virtualization

In Sizing the Cloud; Understanding the Opportunities in Cloud Services (published in March 2009) analysts at Gartner, Inc. predict a global market for enterprise cloud services reaching $150.1 billion in 2013 – more than three times the size of today’s market of $46.4 billion. The cloud-based enterprise will be dependent on the internet to an extent way beyond the situation today, and information systems and applications will be utility services, like water or electricity — a click of the mouse to bring up the CRM software and shut it down, with the user paying for a metered service.

As far as I’m concerned this is a fantastic development which will allow businesses to focus on — well, what they do best, where they can add value. Information resources will be available on demand, like tapwater. Except that a packet of data is not like a drop of water; those data packets may be carrying business-critical data. The internet is a two-sided coin for the enterprise: one the one hand, on-demand access to flexible, massively scalable information resources ranging from basic hardware platforms to individualized services and applications software; on the other hand, the vector for increasingly intense efforts to penetrate enterprise information systems for criminal gain. In other words, the enterprise is in the process of migrating it’s information resources to the most stressful environment you can think of if you’ve ever had to think about information security.

If the Cloud Computing paradigm is to fulfill its promises, we urgently need to find ways of reducing the stress of internet dependency. We need to protect ourselves from the internet that threatens us, to get the full benefits of the internet that will make our business more agile, more responsive, which will allow us to evolve and progress. If we can’t make the internet “stress free” we’ll start seeing the (costly) development of parallel secure networks for enterprise applications.

If the best way to avoid internet attacks is not to connect to the internet, that’s clearly an unrealistic approach today. What we can do, however, is to segment different usages, isolating access to sensitive, business-critical data and applications from the potential threats. While building an entirely new network is probably a stretch too far, a more realistic solution, perfectly feasible today, is to isolate individual web applications by virtualizing access at the source, the browser itself. Enterprise end-users access sensitive business applications and data over the internet using secure tunnels carrying virtualized browser sessions. With the virtual browsers hosted in close proximity to the applications, data need never be exposed on the internet with this architecture. We can’t clean up the internet to make it entirely safe for your business critical data and applications, but by ensuring that critical systems and end-user browser sessions are protected from attack we can bring a “stress-free” internet experience several steps closer for the CIO.

Recently, IBM and Canonical announced a virtual desktop product, based on Linux. Their announcement matches the commonIT market vision, covered by David in his “Back to the dumb terminal” article.

Some may ask “if the desktop is virtualized, why would you want to virtualize the web browser?” The answer is simple: while desktop virtualization has a number of advantages (cost reduction for instance), it doesn’t solve web browser security issues; the threat is simply moved from a physical computer to a virtual environment and as long as the web browser runs in the same environment as other applications and sensitive data, security issues still exist.

That’s why we recommend “double virtualization”: a virtual browser running on a virtualized desktop — at least as long as users are still dependent on non-web applications. And once all applications are webified, Virtual Browser delivers the single secure client for the enterprise information system - there’ll no longer be any need for a full client-side OS.

Does history repeat itself? I’m not sure about that but maybe IT does. At least, the question needs to be asked when you look at the new centralized IT architectures which are coming out, taking us back to earlier days. Applications are moving onto virtual servers and terminals are becoming (or returning to being) simple user I/O devices to access those applications. Is this the return of the dumb terminal?

Thanks to mobility, virtualization, Web 2.0 and SaaS, a new generation of IT architectures is arriving, based on new uses, new business models and new technologies. In a few years, I bet that datacenters will be virtualized, applications hosted in the enterprise, software vendors or services providers’ infrastructures, and laptops transformed into simple terminals with 3G or wifi connections.

This vision, shared by analysts, seems to be a natural evolution of what has already started. And this move should accelerate because of new opportunities:

• Users will become consumers of web services — no IT expertise required
• In the enterprise, less IT expertise will be required
• Application availability will improve, guaranteed by service provider SLAs
• Infrastructure will be scalable and its cost will depend on enterprise use
• Mobility and working from home will increase productivity and make IT more sustainable by reducing unnecessary travel.

Even if this future seems great, we have to be realistic. At this stage two issues need to be addressed:

1. High bandwidth network availability. If users must be connected to use applications, that means they must be able to connect from anywhere. This issue will be solved soon as telco networks reach higher levels of coverage in enterprises, home offices and public areas.
2. Security. The challenge is now (a) to bring trust into the hosted architecture (what happen when corporate applications are no longer running on the enterprise’s own servers?) and (b) to protect data against web threats and browser vulnerabilities which are the hacker’s new “Eldorados”.

In creating commonIT one of our key goals was to help development of this new architecture and these new uses. That’s why our mission statement is to make users free of security and mobility issues.

That’s what we mean by “Stress-free internet”