Jeff Jaffe’s Blog

I was pleased earlier this month when Gartner twice positioned a Novell security product in the leaders quadrant. Novell’s Identity Manager product was positioned for the user provisioning category, and Novell’s SecureLogin was positioned for the enterprise single sign–on category.

Novell’s pride is punctuated by the fact that security is one of the enduring value propositions of Novell. Our two-pronged strategy – enterprise Linux and enterprise management – is to ensure that open source and mixed source solutions are industrial strength, and security plays a vital role. Some of our most impressive enterprise management products are in our identity and security management portfolio, including Identity Manager and Novell SecureLogin. Security is so important to Novell that last week we had an internal Security Summit with hundreds of participants; and prizes for the best hackers in the company.

What provides great security?

Security has been a very hot research area for decades. Being a leader in security has meant mastering complex algorithms. Cryptography, intrusion detection, public keys, hacking, and content filtering involve advances in mathematics and computer science.

But, as the industry has evolved, we have learned that one does not achieve security through great math. Increasingly, one achieves better security by having an easy-to-use system that embeds the great math.

To be sure, we still need more basic research in security. But it has become less critical than usability for the pragmatic success of security. After all, decades of research have already come up with outstanding approaches. But decades of hacking have found workarounds. One can have a provably secure system (math) which is compromised by internal attacks or careless use of codes (reality). To be a leader in providing security requires excellent algorithms to be sure, but the broader system is more important.

Gartner got it right!

In that context, it is worthwhile to take a look at some of the criteria used by Gartner. First, let’s look at the user provisioning category and Novell’s Identity Manager product. According to Gartner, user provisioning is a “business program concern” that “requires broader communication across a broader constituency”. Product leadership is not restricted to security tokens, but includes how one makes the capability accessible to a broad constituency. In our design of Novell Identity Manager, we have focused on integration across multiple products, visual modeling, and workflow design – all with an objective to make the technology accessible.

Gartner took a similar focus when it came to enterprise single sign-on and Novell SecureLogin. The focus according to Gartner was “improved user convenience and support cost reduction”. They recognized that “users must manage a sustained, politically unacceptable number of user IDs and passwords”.

What is next?

Novell is proud of this recognition. But we are not resting on our laurels. We are already moving to the next areas of research. Our Bandit and Higgins open source projects are broadening the research community for identity. We are developing key technologies in these projects, such as information card technology. As I noted in posting last spring on the blog, this will also provide the basis for the fifth generation of identity – Open Identity Services – where identity services are leveraged for value added personalization services for all applications.

Look to Novell to continue leadership in Identity Management for a long time to come.

On September 5th, Microsoft announced agreement with Novell to bring their Silverlight multimedia framework to Linux via a further collaboration between the two companies. The best place to learn more about the details of this is Miguel de Icaza’s blog.

Herein, I reflect on how it relates to Novell’s broader strategy.

Novell technical strategy

Please look at my earlier blog for Novell’s technical strategy. Some of the important principles are:

• A great enterprise Linux distribution

• Linux which excels from the desktop to data center

• Strong hooks for interoperability.

This Silverlight partnership is another element that fills in this strategy. Our desktop is not only outstanding technically, but adds applications and frameworks on top of Linux which interoperate with Windows. The benefits of Microsoft’s investments in Silverlight are brought to the Linux desktop.

So this ties to the three principles:

• We address a need of enterprise customers to bring the Windows media frameworks

• We add capability on the Linux desktop

• Done via interoperability.

The voice of the customer

When Microsoft and Novell announced our original partnership on November 2, 2006, we emphasized that the primary driver for both companies was the voice of the customer. The customer had two primary growth environments for the future: Windows and Linux – and they wanted vendors to work together on interoperability.

This continues to be a driver for our partnership. Customers have reacted favorably to Silverlight, and they have reacted favorably to Miguel’s team’s bringing this to Linux via the Moonlight project.

It is significant that the recent customer demand has extended to the support of multimedia frameworks on the Linux desktop. There is a considerable body of content developed with the Microsoft multimedia frameworks, and it is not surprising that the growing Linux desktop community wants access to this.

Choosing areas for collaboration

In my February 26 posting, I discussed how Novell and Microsoft chose areas for collaboration. At the time we selected four primary areas. I argued that, with literally scores of potential collaboration areas, if we tried to do everything we would get nothing done. We prioritized and focused on immediate needs.

I also indicated that this was just the beginning. Both companies recognize the customer demand to make the Windows world and Linux world work better together. Our collaboration is the best way to accomplish this.

Of all of the areas of customer requests, an area of particular excitement is to have richer and more varied multimedia frameworks on Linux that interoperate with the frameworks used by Microsoft. Soon after Silverlight’s introduction, our Mono team began working on the Moonlight implementation on Linux and heard a high degree of enthusiasm from Linux users. This became the driver for the Moonlight collaboration.

Another application running on Linux

Not to be lost in the broad discussion of interoperability is the more basic desire to grow applications on Linux. Both Red Hat and Novell have for many years worked with both open source application vendors as well as proprietary application vendors to get their solutions running on Linux. This is the next step in this honored tradition. With the bonus, that the application vendor in this instance is Microsoft!

The growing importance of the Linux desktop

I give Microsoft a great deal of credit for their growing recognition of the importance of Linux and the Linux desktop. The partnership we announced last fall centered principally around the Linux server, although one element of our collaboration roadmap was interoperability between Microsoft Office and OpenOffice.org. With Moonlight, there is tacit recognition that the Linux desktop is developing momentum, and there is desire for technology sharing across these platforms.

A growing, professional partnership between Microsoft and Novell

My final comment relates to the nature of Novell’s relationship with Microsoft. Many bilateral vendor partnerships seem to come and go. Vendors align for a moment of time when there is momentary confluence of interest. Then a bitter dispute breaks it asunder.

I don’t anticipate such a temporal relationship between Microsoft and Novell. For Novell’s part, our key corporate strategy is to infuse in Linux all of the capabilities required for an enterprise. Most of these are done purely by the open source community, in open source. We don’t need proprietary help to get increased reliability, security, virtualization, availability, or desktop excitement.

But customers insist on interoperability with Windows, and our strategy is to listen to customers. Given Window’s important role in today’s customer infrastructure , we are required to work with Microsoft on a constant pace of interoperability enhancements.