Jeff Jaffe’s Blog

The last several weeks I’ve been commenting quite a bit on the Microsoft/Novell agreement. A very important agreement for Novell and the industry. As I said on November 3, I will have much more to say about it over time.

But there are many other important technology moves that are underway at Novell and I don’t want to give them short shrift. In particular, I need to catch up on an important product that we recently launched. With the media attention to Linux and Windows this has been overshadowed – but it is extremely important to enterprise customers

Access Manager 3, background

Several weeks ago, I was in Washington, DC, at a conference that focused on the intersection between public policy and technology. Eric Schmidt, former CEO of Novell and current CEO of Google, was talking about the issues that he saw as most important.

Amidst a list of topics, he started to ruminate about the complexity that users think has been foisted upon them by computer professionals. No one understands why there are so many distinct logon schemes. Different websites, different formats, different passwords – even while a user is simultaneously logged on to all of these applications.

I smiled inside. Little did he know that his former company was poised to ship exactly what he was looking for.

The access control problem – breadth

Identity management products began in the 1990s, attempting to provide comprehensive approaches to the access control problem of the time. All applications were enterprise applications and the central problem was to simplify access control for users of the IT organization’s controlled applications. However, even though the IT organization owned all of the applications, its ability to manage identity across the enterprise was hampered by the need to use ‘best of breed’ services which were themselves diverse, with different identity management and access control mechanisms.

Subsequently, there was an explosion of the reach of applications that people were interested in. There was a need to federate multiple access control schemes (arising from multiple trusted partners). The federation needs grew from extranet requirements. As integrated multi-company supply chains were put in place to improve responsiveness, there was a need for a corresponding federation of identity management schemes. And, though extranet use cases showed the need for federation nicely, it was painfully obvious to IT professionals that the same issues were faced even within a single enterprise.

For service provider environments in telecommunications, government, and finance, the needs were even broader. The service provider had a separate view of the access control infrastructure required for each service. But the service provider also wanted to federate the infrastructures to better support users getting multiple services. Whereas an enterprise solution would support all of the users within a single access control system, a service provider solution required separation in dealing with users from outside the enterprise

At the same time, Web applications began to take off. IT organizations were confronted both with major corporate applications on the Web (e.g., purchasing, human resources, and information search) and at the same time needed to support the requirements for users independently searching for business services available on the web (e.g. wireless access to the internet, travel management, and software acquisition). Suddenly, passwords were proliferating.

Several approaches

IT organizations have been struggling with this issue for several years. Here are some of the most common approaches.

• Suffer in silence. Many organizations have simply allowed users to get access to the burgeoning set of services without stopping them or helping them. There are two serious issues with this. First, by not devising a solution to the password management problem, the organizations are limiting productivity. More important is that the proliferation of user passwords to applications – not under IT control – is a substantial security risk for the organization and a potential non-compliance with government regulations. This is most pronounced for internet applications where there is a lack of a robust security infrastructure. Not to mention the high costs to support users who have lost their passwords.
• Prohibit access. A method to reduce the security exposure that arises when users devise passwords to get access to internet services is to prohibit the access. Cutting employees off from the rapid service creation available on the internet reduces employee agility and productivity.
• Federation. Current federation solutions (e.g. Liberty Alliance) are good starts for solving this problem, but have not addressed the entire problem. Federation solutions based on Liberty Alliance alone have focused on protocol implementations and have not met the requirements for Enterprise deployment. These requirements include broad connectivity and simplified management capabilities. (Federation, at its core, allows for the proliferation of logon accounts. The premise is to allow each services vendor to continue to host identity information at its site while federation provides a means to link the accounts together. The ubiquitous example of federation involves several car rental agencies, airlines, hotels, etc., each having a customer account and using federation to link them all together without exposing sensitive business information between competitors. Note, that the user still have many accounts and identity information spread through the network environment.)
• Single vendor solutions. Some vendors have tried to integrate identity management solutions with their application sets. Unfortunately given that most IT shops are multi-vendor and all companies interested in including internet access are multi-vendor – this cannot be a total solution.

The need

So the requirement is for a multi-vendor access control system that deals with federation and internet access while taking into account the needs of the modern open enterprise. In my next post I will describe how Novell’s recently announced Novell Access Manager 3 product solves this problem.

Novell’s CEO Ron Hovsepian has just published an open letter to the community on the patent cooperation portion of the agreement with Microsoft. It addresses issues that a number of you have raised in comments on this blog. Please give it a read.

As we all know, most of the focus over the last several weeks around Novell has been the announcement of our partnership with Microsoft.

In my blog posting on November 3, I noted that for such a broad and industry transforming deal that there were numerous implications that I would post about over the course of time.

What has been in the public mind has been to appreciate the benefit for the open source community. Indeed, in that first posting, my focus was to recount the benefits for the open source community. Additionally, in the follow-up press release published by Novell on November 7, there was a strong discussion of the benefits for open source.

Also, the financial terms of the deal have attracted a great deal of attention. This was also part of the 11/7 press release; reporting on required SEC filings and the financial implications of the deal. (Not my focus today, but parenthetically, very favorable financial terms for Novell.)

In this posting, however, I want to make sure that we continue to give primary focus to the original driver of the deal: customer needs and the benefits of virtualization.

Reprise: the purpose of the deal

Customer needs. Linux has arrived. While Windows has been a fixture in IT environments for a very long time, and Microsoft’s impressive revenue numbers attest to this, Linux is now a growing part of the scene. According to IDC reports, Linux is actually the fastest growing operating environment. Customers have been pressing both Linux vendors and Microsoft that these environments must work together.

Technology opportunities. Virtualization built deep into the operating system is a new technology that Novell brought first to the Linux market by shipping XEN virtualization technology in our SLES 10 shipment of Linux in July. It is now easier than ever for customers to support multiple environments on a single hardware platform. The fact that virtualization is so deeply embedded accelerates the needs for interoperability.

Server consolidation scenarios. Of course there are numerous reasons that customers want virtualization. Principle among them, however, is the opportunity to reduce the number of server footprints. This saves hardware cost, improves manageability, and helps availability.

Openness. An additional driver of this customer need is openness. Today there are many all Windows shops or all UNIX/Linux server farms. For reasons of manageability at the core operating systems level, such customers are reluctant to support applications that only run on an unsupported operating system. They would need to change their entire management strategy. With virtualization, we add choice. Windows shops can support Linux applications, virtualized on SLES – and vice versa.

So the purpose of the deal is to solve customer problems. For Novell, a leading Linux vendor, we could not solve any of these problems convincingly and quickly without the collaboration of Microsoft. That led us to seek the deal and the consequent various components of the deal. We will compete vigorously with Microsoft to push for Linux and Open Source rather than Windows. They understand that. And they will compete with us. But our mutual priority is the customer.

The drumbeat around virtualization

This is not the first time that I have noted the importance of virtualization in these pages. In explaining the importance of SLES in my August 7th posting, I characterized virtualization as the capstone of SLES 10. And my last several posts (October 3, 16, and 30) have discussed different aspects of my recent keynote address to the Infoworld Virtualization Executive Forum. We have discussed virtualization’s larger role in the business world – and how technology in general and Open Source in particular are major drivers. We have heard this message repeatedly.

Different forms of virtualization

It has often been noted that there are two primary forms of virtualization. In full virtualization, guests run unmodified on the host solutions. This provides decent performance for some applications, but obviously it is inadequate for others. An advantage is that it requires fewer code modifications to be brought to the market. In paravirtualization, the guest is optimized to more fully leverage the underlying system capabilities. This is much better in performance, although it takes some extra work.

In the context of the joint Novell and Microsoft solution we will focus on both. We will succeed in bringing full virtualization to market faster. However a very important focus is to build the optimizations required – into both SLES and Windows – to support a paravirtualized solution.

Novell’s virtualization solution

No doubt, one of the reasons why Microsoft found Novell to be an attractive partner is our demonstrated leadership in virtualization. Here are some of the key points about our solution.

• Open Source: The IT industry has evolved to the point that they want to know that the most critical pieces of software are available as Open Source. Companies can see and modify the code. They have assurance that no single company will become dominant. We are at the point that we have an accepted Open Source approach to virtualization.

• Community: The Xen Open Source project has attracted the right community. Among the key participants are operating system vendors (Novell and Red Hat – and now even Microsoft), Chip manufacturers (AMD and Intel), system vendors (e.g. Dell, HP, and IBM), ISVs, management companies, and start-ups. The right set of companies have developed consensus on this key technology.
• Paravirtualization: The technical approach is paravirtualized, allowing for vastly improved performance by exploiting hardware assists.

• Server consolidation: This has always been a key drive for virtualization. In my presentation to the Infoworld Virtualization Executive Forum, I painted the broader picture of the virtual world. I talked about a global compute architecture where we don’t even care about location.

• Support of different operating systems: In July, Novell was first to market with Xen virtualization built into Linux. Last month, we added support for Red Hat (RHEL 4) and SLES 9 guests virtualized on SLES 10. We will now work with Microsoft on Windows. And within Novell there is a significant effort to get outstanding performance for NetWare virtualized on SLES.

The point about support of different operating systems is key. We will use the virtualization technology to bring together variations of Linux, Windows, and NetWare. The winner will be the customer.

Here’s some third party validation: there’s a posting from Chuck Hollis, VP of Technology Alliances at EMC, on his blog with his take on the deal. Worth a read.

I know this agreement has raised a lot of questions in the community, particularly around legal and procedural issues. We are working on answers to those questions. We’ve posted some of those today here. We’re continuing to work on others. Some of the questions that people have raised have been with very strong language: words like “betrayal” and “crazy”. While I understand the emotion that surrounds an agreement with Microsoft, I do encourage everyone to read the FAQs. Once you are aware of the facts you will see that we have been loyal to the principles of the open source community.

Beyond legal issues, another comment concern raised has to do with the historical record of partners who’ve worked with Microsoft. Some are arguing that anyone who signs a deal with Microsoft suffers as a consequence. In addressing this issue, I need to start by reminding everyone the source of the agreement.

For Novell, the sine qua non is the marketplace and customers. Our customers have been demanding for quite some time that we develop solutions to make Linux and Windows interoperable. This is a reflection of Linux’s growing importance and frankly, we believe that this interoperability will grow Linux’s importance further.

As we prepared our first-to-market Linux implementation of XEN, suddenly there were new opportunities. The customer demand for interoperability morphed into a stronger possibility: supporting both SLES and Windows in a virtualized environment. This would help server consolidation in a mixed shop. Moreover, as we have heard from the CIO of the City of Seattle at the press conference on Thursday, it provides a new method to bring Linux applications into an all Windows shop. With the market as our driver, we approached Microsoft to create a joint solution. With all due respect to this “historical record” of companies that partnered with Microsoft, Novell’s intention is to let the marketplace and customer needs be our driver.

Moreover, as my colleague John Dragoon says, it’s important to be informed by history, but not bound by it. Novell, as well as any other company in the industry, knows how fierce a competitor Microsoft can be. We are certain that they will compete fiercely. But that is not sufficient reason not to create solutions that customers want.

Earlier today, Novell and Microsoft announced that we will bring Windows and Linux / Open Source closer together by providing joint solutions whereby Windows can be virtualized and optimized as a guest under SUSE Linux Enterprise Server (SLES) and SLES can be virtualized and optimized as a guest under Windows. A press release outlining the broad terms can be found here. This partnership, and the improved interoperability between Linux and Windows, is an industry-changing development which will set the stage for innovation, interoperability, ease-of-use, cost savings, and security for decades to come. There are many pieces to this partnership which contribute to this. These are highlighted in the press release. I will want to comment and elaborate on these in the months to come – but there is far too much for one blog posting. Some of the topics I would like to comment on include:

1. Strengthening the foundation for Open Source.
2. New and enhanced Open Source projects
3. The joint solution: Virtualization, the future of computing
4. Technical collaboration

• Management
• Directories
• Virtualization
• Documents

5. Bringing together the Windows world with Open Source technologies
6.The benefits for the Novell’s NetWare customer base
7. Long-term commitment
8. Benefits for Independent Software Vendors (ISVs)
9. Benefits for Independent Hardware Vendors (IHVs)
10. Patents

…to name a few. Actually, as we get into it, I’m sure there will be even more to discuss.

Anyone who has been reading these pages will not be surprised to find virtualization as a centerpiece of this announcement. My last three major posts (on October 3, 16, and 30^th) were all about virtualization and Open Source being transformational.

For today, I want to focus on what I feel is the most far-reaching implication of this deal: strengthening the foundation of Open Source. In the long term, this is most important because this is where innovation occurs and where the future is defined. Futures that we cannot even imagine today. If we set that stage properly, with proprietary and open source software coexisting and interoperating, the computing industry will retain its dynamism.

Three open source sub-communities

We need to be a bit more precise. The Open Source community has grown and matured. It is not a few people working on Linux. Millions of people participate in and benefit from Open Source in many different ways. In constructing this partnership, Microsoft and Novell have toiled carefully to strengthen the foundation of all of these sub-communities; but the key factors that apply to each sub-community are different.

Before I get into the specifics, there is one “meta” point that should not get lost in the details: with this announcement, Microsoft is more fully embracing Open Source and Linux than ever before. As many of us know, Microsoft has begun participating in Open Source in different ways over the last several years. But today, Microsoft is strongly acknowledging the role Open Source plays in the marketplace and in the cycle of innovation. I shouldn’t speak for them in detail, so check out some of the Microsoft blogs (Jason Matusow’s blog, Port 25 blogs, etc ) to see what they say for themselves. What I would say, however, is their strong embrace of Open Source at the “meta” level is significant; in-and-of itself.

The three sub-communities that I will discuss are:

• The innovation community. In my previous postings, I have often characterized the Open Source community as the innovation community. These are the millions of people writing and releasing code as Open Source, contributing to existing projects or starting their own; people who choose to share their innovations with others by publishing code under the General Public License (GPL) and other licenses. In those posts I have shared how Novell contributes to this team, how Novell benefits from this team, and in fact how this team represents the future of innovation in computing. It is significant that we strengthen this foundation.
• Open Source customers. These are enterprises – large and small – that love Linux and other Open Source products. Pretty important to Novell because this is our revenue base. I will describe how we strengthen their foundation in numerous ways.
• Open Source businesses. Recently, many companies have created new businesses around open source. In fact, entire conferences such as the Open Source Business Conference are dedicated to creating Open Source businesses. I will describe how we strengthen the foundation for this important set of companies and business partners.

Strengthening the foundation of the innovation community

Thought leaders within the Open Source community express different points of view about patents. Personally, I respect a wide range of possible viewpoints – but it is not my objective in this post to choose one view or another about patent policies. The fact of the matter is that patents do exist and are recognized by the courts. As an innovator, the last thing I want to worry about is someone’s patents. We would never invent anything if we had to be experts that knew about every patent in the world. Who has the time to read the hundreds of thousands of patents that are released every year?As part of the agreement between Microsoft and Novell, Microsoft has made a commitment not to sue individual, non-commercial developers of Linux and open source for patent infringement. Certainly great news for developers in the openSUSE community as well as others. Progress and innovation proceed unimpeded.

This is the most direct way in which we strengthen the foundation of the innovation community. It is not the only way. As part of our agreement, Microsoft and Novell will initiate several important new open source projects to improve Windows/Linux interoperability and create a shared platform for innovation. I’ll talk about that more in my next post.

Strengthening the foundation for Open Source customers

Customer will have huge advantages by being able to re-architect their data centers around virtualized solutions built both on Linux and Windows. This is a business advantage and I will have a great deal to say about that in future postings. This is their benefit from the “content” of the joint solution. But there is an additional benefit which is not very different from the benefit received by the innovation community, the protection against lawsuits.

As background, Novell has been interested in helping customers in this arena for some time. Novell and its partners such as IBM and Red Hat have worked very hard on this. Over a year ago we announced the creation of the Open Invention Network, which is designed to protect Linux. Today’s announcement takes it a step further.

Which company has been creating a large number of patents in the last several years? Microsoft. Microsoft has agreed not to sue those customers who purchase SLES or SUSE Linux Enterprise Desktop (SLED). As a result, we have we have strengthened the foundation for Open Source customers.

Note that this protection is not limited to the “joint solution”. Any purchaser of SLES and SLED for any usage will not be sued by Microsoft.

Strengthening the foundation for Open Source businesses

An important sub-community in Open Source are the innovators who are taking their innovations to the next step and building open source middleware, solutions, tools, and applications. Novell has long been a supporter of these fledgling businesses through our Market Start program. We count many of these companies as important Novell ISVs.

These businesses are building Open Source products that run both on Linux and proprietary platforms. However, since they are Open Source, Linux figures prominently in their thinking. It is first among equals for these businesses.

They benefit in several ways.

• They benefit directly from the last set of considerations – the fact that they can build on a platform that has reduced risk. If they build on SLES, they know that customers don’t need to be concerned about lawsuits.
• They benefit from the existence of the joint solution and the collaboration of Novell and Microsoft. It will be so much easier for them to apply their innovation to two platforms simultaneously.
• Microsoft and Novell will collaborate on supporting these ISVs.
• Linux will grow and their will be more areas to innovate around the joint solution.

I sure hope these important partners see the benefit of building to SLES.

Summary and what’s next

In several different ways this new partnership enhances the foundation of the Open Source community. Innovators can innovate, customers can run applications, and ISVs can build new solutions.

But the Open Source community will benefit in numerous other ways as well. There will be new Open Source projects. Some of the projects that Novell participates in – such as Open Office and Mono – will get enhanced momentum. But these topics will need to wait for my next post. And as I said at the outset, teasing out the manifold benefits of this partnership will take place over several months.