The enormity of the challenge can often overcome even the best intentions.  There can be little doubt that our economy has entered a "new normal".   Yesterday's actions don't yield the same results.  Things take longer than they used to.  Competition is as fierce as ever.  The pace of change is accelerating.

These are but a few of the observations and realities that face many of us in our work and personal lives.  It's no different at Novell.

We've decided to embrace these challenges and Lau Tzu's ancient words that "A journey of a thousand miles begins with a single step".  In particular we recently launched a company wide initiative called "The Power of One".

In short, the Power of One represents the potential of one step, when combined with others, to make an enormous difference.  We've asked each and every Novell employee to consider how their individual actions, no matter how small, can be better aligned to serving our customers and partners.  We've also given them a forum (via our innerweb) to publicly declare their power of one goal while being encouraged and informed by their peers.  It's certainly not the case that our employees needed permission to act in this way.   But by formally declaring our "Power of One" campaign, we are uniting the interests of all Novell employees to speak and act with one voice, one purpose and one mission.  Indeed reminding all that the best way to climb the mountain is one step at a time.

The Power of One is an important reminder to all that in most things "Small deeds done are better than great deeds planned".

What's your next step?

John

We're tackling cloud security issues by building capabilities and offerings targeting the specific concerns of both the consumers of cloud technologies and the providers of cloud technologies. Ultimately, by addressing the needs of both constituents, companies can have a consistent framework for managing identities across physical, virtual and cloud deployments.

On the heels of our Novell Identity Manager 4 announcement – a cloud-ready solution for today’s enterprise – Novell today announced the general availability of Novell Cloud Security Service.  The first security solution specifically built for cloud computing providers.

At Novell, we believe cloud security is comprised of two distinct but inter-related challenges:

1. Cloud providers need tools to address security concerns like user access and managing data in the cloud.
2. Enterprises need assurance that when moving workloads to the cloud. Or, if  adopting software-as-a-service, an IT organization's  security policies should remain consistent both on-premise and in the cloud.

Solving these challenges is not as simple as it sounds.  For enterprises looking to address the cloud security challenges and extend their internal roles, identities and policies to the cloud, Novell offers the combination of Novell Identity Manager 4 and Novell Access Manager to provide seamless provisioning and access management to SaaS and other cloud applications.

For cloud service providers, Novell Cloud Security Service offers a multi-tenant identity and access management solution specifically created for cloud providers with built-in metering, billing and auditing.

We’re interested in what you have to say about cloud security too, whether via commenting on this post, or joining the Cloud Security Alliance group on LinkedIn. We also like this site for good cloud security information and discussion http://www.trusted-cloud.com/

Despite some of the buzz in the blogosphere today (see links below),  Intel’s acquisition of McAfee makes sense.  I believe it’s premised on the need to provide security in the growing mobile space.  Intel has a chance to produce some differentiated technology for mobile and that will also flow into data centers.   This surprise acquisition also acknowledges that security is something enterprises expect at all levels of the software stack.  This also validates that security should no longer be viewed as “part” of an IT strategy.   It’s an essential ingredient to every part of the IT ecosystem.

The challenge is that pervasive security is hard.  You’ve got to have the chops to implement the right security policies for your organization. Let’s face it – cybercrime has advanced from being lone wolves and script kiddies to organized crime using military-grade techniques.  Enterprises need to be increasingly worried about their data.  To meet these threats, security must be pervasive throughout the enterprise, and Intel has taken the first step to embed security directly into hardware. Security also needs to be integrated in the operating system, the application and the cloud so that enterprises can log and correlate events to look for rogue activity from either internal employees or external threats.   This takes knowledge, and the right solution providers to help you navigate the complexities of this ever evolving risk landscape.  I’m sure we’ll see others with different takes on how to solve this but Intel has made a bold and interesting move.

Andrew Jaquith's Blog
Threatchaos.com
The Register
Securosis

On Tuesday IBM completed their roll out of their POWER7 server line. This milestone gave me an opportunity to look back at a humbling realization.

For years I have known that IBM POWER exhibited the key capabilities of reliability, availability and scalability (RAS) which have been tenants of a UNIX platform. I also knew that POWER leveraged key leanings from IBM's flagship System z mainframe to achieve many of those objectives. Additionally, I knew that POWER was a supported platform for SUSE Linux Enterprise Server — in fact SUSE Linux Enterprise was the first Linux distribution to support all of IBM's hardware platforms.

So in early 2010 as IBM began launching their new POWER7 server line up, I did not give much thought about what that meant for SUSE Linux Enterprise Server. I knew SUSE Linux Enterprise Server would support the POWER7 architecture much like it had supported POWER6 and its predecessors. I knew our enterprise SAP, DB2 and HPC customers would continue to receive the scalability benefits of SUSE Linux Enterprise Server on POWER. I knew that customers could get the same “best of both worlds” benefits of running best-of-breed AIX applications on the same box as best of breed Linux applications thanks to POWER'S ability to create multiple logical partitions or LPARs.

It was not until a colleague of mine from IBM asked me to present the benefits of running SUSE Linux Enterprise Server 11 SP1 on IBM POWER that I became amazed about what I did not know. I started by reviewing the release notes to see what was new. I learned about some of the usual suspects like OFED 1.4, FCoE, kernel resource management and improvements to zypper. These are great enhancements to SUSE Linux Enterprise 11 SP1 but not POWER specific.

Next, I reviewed Novell's feature and enhancements system to see what IBM requested as key support features for SUSE Linux Enterprise Server 11 and SUSE Linux Enterprise Server 11 SP1. What I found was much more interesting: multi-path I/O, active memory sharing, dedicated/shared processors, and huge page size support. All of these features point to availability and scalability of SUSE Linux Enterprise on POWER, but what about reliability?

That is when I came across this study which has a number of nice things to say about SUSE Linux Enterprise Server 11. What I found was that SUSE Linux Enterprise Server had fewer tier 1 and tier 2 incidents than its competitors, and like its competitors it had fewer than one tier 3 incidents per year. Ironically only the AIX performed better. That leads me to the most interesting find which is the performance of SUSE Linux Enterprise Server on POWER.

One of the things I love about IBM is the significant pride they have in their technical prowess. Recently IBM provided a “performance data” tab on each of their server hardware offering pages. What I learned was that SUSE Linux Enterprise Server 11 was able to provide best-of-breed performance for SPEC int_rate and SPEC fp_rate on two socket systems like POWER 730, 740, 4 socket system like POWER 750 and 8 socket systems like POWER 780. It is humbling to fathom an achievement like the POWER 795 which touts 256 POWER7 4.00 GHz processors and 8 terabytes of memory only to turn around and remember that SUSE Linux Enterprise supports 1024 processors and 16 terabytes of memory!

This little investigation lead me to realize there is a lot about IBM POWER and SUSE Linux Enterprise Server for IBM POWER that I did not know. But the more I learned the more I understood how IBM was growing its share in the RISC market year over year and why Linux on POWER shows even more promise now than ever before.

Congratulations to my friends at IBM on their POWER7 launch!

Here are a handful of security concerns identified by an Amplitude Research survey* of 353 network administrators. These ten pain points that IT folks help illustrate that no matter the size of the firm, the issue or Identity Access Management is a consistent concern.

• Granting and securing access for remote consultants and employees
• Identifying and replacing insecure protocols
• Maintaining current virus definition
• System updates and patches
• Education of staff, management and consultants on proper access procedures
• Tracking network logons and use
• Maintaining regular password parameters and ensuring enterprise-wide use
• Sharing data and files securely over both internal and external connections
• Backing up, managing, retrieving and sharing logs securely

Enterprise security – and the methods and software used to monitor and ensure it – impacts every business in different ways. But by recognizing some of the issues faced by many global organizations, most IT departments and professionals can take steps to ensure that their systems are secure, reliable and accessible.

Learn more about network and enterprise security as it pertains to identity and access management at http://www.novell.com/products/identitymanager/ .

IDM 4 is touring the USA. Come to a special briefing with top industry leaders and IT professionals in a city close to you.

What a time to be in the IT management software business, just when you think everyone is consolidating tools and removing tools from their portfolio, in comes a vendor selling management tools. How can a new tool to the environment be a good thing and why would I consider this as a senior IT executive. If that tool can help you to de-dup your environment, add value and remove cost, what is there not to like about that solutions? Read on and see how the right investment can benefit objectives and reduce costs.

As we are square in the summer doldrums and I back from a month's travel, I ponder a couple of things that have come out of my recent travels. Conferences, meetings with prospects and meetings with analysts with similar themes for requirements to integrate or wait on the framework vendors, lock-in with the frameworks or freedom of choice and best in breed, open source management alternatives and alignment to the business and/or consolidation of management tools and a requirement for an integrated view.

Is it possible to spend money to save money? My father always said if it were possible, I would find it or at least be able to come up with the rationalization. I find many organizations are going through portfolio rationalizations, elimintating duplication, seeking savings, staying out of vendor lock-in, but also attempting to deliver higher quality of services aligned with the business. This can only mean an integrated view of the technology infrastructure that is becoming more complex with virtualization and cloud computing. The question becomes where to cut, where to invest and where does the value come from.

The large framework vendors are always a safe choice, they have grown through acquisition and may someday integrate their solutions if nothing else at the database level as this is easiest. I know, I've been a product line manager for one of them and that is always the quick win. This approach does lock you into their solutions and may leave you losing functionality you enjoy from some of the point solutions you have acquired for good reason along the way, but what if there were another alternative to reduce costs, remove tools, leverage best in breed point solutions, AND achieve integrated live views of the environment as the business consumes services. What if this solution also provided future-proofed business alignment by abstracting the integration input from the intelligent modeling and visualization…..sound too good to be true? It is possible today.

Novell provides solutions in the market of Intelligent Workload Management and at the heart of this market is the ability to leverage current and future management technologies and solutions with live views to take action averting business impacting events taking advantage of the wealth of information supplied by your performance, availability, configuration, security tools and business applications. This approach enables you to consolidate duplicate tools. leverage the best of the best and manage my intelligent service models.

I met with a customer who told the best story, there are tools that are good "feeder" tools and there is the overall dashboard view. Be the best "feeder" tool you can be and live in the ecosystem. Monitor availability, performance, configurations and do it well, feed this information into the aggregator who's job it is to make sense of many inputs, determine overall state and provide the dashboard of the services. This is what we at Novell call the Intelligent Service Model at the heart of the Business Service Management Solution.

The beauty of the solution is that it takes input from many sources "live" and enables you to define your business rules by which to take action. This enables you to take advantage of best in breed feeder tools or open source tools, while investing in the view that brings this data together live and enables you to integrate into the Intelligent Service Models the rules that drive your business. It is future proofed in that it does not matter where the data comes from and it can be swapped out as your requirements for monitoring change over time.

It is possible to avoid vendor lock-in, take advantage of best in breed and low cost alternatives and have a live view by which to take action in real time. Tool rationalization can help you to determine where you might leverage low cost alternatives while investing in the value that takes your IT organization to the next level and reduce overall costs.

Take advantage of best in breed and Business Align with Live Views!

Physical, Virtual, Cloud Computing – The Control Never Ends! Check out Novell Business Service Management! http://bit.ly/aOVQrS

http://www.youtube.com/watch?v=0i7kBnhN3Lg

Some of you might know that I have an affinity to the cinema, as I have also a masters in science of mass media, cinema and theater. Don't laugh, it isn't that ridiculous as it might seem: the industries of the movies and of IT are quite similar. Both be brutally expensive, are fast-moving and consistently changing, and absolutely merciless if you strike the wrong note or do one wrong step.

No worries, our friends from IBM did all things right here. As leading actors we do not see professional comedians but the IBM heroes Siegfried Langer, Wilhelm Mild, and Hans-Joachim Picht. But the results are impressive – already about 3,500 views on YouTube. And a message well transported. Even if it starts with some kind of "once upon a time", this movie is not a fairytale, but a documentary on how a vision becomes reality. A platform under suspicion of being moldy and old-fashioned demonstrates its cutting-edge nature. Many technologies now being "hyped" originally had been or born or early adopted on the mainframe – think of virtualization, think of "cloud readiness", think of "business continuity".

There is one thing that could be done even better next time. For your next movie, plan also with minimum a supporting if not a leading role for Geeko – and you bet you will sweep the board in the most important categories for IT customers: you´ll hear the "and the Oscars for the categories Best TCO and best ROI go to IBM System z running SUSE Linux Enterprise Server for System z".

In a blog post to the Google Community last week, Urs Hölzle, Senior VP of Operations, communicated the company's decision to kill Wave (see Official Google Blog): "Wave has not seen the user adoption we would have liked. We don’t plan to continue developing Wave as a standalone product, but we will maintain the site at least through the end of the year and extend the technology for use in other Google projects."

This announcement left some wondering about the future of Enterprise Collaboration, but market expectations for these applications have never been better. IDC expects that spending on Social Platforms will grow by 35.5% through 2014, making it the fastest growing functional market in Collaborative Applications (1). At this year's Enterprise 2.0 Conference held in Boston (see Enterprise 2.0 – Big Challenges and Exciting Possibilities for Collaboration Software), a number of success stories presented seem to confirm IDC's expectations:

• The number and size of organizations working with Collaborative Applications is growing significantly. Case studies presented included medium size and large companies, in different industries including Education, Consumer Goods and Services.
• Organizations are focusing strongly on metrics to evaluate their impact that these tools have. This indicates that the market is maturing and moving beyond the hype to actually addressing how to use these tools effectively for solving business problems.

Looking at the number of vendors in the expo floor, it is evident that this is already a crowded market with very similar solutions. However, you also get the impression that Collaboration tools have the potential to become a standard business tool for the enterprise and it is difficult not to be enthusiastic about their potential.

The message for the channel in this story is that Collaboration Applications have a huge potential but gaining traction in the market will require working closely with customers and developing best practices for user adoption and solving business problems. This was one of the main problems that Google Wave faced which in addition to security concerns, might explain the low rates in user adoption.

From the case studies we saw at Enterprise 2.0 we learned that the companies that have successfully deployed Collaboration solutions have one element in common, which is an internal or external specialist or team that help identify specific business issues and coaches the organization in the best way to integrate technology to address their business problems. In addition to owning and managing the relationship with the Enterprise, this is a role that the channel can fill for Collaboration Solutions, expanding their practice into adding value to the business solution that technology provides.

To read more about the future of Novell Pulse, read Ian Bruce's recent blog post, The future of enterprise collaboration and tune in for this week's cloudchasers.

(1) Worldwide Collaborative Applications 2010-2014 Forecast, April 2010, IDC #222713

In my last post, we discussed how Burton Group, at their Catalyst Conference, put forward a vision where user access privileges are "pulled" at the time of use to the application or service the user wants to consume. I argued that for such a paradigm to work, entitlements and access information about users would need to be gathered and maintained across many identity stores, some from outside an enterprise, some hosted internally and others potentially within a cloud environment. I also argued that this will take more effort than it will return in value.

I also pointed out that the more realistic approach is to leverage processes and technologies that are already here now. Not everyone agrees with me. My Friend and fellow New Jerseyan Nishant Kaushik at Oracle has a well-thought opposing view available here. Just keep in mind, when studying his architectural design that it's held together with eight different standards and a number of open source projects. Many of these standards have not become widely adopted or accepted outside of Oracle and even compete with other well respected standards and projects. And, oh yeah, one of his boxes has a question mark affixed to it.

I happen to have an honest intellectual different opinion, and would rather not see enterprises cobble their identity infrastructures together with a little more than hope, bailing wire, and string. I maintain that enterprises need to build identity on a sustainable, scalable, identity and access management environment that is extensible enough to address potential future identity management models and standards as they arise.

Some say it's not possible and that is why we need to move to a pull model. I know it is. And I know customers doing it today with Novells Compliance Management Platform (CMP). It's achievable because CMP integrates identity and access information with security information and event management (SIEM) to provide not only real-time insight into security events across the enterprise, but real-time identity management workflow and policy enforcement as well.

For instance, because of CMP's tight identity integration with its built-in Sentinel SEIM technology, users are no longer tracked by an IP address or individual accounts, but by their identity – as that identity moves from system to system (Often referred to as User Activity Monitoring). Additionally, Sentinel intelligence can be sent back into the identity management system so that policy violations can be documented and remedied. That is, when Sentinel identifies something is awry, it can work in conjunction with identity manager to create workflows designed to provide the requested access or use identity manager to initiate an action such as to create, disable or delete accounts. This is all based on an action that’s been detected in the enterprise in real-time.

Consider the following example of a user attempting to use an application or service. This user has access to the SAP ERP system, but not the Accounts Receivables module needed to create a report. They don’t yet have approval to access AR within SAP.

If SAP is properly configured it will dispatch a security event detailing that the user is trying to access something they’re not entitled. That dispatch would be immediately captured by Sentinel. Sentinel contains an incident handling system so a pre-defined business process will dictate how to handle the user’s request. The reaction could very well include initiating the process to vet the user’s request against their role and security policy, and then use the IdM system to issue the formal workflow required to approve and provide access to the resource sought. Also, all steps in this process would be fully logged and auditable for compliance and security.

Another example is when a user tries to log into SAP and fails. Sentinel will work with Identity Manager to determine if they do, in fact, have an SAP account and failed at a legitimate log in. CMP can send the user an email directing him to recover his password using CMP’s Password Management system. The email may also tell the user that if he didn’t try to log in, then IT security should be notified so the incident can be investigated.

The appealing aspect of all of this is that it doesn’t require changes to any – and especially not all – of your applications as the pull model would demand. It doesn’t require a new infrastructure, nor standards that don’t yet exist or are not widely supported. Novell customers need only leverage the tools they already have in place. What is more, from an end user quality of experience perspective, it couldn’t be better. They merely go through their day, doing what they need to do, and the intelligent identity infrastructure will guide them through the processes they need – while IT management is notified of any incidents that need their attention.

Perhaps more important – in these regulatory and security conscience times – is the ability of this intelligent IdM infrastructure to enforce preventative controls. For instance, most organizations require access be approved by a specific process and in accordance with a user’s role. Companies also are careful to enforce segregation of duties to stay on the right side of corporate security policies and Sarbanes-Oxley. Unfortunately, these controls only work if users go through the IdM system.

What happens if an administrator circumvents the IdM system and gives users an otherwise forbidden level of access? Well, if a user is given new access rights to SAP, or new entitlements expanding existing access rights, that is a security event – and that new access status would be sent to Sentinel. That access could then be properly vetted for legitimacy. Now consider a more severe situation in which a segregation of duty violation is created by access granted outside of the IdM system. In such a case, Sentinel could initiate an immediate response, such as shutting down access to both the administrator (who enabled the SOD situation to be created) as well as the end user. The event could then be properly investigated.

None of these capabilities are years way, and none of them require changes to the infrastructure. They’re possible now, with off-the-shelf software that enables the creation of an intelligent identity infrastructure that is able to adjust to user requests at the time of access and understand the context of identity activities well enough to react in real time.

Follow Ben on Twitter at www.twitter.com/benatnovell

On Wednesday at 9:00 am, you won’t want to miss Linux luminary and Novell senior vice president and general manager Markus Rex’s keynote presentation. Join Markus for an engaging discussion on how Linux is empowering many of today’s technologies and paving the way for the workloads of tomorrow.

You should also check out our other speakers:

Tuesday, August 10

• 10:45 am, Rafael J. Wysocki presents on "Runtime Power Management Framework for I/O Devices in the Linux Kernel"
• 11:45 am, James Bottomley presents on “Curing the Azure Mood: Building .NET Appliances on Linux”
• 2:30 pm, Robert Schweikert presents a tutorial on “Creating Appliances with Kiwi”
• 4:30 pm, James Bottomley will be part of a Linux kernel panel on the technology, process and future of Linux

Wednesday, August 11

• 2:00 pm, Guy Lunardi will be part of a panel discussion “Where is the Linux Desktop Succeeding?”

Thursday, August 12

• 2:00 pm, James Bottomley will be part of a panel discussion on “What's Next for Linux?”
• 2:00 pm, Federico Lucifredi will present on “Creating Packages for Users Running Various Distributions”

On Monday from 9:30 am to 5:00 pm, we will also be holding a free SUSE Linux Enterprise training for Red Hat administrators in the Aegean Room at the Renaissance Boston Waterfront Hotel. There are many things that are common between Red Hat and SUSE Linux Enterprise, but there are also some key differences which are very important. This course is designed to help a Red Hat system administrator understand how to, and feel confident with, administering a SUSE Linux Enterprise system. The goal of this class is to prepare you to become a Novell Certified Linux Administrator. Test vouchers will be provided for attendees to take the certification exam at no cost. You can register for this class here.