Jeff Jaffe’s Blog

Open Enterprise Server just got some great recognition from a group critical to Novell’s success: our channel partners. OES won the annual VARBusiness ARC award for operating systems, taking first place in all four rated categories: product innovation, support, partnership and loyalty. Not only that, SUSE Linux Enterprise Server took second place. So Novell swept in the operating system category, beating out Microsoft’s offerings. There have been many comments on this blog critical of our NetWare strategy, as embodied in OES. It’s gratifying to us to see this kind of partner endorsement of the product. OES clearly is delivering value to our channel partners customers, or they wouldn’t be so enthusiastic about it. And the positive showing for our two open platform solutions – OES and SUSE Linux Enterprise Server – speak volumes to the attractiveness of Linux to the channel.

Bandit

Bandit project. This Open Source project is exemplary of how innovation is getting accelerated through Open Source. It is also an important example of the role that Open Source can play in setting standards. So I would like to share my thoughts about the importance of this Open Identity Framework. But first, let me backtrack and focus on why Open Source is such a powerful and appropriate technique for innovation and standardization.

Mechanisms for innovation

Over the last 50 years we have seen a variety of means for achieving innovation in information processing. These mechanisms have co-existed, but at one time or another one model is dominant. Open Source plays a growing role as a paradigm for innovation. Herein, I characterize some of the modes of innovation. I then claim that most modes will diminish in importance as the Open Source mode moves to a position of prominence.

A complete study of this topic is worthy of many books. After all, the innovation level in the information processing industry has been breathtaking. But this is a blog – so I will keep to the high points!

With over 130,000 projects registered to SourceForge there is an ample supply of examples. Some examples are better than others. But with my focus on Bandit, I will illustrate the power of Open Source innovation via the Bandit Open Source project.

In the information processing industry, where interoperability is a key customer requirement, it is not sufficient to be innovative. Innovative incompatible solutions are costly for customers. The innovation cycle has increasingly recognized the importance of standardization as part of the innovation process.

Open Source shines here as well. In the past, modes of innovation also stressed proprietary differentiation. Late in the game, innovators would meet to create standards. The result, too often, was a suboptimal standard or costly protocols required for interoperability. With Open Source, the innovation happens in the open – simultaneous with the standards process – driving down cost and ensuring innovation.

Four generations of innovation

University. Innovation is a fundamental mission of the university and it is where much of computing got started. Researchers are natural attracted to the university, and grants are often liberally available to allow for exploration. Several years ago, the Computer Systems and Telecommunications Board (CSTB) of the National Research Council published a study which illustrated how enlightened government funding of fundamental research led to the creation (over several decades) of quite a number of billion dollar businesses.

This technique was appropriate for the early days of computing. Large commercial revenue to support research did not exist. Since it was early, trial and error, experimentation, and learning from mistakes were the norm. The cycle from idea to commercial product was very long, so the considerable distance between the university and the marketplace was not harmful. Indeed, the CSTB study illustrated several technologies that took quite long to mature into businesses.

Industrial Laboratory. In the next phase, successful commercial enterprises, seeing the economic growth possibilities in information technology, created laboratories for fundamental research. IBM’s Watson Research Center, Bell Laboratories, and Xerox Parc are three well known examples. The funding came from the parent company – although often the economic value of the inventions went elsewhere. Large patent portfolios amassed by these firms attest to the degree of innovation that took place.

This technique was appropriate for second generation innovation. Innovation could be targeted much more closely to the marketplace. There was a mix of fundamental invention, as well as some degree of incremental enhancement – appropriate for a maturing marketplace. Cycle times were being reduced, making a corporate research environment necessary to commercialize invention.

Venture. In the next phase, several simultaneous factors created a new method of innovation. First, the growth of the information processing sector created a climate attractive for investors. Second, the “Innovator’s Dilemma” of large companies created speed bumps for the industrial laboratory model. Finally, the growth of the on-line economy opened up an unprecedented sandbox for new ideas. In this environment, venture funding of innovation became dominant. Typically, an innovator – often at a university – would take his or her idea and start a company to commercialize the idea. In this phase, often ideas “became” companies too quickly – and the venture funds paid for research (or, alternatively, the venture failed). But with ample venture funding and a large number of ventures underway, the industry as a whole short-circuited the innovator’s dilemma and created the Web community.

This technique was appropriate for third generation innovation. Many ideas could get commercialized very quickly, creating fundamental change in infrastructure, technology, and business. There were also excesses in this approach. Too much money was chasing too few ideas, resulting in many failures and excess capacity.

Additionally, there was an intensification of the focus on proprietary advantage which was unlike previous (relatively open) innovation techniques. This had several bad effects. When ideas were taken out of universities too early, walls of proprietary protection kept ideas under wraps within a start-up company. The sharing which usually takes place in an early phase of research was discouraged, retarding innovation. And the tight tie between innovation and a business often led to commercialization of ideas before they had the time to properly develop.

Open Source. Open source has emerged as the new innovation paradigm. There is less money available for research, but fortunately less is needed. Open source also addresses the negative effects of proprietary research approaches.

From the early days of computing, there was an association between the innovation technique and the funding. After all, someone had to pay. In phase I, it was research grants; phase II, the corporation; and phase III, the venture fund. Now, things have begun to change. These sources are drying up. Government, which appropriately funds new areas, has moved to other areas as I/T has matured. Corporations, pressed by tight profit margins and seeing their innovation consumed by others. are less willing to pay. Venture funds, after the excesses, are more selective and are funding businesses rather than technologies. So what is our new paradigm for innovation?

Fortunately, the cost of innovation has also come down, which balances the decreased availability of funds for research. Why has the cost of innovation come down? First, the core cost of computing is exponentially smaller than a few years ago. Today, even young children have impressive computing, communications, and storage at their disposal. Second, there are an impressive set of collaboration tools available which brings innovators with common interest together and allows them to further pool their computing resources. High bandwidth links, wireless connections, shared workspaces, and email naturally create communities of interest. These communities range from hobbyists, to university researchers, to corporate employees with common interests. Often, these communities cross organizational boundaries.

Not only have infrastructure costs been reduced, but people costs have been reduced as collaborators work across the globe – at times as part of their jobs – at times as part of their thesis research – and at times as part of hobby and interest. In aggregate, many projects can be accomplished on a shoestring.

Driven by the common interest, rather than by economic motives, the Open Source community works on the principle that sharing of ideas through the sharing of code spreads innovations the fastest. An innovator benefits from the community and gives back to the community – ensuring that invention occurs unimpeded by proprietary restriction. Ideas develop unencumbered by excessive focus on business needs and proprietary advantage.

Well, not totally unencumbered. To be sure, you need to rely on an ecosystem where (a) companies are willing to allow their employees to share some of their work or (b) universities have students work creatively on open source or (c) people have the spare time and find it fun to use it to work in such collaborative projects. Fortunately, that is happening increasingly. In particular, the mix has changed over time – but we are finding more companies willing to participate.

So, there are some costs to create the innovation, and even greater costs are required ultimately when the innovation needs to be supported with the reliability necessary for business. This leads to various business models: including payment for support and mixed source solutions [cf. my blog posting of May 15]. However, the substantially lower costs of the innovation and development allows for substantially lower costs for customers: a virtuous cycle.

Examples.

As I mentioned earlier, there are over one hundred thousand examples of Open Source communities enabling innovation. But I am not strictly interested in talking about Open Source as a methodology. I’m very interested in what the community is doing with the Open Identity Framework project, also known as Bandit. So I will track that as an example, in my next post.

Linux has been most effective as a server. In my post of July 24, I argued that Linux needed enhancements to fully address the demands of a data center. I identified 7 key characteristics which were required. I also committed that I would describe how SUSE’s Code 10 addressed these needs. In this post, I provide some of this detail.

Different types of server

There are different types of servers with different capability demands on them. These range from a workgroup server, through a Web server, all the way to the demanding data center server. Along the way are more specialized applications: Home servers, embedded servers, communications servers, and multi-purpose appliances are examples.

SUSE Linux Enterprise Server 10 addresses them all! Despite the focus on data center, I am not saying that SUSE Linux Enterprise Server works only for the data center. It is great as an infrastructure server, a workgroup server, etc. File serving, in particular, is an area of strength. Moreover, the same code base is used for the SUSE Linux Enterprise Desktop 10 (cf. www.novell.com/ctoblog – April 3 posting). But here I will discuss the particular proof points for the data center.

Testing, reliability and high availability

Every Novell product is thoroughly tested before it goes out the door. We perform large scale tests, benchmark tests, and carefully track exit criteria. When you consider NetWare, for example, the industry knows that NetWare does not fail. We use the same testing approaches for SUSE Linux Enterprise Server.

In this case we had an additional approach, via community testing.

1. The method for selecting function – for including capability in SUSE Linux Enterprise Server – is through our community distribution, openSUSE.org. Numerous features are proposed by the community for inclusion in a release of SUSE. We only select the ones that are relevant to the market and are battle tested.
2. We have a community of millions of people who have downloaded openSUSE who are participating in the testing of these modules.
3. The participants are the best and the brightest – not limited to Novell – but often coming from partners, universities – even competitors.
4. Once we settle down on the release content, there is extensive testing in the community. There is a substantial beta program with our partners. There is testing and certification with both IHVs and ISVs.

Beyond testing, there are specific functions that are added to SUSE Linux Enterprise Server that enable high availability. For example, we have a heartbeat function included as part of SUSE Linux Enterprise Server (up to 16 nodes).

We are also adding some tooling which ultimately helps the high availability. For example, we have a new set of kernel debugging tools that are used throughout our testing process.

Virtualization support

The capstone of SUSE Linux Enterprise Server 10 is its support for XEN virtualization. While virtualization has been around for quite some time, the XEN approach is a rather novel approach – partly in the way that it works around some machine architecture issues. In that sense, this is a case where we are not simply copying UNIX evolution – but rather we are adding fundamentally new innovation.

Red Hat has also been a strong supporter of XEN as well, although they have recently backpedaled since they are late to market (please look at my August 2 blog posting).

The importance of virtualization has been validated in the industry for decades. More recently, VMWare – among others – has brought virtualization to industry standard platforms. These are important solutions in the marketplace and these virtualization vendors are significant Novell partners. They have been supported by SUSE for years and we hope to continue that for years to come.

But in the last few years, various stakeholders have gotten together to validate the importance of virtualization further and take it to the next level. Chip designers have added special assists into the hardware so that performance can scream. The entire Open Source community has gotten behind the XEN project as the accepted strategic approach for virtualization. Chip manufacturers, system builders, and application writers are all participating to bring this technology to market in record time.

The approach that the Open Source community is using is paravirtualization. By allowing portions of the guest operating system and application to be modified to exploit the new hardware, paravirtualization allows much higher performance than previous approaches.

What does SUSE Linux Enterprise Server’s virtualization allow? First, it will provision, de-provision, install, monitor, and manage multiple guest operating systems. It provides performance and tuning for a multiplicity of workloads. And the virtual machine idea enhances security.

And what is Novell’s marketing approach? To be first and to be best. We have helped organize the community. We have made enormous contributions to the XEN open source project. And we are the first distribution to bring this technology to the market.

Virtualization — critical to the data center. A success story for SUSE Linux Enterprise Server.

Scale and clustering

Specific function has been added to SUSE Linux Enterprise Server 10 to ensure it scales. First is the virtualization capability mentioned above. Second is the support for the Oracle Clustered File System (OCFS) – to ensure that we provide outstanding support for clustering.

Scale also relates to a focus on several different hardware platforms. We, together with the entire industry, focus on the x Series. But the scaling properties of other systems are different: some favoring I/O performance, others having unique instruction sets. As a result, we have tuned to a wide variety of other machine architectures, including IBM’s Z series, IBM’s Power series, IBM Bladecenter, HP’s Bladecenter, Fujitsu, Unisys, and SGI.

With the scale capabilities of SUSE Linux Enterprise Server 10, we can address many different types of demanding workloads. SUSE Linux Enterprise Server 10 can be used for utility computing. It can be used in a computing Grid. It can be a mainframe. It can be a supercomputer. Some of the key scaling figures of merit are: support of up to 1024 CPUs and up to 10 Terabytes of memory.

Performance

Data center performance is unique due to the diversity of workloads that need to be supported. We have long tuned our performance to support infrastructure servers. But our focus on performance is not limited to performance on standard workloads. We are focusing down to individual market segments and optimizing performance for those environments. Some examples:

• Virtualization (mentioned above). With our CIM based monitoring tools, we have the hooks in the system to optimize performance. We are also working on a Virtual Machine Orchestrator - an innovative tool to optimize performance in conjunction with the XEN paravirtualization buried deep in the operating system. It allows specifications of policy which tune performance by reacting to policies.
• Real-time performance. This segment is a segment that needs deterministic performance and scheduling from the operating system. Initially popular in process control applications, it has spread to key applications in financial services. Through a partnership with Concurrent Corporation we are providing a real-time version of SUSE Linux Enterprise Server 10. Note that in providing real-time performance, one changes the scheduling algorithms in a way that might not be appropriate for general use. The key is that we are providing the flexibility to run as general purpose or as real-time.
• Clustering. As mentioned above, here support for OCFS is key.
• Desktop. As mentioned on the May 1^st blog, the performance of this “common (server/desktop) operating system” for desktop applications such as graphics is superb.

Security

Probably no issue causes more anxiety today than security. Security attacks occur from many different dimensions: including insider threats, viruses, spam, denial-of-service, etc. The solution for security attacks is also found in many different places. Novell’s Identity Management portfolio (cf. www.novell.com/ctoblog – May 30^th post) is one element of the solution which focuses on access control.

What security functions should be handled by a core Operating Systems distribution? Here, too, there are several approaches that one can take – all of which are valid to some segment of the market.

One popular approach has been to go through the Evaluation Assurance Level (EAL) certification steps. Novell is quite proud that it has achieved EAL level 4 security. Still, it is rare that one finds either an operating system that is fully certified to EAL level 7 or an application that demands such certification.

What is a better match for market needs is to have an easy approach to protect applications from each other. This is a primary requirement for a data center environment of any sort. This is even more critical in the world of server consolidation, an increasingly important method to drive down hardware costs in the data center. Consolidating numerous applications on the same server could contain risk.

This is the reason that we have decided to open source our investment in the AppArmor security container technology, and include it in the SUSE Linux Enterprise Server distribution. This capability provides exactly the isolation that is required.

More importantly, it is easy to configure. Configuring security parameters is often difficult, causing two fundamental problems. First, if it is difficult to use, it will often not be used! More importantly, it is likely to be used incorrectly. This is particularly frightening for a security feature – one might not know that it is being used incorrectly until it is too late.

Two more points. First, we mentioned earlier that, in some cases, Linux is merely catching up to UNIX and, in others, it is innovating fundamentally new solutions. The case of AppArmor is certainly a case of the latter. Second, note that virtualization itself is a security technology in that it provides secure encapsulation through the virtual machine.

Manageability

A multi-billion dollar industry has grown around managing I/T assets of all sorts. Given that the mission -critical assets are most often found in the data center, manageability for the data center is a primary need.

The Distributed Management Task Force (DMTF) consists of well over 200 organizations: industry participants, universities, affiliated organizations, etc. who are working together on this very difficult topic of manageability. They have standardized on a Common Information Model (CIM) approach. With CIM based monitoring, you have the core infrastructure required to have the opportunity to manage a data center in an architected way.

SUSE Linux Enterprise Server 10 supports the CIM based monitoring approach. As such, it is the Linux distribution that has the manageability infrastructure required for the data center. We have also taken it to the next step. For example, the standard for CIM based hardware monitoring is known as SMASH. We have implemented it and open sourced code that supports it. We want everyone to use it. We are showing leadership.

Of course, management goes beyond basic monitoring. Here, too, SUSE Linux Enterprise Server 10 has received a great deal of attention. As mentioned above, one of the values we bring to virtualization is the YaST2 tool for installation and configuration. This solution is being widely acclaimed by the media as the right tool to make Linux installation and configuration easy for non-UNIX experts. Again, we are bringing innovative solutions to the table.

Tuning to a wide variety of architectures and integration.

Among the architectures we support are: x86; x86-64 bit; ia-64, PowerPC; Power PC -64bit, S/390. But support is not limited to processor architectures; we also support a great number of network devices and storage units. Testing these tightly with SUSE Linux Enterprise Server 10 creates a much better out-of-the box experience for customers – as in the UNIX days.

More to go

The primary point of this posting is that Linux is ready for the data center and we have come a long way in a short time. SUSE Linux Enterprise Server 10 is the product which most illustrates this readiness, due to the substantial capability listed above.

To be sure, there is more work to be done. And I challenge my team and the entire Open Source community to get it done. With SUSE Linux Enterprise Server 10, we are a serious player for data center workloads. We also provide attractive software pricing and drive down the hardware costs as well. But Novell and the community will continue to invest.

What are the areas for further investment? In the “surround” for the product we will provide better developer tools and better documentation. In the core product, we will constantly look for ways of addressing a broader set of threats. More instrumentation is needed for capacity planning, workload management, and problem determination. These will all come in time – and we will address everyone’s needs. For now, however, we have moved from early adopter to the broad majority.

In my last post, I argued that Linux needed enhancements to fully address the demands of a data center. I identified 7 key characteristics which were required. I also committed that I would describe how SUSE’s Code 10 addressed these needs. In my next post, I will provide some of this detail. But there’s some press play out there right now about one of the critical new benefits available in SUSE Linux Enterprise 10 – virtualization – that I can’t let pass. A Red Hat VP has been telling the press that, although there is “unbelievable” demand for virtualization, that Xen, the leading open source virtualization offering, is not ready yet for the enterprise.

What does Novell believe? Xen is ready! What do other companies say? IBM has made it clear they’re supporting Xen now. I’m looking at another corporate press release supporting Xen from March 2006. The company “Formally Announces Integrated Virtualization”. Who is that company? Why, it is Red Hat! Do they really believe Xen virtualization is not ready? Or are they trying to introduce a little FUD into the market because another Linux vendor has beaten them to the punch by a good half year in terms of an integrated virtualization offering, including Xen? (In fact, Red Hat seems to be backtracking today, according to this story in the Register, so I’m not sure where they stand.) Xen is the leading open source project for virtualization for a reason – because it’s so strong. Novell and many others in the industry support it. If you have virtualization needs in the data center, we can deliver it today. Don’t be fooled….