Embed Size (px)
DESCRIPTION
Citation preview
W H I T E P AP E R
I n t e l l i g e n t W o r k l o a d M a n a g e m e n t : O p p o r t u n i t i e s a n d C h a l l e n g e s Sponsored by: Novell
Mary Johnston Turner Sally Hudson Brett Waldman June 2010
I D C O P I N I O N
Over the next several years, IDC expects enterprises will continue to increase both the percentage of virtualized datacenter workloads and the density of virtual machines (VMs) on physical servers while continuing to maintain many single-purpose systems. Simultaneously, many organizations will add public and/or private cloud services to their enterprise infrastructure mix.
To make the most effective use possible of this dynamic and heterogeneous infrastructure environment, IT teams will need to shift to a more policy-based, automated approach to managing the building, provisioning, migration, monitoring, measuring, and securing of corporate workloads.
Intelligent workload management is an emerging market concept that addresses this complex set of needs by integrating a number of important technologies, including:
Software appliances for intelligent workload packaging and deployment
Policy-based workload management automation
Access/identity management
Configuration and performance monitoring, reporting, and analytics
Intelligent workload management solutions are evolving and being built on a number of existing technologies, including software appliances, server and workload automation, and identity and access management (IAM) solutions. IDC estimates that in 2009, the server and workload automation market totaled approximately $600 million worldwide, the identity and access management software market was $3.5 billion, and the market for software appliances was $156 million.
I N T H I S W H I T E P AP E R
The workload management and security challenges created by dynamic, virtualized datacenter and cloud service environments, along with continued use of physical systems, are forcing datacenter managers to explore more automated, policy-driven workload provisioning, migration, auditing, and access control capabilities in order to maintain services levels and rein in operational costs. To use these technologies
Glo
bal H
eadq
uart
ers:
5 S
peen
Str
eet
Fram
ingh
am, M
A 0
1701
USA
P
.508
.872
.820
0
F.50
8.93
5.40
15
ww
w.id
c.co
m
2 #223661 ©2010 IDC
effectively, workloads must be portable and easily moved across resources as needed. This white paper discusses why virtualization and cloud initiatives are putting so much pressure on workload management and security requirements and describes how emerging intelligent workload management approaches can potentially streamline operations using innovative software appliance packaging strategies along with policy-driven, identity-aware automated tools and best practices.
S I T U AT I O N O V E R V I E W
Datacenters are evolving rapidly as applications become more virtualized and dynamic. Increasing interest in cloud and SaaS services extends the boundaries of the datacenter and puts pressure on IT teams to deliver dependable, cost-effective services to end users, even as application and infrastructure environments become more fluid, complex, and challenging to operate.
V i r t u a l i z a t i o n I n c r e a s e s O p e r a t i o n a l I T C o m p l e x i t y
IDC's research indicates that enterprises are rapidly deploying virtualization in support of many production workloads. IDC forecasts that 69% of enterprise datacenter workloads will be virtualized by 2013. Already 75% of organizations that use virtualization have made virtual servers their default environment for new application and workload deployments. In many cases, enterprises may implement heterogeneous hypervisor environments as part of this buildout.
Enterprises are embracing virtualization in the hopes of improving service levels, reducing capital spending, and improving the efficiency of operations. To date, however, the rate and pace of operational change and complexity that result from virtualization have made it difficult for IT teams to significantly improve operational effectiveness. IDC's research indicates that the average IT organization is able to support only 20–25% more virtual servers per administrator than physical servers. In today's virtualized environments, a single physical server typically supports an average of six VMs, resulting in rapid proliferation in the number of workloads that need to be managed. As more and more workloads are virtualized, and VM densities on physical servers increase, IT organizations will be unable to add IT staff at the same rate they add VMs.
Simultaneously, composite, multitier applications are being widely implemented. Like virtualization, these emerging application environments increase the level of operational complexity in the datacenter. To maintain service levels, IT teams need not only deeper, real-time insight into the connections and dependencies across tiers but also visibility into the performance and health of the workloads in the context of the virtual and physical resources, as well as network and storage configurations that together enable the business service.
Cloud computing services, ranging from SaaS offerings to on-demand computing and hosted application development environments, further complicate the enterprise IT operations landscape. Each cloud service offers its own flavor of service-level guarantees, access control, identity verification, and data protection with little
©2010 IDC #223661 3
standardization in terms of provisioning interfaces, reporting formats, or service-level and policy-driven management capabilities.
As shown in Figure 1, the combination of these forces is driving rapid transformation in many of IT's operational requirements. More automated, policy-driven systems and state-of-the-art application development best practices are needed to enable enterprise IT environments to deliver business services cost-effectively and reliably.
F I G U R E 1
A P e r f e c t S t o r m i n t h e D a t a c en t e r
Source: IDC, 2010
Collectively, cloud, virtualization, and shifting application architectures are creating a perfect storm for enterprise IT organizations. At the same time that workloads need to be allocated and optimized more quickly than ever before, traditional approaches to change management, provisioning, and deployment processes are preventing IT teams from taking full advantage of the technologies while also driving up the cost of operations.
IT continues to be tasked with protection of the enterprise's data and prevention of unauthorized access to critical systems and information. In the face of end-user pressure to move faster, or outsource workloads to cloud services, IT teams need to implement new, more efficient and integrated approaches to the deployment, management, optimization, and protection of computing workloads.
Composite Applications
Cloud Services
Virtualization
Mobility
Identity and Access Control
Workload Provisioning
Reporting and Analysis
Application Packaging and Deployment
Opex and Capex
Software Appliances
4 #223661 ©2010 IDC
I n t e l l i g e n t W o r k l o a d M a n a g e m e n t T a r g e t s C h a l l e n g e s
Intelligent workload management is an emerging market concept that addresses this complex set of needs by integrating a number of important technologies, including:
Software appliances for intelligent workload packaging and deployment
Policy-based workload management automation
Access/identity management
Configuration and performance monitoring, reporting, and analytics
The ultimate intelligent workload management vision is to transform the packaging of workloads in a way that bundles appropriately configured operating system, middleware, and application code into a single unit that can be deployed, secured, managed, and monitored on a consistent, automated basis, regardless of whether it is deployed onto physical, virtual, or cloud infrastructure.
This is an ambitious vision that can only be gradually implemented over a number of years, although early examples of this model do exist in the form of software appliances. For many organizations, the operational pressures resulting from today's expansive use of virtualization and experimentation with cloud services will drive adoption of policy-based workload management and sophisticated access/identity management capabilities well ahead of significant changes being made to the packaging of many application environments.
Enterprises are wise to consider how these automation and security investments may ultimately play into a more robust intelligent workload management strategy so as to be able to transparently exploit new application packaging models as they become available. In the interim, enterprise IT teams can reduce the cost of operations, better protect their organization's information assets, and speed up provisioning and patching processes by taking advantage of automation and security technologies that are available today.
S o f t w a r e A p p l i a n c e s f o r I n t e l l i g e n t W o r k l o a d P a c k a g i n g a n d D e p l o y m e n t
Intelligent workloads can be thought of as software appliances, which IDC defines as software solutions that integrate operating system and application software or application functionality into an easily managed, composite package with a dedicated purpose. This composite package can be deployed aboard industry-standard client or server hardware, either inside a virtual machine or directly on the hardware.
A software appliance provides a turnkey experience similar to today's hardware appliances. Deploying a software appliance can be as simple as a few clicks, with only configuration tweaks needing to be made. This makes it seamless to deploy software appliances on a private or public cloud and simplifies the dynamic migration of the workload as needed. This ability is particularly helpful for ISVs because
©2010 IDC #223661 5
appliances can reduce time to market and extend existing applications to the cloud, thereby helping to reduce overall ISV support and development costs.
The main reasons an organization would want to deploy a software appliance are:
Reducing time to value by simplifying acquisition and installation issues
Streamlining operational and change management
Removing redundant activity and thus costs
Bridging private and public cloud deployments
In a December 2009 software appliance survey, IDC found that software appliance adoption use is increasing slowly, with 22% of participants reporting they had software appliances in production use, up from 20% the prior year and 7% two years earlier.
Of the companies that have already deployed a software appliance into production, 21% have proactive plans to deploy more than 12 months out, up from 15% last year. Meanwhile, the number of respondents who have no current plans to deploy more software appliances has dropped to 7% from 26% last year.
P o l i c y - B a s e d W o r k l o a d M a n a g e m e n t A u t o m a t i o n R e q u i r e d
Most enterprise virtualization and cloud computing initiatives are designed to reduce capital and opex costs by optimizing physical system utilization and operations. They are also expected to improve business performance by accelerating the deployment, scale-out, and ongoing maintenance of business services.
Workload portability, such as enabled by software appliances and similar workload packaging strategies, is fundamental to achieving these objectives. Simply assigning virtualized workloads to computing resources is only the first step in managing dynamic environments. Workload use needs to be tracked and virtualized resources need to be reclaimed and reassigned when the workload is no longer active. In peak hours, additional instances of a workload may need to be deployed quickly either inside the corporate datacenter or on external cloud infrastructure. This capability to transparently move and migrate workloads is a prerequisite for organizations that want to implement cloud computing solutions.
Policy-driven automated workload provisioning and migration capabilities are needed to support efficient, large-scale workload optimization. Organizations that want to make the most effective use possible of their resources need to define standardized workload configurations and use policy-driven automation tools to assign, migrate, and deactivate workloads as needed. Customers that are evaluating these types of solutions should look for:
Tools that can manage standardized workload models and migrate running workloads across heterogeneous physical, virtual, and public cloud environments using consistent policies and user interfaces, without disrupting business activities
6 #223661 ©2010 IDC
Automated support for routine patch management activities as well as service provisioning (These solutions need to be able to discover configurations and patch levels, evaluate them against the gold image, and enforce updates and compliance on an ongoing basis.)
Software libraries and templates to improve IT's ability to determine if workloads are properly patched and configured
Integration with automated workflow and governance systems to streamline approval processes and streamline audits and status accounting activities
Support for service catalogs and service fulfillment systems including self-service provisioning if needed
The ability to inject drivers on the fly to support effective monitoring and hardware analysis for workload suitability
Enterprise IT decision makers surveyed by IDC consistently identify automation as being important or critical to the effective operation of their virtualized environments (see Figure 2).
F I G U R E 2
R o l e o f A u t o m a t i o n i n M a n a g i n g V i r t u a l i z e d E n v i r o n m en t s
Q. What role do you expect automation to play in your virtualization investment?
Source: IDC's Virtual Infrastructure Management Survey, 2009
Use of these types of tools to support existing workloads can improve efficiency today and build out the type of portable workload management infrastructure and control capabilities that are needed to support a broader intelligent workload management environment over time.
©2010 IDC #223661 7
S e c u r i t y a n d I d e n t i t y M a n a g e m e n t
Security and identity and access management are critical to the success of cloud computing. IT must support a growing number of users who need access to a wide variety of enterprisewide applications and Web services that reside inside and outside the enterprise. For these reasons, identity and access management has become an escalating concern, especially in the cloud.
Identity and access management is a comprehensive set of solutions used to identify users (employees, customers, contractors, and so on) across multiple systems and control their access to resources by associating user rights and restrictions with the established identity.
Technologies that compose an IAM stack include Web single sign-on (WSSO) and federated single sign-on (FSSO); host/enterprise SSO; user provisioning/deprovisioning, including granular authorization and policy rights; risk and entitlement management; identity federation; advanced authentication software, such as PKI and digital rights management; and traditional hardware tokens and smart cards. IDC research shows that 85% of IAM purchases are driven by regulatory compliance demands.
The large and ever-growing list of regulations includes Sarbanes-Oxley, GLBA, PCI, HIPAA, FFIEC, ITIL, CoBIT, and other government and industry-specific mandates. To meet compliance audits, businesses not only must show who was granted access to what but also must be able to track a user's actions once admittance was gained. Permissions management, tracking, monitoring, and reporting are all very important to meeting the regulatory specifications. Therefore, IAM and security information and event management (SIEM) are often used in conjunction with one another to deliver a comprehensive platform for solving security, compliance, and management/ monitoring issues. When looking to deploy an identity solution to the cloud, customers should look for:
Integrated access management and federated identity
SSL and VPN capabilities
Reporting and regulatory compliance across cloud and virtual environments
Easily integrated components
Automated workflow capabilities
Tracking and monitoring functionality
Centralized dashboard or management console
Automated provisioning and deprovisioning
SSO/password management/privileged user management
Strong authentication
8 #223661 ©2010 IDC
Logging, tracking, and monitoring are critical functions for cloud environments. For several years, leading IAM vendors have either included or partnered to offer reporting and logging within IAM environments. Within the cloud infrastructure, these functions can be used for forensic purposes as well as to achieve industry and regulatory compliance.
Just as in an enterprise-centered organization, logging can be used to track sensitive data in the cloud and to monitor and record who was accessing what when. These capabilities also serve to make cloud providers more accountable, especially using VMs. As data is moved between VMs, logs record the movement — again, documenting from a what-was-moved-when standpoint. The majority of the vendors in the IAM space offer logging and reporting either bundled in with their IAM suite offerings or via partnership with other solution providers.
Security is further enhanced in the cloud by implementing proven mechanisms such as SSL VPN and strong authentication technologies with well-integrated IAM software components such as SSO, privileged identity management (PIM), and automated provisioning and deprovisioning.
Identity-centric clouds offer organizations many advantages when developing, executing, and changing course in today's rapidly changing, global economic structures. Using an intelligent, identity-driven cloud computing platform, corporations and organizations can more readily:
Achieve greater visibility into business processes
Perform continual review of business processes based on real-time, event-driven information
Improve their ability to change and adapt quickly to challenges and opportunities
Achieve finer granularity within user access management and separation of duties
D y n a m i c W o r k l o a d M o n i t o r i n g , M e a s u r i n g , a n d R e p o r t i n g P r i o r i t i e s
Along with automated workload portability and effective security and identity management, dynamic intelligent workload management environments need to be effectively monitored, audited, analyzed, and certified. The nearly constant stream of workload provisioning and system configuration changes that occur in highly virtualized cloud computing environments results in the creation of a large volume of events, logs, and notifications across the system. IT organizations need tools that can effectively correlate and analyze these data streams and provide relevant metrics to help track service level, root cause, compliance, and fulfillment status and drive automated remediation activities as needed.
Whether they implement a single integrated suite or a set of purpose-built point solution tools, IT organizations need accurate, timely information and analysis on which to base capacity planning decisions and to track the status of software and
©2010 IDC #223661 9
security compliance. They also need to be able to accurately evaluate the level of service being delivered and recognize problem and incident patterns so as to best avoid future outages or service-level violations.
Similarly, line-of-business owners and decision makers need to have a view into performance and cost of the services being provided. This requires IT to provide dashboards and reports that put information about workload consumption and performance into a business-relevant services context.
Decision makers evaluating these types of tools should consider the following:
Ability to provide access to performance, configuration, and compliance status via a common set of interfaces and real-time dashboards to ensure that all administrators are working with consistent data
Ability to provide business service context and impact insight around performance, configuration, and compliance data
Availability of out-of-the-box report templates as well as capabilities to customize reports
Historical and trend analysis capabilities to support a range of planning requirements
Ability to monitor and normalize data analysis across heterogeneous physical, virtual, and cloud infrastructures and services
B e n e f i t s o f I n t e g r a t i n g S o f t w a r e A p p l i a n c e s , V i r t u a l i z a t i o n , W o r k l o a d , a n d I d e n t i t y M a n a g e m e n t
By integrating the tools and management processes related to virtualization, workload packaging, workload automation, and identity management, IT organizations can create more efficient and compliant environments that maximize system resource utilization, provide consistent access control and security, and rein in the operational and administrative costs related to supporting dynamic, virtualized workloads. This type of infrastructure is critical for organizations that want to take advantage of cloud computing strategies as well. Cloud environments call for workloads to be highly portable, yet expect those workloads will retain and comply with policies related to performance, security, and identity. The ability to abstract workloads away from hardware and automate the management of the workloads according to policy is a critical path enabler for cloud.
In the near term, the implementation of automated, policy-driven and identity-aware operations will streamline workload deployment timelines, reduce human error, and deliver end users a more consistent set of service levels. Over time, as workload packaging becomes more intelligent, this underpinning of automated, policy-based operations, security, and standardized service delivery will enable IT organizations to take maximum advantage of these enhanced capabilities.
10 #223661 ©2010 IDC
F U T U R E O U T L O O K
M a r k e t C o n t e x t
Intelligent workload management solutions are evolving from and being built on a number of existing technologies, including software appliances, server and workload automation, and identity and access management solutions.
IDC estimates that the software appliance market totaled approximately $156 million worldwide in 2009 and forecasts that it will grow to $1.2 billion by 2012. Players in this market include Novell, Red Hat, rPath, JumpBox, and UShareSoft.
IDC estimates that the server and workload automation market totaled approximately $600 million worldwide in 2009 and forecasts that it will grow to over $1 billion by 2014. Major vendors in this market, which includes physical and virtual server provisioning, automated workload migration, and run book automation technologies, include BMC, HP, IBM, VMware, CA, and Novell.
IDC estimates that the identity and access management market totaled $3.5 billion in 2009 and forecasts that it will grow to over $5 billion by 2014. Major vendors offering suites of software solutions in this space include IBM; CA; Novell; Oracle/Sun; RSA, the Security Division of EMC; and Quest Software.
P o t e n t i a l I n t e g r a t i o n a n d D e p l o y m e n t P a t t e r n s
The adoption of more intelligent workload management practices depends on IT and business decision makers being able to build, secure, manage, and measure workloads using a coordinated set of workload performance, availability, and security policies. Decisions about workload placement, access, and operations must be driven by integrated, automated provisioning and access control service management workflows rather than by fragmented, ad hoc processes and tools.
These automated workload tools need real-time awareness of the available deployment options whether they are part of the private datacenter or the public cloud. This means that provisioning systems need to be able to monitor both public and private cloud performance, security, and operational costs in order to best direct workloads to the most appropriate resources.
IDC expects that many organizations will begin their journey by implementing policy-based virtual and physical workload migration tools and best practices. Others will begin with a focus on automated, policy-driven identity and access control. Still others will explore the benefits of software appliances and intelligent workload packaging.
C H AL L E N G E S / O P P O R T U N I T I E S
The intelligent workload management vision is a relatively new concept that many IT decision makers may not yet fully understand. It requires coordination across diverse IT groups, including development, datacenter operations, and security. In many
©2010 IDC #223661 11
enterprises, these organizations rely on different tools, platforms, and policies and have limited points of shared decision making and policy development.
As a result, there is some risk that intelligent workload management solutions will struggle to find internal champions, particularly in the early days when few workloads and applications have been fully packaged for portability and software appliances are not widely used. Over time, many enterprises will need automated, policy-based workload migration and portable provisioning capabilities simply to keep up with the dynamic nature of their virtualized datacenters and cloud computing infrastructure environments. These requirements are likely to drive interest in intelligent workload management approaches.
IT decision makers will need help from third parties to develop robust workload management road maps and plan on how to best take advantage of coming workload packaging, automation, and security technologies. Most organizations should plan to implement policy-based workload provisioning, security, and migration programs over the next several years while monitoring the evolution of software appliances and shifting approaches to workload packaging and portability.
C O N C L U S I O N
As datacenters become more virtualized and enterprises take greater advantage of cloud services, enterprise datacenter workload management and protection will become highly complex. IT organizations will need to invest in tools and best practices that will help them to build, manage, and automate many routine workload provisioning and migration activities while maintaining required levels of data protection, access control, and software compliance.
Policy-based workload management and security will be critical to successful business service operations across these increasingly complex environments. Enterprise IT and business decisions makers need to jointly move to policy-based specification of operational, security, and cost profiles for all services and supporting workloads. Over time, IT can use these policies to drive increased levels of workload automation, provisioning, and access control. As advanced intelligent workload packaging and software appliances become more widely deployed, this policy-based operational infrastructure will be well situated to quickly integrate with and efficiently support the workload provisioning, migration, and security requirements of the enterprise.
C o p y r i g h t N o t i c e
External Publication of IDC Information and Data — Any IDC information that is to be used in advertising, press releases, or promotional materials requires prior written approval from the appropriate IDC Vice President or Country Manager. A draft of the proposed document should accompany any such request. IDC reserves the right to deny approval of external usage for any reason.
Copyright 2010 IDC. Reproduction without written permission is completely forbidden.
