framework for payments?

The promise of an integrated payment platform will concentrate the massive Finally, a comprehensive file and When you introduce an integrated pay - platform or “payment hub” is attractive volumes of files, many of which are process visibility solution is required. ment platform, you enhance your current to nearly all banks. A payment hub extremely large, currently moving By adding this solution, both corporate systems, prepare to accommodate future offers a centrally managed customer through a variety of bank systems to a treasury business users and technical developments, gain visibility, heighten experience, doing business the way the central point. Message-based infrastruc - support staff gain real-time supervision the quality of your service, and yet cre - customer wants to do business, shorter tures, while valuable for many purposes, and visibility of file and message move - ate little to no disruption in your current paths to new product rollouts, guar- tend to struggle under the weight of true ments. They can customize dashboards workflow. Knowing this, the question is anteed quality of service, and seamless file movement. This can impact process - to provide the exact level of detail not “Are you ready for an integrated visibility into the entire payment process. ing timelines, SLA compliance, guar- desired by each individual involved payment platform?” All of this holds tremendous promise for anteed delivery, and more. in the daily treasury and cash manage - The question is “Can you afford not hav - banks of nearly any size. ment process. ing an integrated payment platform?” This promise faces many long-term chal - lenges. Will your “heritage” core systems accept a new virtual “front door” without massive and costly customization? Can you manage the risk of simplifying the massive “technology overhang” and systems overlap from years of mergers and acquisitions? Can you begin to make progress in service improvements while reducing costs and increasing non-investment income, with - out the “payment hub” project becoming a 10-year, $50 million investment? Can you align IT, operations, and customer- facing groups to define and fund the project? Integrated payment platforms require several pre-requisites to expedite success. First, a highly available and scalable mechanism to control the cus - tomer experience, often known as a “gateway,” must integrate with existing portals and provide a future-compatible connectivity tool that allows customers to connect to the bank in the manner they choose. With changing formats, file types, and product offerings, the gateway must be capable of supporting current and future standards. Second, integrated payment platforms demand a comprehensive file movement strategy. An integrated payment

The HP Financial Advisor — Page 43 Taming the complexity of payments processing By David Jasso

Today’s wholesale banking executives clearing and settlement network. The the high level of complexity associated The cost and associated risk of such a face a significant set of challenges in similarities between payment types with payment infrastructures, banks are strategy is simply too high. growing their payments business. extend beyond data elements to the extremely challenged to implement these Business Service Management— Increased commoditization of treasury process steps that encompass receipt of changes in a timely and cost effective The critical first step services has increased pressure on message to settlement and a finite set of manner. Irrespective of these challenges, Business Service Management (BSM) for banks to differentiate themselves by the steps in between. Lastly, all payment banks must still find a way to quickly Wholesale Payments is a logical first quality of the customer experience they methods require certain services such as respond to these challenges or risk regu - step in addressing the challenges relat - deliver. Standing in the way of this pricing, limit checking, balance valida - latory sanctions and significant loss of ed to delivering differentiated customer objective is a legacy of siloed payment tion, and risk and fraud management. market share. service, increasing operational efficiency operations with significant complexity Despite these similarities, historically Long-term transformation and reducing operational risk. BSM also and redundancies. Merger and acquisi - each payment type has grown up in a The long-term goal of many banks lays the foundation for long-term trans - tion activity has only exacerbated these different and unconnected operational to address these challenges is tran-s for - formation by supporting six sigma issues. silo. Within each of these silos there are mation through the implementation of an process re-engineering programs that duplicated services that could be lever - Challenges facing payment Enterprise Payments strategy. Enterprise help move banks forward on the path aged across silos. Making the problem executives Payments is a paradigm shift where the towards enterprise payments. of duplication more difficult is the Customer experience as the basis of entire payments infrastructure of the amount of merger and acquisition activi - The HP Business Service Management competition bank is decomposed into a set of com - ty that permeates the financial services (BSM) solution for Wholesale Payments Wholesale banking services are increas - mon and unique services that lie in a landscape. is focused on immediately increasing the ingly viewed as commodities by the payments hub. In this hub, all payments overall effectiveness of high-value corporations that consume these services . Addressing new regulations data is held in a single data store and payments operations while laying the Consequently, the basis of competition New regulations, such as Basel II and all payments instruments, channels and foundation for longer term transforma - has shifted heavily toward a focus on Sarbanes Oxley, are increasing the core systems interact via this payments tion of all of the banks payment price. In this hyper-competitive world, need to understand operational risk at hub. processes—both wholesale and retail. providing differentiated customer service an enterprise level within banks. The This approach achieves multiple objec - HP’s BSM: has become a key strategy for maintain - ability to positively impact capital tives. First, it solves the problem • Enables customer self-service inquiry to ing a competitive position within the reserve requirements—through the of integrating data related to customer deliver a positively differentiated cus - wholesale payments arena. proactive mitigation of operational transactions in order to achieve a single, risk—creates incentives for the bank to tomer experience Unfortunately the expectations of corpo - real-time view of the customer. Secondly, allocate out the cost of carrying these • Enables improvement in the day-to-day rate treasurers are increasing dramatically. it offers considerable efficiency improve - reserves to the operational units most functioning of the payment process by Corporations have successfully ments by rationalizing redundant responsible for generating the risk. increasing visibility into the health and implemented technology to conquer processes across payment types and performance of the payments process internal and external integration hurdles Given the high level of operational risk channels. It also eases the pain of inte - with supply chain management, and historically associated with activities grating legacy systems by eliminating • Enables the creation of six sigma they have similar expectations for the such as high-value payments, there is the need to integrate on a point-to-point benchmarks that can lay the founda - banks that service them. But before ample opportunity for wholesale basis. Finally, it helps to address the tion for near term process banks can deliver these services they payment operations to contribute to pro - need to understand operational risk at improvement and longer-term process need their own integrated and holistic grams aimed at reducing operational the enterprise level by creating a single transformation view of their payments business. risk and thus reduce the level of required unified view-to-payments processing • Enhances transparency of the reserves. across the enterprise. Improving operational efficiency payments process that leads to clearer Whether retail or wholesale, all Adding new market infrastructures While most senior banking executives identification and mitigation of opera - payments processes share a common requires banks to implement new or recognize the desirability of this long- tional risk elements set of characteristics. They all have of a modified data formats, communication term direction, no bank has the luxury of source of funds, a security model, and a protocols and security methods. Given a wholesale ‘rip and replace’ strategy. Continue on page 45

Page 44 — The HP Financial Advisor Taming the Complexity of Payments Processing:(continued) customers in the form of liquidity risk, and even impact the functioning of financial markets. Throughout the day, banks must prudently manage their pay - ment flow within the limit of their central bank intraday credit. Banks with back - logged payments, or system issues, as payment system cut-offs approach must be in a position to make informed deci - sions on which payments to process, whether to consider a clearing extension, and how best to manage related customer issues. This was the case in a major European bank who had experienced a number of significant processing issues that resulted in having to seek multiple extensions from its central bank in a relatively short period of time. The bank recognized that this situation presented significant exposure in the form of regulatory sanc - tions and reputational risk that were unacceptable. They looked to HP’s BSM to increase the transparency of their underlying processes and thus provide them with a vehicle to improve operations while simultaneously reduc - Transaction level tracking ing operational risk. The HP’s BSM enables the line of business to monitor and react to operational issues in real time. The same solution also enables customer service owners to quick - ly and easily locate any single or any group of payments progressing through the payments process. Understanding where payments are throughout the end-to-end process is In essence, BSM is the equivalent of to decide whether it wants to expose this attention. The visualization of this infor - central to mitigating these risks. FedEx tracking but for payments instead data to only the bank’s staff, or whether mation can be tailored for different Powering six sigma initiatives of parcels. they want to enable some level of direct audiences based on the role of the The information that supports the daily BSM in Action: enabling customer customer inquiry. This is a first step in recipient within the organization. real-time view of the process can also providing corporate customers the kind self-service Operational line-of-business owners be used for longer term trending of the of information and control they are The HP BSM solution tracks every pay - receive information at the business performance of the payments process. increasingly expecting from the banks ment from front-end initiation all the way process level. Escalations can focus on This process trending information can that they entrust to serve their financial to the back-end core systems that are the payments that are impacted and on then be used to identify those projects needs. likely hosted on mainframes. As such, it strategies to deal with specific or group - and IT investment initiatives that are like - is possible to ask and answer questions Increasing operational efficiency ings of payments that require attention. ly to yield the highest value back to the such as: Where are all of the payments Every transaction is tracked throughout IT can drill down to understand the business in terms of the impact of that have been submitted by Hewlett- its lifecycle in the payments process. This specific infrastructure that might be impli - process improvement initiatives. Packard? How many payments worth information feeds a higher-level process cated in any problem that needs quick more than one million dollars are in the map that is used to track the overall resolution to verify that the day’s repair queue? health and performance of the real-time payments are effectively processed. Once a bank has the capability of track - payments process. This process map Reducing operational risk ing every single payment that is provides information on how well the The payments process generates submitted and understanding where it is process is performing and where there substantial operational risk. Failed pay - in the process, the bank is in a position are critical issues that require immediate ments can have serious ripple effects for

The HP Financial Advisor — Page 45

About HP HP focuses on simplifying technology experiences for all of its customers—from individual consumers to the largest businesses. With a portfolio that spans printing, personal computing, software, services and IT infrastructure, HP is among the world’s largest IT companies, with revenue totaling $110.4 billion for the four fiscal quarters, which ended April 30, 2008. More information about HP (NYSE: HPQ) is available at www.hp.com.

© Copyright 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.