John talked about Microsoft’s mission, his perspectives on key industry trends and market opportunity; he touched on Cloud Computing and Virtualization and took some Q&A from the audience of Managed Service Provider executives.

One of his first proclamations - Microsoft has really embraced the heterogeneous environment. Really? How in the world is Microsoft going to help convince IT line managers, or mid level managers to believe this statement? I think they have a long way to go to achieve this vision with any credibility in the marketplace.  I do know that they are making small strides.

Microsoft has been widely credited with some very good blogs that are self critical and introspective. They have also been quite active in the standards boards within DMTF and many others such as Open WSMAN and CIMON (Open Pegasus). Microsoft in February published 30,000 pages detailed technical specifications – protocol documentation for Exchange, since that time they have published another 15,000 pages. They have had over 224,000 downloads since February 21, 2008. Thus they are trying to be more open by making some of these secret sauce protocol resources directly available on the web.

So for now, I will take a very cautious wait and see approach to this proclamation. Time will tell.

Trends

• Rapid growth continues
• Hosting Competition has a new face
  • Platform gorillas (amazooglesoft)
  • Ad supported Web 2.0 hosters (Google, Facebook,)
• Utility Cloud Computing models are expanding to non-traditional hosting companies
  • Wells Fargo vSafe - hard to believe that a big bank would start to offer a SaaS offering
  • New tools and markets digital ribbon, CohesiveIT

IDC Data shows that growth of SaaS ISV’s is the biggest layer of growth. The fastest growing services are complex, custom applications. IDC says this area will be bigger than the hosting area in the next 5 years. John said that Microsoft is spending a lot of time, money and energy on this right now.

John said:

“when Microsoft thinks about the building blocks that make-up the cloud, virtualization is a core piece of the puzzle. However you also need also identity services, Operating system with standard set of libraries to tap into… or remote storage that application developers will tap into.. Developers will consume these set of services, but you will also need a set of tools to manage your physical, virtual and geographically distributed datacenter infrastructure.” (that is where ScienceLogic comes in!!)

He went on to say,

“In some ways, virtualization enables decentralization – allows you to move from data centers, enables fast scaling out, business to move from on premise to the cloud and off again…. Automation is very important – this will help you scale your business – this is core to your future success.”

He talked about a new breed of knowledge worker: He called them Digital Natives (compared to grey haired guys like me who are left out of this category).

Definition of a Digital natives? A young adult who has grown up with cellphone, web based applications, Facebook account, as their primary mode of communications.

John commented that we are 5 years into a 10 year journey. Only 12% of all servers in the world are virtualized today… in the next 4 years it will double to 25%. This is the time to think through how this business will affect you.

‘Virtualization without good management is more dangerous than not using virtualization in the first place.” Thomas Bittman, Analyst Gartner

Patching and provisioning nightmare – no scalable administration – sprawl chaos.

John posed a question to the audience: How do you partner to provide the ISV support in application development with specific market needs… partner by keeping the hosting to SaaS solution providers up and running and provide the quality of service that their customers expect…. Complimentary services of storage and backup is a big win with a huge market-upside over the next 5 years..

John said that Microsoft continues to make  huge investments with Managed Service Providers.

• Investing in the windows hosting platform
• Hyper V and SQL2008 GoLive program - getting beta code out to service provides to find as many bugs as early as possible.
• Software + Services (S+S) incubation center program
• Partnering for cloud platform market offers
• Cloud platform guidance and best practices

During the Q&A, David Burns from Cincinnati Bell asked the very best question… “when are you going to make it easier for the Service Provider market to deal with the Microsoft Service Provider Licensing Agreement (SPLA) quarterly statistics pull and change the SPLA pricing to be more efficient and creative for the new Virtualization and Cloud offerings you have talked about?”

John’s response: “We hear your frustrations loud and clear and are working on some new ideas for the future version of SPLA.” My interpretation – “Dear Service Providers don’t expect anything new or easier to deal with in the next 6 months!”

His closing remarks: “Cloud is evolving = very early stages, lots of hype, but think of how this evolution will effect your business and how you can plug into it.”

I agree that these gentlemen are top notch researchers, witnessed by the fact that the authors do not mention nor claim to be “complex event processing” anywhere in their paper!  This paper is not about CEP, nor does it claim to be about CEP, it is about stream processing and unifying SQL standards.

ABSTRACT: This paper describes a unification of two different SQL extensions for streams and its associated semantics. We use the data models from Oracle and StreamBase as our examples. Oracle uses a time-based execution model while StreamBase uses a tuple-based execution model. Time-based execution provides a way to model simultaneity while tuple-based execution provides a way to react to primitive events as soon as they are seen by the system.

Asmentioned on numerous occasions, stream processing is a very important area in CEP/EP.   It is important not to confuse the higher situational knowledge from object-object correlation and state management with the single-object event refinement that occurs in stream processsing.    Event stream processing is fundamentally different than complex event processing. 

Event stream processing performs operations on streaming event objects.   In almost all advanced CEP/EP applications is is necessary to perform robust track and trace operations on streaming event objects, like tracking the position of an airplane.    Tracking the position of an aircraft can be modelled very nicely with event stream processing.  Tracking individual event objects is a precuror to multiclass object situation refinement.

When we manage the state of all the aircraft in the skies over New York, you need more than a stream processing construct.  You need to manage the state of all the aircraft.  Paul Vincent of TIBCO Software being to address this important point in The Value of State…  

Again, we will be better equiped to solve complex distributed event processing problems if we do not confuse the notion of event stream processing and complex event processing.   These technologies are indeed complimentary, both very important, but they are not the same.

I applaud Oracle and StreamBase’s work toward a unified standard for SQL extensions for streams.

First of all, I learned the Thai alphabet nearly 20 years ago, so I have have a pretty good foundation for the Thai language.   I can read (slowly) and speak better than 99.99+ percent of all foreigners in Thailand; so, I thought it was time to redirect my career to a “new challenge” in the business climate of Thailand.   

This was no small decision.  Your career changes dramatically when you give up a successful consulting practice in the US and dive into business in a foreign land for a new challenge.  I can frankly tell you that often the challenge is sometimes overwhelming.    It is quite difficult as a foreigner to do business in Thailand.

First of all, it is not legal for foreigners to own land in Thailand.  Foreigners can ”own” land using a variety of legal loopholes, proxy owners and shell companies; but all of this is risky and not advised.  Foreigners lose a lot of money coming to Thailand and attempting to buy land.  Some get lucky, but the entire process of foreigners buying and selling land is quite risky.

Foreigners can own condos, under certain conditions, but this results in  inflated prices for condos in Thailand that are traded in an artificial market place.   Condos that are up-to-par with condos in the US can easily cost more than condos in major cities in the US.  Hence, the cost of living is not as cheap as some might believe.

Business can best be described as “protectism” where the government has placed many barriers to entry to foreigners working in Thailand.     Every foreigner must have a work permit and these work permits are expensive and time consuming to maintain.   If you own a business you must pay high professional service fees for auditors to perform annual and semiannual audits even if your business has no income yet.   Firms in Thailand charge thousands of dollars for these ”audits”.      

In addition, if you operate a business, you must have a place of business, so you are forced to lease office space.   Foreigners from the US must be paid a minimum of 50,000 Thai Baht per month, so the government will take 10 percent of that each month as their share of tax withholdings.   Therefore, to start a company, you will pay a lot of money in startup fees, permits, tax, leases, visas, etc.  The entire system is designed to secure money from you, even if you do not have a penny of incoming revenue.

Of course, generating incoming revenue can be quite difficult in a climate of protectionism.   In Thailand, it is easy when you are spending money.  When you are trying to generate income from Thailand, as a foreigner the challenge can seem overwhelming at times.   Many foreigners here give up because the barriers to business here are very high.

On top of all these challenges, which I have not described in detail, is the overall global business slowdown combined with a climate of political instability, which I am sure you have seen in the news.  

Most people I know say it is better to be a tourist here.   Being a tourist is completely different.  Money flows from you, so life in Thailand is fun and friendly, complimentary to the “Land of Smiles” you have heard about.     However, when you are working to have money flow the other direction, flow to you versus away from you, you don’t see the “Land of Smiles” as tourists experience.

Without getting into too many details, I can simply say that a foreigner doing business in Thailand experiences protectionism and, to a certain degree, discrimination, and sometimes I wonder if coming here for a “business challenge” was a good idea.    I was seeking a “new challenge” and I got more than I bargained for!

In a future post on business in Thailand I will discuss issues regarding how little value is placed in intellectual property in Thailand and how this adversely impacts professional services.    I will also touch on how this lack of regard for intellectual property impacts a consulting practice.   Also, I will touch on some cultural differences in how Thais appear to view teamwork, which is very different than in the US.

Jeff uses the example, “Smart Order Routing” as an example of taking an event and routing the resulting market order match based on some simple rules.    Routing a order kicked off by a simple order match against a deep liquidity pool (or other market factor) does not define complex event processing nor detecting a complex event - the core idea behind CEP.   Order routing based on simple rules is BPM, plain and simple.

Let’s take another example, fraud.  In this example, there is some complex neural network monitoring for credit card fraud and a potential fraud is detected - this is CEP, detecting a complex event based on some sophisticated analytics.   

After a possible fraud has been detected, a process looks into a database and the routes the incident to someone in the company who is a (1) specialist in credit card fraud, (2) working at the same time of the discovered threat, and (3) immediately available to act on this type of task.   Routing the incident is not CEP, it is BPM.

Jeff makes the argument that it is OK to call an event-driven BPM task CEP because “it fits the EPTS definition” in the CEP glossary.   He also avoids the discussion of detection accuracy, and instead insists that latency is a ”very important” factor in a CEP application.

If you read the various post by vendors in the blog-o-sphere, it is obvious that they are continually defining CEP as BAM, BPM, BRE, BRMS, SOA and just about every other related processing activity that is complimentary to the event correlation and analysis required to detect an opportunity or threat to your business.

I’m not picking on Aleri.  TIBCO has been doing the same thing recently in their CEP blog, continually attempting to redefine CEP as BRMS.    Detecting business opportunities and threats with high confidence requires sophisticated analytics, and their tools have not yet evolved to “real CEP” capabilities.  Instead, vendors are attempting to redefine BPM, BRMS, BRE, and even SOA to some degree, as CEP. 

CEP is Not BPM, BAM, BRE, BRMS or SOA.

From the Notacon site:

In order to simplify things for everyone, we have 2 basic registration levels, one with swag, the other with just the badge. With either registration, you can opt to pre-order a Notacon t-shirt via a drop-down option on the registration page.

The swag bag in the premier registration package not only will give you tons of goodies, but will also include a couple of meal vouchers that are good at the hotel to make sure you get at least some good meals over the course of the weekend. We will continue, of course, to have our con suite with complimentary sodas and snacks, but if you want something more substantial, think about the premier package!

$100 for the premium package. Not bad at all. There will be 600 tickets made available for the ‘09 show in Cleveland.

Article Link

With all of my writing this week about lack of truth in much of the data being put on the public whether from vendors or analysts, I thought I would put my money where my mouth is. In order to get some real data to the analysts so that their reports are accurate I am posting a note I received from Aberdeen Group about a new survey they are conducting in vulnerability management.  If you have a few minutes it is an excellent way to contribute.  Remember, the truth shall set you free!

Would you like to learn how Best-in-Class companies successfully maximize their results in IT Security Patch and Vulnerability Management?

By participating in this brief survey, you will be able to see how your experiences in Patch and Vulnerability Management compare with those of your peers, benchmark your performance, and see how you can achieve Best-in-Class results.

My name is Saqib A. Khan, a Senior Research Analyst at Aberdeen Group, and I am conducting a survey that will help companies such as yours determine the Best-in-Class procedures for Vulnerability Management. Your participation is a vital part of the report development, and serves as the foundation of Aberdeen's research. If your company is planning on implementing Vulnerability Management solution, or is simply evaluating the potential benefits, we would appreciate your feedback in this brief, 10-minute survey.

In appreciation for sharing your time and thoughts with us, we will provide complimentary access for you to the full benchmark report as soon as it is published (a $399 value).

Individual responses will be kept strictly confidential, and data will
only be used in aggregate.

We look forward to hearing from you, and greatly appreciate your
time and participation.

Sincerely,

Saqib Khan

With all of my writing this week about lack of truth in much of the data being put on the public whether from vendors or analysts, I thought I would put my money where my mouth is. In order to get some real data to the analysts so that their reports are accurate I am posting a note I received from Aberdeen Group about a new survey they are conducting in vulnerability management.  If you have a few minutes it is an excellent way to contribute.  Remember, the truth shall set you free!

Would you like to learn how Best-in-Class companies successfully maximize their results in IT Security Patch and Vulnerability Management?

By participating in this brief survey, you will be able to see how your experiences in Patch and Vulnerability Management compare with those of your peers, benchmark your performance, and see how you can achieve Best-in-Class results.

My name is Saqib A. Khan, a Senior Research Analyst at Aberdeen Group, and I am conducting a survey that will help companies such as yours determine the Best-in-Class procedures for Vulnerability Management. Your participation is a vital part of the report development, and serves as the foundation of Aberdeen's research. If your company is planning on implementing Vulnerability Management solution, or is simply evaluating the potential benefits, we would appreciate your feedback in this brief, 10-minute survey.

In appreciation for sharing your time and thoughts with us, we will provide complimentary access for you to the full benchmark report as soon as it is published (a $399 value).

Individual responses will be kept strictly confidential, and data will
only be used in aggregate.

We look forward to hearing from you, and greatly appreciate your
time and participation.

Sincerely,

Saqib Khan

Damn these infernal mornings.

Click here to subscribe to Liquidmatrix Security Digest!

And now, the news…

1. 1st Source Bank replacing debit cards after security breach | Network World
2. Microsoft Warns Of Bug In Apple’s Safari | CRN
3. Going Back to Basics To Fight Botnets | Top Tech News
4. EU security agency warns over insecure printing | The Register
5. Information at thieves’ fingertips | Times Union
6. McAfee Names The Most Dangerous Domains | Information Week
7. IBM Complimentary Security Health Scan | Bitpipe
8. ‘Hacker’ left child porn images on computer, lawyer insists | The Toronto Star

Tags: News, Daily Links, Security Blog, Information Security, Security News

Louis Lovas of Progress Apama wrote a complimentary blog entry on the topic at hand, CEP Maturity Models.   In his post, Louis says:

“What a CEP platform has tracks independently of what it is capable of doing. ….. What CEP does, is likely what Tim is referring to when he states we’re in the Technology Trigger phase.”

Peter Lin’s comment, in reply to Louis, concurs:

“Given that COTS CEP has only been around a few years, I think it is safe to say it’s still in the early phase. If we compare it to messaging middleware, which has been around for more than 15 years, CEP isn’t as mature. Another comparison is business rule engines and expert systems. The earliest business rule engines date back to late 80’s. All things considered, I would agree with Tim. COTS CEP still has a lot of time to mature.”

Louis was spot when he said that I was focused on overall CEP functionality; not individual product realiabity.

Independent of how reliable a particular CEP-type application might appear; the overall state-of-the-art of CEP is really quite immature.