Contenu connexe Similaire à Intelligent workload management_opportunities_challenges Similaire à Intelligent workload management_opportunities_challenges (20) Intelligent workload management_opportunities_challenges1. WHITE P APER
Intelligent Workload Management: Opportunities and
Challenges
Sponsored by: Novell
Mary Johnston Turner Sally Hudson
Brett Waldman
June 2010
IDC OPINION
Over the next several years, IDC expects enterprises will continue to increase both
the percentage of virtualized datacenter workloads and the density of virtual
Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com
machines (VMs) on physical servers while continuing to maintain many single-
purpose systems. Simultaneously, many organizations will add public and/or private
cloud services to their enterprise infrastructure mix.
To make the most effective use possible of this dynamic and heterogeneous
infrastructure environment, IT teams will need to shift to a more policy-based,
automated approach to managing the building, provisioning, migration, monitoring,
measuring, and securing of corporate workloads.
Intelligent workload management is an emerging market concept that addresses this
complex set of needs by integrating a number of important technologies, including:
Software appliances for intelligent workload packaging and deployment
Policy-based workload management automation
Access/identity management
Configuration and performance monitoring, reporting, and analytics
Intelligent workload management solutions are evolving and being built on a number
of existing technologies, including software appliances, server and workload
automation, and identity and access management (IAM) solutions. IDC estimates
that in 2009, the server and workload automation market totaled approximately
$600 million worldwide, the identity and access management software market was
$3.5 billion, and the market for software appliances was $156 million.
IN THIS WHITE P APER
The workload management and security challenges created by dynamic, virtualized
datacenter and cloud service environments, along with continued use of physical
systems, are forcing datacenter managers to explore more automated, policy-driven
workload provisioning, migration, auditing, and access control capabilities in order to
maintain services levels and rein in operational costs. To use these technologies
2. effectively, workloads must be portable and easily moved across resources as
needed. This white paper discusses why virtualization and cloud initiatives are putting
so much pressure on workload management and security requirements and
describes how emerging intelligent workload management approaches can potentially
streamline operations using innovative software appliance packaging strategies along
with policy-driven, identity-aware automated tools and best practices.
SITUATION OVERVIEW
Datacenters are evolving rapidly as applications become more virtualized and
dynamic. Increasing interest in cloud and SaaS services extends the boundaries of
the datacenter and puts pressure on IT teams to deliver dependable, cost-effective
services to end users, even as application and infrastructure environments become
more fluid, complex, and challenging to operate.
Virtualization Increases Operational IT
Complexity
IDC's research indicates that enterprises are rapidly deploying virtualization in
support of many production workloads. IDC forecasts that 69% of enterprise
datacenter workloads will be virtualized by 2013. Already 75% of organizations that
use virtualization have made virtual servers their default environment for new
application and workload deployments. In many cases, enterprises may implement
heterogeneous hypervisor environments as part of this buildout.
Enterprises are embracing virtualization in the hopes of improving service levels,
reducing capital spending, and improving the efficiency of operations. To date,
however, the rate and pace of operational change and complexity that result from
virtualization have made it difficult for IT teams to significantly improve operational
effectiveness. IDC's research indicates that the average IT organization is able to
support only 20–25% more virtual servers per administrator than physical servers. In
today's virtualized environments, a single physical server typically supports an
average of six VMs, resulting in rapid proliferation in the number of workloads that
need to be managed. As more and more workloads are virtualized, and VM densities
on physical servers increase, IT organizations will be unable to add IT staff at the
same rate they add VMs.
Simultaneously, composite, multitier applications are being widely implemented. Like
virtualization, these emerging application environments increase the level of
operational complexity in the datacenter. To maintain service levels, IT teams need
not only deeper, real-time insight into the connections and dependencies across tiers
but also visibility into the performance and health of the workloads in the context of
the virtual and physical resources, as well as network and storage configurations that
together enable the business service.
Cloud computing services, ranging from SaaS offerings to on-demand computing and
hosted application development environments, further complicate the enterprise IT
operations landscape. Each cloud service offers its own flavor of service-level
guarantees, access control, identity verification, and data protection with little
2 #223661 ©2010 IDC
3. standardization in terms of provisioning interfaces, reporting formats, or service-level
and policy-driven management capabilities.
As shown in Figure 1, the combination of these forces is driving rapid transformation
in many of IT's operational requirements. More automated, policy-driven systems and
state-of-the-art application development best practices are needed to enable
enterprise IT environments to deliver business services cost-effectively and reliably.
FIGURE 1
A Perfect Storm in the Datacenter
Identity and
Access Software
Control Appliances
Composite
Applications
Application
Reporting Packaging and
and Analysis Deployment
Cloud
Mobility
Services
Virtualization
Opex and
Workload
Capex
Provisioning
Source: IDC, 2010
Collectively, cloud, virtualization, and shifting application architectures are creating a
perfect storm for enterprise IT organizations. At the same time that workloads need to
be allocated and optimized more quickly than ever before, traditional approaches to
change management, provisioning, and deployment processes are preventing IT
teams from taking full advantage of the technologies while also driving up the cost of
operations.
IT continues to be tasked with protection of the enterprise's data and prevention of
unauthorized access to critical systems and information. In the face of end-user
pressure to move faster, or outsource workloads to cloud services, IT teams need to
implement new, more efficient and integrated approaches to the deployment,
management, optimization, and protection of computing workloads.
©2010 IDC #223661 3
4. Intelligent Workload Management Targets
Challenges
Intelligent workload management is an emerging market concept that addresses this
complex set of needs by integrating a number of important technologies, including:
Software appliances for intelligent workload packaging and deployment
Policy-based workload management automation
Access/identity management
Configuration and performance monitoring, reporting, and analytics
The ultimate intelligent workload management vision is to transform the packaging of
workloads in a way that bundles appropriately configured operating system,
middleware, and application code into a single unit that can be deployed, secured,
managed, and monitored on a consistent, automated basis, regardless of whether it is
deployed onto physical, virtual, or cloud infrastructure.
This is an ambitious vision that can only be gradually implemented over a number of
years, although early examples of this model do exist in the form of software
appliances. For many organizations, the operational pressures resulting from today's
expansive use of virtualization and experimentation with cloud services will drive
adoption of policy-based workload management and sophisticated access/identity
management capabilities well ahead of significant changes being made to the
packaging of many application environments.
Enterprises are wise to consider how these automation and security investments may
ultimately play into a more robust intelligent workload management strategy so as to
be able to transparently exploit new application packaging models as they become
available. In the interim, enterprise IT teams can reduce the cost of operations, better
protect their organization's information assets, and speed up provisioning and
patching processes by taking advantage of automation and security technologies that
are available today.
Software Appliances for Intelligent Workload
Packaging and Deployment
Intelligent workloads can be thought of as software appliances, which IDC defines as
software solutions that integrate operating system and application software or
application functionality into an easily managed, composite package with a dedicated
purpose. This composite package can be deployed aboard industry-standard client or
server hardware, either inside a virtual machine or directly on the hardware.
A software appliance provides a turnkey experience similar to today's hardware
appliances. Deploying a software appliance can be as simple as a few clicks, with
only configuration tweaks needing to be made. This makes it seamless to deploy
software appliances on a private or public cloud and simplifies the dynamic migration
of the workload as needed. This ability is particularly helpful for ISVs because
4 #223661 ©2010 IDC
5. appliances can reduce time to market and extend existing applications to the cloud,
thereby helping to reduce overall ISV support and development costs.
The main reasons an organization would want to deploy a software appliance are:
Reducing time to value by simplifying acquisition and installation issues
Streamlining operational and change management
Removing redundant activity and thus costs
Bridging private and public cloud deployments
In a December 2009 software appliance survey, IDC found that software appliance
adoption use is increasing slowly, with 22% of participants reporting they had software
appliances in production use, up from 20% the prior year and 7% two years earlier.
Of the companies that have already deployed a software appliance into production,
21% have proactive plans to deploy more than 12 months out, up from 15% last year.
Meanwhile, the number of respondents who have no current plans to deploy more
software appliances has dropped to 7% from 26% last year.
Policy-Based Workload Management
Automation Required
Most enterprise virtualization and cloud computing initiatives are designed to reduce
capital and opex costs by optimizing physical system utilization and operations. They
are also expected to improve business performance by accelerating the deployment,
scale-out, and ongoing maintenance of business services.
Workload portability, such as enabled by software appliances and similar workload
packaging strategies, is fundamental to achieving these objectives. Simply assigning
virtualized workloads to computing resources is only the first step in managing
dynamic environments. Workload use needs to be tracked and virtualized resources
need to be reclaimed and reassigned when the workload is no longer active. In peak
hours, additional instances of a workload may need to be deployed quickly either
inside the corporate datacenter or on external cloud infrastructure. This capability to
transparently move and migrate workloads is a prerequisite for organizations that
want to implement cloud computing solutions.
Policy-driven automated workload provisioning and migration capabilities are needed
to support efficient, large-scale workload optimization. Organizations that want to
make the most effective use possible of their resources need to define standardized
workload configurations and use policy-driven automation tools to assign, migrate,
and deactivate workloads as needed. Customers that are evaluating these types of
solutions should look for:
Tools that can manage standardized workload models and migrate running
workloads across heterogeneous physical, virtual, and public cloud environments
using consistent policies and user interfaces, without disrupting business activities
©2010 IDC #223661 5
6. Automated support for routine patch management activities as well as service
provisioning (These solutions need to be able to discover configurations and
patch levels, evaluate them against the gold image, and enforce updates and
compliance on an ongoing basis.)
Software libraries and templates to improve IT's ability to determine if workloads
are properly patched and configured
Integration with automated workflow and governance systems to streamline
approval processes and streamline audits and status accounting activities
Support for service catalogs and service fulfillment systems including self-service
provisioning if needed
The ability to inject drivers on the fly to support effective monitoring and hardware
analysis for workload suitability
Enterprise IT decision makers surveyed by IDC consistently identify automation as
being important or critical to the effective operation of their virtualized environments
(see Figure 2).
FIGURE 2
Role of Automation in Managing Virtualized Environments
Q. What role do you expect automation to play in your virtualization investment?
Source: IDC's Virtual Infrastructure Management Survey, 2009
Use of these types of tools to support existing workloads can improve efficiency today
and build out the type of portable workload management infrastructure and control
capabilities that are needed to support a broader intelligent workload management
environment over time.
6 #223661 ©2010 IDC
7. Security and Identity Management
Security and identity and access management are critical to the success of cloud
computing. IT must support a growing number of users who need access to a wide
variety of enterprisewide applications and Web services that reside inside and outside
the enterprise. For these reasons, identity and access management has become an
escalating concern, especially in the cloud.
Identity and access management is a comprehensive set of solutions used to identify
users (employees, customers, contractors, and so on) across multiple systems and
control their access to resources by associating user rights and restrictions with the
established identity.
Technologies that compose an IAM stack include Web single sign-on (WSSO) and
federated single sign-on (FSSO); host/enterprise SSO; user provisioning/deprovisioning,
including granular authorization and policy rights; risk and entitlement management;
identity federation; advanced authentication software, such as PKI and digital rights
management; and traditional hardware tokens and smart cards. IDC research shows that
85% of IAM purchases are driven by regulatory compliance demands.
The large and ever-growing list of regulations includes Sarbanes-Oxley, GLBA, PCI,
HIPAA, FFIEC, ITIL, CoBIT, and other government and industry-specific mandates.
To meet compliance audits, businesses not only must show who was granted access
to what but also must be able to track a user's actions once admittance was gained.
Permissions management, tracking, monitoring, and reporting are all very important
to meeting the regulatory specifications. Therefore, IAM and security information and
event management (SIEM) are often used in conjunction with one another to deliver a
comprehensive platform for solving security, compliance, and management/
monitoring issues. When looking to deploy an identity solution to the cloud, customers
should look for:
Integrated access management and federated identity
SSL and VPN capabilities
Reporting and regulatory compliance across cloud and virtual environments
Easily integrated components
Automated workflow capabilities
Tracking and monitoring functionality
Centralized dashboard or management console
Automated provisioning and deprovisioning
SSO/password management/privileged user management
Strong authentication
©2010 IDC #223661 7
8. Logging, tracking, and monitoring are critical functions for cloud environments. For
several years, leading IAM vendors have either included or partnered to offer
reporting and logging within IAM environments. Within the cloud infrastructure, these
functions can be used for forensic purposes as well as to achieve industry and
regulatory compliance.
Just as in an enterprise-centered organization, logging can be used to track sensitive
data in the cloud and to monitor and record who was accessing what when. These
capabilities also serve to make cloud providers more accountable, especially using
VMs. As data is moved between VMs, logs record the movement — again,
documenting from a what-was-moved-when standpoint. The majority of the vendors
in the IAM space offer logging and reporting either bundled in with their IAM suite
offerings or via partnership with other solution providers.
Security is further enhanced in the cloud by implementing proven mechanisms such
as SSL VPN and strong authentication technologies with well-integrated IAM software
components such as SSO, privileged identity management (PIM), and automated
provisioning and deprovisioning.
Identity-centric clouds offer organizations many advantages when developing,
executing, and changing course in today's rapidly changing, global economic
structures. Using an intelligent, identity-driven cloud computing platform, corporations
and organizations can more readily:
Achieve greater visibility into business processes
Perform continual review of business processes based on real-time, event-driven
information
Improve their ability to change and adapt quickly to challenges and opportunities
Achieve finer granularity within user access management and separation of
duties
Dynamic Workload Monitoring, Measuring,
and Reporting Priorities
Along with automated workload portability and effective security and identity
management, dynamic intelligent workload management environments need to be
effectively monitored, audited, analyzed, and certified. The nearly constant stream of
workload provisioning and system configuration changes that occur in highly
virtualized cloud computing environments results in the creation of a large volume of
events, logs, and notifications across the system. IT organizations need tools that can
effectively correlate and analyze these data streams and provide relevant metrics to
help track service level, root cause, compliance, and fulfillment status and drive
automated remediation activities as needed.
Whether they implement a single integrated suite or a set of purpose-built point
solution tools, IT organizations need accurate, timely information and analysis on
which to base capacity planning decisions and to track the status of software and
8 #223661 ©2010 IDC
9. security compliance. They also need to be able to accurately evaluate the level of
service being delivered and recognize problem and incident patterns so as to best
avoid future outages or service-level violations.
Similarly, line-of-business owners and decision makers need to have a view into
performance and cost of the services being provided. This requires IT to provide
dashboards and reports that put information about workload consumption and
performance into a business-relevant services context.
Decision makers evaluating these types of tools should consider the following:
Ability to provide access to performance, configuration, and compliance status
via a common set of interfaces and real-time dashboards to ensure that all
administrators are working with consistent data
Ability to provide business service context and impact insight around
performance, configuration, and compliance data
Availability of out-of-the-box report templates as well as capabilities to customize
reports
Historical and trend analysis capabilities to support a range of planning
requirements
Ability to monitor and normalize data analysis across heterogeneous physical,
virtual, and cloud infrastructures and services
Benefits of Integrating Software Appliances,
Virtualization, Workload, and Identity
Management
By integrating the tools and management processes related to virtualization, workload
packaging, workload automation, and identity management, IT organizations can
create more efficient and compliant environments that maximize system resource
utilization, provide consistent access control and security, and rein in the operational
and administrative costs related to supporting dynamic, virtualized workloads. This
type of infrastructure is critical for organizations that want to take advantage of cloud
computing strategies as well. Cloud environments call for workloads to be highly
portable, yet expect those workloads will retain and comply with policies related to
performance, security, and identity. The ability to abstract workloads away from
hardware and automate the management of the workloads according to policy is a
critical path enabler for cloud.
In the near term, the implementation of automated, policy-driven and identity-aware
operations will streamline workload deployment timelines, reduce human error, and
deliver end users a more consistent set of service levels. Over time, as workload
packaging becomes more intelligent, this underpinning of automated, policy-based
operations, security, and standardized service delivery will enable IT organizations to
take maximum advantage of these enhanced capabilities.
©2010 IDC #223661 9
10. FUTURE OUTLOOK
Market Context
Intelligent workload management solutions are evolving from and being built on a
number of existing technologies, including software appliances, server and workload
automation, and identity and access management solutions.
IDC estimates that the software appliance market totaled approximately $156 million
worldwide in 2009 and forecasts that it will grow to $1.2 billion by 2012. Players in this
market include Novell, Red Hat, rPath, JumpBox, and UShareSoft.
IDC estimates that the server and workload automation market totaled approximately
$600 million worldwide in 2009 and forecasts that it will grow to over $1 billion by
2014. Major vendors in this market, which includes physical and virtual server
provisioning, automated workload migration, and run book automation technologies,
include BMC, HP, IBM, VMware, CA, and Novell.
IDC estimates that the identity and access management market totaled $3.5 billion in
2009 and forecasts that it will grow to over $5 billion by 2014. Major vendors offering
suites of software solutions in this space include IBM; CA; Novell; Oracle/Sun; RSA,
the Security Division of EMC; and Quest Software.
Potential Integration and Deployment
Patterns
The adoption of more intelligent workload management practices depends on IT and
business decision makers being able to build, secure, manage, and measure
workloads using a coordinated set of workload performance, availability, and security
policies. Decisions about workload placement, access, and operations must be driven
by integrated, automated provisioning and access control service management
workflows rather than by fragmented, ad hoc processes and tools.
These automated workload tools need real-time awareness of the available
deployment options whether they are part of the private datacenter or the public
cloud. This means that provisioning systems need to be able to monitor both public
and private cloud performance, security, and operational costs in order to best direct
workloads to the most appropriate resources.
IDC expects that many organizations will begin their journey by implementing policy-
based virtual and physical workload migration tools and best practices. Others will
begin with a focus on automated, policy-driven identity and access control. Still others
will explore the benefits of software appliances and intelligent workload packaging.
CHALLENGES/OPPORTUNITIES
The intelligent workload management vision is a relatively new concept that many IT
decision makers may not yet fully understand. It requires coordination across diverse
IT groups, including development, datacenter operations, and security. In many
10 #223661 ©2010 IDC
11. enterprises, these organizations rely on different tools, platforms, and policies and
have limited points of shared decision making and policy development.
As a result, there is some risk that intelligent workload management solutions will
struggle to find internal champions, particularly in the early days when few workloads
and applications have been fully packaged for portability and software appliances are
not widely used. Over time, many enterprises will need automated, policy-based
workload migration and portable provisioning capabilities simply to keep up with the
dynamic nature of their virtualized datacenters and cloud computing infrastructure
environments. These requirements are likely to drive interest in intelligent workload
management approaches.
IT decision makers will need help from third parties to develop robust workload
management road maps and plan on how to best take advantage of coming workload
packaging, automation, and security technologies. Most organizations should plan to
implement policy-based workload provisioning, security, and migration programs over
the next several years while monitoring the evolution of software appliances and
shifting approaches to workload packaging and portability.
CONCLUSION
As datacenters become more virtualized and enterprises take greater advantage of
cloud services, enterprise datacenter workload management and protection will
become highly complex. IT organizations will need to invest in tools and best
practices that will help them to build, manage, and automate many routine workload
provisioning and migration activities while maintaining required levels of data
protection, access control, and software compliance.
Policy-based workload management and security will be critical to successful business
service operations across these increasingly complex environments. Enterprise IT and
business decisions makers need to jointly move to policy-based specification of
operational, security, and cost profiles for all services and supporting workloads. Over
time, IT can use these policies to drive increased levels of workload automation,
provisioning, and access control. As advanced intelligent workload packaging and
software appliances become more widely deployed, this policy-based operational
infrastructure will be well situated to quickly integrate with and efficiently support the
workload provisioning, migration, and security requirements of the enterprise.
Copyright Notice
External Publication of IDC Information and Data — Any IDC information that is to be
used in advertising, press releases, or promotional materials requires prior written
approval from the appropriate IDC Vice President or Country Manager. A draft of the
proposed document should accompany any such request. IDC reserves the right to
deny approval of external usage for any reason.
Copyright 2010 IDC. Reproduction without written permission is completely forbidden.
©2010 IDC #223661 11