VDI battle is red hot

The VDI battle is red hot. The demos at Citrix iForum showed that they had made a lot of progress on the vision of Tarpon. Also have acquired XenSource effectively allows them to put up a fight to having VmWare or MSFT’s hypervisor slip in underneath them. Citrix today is rumored to have a lot of problems when running on top of VmWare. My guess is that there is little incentive to fix them.

The VmWare VDI beta’s have also started. They have a done a couple of them and while the capabilities are suitable for some enterprise environments, it will take them some time to handle all the use cases that people have handled with Citrix over the years.

VmWare also needs technology to do application level isolation, which Citrix has. This was one of their motivation for acquiring Determina (which also had a Stanford connection via their CTO) — they want to use Determina’s compiler technology which builds a VM in user space for applications to fight citrix in the long run.

Is there space for a new vendor to emerge? Virtual Iron has been showing up with partners to compete for VDI business. My guess is that people dont know what they dont know. Citrix knows a lot and has a lot of scar tissue in this space, question is can they translate this into dominance of this emerging space.

Sachin vs Ponting

Amit recently pointed out to me that Sachin and Ponting ODI average almost the same during the last 4 years after the 2003 world cup. Check out http://content-usa.cricinfo.com/columns/content/story/316065.html

However the difference between what Ponting’s team has achieved versus what the Indian team has achieved is night and day. I remember in the 80s watching a Wimbledon final between Boris Becker and Stefan Edberg. And the score was very lob-sided in favor of Edberg, but when you looked at points won Boris had won more if not equal number of points. I sat up when I saw that analysis, it made no sense to me.

Sachin vs Ponting  is the samething in my head. Sachin is a good player, he has helped cricket’s cause a lot in India and abroad, but he is not a great player in my book. He never won the important points or the critical matches, where we needed him to win the games. India never won the world cup under him. Maybe he will play in the next one and achieve greatness.

TripWire (d) on the Frontlines

(this article is pure fiction, any resemblance to actual people or incidents is un-intended)

In 44C (110F) heat even the sand seems to melt. Two US soldiers, Jack and Rob are lying down in a bunker with a makeshift umbrella over their head. They have already gone through half of their water supply, there are still 6 hours left on their shift. Jack is from Tennessee and Rob from Mississippi. They have run out of topics to talk about. As far as the eye can see there is sand, the landscape being broken only by a sprinkling of bushes. They often wonder why are they here, securing their families back home? It was almost time for their twice a day routine.

 

Although the job is monotonous and the heat can make you drowsy, they stay alert. They are guarding an important border. It is suspected that the insurgents who have been blowing up the gas pipelines crossed over from this border. Before the US troops got here, UN peace auditors had installed a trip-wire over hundreds of miles. Their job was to guard a measly 10 miles of this border.

 

Rob had always wondered why only 10 miles, it required hundreds of soldiers to man this border. The auditors had chosen the best trip-wire available then. It took the US soldiers a long time to get a hang of how to use it. It was almost like trip-wire was a mis-leading name?

 

When Jack first heard about it he thought this was going to be easy, all they would have to do is once someone tripped the wire they could go and catch the person. Well it did not work like that. People could cross all day long and not trip the wire. They way the trip-wire worked was that you moved pieces of it along the desert and it detected if there were any footprints that were created after the last time it had leveled the sand. Once it found what looked like was different Jack and Rob had to go our and check whether this was something worth worrying about.

 

That part was difficult, because they didn’t really know what had made the change in the sand, it could be an animal, a native. Also a lot of times the sand would blow over the change before they got there. Some days there were so many footprints that it took them hours to do this. It was a very labor intensive exercise. The scan took so long that sometimes they could do it only once a day.

 

That was not the worst part. Once a pipeline blew up and their CO was on the phone shouting, he wanted to know how they could get through, even though they had this trip-wire installed. They could not explain to him how the thing worked, and that it had limited use. He wanted answers: when, who, how, why? They felt helpless, once something happened the tripwire couldn’t go back in there, the thing was gone or cordoned off.

 

They asked their superiors why had such a trip-wire been put in place. He said well it was the only thing available, and also the UN auditors wanted a check-mark to make sure the blockade could not be avoided. Wasn’t there anything better out there?

Good Date or Good Husband?

As the CEO of a startup, hiring the best team is a big part of your job. One of the constant challenges in hiring is that the interview process is geared towards hiring the “best date”. You meet people for a hour or two hours, where they are on their best behavior. Then you got to decide ….

When I was getting married, one of my close friends gave me some very astute advice, which I have shared with a lot of people. And surprisingly it helps with hiring people also. She said, “people who are good dates are very rarely good husbands”. What you like when you are dating, is exactly what you don’t like once you are married. For example, while dating you like someone who is exciting, who has hobbies, likes to go out. Someone who is fun.

Once you are married, you don’t want someone who is always out pursuing their hobbies. Who constantly goes out and hangs on with his or her friends. You want someone who is reliable, steady, boring to some degree.

When looking for a  person to hire it is the same problem. You want someone who is good at their job, un-political, easy to work with, puts the team before self …. which has got nothing to do with the ability to date or interview well.

What do you think? Would your spouse agree ?

Bladelogic claiming Tripwire functionality

We (Solidcore) compete with Tripwire in almost every compliance deal. Lately we are seeing Bladelogic show up and claim that they have all the functionality that Tripwire has. While this can be true of the ability to create a baseline and to then see deviations from it, and do scan and diff in addition to that. Tripwire seems to have a whole bunch of other stuff, like “benchmark” or pre-defined value settings for configurations and also extensive reporting.

BladeLogic in general tends to be very aggressive … Does someone out there have more insight into what Bladelogic has versus what they are claiming to have?

Are we part of a “Self-Pampering” culture?

My brother-in-law and I debate constantly. Last night we were debating why people go to starbucks? My argument was that it is mostly to feel good about spending 5$ on yourself, not much different than why people go shopping when they are feeling low. He argued people went there because they liked the taste. What do you think … You would spend 5$ everyday (btw this discussion is only for people who have some constraints on spending money and can’t spend on everything they want) which would mean about 150$/mo on something that you could make at home for much less. And in addition waste time especially getting off the freeway one exit earlier to buy coffee.

I think we are part of a “self-pampering” culture, where people buy things not because they need it, but because they feel good buying it. Ofcourse this culture is fueled by having the ability to spend money. Do you see an equal representation of people across all income groups buying at Starbucks … atleast I haven’t … I see all of them at grocery stores though.

What do you think?

God & Opsware …

God was deciding whether whether opsware should go to hell or heaven:

God> why do you deserve heaven?

Opsware> I helped mankind by reducing the amount of work they do

God> did you cause pain and suffering

Opsware> Some, but mostly to help

God> were you faithful to your spouse

Opsware> i had many suitors, but I was faithful to HP

God> Did you have any enemies

Opsware> only one, Bladelogic

God> did you help your friends

Opsware> yes I did, some like Solidcore, more than others

God> Were you good to your parents

Opsware> I took care of Mr. Andreessen

God> OK. anything else before I announce my decision

Opsware> If i went to hell, they would become too powerful, you wouldnt want that

God> yes, but if I sent you to heaven they would become lazy because you will do all their work for them

Opsware> that is true, i am really good at reducing work

God> well its done then, I am not ready for you, go and serve mankind

PCI: learn from Working Moms

If you are a working mom with kids at home, you know what it takes to keep the home in order. 10 minutes after you have put the toys away they are back on the floor again. Keeping the house organized is a constant chore. In addition most Mom’s have a designated room where the kids are allowed to make mess, while the rest of the house is relatively in order.

PCI or SOX requirements are just like toys with kids. You can’t mop them up and organize them one time when the guests (auditors) are coming, you need to create to do them continuously to keep the house in order. In addition partitioning your applications into “messy rooms” versus “clean rooms” helps a lot.

Compliance is not a project, It’s a process?

Do you view PCI or SOX compliance as a project which needs to get done this year? Or do you view it as an ongoing process that will get added to your day to day IT operations.  If you are a typical IT organization the answer is the former “its a high priority project”.

Most project based compliance initiatives even if they manage to achieve thier initial goal, tend to only hold good for only a short period of time. Once you get compliant you have to stay compliant and that is a continuous process.  Check out David Sockol (Emagined Security) and Bob Vieraitis (Solidcore) as they talk more about his at http://www.solidcore.com.

Solidcore offers end to end data controls for PCI

One of the key elements of PCI is the ability to protect credit card data on Point of Sale (POS)  devices and as it flows through the various credit card applications.  The only known solution today is to encrypt the data on the POS system. While a practical solution this is almost never implemented due to the small size and limitations of the POS devices. There are no really effective solutions for the credit card applications as some of them store their data in a database other use proprietary formats for storing the transient data.

Solidcore has a very unique and novel controls to solve this problem both at the POS device and also for database and non-credit card based transactions. There are two sets of controls one which ensure that the data can only be accessed by the “credit card application” and nothing else and a second set of controls which ensure that the data in the database is protected.