Each year for the past three years I've analyzed and written on the state of enterprise disaster recovery preparedness. I've seen a definite improvement in overall DR preparedness during these past three years. Most enterprises do have some kind of recovery data center, enterprises often use an internal or colocated recovery data center to support advanced DR solutions such as replication and more "active-active" data center configurations and finally, the distance between data centers is increasing. As much as things have improved, there is still a lot more room for improvement not just in advanced technology adoption but also in DR process management. I typically find that very few enterprises are both technically sophisticated and good at managing DR as an on-going process.

When it comes to DR planning and process management, there are a number of standards including the British Standard for IT Service Continuity Management (BS 25777), other country standards and even industry specific standards. British Standards have a history of evolving into ISO standards and there has already been widespread acceptance of BS 25777 as well as BS 25999 (the business continuity version). No matter which standard you follow, I don’t think you can go drastically wrong. DR planning best practices have been well defined for years and there is a lot of commonality in these standards. They will all recommend:
•    Executive sponsorship and accountability
•    Staff to support the process
•    A business impact analysis (refreshed regularly)
•    A risk assessment (refreshed regularly)
•    Strategies to mitigate the most probable, high impact risks
•    These strategies documented in actionable plans
•    Plans frequently tested
•    Plans continuously updated
•    Training and awareness
•    Coordination with business continuity efforts (DR is not BC but that's another blog)

ITIL recommends several key performance indicators for IT Service Continuity Management (a.k.a. DR) but I don't find these KPIs to be detailed enough or extensive enough to really measure maturity. They include:
•    Business processes covered with continuity agreements
•    Gaps in disaster preparation
•    Implementation duration
•    Number of disaster practices
•    Number of shortcomings identified during disaster practices.

Like ITIL, most DR standards provide a process framework and describe process best practices but they don't recommend any software tools for process management or any of the technologies (replication, network connectivity, data center configuration etc.) that enable DR.  When I talk with customers, I also look for the following:
•    A recovery data center
•    Hardened data centers (both production and recovery)
•    Adoption of advanced backup and replication (recovery point capabilities) by criticality tier (i.e. mission-critical, business-critical, business-important etc.)
•    Adoption of application failover technologies (recovery time capabilities) by criticality tier (i.e. mission-critical, business-critical, business-important etc.)
•    Adoption of techniques to manage network bandwidth (compression, deduplication, bandwidth throttling, other WAN optimization techniques)
•    Elimination of independent point products for backup and replication / Development of an IT Continuity Services Catalog
•    Level of automation (can you failover a group of interdependent applications and IT systems to a consistent point in time at the recovery data center)
•    Active-active data center configurations (if you have an in-house DR solution)
•    Coordination with enterprise/infrastructure architecture
•    DR considerations embedded with application development and testing
•    All applications and IT systems DR protected
•    Protection of applications and IT systems at remote sites
•    Protection of PCs corporate-wide
•    Of course, enterprises don’t take on DR for the sake of technology, all this effort must be appropriate to the recovery requirements defined by the business and commensurate with risk.

For large enterprises, I also look for the adoption of tools to improve DR process management, like Automated Communication and BC/DR planning software, and I also look for central governance of DR.

I’m interested to hear what other KPIs and metrics enterprises are using to measure DR maturity.

By Stephanie Balaouras

Check out Stephanie's research

You can follow Stephanie on  here

As an infrastructure and operations professional, it’s hard not to like the terms of the settlement between Intel and AMD but the implications for your buying strategy and roadmap aren’t that clear yet. The rules of engagement spelled out in the Intel 8K make it clear that server vendors are free to select the CPUs that best fit their design goals and to carry as wide a portfolio of AMD-based servers as they feel the market demands. Server vendors can also market AMD to their heart’s content without fear of retribution from Intel (if the accusations from the past are true — something Intel isn’t admitting through this settlement). It also means that the two companies can stop aiming so many legal weapons at each other and redirect those funds and management brain cells to accelerating innovation. The $1.25B influx to AMD will be a very welcome shot in the R&D arm, too.
That’s all goodness that may lead to greater adoption of AMD-based servers in the future by enterprises. It doesn’t mean we can expect equivalency in performance or purpose between them, though. All it does is spell out the rules of engagement for fair play.

It also doesn’t ensure full compatibility between AMD and Intel processors and this is where one question in particular lies unanswered.

According to the 8K, Section 2.3 on Technical impairments:
“Intel shall not include any Artificial Performance Impairment in any Intel product…mean[ing] an affirmative engineering or design action by Intel (but not a failure to act) that (i) degrades the performance or operation of a Specified AMD product, (ii) is not a consequence of an Intel Product Benefit and (iii) is made intentionally to degrade the performance or operation of a Specified AMD Product. For purposes of this Section 2.3, “Product Benefit” shall mean any benefit, advantage, or improvement in terms of performance, operation, price, cost, manufacturability, reliability, compatibility, or ability to operate or enhance the operation of another product.”

The key word here is “compatibility.” Case in point: virtualization live migration. Intel VT, the set of instruction sets in the Xeon CPU family that helps with the performance of virtual infrastructures and enables live migrations from server to server are not compatible with AMD-V technologies that do the same thing (roughly). What this means today is that with Intel’s implementation you can’t live migrate from an Intel-based server to an AMD-based server. AMD-V actually lets you migrate from AMD to Intel, but you can’t move back. As a result of this you are probably building out your server virtualization pool today purely with Intel-based servers.

So here’s the question: “Is the incompatibility of virtual infrastructure implementations an Artificial Performance Impairment or simply different approaches to delivering Product Benefit?”

The Intel 8K then states:
“In no circumstances shall this Section 2.3 impose or be construed to impose any obligation on
Intel to (i) take any act that would provide a Product Benefit to any AMD or other non-Intel product,
either when such AMD or non-Intel product is used alone or in combination with any other product, (ii)optimize any products for Specified AMD Products, or (iii) provide any technical information, documents, or know how to AMD.”

Hmm. This seems to state that Intel is under no obligation to address this particular example if the resolution provides a Product Benefit to AMD. And it further states in that same “(i)” that such Product Benefit includes cases of the products being used in combination – which describes the case of Intel and AMD servers in a shared virtual pool. It further states that Intel doesn’t have to provide any technical information, documents or know how to AMD through which they could take the initiative themselves to solve this problem.

If AMD can’t penetrate any enterprise’s virtual server pool because the feature of live migration doesn’t work across server families, that would seem to me to be a serious Artificial Market Impairment. But does that fit the terms of the settlement that state Artificial Performance Impairment must be proven? Hmm.

This is just one example of the types of questions and scenarios Intel and AMD’s lawyers and technical experts will have to apply to this agreement. And answers to these types of questions will be imperative for enterprises to understand as they can have significant impacts on buying behavior. 

Until these types of scenarios are played out the impact of this settlement on enterprise buyers remains unsettled.

By James Staten

Check out James' research

You can follow James on  here

The IT management software and operations communities have been buzzing this week about reports that Microsoft acquired IT process automation vendor Opalis Software. We have unequivocally confirmed that this rumor is incorrect. Opalis has NOT been acquired by Microsoft. It remains an independent entity, at least for now.

Opalis, based outside of Toronto, has repeatedly reported impressive revenue growth over its short history. For the past few years, it has been a desirable morsel for larger vendors seeking to add strong process automation to their portfolios. Many have expressed interest, but its success allows Opalis to command a high premium that no suitor has yet been willing to pay.

Some argue that Opalis actually should not be acquired at all. It has built several tight partnerships, including one with Microsoft and this rich ecosystem positions Opalis as a viable standalone vendor. Of course, this requires Opalis to continue innovating aggressively to retain its desirability and prevent commoditization. So far it has been successful at keeping its innovation edge. If it slips, so will its valuation and that will certainly accelerate an acquisition.

Process automation technology is too important for the major IT vendors to ignore and our client inquiries corroborate that the Opalis technology is well regarded in this category. Process automation is a cornerstone of advanced IT automation that conceivably enables cloud computing and automated self-service service request fulfillment. Even at a high valuation, the return on this technology will also be high.

Regardless of its stamina on the innovation treadmill, we do believe someone will eventually consume Opalis. It is premature to say who will prove to be that successful shopper. That includes Microsoft.

By Glenn O'Donnell

Check out Glenn's research

You should follow me on  here

Following my colleague Andrew Jaquith's eloquent post, I thought it fitting that I add a post about changes in coverage and how they'll affect me. Before I do, however, I want to lend my voice to wish Natalie all the best in her new endeavor, it will be fun to run into her on the "opposite side of the table" in briefings in the future, and I'm thrilled that I'll be able to maintain professional ties with Natalie as she moves into the next phase of her career.

So, what's going to change for me and my coverage at Forrester as a result of Natalie's move? Well, as some of you know due to some communication I had with you last week, as a result of coverage shifting around, I'm very happy to announce that I am taking over Enterprise Mobile Device research for the Infrastructure and Operations team at Forrester to provide Ben Gray with some bandwidth to take on some of Natalie's virtualization coverage, details of which I'll leave best shared by Ben.

What's in store for my research?

• Mobile device hardware: As a an area of intense personal interest for me (ask anyone on the team, I should have a holster belt I'm always toting so many various devices) mobile device hardware is an area of research I can't wait to embark upon. I think we'll see many interesting things over the course of 2010, namely a continuation in the growth of the type of mobile devices enterprise IT departments support and the solutions that are made available to users on those devices, which brings me to the next element of new coverage for me...
• Mobile device operating systems: If there's a battle afoot for the hearts and minds of users - both enterprise and consumer - it's among the various operating systems Android, RIM BlackBerry, iPhone OS, Palm WebOS, Symbian, Windows Mobile and others. I'll be leading Forrester's enterprise IT user-focused coverage on this space.

What's not on my plate?

• Mobile device management: While I'm likely to be looking at mobile device-specific management tools as a the analyst covering mobile device use in the enterprise, the convergence of PC and mobile device management is a topic Ben Gray will be focusing on. In short, Ben and I will be playing roles of primary and secondary analyst, respectively, on this very important area of innovation for IT users.
• Mobile device security: As Andrew noted in his post, he will be taking on client security, which will deal with the anti-virus, anti-malware protection of all client devices and I'll leave matters of security in his more-than-capable hands. 

I will maintain my coverage of Wireless LAN, Remote Access, and Branch Consolidation/Optimization, however, stay tuned for some exciting developments in the networking space over the coming quarter!

Please reach out to me directly with any questions you have.

By Chris Silva

Check out Chris' research

You can follow Chris on  here

After seven years, my colleague Natalie Lambert is leaving Forrester. In the year that I have been at Forrester, she has been a good team-mate, sounding board for ideas, gleeful mischief-maker, and collaborator on shared research topics. I will miss her insights and energy, and I wish her the best as she begins her next adventure.

• data leak prevention (DLP) on the client
• full disk encryption
• client security (anti-malware and anti-virus)

2012. That is the year in which our clients are predicting that their next-generation desktop will be up and running. However, no one company defines this new desktop the same way. Some believe that this desktop will be fully virtualized in a data center and accessible from any device, others see this desktop as only a set of applications delivered to a user when required, and others just look at this desktop as a more manageable, supportable, and lower cost environment than today.

Regardless of how you define your next generation desktop, there is one thing in common factor that will make this all possible – client virtualization. Client virtualization will be the underpinning of all of these new ways of approaching the desktop as it will decouple the desktop and applications from the underlying hardware. Applications will be delivered to users using application virtualization, and users will interact with their desktop using desktop virtualization. In the end, these virtualization technologies are allowing IT to scale their desktop environments to new heights, while at the same time providing greater flexibility, security, manageability, and support than has ever been possible.

When Forrester thinks about client virtualization, it splits into four categories:

• Hosted desktop virtualization: the technology that allows a desktop environment to be run in a data center and gives users the ability to connect to that “desktop” from any internet-enabled device in the world.
• Hosted application virtualization: the technology that allows an application to be run in a data center and gives users the ability to connect to that application from any internet-enabled device in the world.
• Local desktop virtualization: the technology that allows a desktop environment to be run on a user’s device (either directly on bare metal or as a guest on top of the host/native OS).
• Local application virtualization: the technology that isolates applications from other applications and the underlying OS to insure a conflict-free application environment.

According to “The Top 15 Technology Trends EA Should Watch” report by my colleague Alex Cullen, companies’ infrastructure strategy and associated architecture will shift over the next three years to provide “greater scalability and flexibility while reducing support costs.” Client virtualization will be a key technology in the IT service platform. Just think: in 2012, IT organizations will only focus on delivering the capabilities that truly enable the business – the applications and the productivity environment (AKA the “desktop”) – while dropping the tasks that bring no competitive advantage to the business. On the flip side, users will be thrilled by the opportunity to work from the device of their choosing (including a home PC, thin client, netbook, or even the latest and greatest Mac) in a secure fashion. The way I see it, win-win!

By Natalie Lambert

Check out Natalie's research

You can follow Natalie on  here

Here at Forrester, we spend a good deal of time talking about the future of the mobile enterprise. Whether that's an emerging standard for a faster, more capable mobile network or a future of all-out mobile connectivity with applications and devices ready to tap into it.

The fact is, while much talk about mobile has a tone of "impending trend" to it, there are currently many mobility initiatives afoot in your organization, some of which IT knows about, some which it may not. So, as it turns out, while mobile seems to be a lot of futurespeak, it turns out it does actually matter to CIOs, and has been highlighted in Forrester's recent "The Top 15 Technology Trends EA Should Watch" report.

When Forrester thinks about mobility, it splits into three categories:

• Mobile infrastructure — The networks and services that devices tap into, users rely on and mobile applications rely on to function.
• Mobile devices — From laptops and netbooks to iPhones, BlackBerries, and other smartphones, these are the devices hosting those mobile applications and tapping into that mobile infrastructure.
• Mobile applications — What use is a capable, highly-connected device if users can't use a portable or mobile version of an application on the device?

According to the "Top 15..." report, all three areas: mobile networks gaining in power, mobile devices strengthening and mobile apps going mobile each represent an area of high business impact. The upside of arming your users with the combination of these three technology elements can reap great rewards in productivity, user satisfaction and business efficiency.

Why watch these areas of technology development so closely, then? While mobile devices and networks gaining in capacity and capability is more of an organic trend, reflected by its "medium" label in the "newness" category, understanding which applications will make the best use of these devices, and offer users the best potential for more flexible, efficient workstyles is something many organizations Forrester speaks to are still trying to figure out, hence the "very high" ranking in newness?

What to do, then? Take on the least "new" technologies into consideration first and create a strategy around that platform decision.

Step one, understand what the network and device mix is shaping up to be in your organization. As one example; are you focused exclusively on external network use and are a BlackBerry shop? Explore how external carrier-owned networks can extend users' connectivity and establish a device migration timeline to take into account RIM's newest BlackBerry platforms and when and how they'll enter your environment, how they'll be managed and secured. Step two, once this is in place, work with application development teams to ensure the capabilities of both the devices and networks that your organization is standardizing on are taken into account when developing mobile applications or evaluating mobile platform vendors.

Thinking about mobile as not just a "now" technology, but taking into account networks, devices, and software as one connected ecosystem will ensure an investment in one of the three, key areas of mobility does not adversely affect the others. After all, successful implementations of technology will allow it to change business for better, not for worse. See the list of recommendations for IT leaders in our Top 15 technology report here.

So next time you're on a plane, or simply logging into your VPN from the local coffee shop, take note of the experience; is this the way your entire organization should be served in the event of a disaster?

By Chris Silva

Check out Chris' research

You should follow me on  here

Diversity (or lack thereof) in IT has been a hot topic in the news and among our clients in recent months. And it's true, IT departments are notorious for their lack of diversity, and the problem is only getting worse. Over the past few years, the number of women and underrepresented minorities (URMs) in IT has been dropping steadily. In IT Infrastructure and Operations, the picture is even grimmer — data from the US Bureau of Labor Statistics shows that IT job titles such as computer hardware engineer and network and computer system administrator have some of the lowest participation rates of women and minorities (see figure). Although some IT careers are more diverse than others — computer operators, for example, show evenly represented women and minorities by participation in the workforce — very few women and minorities can be counted in the ranks of management.

By Rachel Dines

Check out Rachel's research

You should follow me on  here

Two years ago, Forrester and the Disaster Recovery Journal partnered together to field surveys on a pair of pressing topics in Risk Management: Business Continuity (BC) and Disaster Recovery (DR). The surveys help highlight trends in the industry and to provide organizations with some statistical data for peer comparison. The partnership has been a huge success. In 2007, we examined the state of disaster recovery preparedness, in 2008, we examined the state of business continuity preparedness and this year, we examine the state of crisis communications and the interplay between enterprise risk management and business continuity.

We decided to focus on crisis communications because as last year’s study revealed, one of the lessons learned from organizations who had invoked a business continuity plan (BCP) was that they had greatly underestimated the importance and difficulty of communication and collaboration within and without the organization. In any situation, a natural disaster, a power outage, a security incident or even a corporate scandal, crisis communication is critical to responding quickly, managing the response and returning to normal operations.

Organizations approach crisis communication differently. In some organizations, crisis communications is a separate team that works together with BC/DR planning teams to embed communication strategies into BCPs/DRPs and in other companies, BC/DR planning teams do its best to address crisis communication.

For IT operations professionals responsible for Disaster Recovery planning, you of course need to develop an IT recovery strategy but unless you also include a communication strategy in your plans, a successful invocation of your DRP under duress will be difficult.

If you want to take part in the survey, click here.

An executive summary of the results will be available in January 2010 at www.drj.com. I’ll also write a series or reports analyzing the data from industry, company size, and other perspectives on www.forrester.com later in 2010.

By Stephanie Balaouras

Check out Stephanie's research

You should follow me on  here

This blog post is a response to an article by Alex Williams on ReadWriteWeb. Thanks for the shout out, Alex, and for bringing more attention to the contentious issue of cloud computing definitions. While Forrester research reports are created exclusively for our clients, our definition is freely available:

A standardized IT capability (services, software, or infrastructure) delivered via Internet technologies in a pay-per-use, self-service way.

We first published this definition back in March 2008 in the report, “Is Cloud Computing Ready for the Enterprise,” and have held to that published definition ever since (in fact it has been leveraged in multiple Forrester reports, speeches at industry events, news articles, blog posts and tweets since that original publication). Our definition was also used by NIST and several other Federal government agencies as a resource used to create their definition.

One of the key values Forrester Research provides to its clients is helping them navigate the technology trends and delineate what is a new type of technology and what is simply last year’s technology in new clothing (what I call “cloud-washing”). Thus it was imperative for us to publish our definition early and we have since been striving to provide clear taxonomy and categorization of cloud services, as shown in our latest Forrester Tech Radar.

In this Tech Radar we lauded NIST for their definition, and contrary to your statement, do not believe we need the “circus” of more or better definitions at this stage. Rather we believe we need broader recognition of what is and what isn’t cloud computing to get past the marketing hype and make it easier for customers to identify and then consume these valuable new service offerings. That’s why we’ve stuck with our definition since 2008 and are glad to see NIST sticking to theirs.

By James Staten

Check out James' research

You should follow James on  here