Page 1

Cover_october011_checklist.indd 84

11/17/2011 11:45:25 AM

From The Editor

The beginning of a new year is a great time to take stock, reflect on the changes

Time to Change? A switch to Vista may be a question of when, and not why.

or improvements needed and chalk out plans. In my case, I’ve resolved to cut down on my weight, get more organized at work and spend more time with family and friends. I wonder what your resolutions look like. My gut feel, however, is that your plans at work will have something to do with Windows Vista during the next few months. And, that’s not just because of the timing of its release. Originally scheduled for launch in late 2003, developmental delays have helped Vista’s rivals like Linux. Despite this, I believe that its impact on the computing environment will be significant. As the CIO OS Survey (Page 30) reveals, Microsoft’s market share remains overwhelming in India. Vista will become Microsoft’s flagship (and default) OS. A switch to the latest version of Windows for most CIOs may thus be a question of when, not why (specially once OEMs start to ship Vista on all new PCs). As with any migration, Of course, as with any migration, there there will be questions will be questions about corporate risk, about risk, cost, cost, testing, training, system upgrades, training, support and support and compatibility that you will compatibility. face, particularly from the gentlemen in the board room. Well, to prepare you for a bit of that, we checked out the strategies of three early adopters of Vista (Page 24), who are through with their pilots and are on their way to migrate enterprisewide. Look also to our interview with Gartner analyst Michael Silver (Page 40), where he discusses security issues and migration pitfalls, and what you should be doing now to avoid problems when you do migrate. This is also an issue in which we look ahead at how Microsoft is looking past its OS release to what it sees as a big opportunity in developing those tools that CIOs will need to manage the software-as-a-service environment (Beyond Vista; Page 32). So, what would compel you to migrate your enterprise to a new OS? Write in and let me know your thoughts. Here’s wishing you a year filled with less stress and good fortune. Cheers.

Vijay Ramachandran, Editor 

J A N U A R Y 1 , 2 0 0 7 | REAL CIO WORLD

Content,Editorial,Colophone.indd4 4

Vol/2 | ISSUE/04

12/30/2006 1:46:26 PM

JANUARY 1 2007‑ | ‑Vol/2‑ | ‑issUe/04

Vista i t Outlook The

VIsta is tectonic — it is going to affect your organization whether you like it or not. Which is why you need to understand who’s tried it, how you can test it, when you should deploy, and what Microsoft thinks you need in the future.

COVER STORy | EARLy VISTAS| 23 The long night has ended. While CIOs kept vigil during Vista’s development to stay in the know, few have had first-hand experience with a live pilot. Here are two that have. Feature by Gunjan Trivedi

ThE OS SuRVEy VISTA | 30 Where do your peers stand on OS migration? by Team CIO

BEyOnD VISTA | 32 Inside Microsoft’s plan to dominate the Web 2.0 enterprise. Feature by Ben Worthen

PROS AnD COnS | 39 Deploying Vista is no game of dice. Here’s the upside and the downside to the new OS. Feature by Michael Gartenberg

MIGRATIOn 101 | 40 Gartner analyst Michael Silver discusses Vista security issues and migration and what you should be doing now to avoid problems.

P hoto by Sr IVAtSA ShAn dIlyA

Interview by Team CSO

VISTA’S MOBILITy FEATuRES | 45 Updated power options, a dashboard for mobile concerns...see what Vista has for notebook users.

2 3

Feature by Oliver Rist

CoVEr: ImAgIng by bIn ESh SrE Edh ArAn


WAnT TO TEST VISTA RISk-FREE? TRy VIRTuALIzATIOn | 46 In a virtualized environment, users can try out applications and even operating systems — without having to formally install them. Feature by Eric Lai

4 0 

J A N U A R Y 1 , 2 0 0 7 | REAL CIO WORLD

3 2

MAkInG yOuR MOVE TO VISTA | 50 You’re ready to release the clutch on Vista, but do you know how to make it go vroom? Feature by Scot Finnie and Valerie Potter

more » Vol/2 | ISSUE/04

12/30/2006 1:46:52 PM


(cont.) departments Trendlines | 15 Innovation | Google’s Start Page Open Source | Grameen Outsources Open Source Power | A Diet for the IT Power-Hog The Web | The 3 R’s Meet the 3 W’s Ethernet | IEEE Sets Sights on 100G Ethernet Management Report | Info Searches are a Big Drain Security Skills | Security Experts in Short Supply Enterprise Apps | IBM India Integrates

Data Repositories

Essential Technology | 62 Security | The Devil’s Guide to Vista Security

By Jonathan Hassell Enterprise Apps | Knowledge Management 2.0

By Scott Spanbauer

From the Editor | 4 Time to Change? | A switch to Vista may be a question of when, and not why. By Vijay Ramachandran

Inbox | 14

NOW ONLINE For more opinions, features, analyses and updates, log on to our companion website and discover content designed to help you and your organization deploy IT strategically. Go to


View from the Top The Path of Technology Leadership |  54 Arun Jain, chairman and MD of Polaris Software Lab, says IT needs a leadership team — and everyone on it has to buy into the technology an enterprise needs.

1 9

Interview by Sunil Shah what? |  21 Vista is a curious release: it delivers little functionality that will make end users happy, and lots of functionality that will tick them off. Feature by Bernard Golden


J A N U A R Y 1 , 2 0 0 7 | REAL CIO WORLD

Content,Editorial,Colophone.indd10 10

Vol/2 | ISSUE/04

12/30/2006 1:46:57 PM

Advertiser Index


President N. Bringi Dev

COO Louis D’Mello Editorial Editor Vijay Ramachandran

Assistant Editor Harichandan Arakali

Special Correspondent Balaji Narasimhan

Senior Correspondent Gunjan Trivedi Chief COPY EDITOR Kunal N. Talgeri

COPY EDITOR Sunil Shah www.C IO.IN

Editorial Director-Online R. Giridhar

Anil Nadkarni



Head IT, Thomas Cook, Arindam Bose


Gate Fold

Head IT, LG Electronics India, Arun Gupta Director – Philips Global Infrastructure Services Arvind Tawde VP & CIO, Mahindra & Mahindra, Ashish Kumar Chauhan President & CIO - IT Applications at Reliance Industries



3, 9 & 11






D esign & Production M. D. Agarwal

Creative Director Jayan K Narayanan

Designers Binesh Sreedharan

Vikas Kapoor; Anil V.K. Jinan K. Vijayan; Sani Mani

Chief Manager – IT, BPCL, Mani Mulki VP - IS, Godrej Consumer Products Ltd,

Unnikrishnan A.V. Sasi Bhaskar; Girish A.V. Vishwanath Vanjire

Manish Choksi VP - IT, Asian Paints,

MM Shanith; Anil T PC Anoop

Photography Srivatsa Shandilya

Production T.K. Karunakaran

T.K. Jayadeep Marketing and Sales

General Manager, Sales Naveen Chand Singh brand Manager Alok Anand Marketing Siddharth Singh Bangalore Mahantesh Godi Santosh Malleswara Ashish Kumar, Kishore Venkat Delhi Nitin Walia; Aveek Bhose; Neeraj Puri; Anandram B Mumbai Parul Singh, Chetan T. Rai Japan Tomoko Fujikawa USA Larry Arthur; Jo Ben-Atar

Singapore Michael Mullaney UK Shane Hannam

Events General Manager Rupesh Sreedharan Manager Chetan Acharya

Neel Ratan Executive Director – Business Solutions, Pricewaterhouse Coopers, Rajesh Uppal General Manager – IT, Maruti Udyog, Prof. R.T.Krishnan Professor, IIM-Bangalore, S. B. Patankar Director - IS, Bombay Stock Exchange, S. Gopalakrishnan COO & Head Technology, Infosys Technologies

s_gopalakrishnan S. R. Balasubramanian Sr. VP, ISG Novasoft, sr_balasubra Prof. S Sadagopan Director, IIIT - Bangalore. Sanjay Sharma Corporate Head Technology Officer, IDBI, Dr. Sridhar Mitta Managing Director & CTO, e4e Labs,

All rights reserved. No part of this publication may be reproduced by any means without prior written permission from the publisher. Address requests for customized reprints to IDG Media Private Limited, 10th Floor, Vayudooth Chambers, 15–16, Mahatma Gandhi Road, Bangalore 560 001, India. IDG Media Private Limited is an IDG (International Data Group) company.

Former VP - Technologies, Wipro Spectramind

Printed and Published by N Bringi Dev on behalf of IDG Media Private Limited, 10th Floor, Vayudooth Chambers, 15–16, Mahatma Gandhi Road, Bangalore 560 001, India. Editor: Vijay Ramachandran. Printed at Rajhans Enterprises, No. 134, 4th Main Road, Industrial Town, Rajajinagar, Bangalore 560 044, India

CTO, Shopper’s Stop Ltd,

Sunil Gujral Unni Krishnan T.M

V. Balakrishnan CIO, Polaris Software Ltd.,


J A N U A R Y 1 , 2 0 0 7 | REAL CIO WORLD

Content,Editorial,Colophone.indd12 12

Vol/2 | ISSUE/04

12/30/2006 1:46:58 PM

ReadeR feedbaCk

it was encouraging to see that there were others in the same state of intent as we are. The topic of federated identity management was one of those ‘Oh!How-did-I-overlook-that-one’ issues. We assume that assigning an ID to a partner abrogates our responsibility. However, business risk is a sticky issue — and it remains. Often, it is actually higher in a federated ID scenario because we are unaware of the processes partners follow.

Walk the Line The debate, over whether CIOs need to be business executives first and then technologists — or not, (Inbox, CIO, December 15, 2006 2006) was interesting. My response is that someone needs to understand technology well, at least how it can be used to achieve business objectives. I see the CIO as an important boundary spanner. He needs to be able to talk technology with technology providers — and business with business executives. He needs to be able to translate the business needs of the company into possible technology solutions and differentiators. He needs to be able to visualize how new technologies can be used to the advantage of the business. I would hesitate to say either technology or business comes first. Rishikesha T. kRishnan Professor, IIM Bangalore

On Federated iD

The CIO Roundtable on identity management helped sharpen the understanding of some key issues. Internally, we need a set of new processes to identify individuals, roles and information assets as well as ongoing processes to assign and re-assess these with each other. It was encouraging to see that some organizations, especially the engineering ones, have this down very tightly, just as 14

Inbox.indd 14

J A N U A R Y 1 , 2 0 0 7 | REAL CIO WORLD

aLagu BaLaRaman Executive VP (IT & Corporate Development) Godfrey Phillips

Toward a Better World It felt good to see a CIO cover story (Aiding Aiding Action, September 15, 2006 2006) on an Internet-based information and communications system for an international organization like ActionAid. In the technical and general media, we continually hear of how IT services can maximize profits for companies. All too rarely do we see articles of substance on how IT is being — and can be — used in the fight against poverty. I would like to highlight a significant aspect of the system which you do mention, but do not highlight — and that is the change now possible in communication using IT. Donors, wherever they are, can now directly be in touch with communities, wherever they may be, and vice versa. This is changing the dynamics of international aid and the struggle against poverty, which has so far seen a top-down approach. Personally, I would welcome more What Do You Think?

"We assume that assigning an Id to a partner abrogates our responsibility. However, business risk is a sticky issue — and it remains." articles on how IT is being used to change the world — to campaign against environmental degradation, human rights abuse, and the fight against HIV/AIDS. muRRay CuLshaW sha shaW Chair, MCC

Technology-strategy mix I find the editorial content of CIO India to be very professional. Personally, I prefer content on strategy and technology in something like a 2:3 ratio — and am happy with the current mix in the magazine. Your strategy content is substantial. With the tech-strategy mix in your magazine, I’d still emphasize on the importance of technology to an IT leader. It pays to focus on recent technologies — to be the first to tell us what technology is new. If you provide a snapshot of new tools and upgrades that are being developed, it would truly enhance the content. In general, CIOs like to be in the know on subjects such as business intelligence. s.s. sOni

We welcome your feedback on our articles, apart from your thoughts and suggestions. Write in to Letters may be edited for length or clarity.

Executive director-optimization & IS Indian Oil Corporation

editor@c Vol/2 | ISSUE/04






E n t E r p r i s E A p p s Google has its eye on the enterprise but it doesn’t plan to come busting in. It's banking, instead, on its search technology and productivity tools to get on corporate desktops. Recently, Google released the beta version of a customizable home page that will bring together a company’s applications and thirdparty mini-programs on a single interface. Google Start Page is the latest addition

to a bundle of online communications tools — called Google Apps for Your Domain — for corporate users, which include e-mail, IM and calendaring. Companies can customize the Start Page with their logo, display content provided in HTML from RSS feeds, and offer the applications to users — employees, customers or external visitors — for free. Staying clear of calling the Start Page a portal interface, Google says it is based on the personalized home-page technology that is popular on Google's website, but has controls that customize the page’s look. Google Apps is being pitched as an alternative to installing local infrastructure. With it, the company competes, in terms of features, with Microsoft and IBM and smaller vendors. Google Apps includes its IM, calendar and page creator services.


The search giant says it is developing an enterprise version of Google Apps that will include fee-based support for Start Page and its apps. For now, the first version is free. Experts say the company faces the challenge of developing servicelevel agreements for corporate users. The company isn’t discussing the timing of the fee-based version yet. “We think we have this kernel of a really exciting platform for small businesses and enterprises,” says Mike Horowitz, product manager for Google Apps for Your Domain Start Page. “Ultimately, there is the possibility of adding lots of services,” he says. —By John Fontana


Google ’s Star t

Grameen Outsources Open Source The Grameen Foundation has outsourced the development of opensource software, which is expected to meet the automation needs of microfinance agencies worldwide. The Grameen Foundation was established in 1997 to replicate the success of the Grameen Bank in promoting development in Bangladesh through microfinance. The foundation was co-founded by Professor Muhammad Yunus, who won the Nobel Peace Prize in 2006. Aditi Technologies, who bagged the deal, has been working with the opensource community to develop the software, and will continue to coordinate open-source participation in the project, said Pradeep Singh, CEO of Aditi. Grameen and Aditi will

opEn sourcE

V OL OL/2 /2 | ISSUE/04

Trendlines.indd 15

work together on new releases, and are exploring new models for its deployment, including software-as-a-service, Singh says. The software called Mifos (Microfinance open source) was released under the Apache License Version 2.0 to encourage technology providers across countries to localize the software, says George Conrad, director of the Mifos initiative, Grameen Foundation. The first release of Mifos, unveiled last month, is a Java-based Web application that requires users to have a Web browser and Internet access, while the back-end server can run on any OS that supports Java, including Linux and Windows, Conrad says. The Grameen Foundation did not use the GNU General Public License (GPL) as it would not allow technology providers to use

the core Mifos software to build their own proprietary add-ons around it, he adds. About 46 percent of microfinance institutions worldwide still use spreadsheets to manage their portfolio and client information, according to a 2004 survey by The Consultative Group to Assist the Poor. Another 44 percent used poorly-designed, home-grown systems that were expensive. Instead of these institutions building the same functionality repeatedly, the Grameen Technology Center, a technology development division of the Grameen Foundation in Seattle, decided to build an open-source system that is collaborative, and promotes local support and control of the functionality, Conrad said. — By John Ribeiro REAL CIO WORLD | J A N U A R Y 1 , 2 0 0 7


12/30/2006 2:15:50 PM

A Diet

for the ItI Power-hog PowerConcern over power consumption is driving enterprises to alter their computing practices, according to a Canadian analyst. Anything that affects the bottom line is a matter of concern and that’s certainly true of power consumption by IT resources, said George Bulat, director of data driven products at IDC Canada in Toronto. Companies, he said, are devising various strategies to deal with the issue. For instance, Bulat said, an increasing number of companies are turning to server-based computing and virtualization to save energy. He said by shifting power consumption from the office to the machine room, these computing models lower the cost of managing IT services and cut overall energy bills. The IDC analyst also sees a noticeable shift towards blade-type servers, which further reduces power consumption. “Blade servers and virtualization reduce the number of physical machines that consume energy.” Server and thin-client computing has become an increasingly popular strategy to cut down power consumption, and with reason. Personal computers account for two-thirds of the energy consumption in a typical office, while they waste as much as 20 per cent of the power they consume, according to Butler Group, a U.K.based analyst house. The Carbon Trust, a non-profit organization funded by the British government, has determined that office equipment accounts for roughly 15 per cent of energy use. This figure is expected to rise to 30 per cent by the year 2020 if businesses do not act. David Rogers, a technology and project management specialist with BC Hydro, noted that simple power-conservation techniques can save a company with 10,000 computers at least Rs 112.5 lakh each year in electricity costs. He notes that the province of British Columbia can save as much as Rs 135 crore in electricity costs each year if businesses and home users turn off their computers when not in use. — By Nestor E. Arellan




Trendlines.indd 16

J A N U A R Y 1 , 2 0 0 7 | REAL CIO WORLD

School has certainly changed since the days of the three R’s: reading, writing and ‘rithmetic. Now a group of professors are collaborating to train students to design future versions of the three W’s: the World Wide Web. One of their first lessons will be how to strike a balance between better access to data and stricter rules about its use, said researchers from the Massachusetts Institute of Technology (MIT) and England’s University of Southampton at a recent press conference. The Web Science Research Initiative (WSRI) hopes to create a college degree program in ‘Web science’ that combines disciplines including computer science, mathematics, neuroscience, law and economics. It will also raise funding for doctorate students to study at MIT and the University of Southampton. “Because we created the Web, we have a duty to understand it,” said Tim Berners-Lee, a scientist in MIT’s Computer Science and Artificial Intelligence Lab (CSAIL), and inventor of the protocols that control the Web. “Suppose among all the beautiful, wonderful things it’s created, it also creates something horrible?” The group created WSRI (pronounced whiz-ree) because of two powerful trends: the burgeoning amount of online information and the need for better social rules to control access to it. The number of Web servers has now reached 100 million, said Rodney Brooks, a founding member of WSRI and the director of CSAIL. “There are 100 million servers, 100 million nodes, 100 million Web masters and mistresses, so when it comes to aggregating data, how do we do it? How do we get to a crisp mathematical question that can inform policy?” Brooks said. One of the Web’s greatest strengths is that the same rules govern small sites and enormous communities such as MySpace, Berners-Lee said. That ‘fractal’ quality has supported the growth of the blogosphere, a complex space based on simple principles. Yet, the Web’s growth has hobbled its evolution in some cases. For instance, Wikipedia has recently applied new rules for erasing spam postings instead of hewing to its original philosophy of “anybody can write,” he said. —Team CIO

thE wEb

One of the first lessons will be to find a better balance between data access and stricter rules on the Web's use.

VOL /2 | ISSUE/04


The 3 R’s Meet the 3 W’s

100G Ethernet The next Ethernet speed will be 100Gbps, the IEEE voted recently. Now the standards body just has to go build something never done before. The IEEE’s High Speed Study Group (HSSG), tasked with exploring what Ethernet’s next speed might be, voted to pursue 100G Ethernet. The IEEE will work to standardize 100G Ethernet over distances as far as 9.6 km over singlemode fiber optic cabling and 328 feet over multimode fiber. With the approval to move to 100G Ethernet, the next step is to form a 100G Ethernet Task Force to study how to achieve a standard that is technically feasible and economically viable, says John D’Ambrosia, chair of the IEEE HSSG, and scientist of components technology at Force10 Networks. “There is still a lot of work to be done to finalize our objectives, and where this thing will go,” D’Ambrosia says. “The next step is getting the project into the 802 process,” he adds, referring to the IEEE’s umbrella of Working Groups for networking standards, which govern everything from


wired Ethernet and Token Ring to wireless LANs and WiMAX. The need for 100G Ethernet is growing as IP video and transactionintensive Web 2.0 applications are exploding across the Internet. The challenge for 100G will be to push Ethernet to a megabits-per-second speed that does not currently exist under any standard. Examples of past leaps in Ethernet speeds, which followed the lead of other technologies include: Fast Ethernet, followed the 100Mbps FDDI standard; and 10G Ethernet, which used the 9.9Gbps OC-192 SONET as its base. In each case, resulting Ethernet standard borrowed components and encoding techniques used in the existing non-Ethernet standards. While a comparable 100Mbps standard does not exist now for Ethernet to emulate, D’Ambrosia anticipates this won't be too big a challenge for work on 100G. A 100G standard will probably use parallel data transmission — multiple 10Gbps-plus signals traveling over multiple fibers or lanes, D’Ambrosia says. “There has been a lot of maturing in

info sEArchEs

are a Big drain mAnAgEmEnt rEport Employees performing ineffective searches and wasting time looking for information can cost companies up to 10 percent in salary expenses, research shows. A recently released report entitled Enterprise Search and Retrieval, from London-based IT research firm Butler Group, concludes that ineffective search and discovery strategies are hampering business competitiveness, impairing service delivery and putting companies at risk. Specifically, the research firm contends that as much as 10 percent of a company’s salary costs

VOL/2 | ISSUE/04

10G technology” around bonding together multiple links, D’Ambrosia says. A recent multi-vendor demonstration showed one possible implementation of this kind of parallel 100G Ethernet. The test involved a pre-standard 100G Ethernet protocol stack, which bonded together 10 10Gbps links and transmits them over separate optical wavelengths. Compared to the current standard for link aggregation the 100G demo was “similar, but different,” says Serge Melle, VP of technical marketing for Infinera “Link aggregation groups allow you to group multiple 10G channels together, but this has limitations on scaling,” because a total of eight links can be bonded, Melle says. “What we demonstrated is truly a 100G at the [media access control]layer.” —By Phil Hochmuth

is frittered away as employees scramble to find adequate and accurate information to perform their overall jobs and complete assigned tasks. “Over 50 percent of staff costs are now allocated to employees performing so-called information work,” said Richard Edwards, coauthor the 240-page report. “Employees are suffering from both information overload and information underload. As a result, the typical information worker now spends up to one quarter of his or her day searching for the right information to complete a given task.” The lost productivity and wasted salary cost findings support Butler Group’s stance that search and retrieval tools should be part of enterprise companies’ IT arsenal, as the technologies enable organizations to exploit the information assets they already have; they also enable companies to identify opportunities, reduce risk and garner insight. —By Denise Dubie REAL CIO WORLD | J A N U A R Y 1 , 2 0 0 7




IEEE Sets Sights on

Short A lack of security experts is damaging the ability of companies to meet new compliance laws, according to the London School of Economics (LSE). The McAfee-sponsored report, conducted by Dr Jonathan Liebenau at the LSE’s Department of Management, concludes that difficulties in hiring and retaining the right staff were exacerbating a range of risks. Chief amongst these were the reputational risks associated with data leaks and theft. After conducting interviews with IT directors and CSOs in large financial services organizations in Europe, Asia and the US, Liebenau’s team found that by mid-2006, reported security breaches had reached between eight and 10 per week in the U.S., compromising 94 million records containing sensitive personal data. Businesses above a certain size in a majority of US states now have a legal responsibility to report data compromise as



sEcurity skills

soon as it is discovered, so it was impossible for companies to avoid the fall-out from such breaches. “The mandatory reporting of security breaches will have far-reaching implications on a business’ reputation management,” said Dr Liebenau. “The practice of reporting breaches, now commonplace in the US and quickly spreading to several

regions in the world, will impact the way individuals and organizations think about information handling in general and reputation protection in particular.” Such headline worries risked taking resources from other less public security problems, meaning that compliance could actually increase security woes in the long term. Sensible assessment of how to balance such issues depended on having the right people in place, and these were now in very short supply. Consequently, companies found themselves over-dependant on a small pool of expertise. The report found that the people who formulated security policies were often different from those who managed and maintained them, leading to a disconnect between aspiration and reality. Evaluating such problems was difficult because of a lack of good benchmarks. —By John E. Dunn

IBM India Integrates Data Repositories E n t E r p r i s E A p p s If you're one of many CIOs burdened with worries of untapped intelligence wasting away in heaps of unstructured data, it could be time to stop holding your breath. IBM Corp.’s India Research Laboratory has developed technology to retrieve and integrate information from both structured and unstructured data. The technology integrates data that is stored in separate silos, said Mukesh Mohania, lead researcher on the project. “We leverage structured data by extracting information from unstructured repositories, then providing business intelligence,” Mohania said. EROCS (Entity Recognition in the Context of Structured data) is a key component of the technology. EROCS addresses the problem of linking a document with related structured data in an external relational database. Partial information provided, for example, in e-mails from customers do not often allow identification, Mohania said. EROCS views the structured data in the relational database as a set of pre-defined entities, and identifies the entities from this set that best match the given document. A highlight of EROCS is that it identifies an entity even if it is not mentioned in a document, says Mohania. It exploits the context information in the document to match and identify the entities.


Trendlines.indd 18

J A N U A R Y 1 , 2 0 0 7 | REAL CIO WORLD

Another technology, called SCORE (Symbiotic Content Oriented information Retrieval) addresses the problem of consolidated querying of structured and unstructured data, using a type of contextual search. The application specifies its information needs using a SQL query on the structured data, and this query is automatically “translated” into a set of keywords that can be used to retrieve relevant unstructured data. At the core of this technology lies a technique for obtaining these keywords from not only the query result, but also from additional ‘neighborhood’ related information in the underlying database, Mohania said. A research prototype of the technology has been deployed in the customer support operations of HDFC Bank, a large private bank in Mumbai. The prototype application integrates customer data from a structured database and business intelligence sources, with incoming information on customers from multiple sources, including e-mail and phone calls. By combining structured and unstructureddata, HDFC Bank can provide call center agents with a more complete history of all customer activity, IBM said. The technology also enables the bank to generate actionable insights that can be used to enhance up-selling and cross-selling opportunities, IBM added. — By John Ribeiro

VOL /2 | ISSUE/04


Security Experts in

Susan Cramm 

Executive Coach

Good CIOs, Bad Choices Smart IT leaders know the key to better decision making is to take a hard look in the mirror and identify what they need to work on to build credibility with the business.


fter only three years, Tom, a publishing industry CIO, got the boot. It’s amazing that an IT leader with such intelligence and years of experience could mess up so badly in such a short time. Tom’s tenure started well: he inherited an IT organization with good relationships and a track record of delivery. However, the department lacked a coherent strategy and a cost structure attuned to the fiscal pressures facing the organization. Faced with the difficulties of creating strategy in a decentralized business and bowing to his introverted nature, Tom decided that some strategy was better than none and initiated an effort that largely excluded the business. He launched an SOA initiative and a service-based organizational model — changes that were out of line with the maturity of the organization and increased the high IT cost structure. Good CIOs make bad choices all the time. These decisions usually aren’t fatal, but they are painful, and it may take the CIO a while to recover. To help my clients make better choices, I have developed a framework called the CIO credibility cycle. The credibility cycle helps CIOs foster organizational excellence and strong relationships across the enterprise. It starts with building an IT organization capable of developing good relations with the business. This is achieved by delivering projects on time and on budget in order to realize their business value. Meeting this objective will motivate both business and IT to forge a shared IT vision, strategy and tactical objectives. This, in turn, leads to the building of quality solutions that strengthen the overall organization and, completing the cycle, continues strengthening relationships.

Vol/2 | ISSUE/04

Coloumn - Good CIOs, Bad Choice19 19

REAL CIO WORLD | J A N U A R Y 1 , 2 0 0 7


12/30/2006 1:17:08 PM

Susan Cramm

Executive Coach

By understanding the credibility cycle and using it to diagnose IS capabilities, CIOs can identify what they need to work on and in what order to build their credibility with the business. The cycle defines what experienced CIOs already know: that to inspire trust, one must accurately assess organizational capabilities and work them in the right order. In Tom’s case, IT had strong business partner relationships and delivery credibility and was starting to be recognized as a lever to create business value. His focus should have been to facilitate cross-divisional discussions regarding priorities, synergies, and cost savings with the goal of gaining shared commitment and the allocation of scarce resources. Unfortunately, Tom’s decisions to set strategy alone and focus on SOA and organizational engineering created a cycle of incredulity with senior management that led to his departure. CIOs such as Tom who have been in the role for a while can get stuck in an incredulity cycle and need to step back from the issues at hand to gain perspective. For example, Roger, a manufacturing CIO, discovered that the product engineering group had installed another rogue messaging product on the network. Initially, he readied himself for a painful battle, taking satisfaction that policy was on his side. Fortunately, he sought counsel and realized that policy was the only thing on his side. He didn’t have the relationships to collaborate on delivering new capabilities. As a result, his business partners felt that to get anything done, they had to go it alone. Roger realized that a confrontation on this issue was going to make him look officious and powerless. Rather than hide behind policy, he decided to view the situation as a chance to build relationships and adopted the posture of partnering with the ‘early adopter’ engineering group to identify user needs and define necessary capabilities and standards. For new CIOs, it’s important to start small and test the elements of the credibility cycle to determine current positioning. Gail, a new divisional CIO, inherited a missioncritical project that was years in the making and way over budget. She could have asked for and received a check in any amount, given the initial credibility conferred on a new CIO by management. Instead, she requested funding in stages and broke the initiative into smaller projects to test the capabilities of her organization and its business relationships. In this way, she reduced risk and established a track record for delivery as she and her business partners demonstrated completion of each stage prior to requesting further funding. Good leaders make better choices by working with — not against — the credibility cycle. By facing the truth, CIOs can focus their efforts and set the foundation necessary for the future. It’s uncomfortable to look in the mirror and ask for help — but it’s less painful than letting the cycle of incredulity claim another victim.


J A N U A R Y 1 , 2 0 0 7 | REAL CIO WORLD

Coloumn - Good CIOs, Bad Choice20 20

Reader Q&A Q: In many organizations, it takes 50 people to agree to a strategic change and only a few to stop progress. This dynamic may be what drove Tom to take action on a strategy he could control. Do you have any insights on gaining strategic consensus? A: Strategy is defined in the course of day-to-day business. The purpose of a strategy-making process is to capture current insights, identify actions and focus resources on initiatives that will promote the enterprise’s objectives. A strategy defined alone may be elegant, but it won’t help the organization focus on what should — and should not — be done, because it doesn’t have the commitment from those who set priorities and allocate resources. Strategy is less about the result than the commitment to a course of action (that’s why Peter Drucker said: strategy is a commodity and execution is an art). Effective strategymaking starts with one-on-one conversations in order to understand a company’s competitive positioning as well as the goals and aspirations of the leaders in the organization. By collecting, framing and playing back this information, CIOs and their staffs can, over time, facilitate crossfunctional discussions that result in strategic clarity, focus and commitment. Of course, this process is made easier if they define their strategy-making approach in conjunction with a few of the most powerful, key executives. Q: What could Tom have done to prevent himself from being booted? If he had such intelligence and years of experience, why was he not given a chance to recover? A: Tom was given a chance to recover, but he decided to

assume a defensive and oppositional posture rather than reflect and change his behaviors. He could have prevented himself from being booted if he’d focused on building relationships and facilitating participative decision and strategy making rather than spending most of his time in his office. CIO

Susan Cramm is founder and president of Valuedance, an executive coaching firm in San Clemente, California. Send feedback on this column to

Vol/2 | ISSUE/04

12/30/2006 1:17:08 PM

Bernard Golden


Vista...So What? Vista is a curious release: it delivers little functionality that will make end users happy, and lots of functionality that will tick off end users.


Illust ratIon anIl t

n all the hoopla over the release of Vista, I’m struck by how little there's in it for the typical user. As Microsoft repeatedly flung bits over the side in an attempt to lighten the behemoth operating system enough to finally be delivered in our lifetime, all that was finally left that an end user would find worthy of remark is eye candy: the Aero interface. That’s it. A prettier way to look at your computer. Don’t take this as the knee-jerk ravings of an anti-Microsoft idealogue. I take a ruthlessly pragmatic approach to software and am just as comfortable choosing proprietary software over an open source offering. Overall, Microsoft delivers client operating systems whose virtues make end users happy and whose vices cause problems for IT. Since you know who has the clout in most companies, IT organizations have ended up doing remediation for the various shortcomings of Microsoft OSs, particularly in the security area. In terms of end user satisfaction, Microsoft has done a pretty good job with Windows XP — it’s stable, relatively easy to use, and easy to find add-on software for. Which raises the question: why would someone choose to move from XP to Vista? But most people won’t have a choice — it will come pre-installed on new machines. But in terms of new features, most end users will wonder why a new OS was necessary. After you get by Aero, most people will say, “So what?” Of course, there’s stuff in the OS beyond what people will see as end user functionality. And it’s here where Vista seems troubling. It’s addressed some of the problems in XP in ways that end users are likely to see as intrusive and inconvenient. There’s the Trusted Computing feature, which is designed to lock down the internals of the OS and prevent spyware, malware, and the thousand and one things malefactors have shoved into

Vol/2 | I ssuE/04

REAL CIO WORLD | J A N U A R Y 1 , 2 0 0 7



Send feedback on this column to


J A N U A R Y 1 , 2 0 0 7 | REAL CIO WORLD

Coloumn - The Open Source.indd 22














the too-open XP. However, Microsoft has extended this to the hardware level via the Trusted Platform Module. This entails treating the entire computer — OS and hardware — as a single entity to ensure security. There’s only one problem with this — changing hardware will break the end-to-end chain of security and result in an inability to access the data. And, of course, we know that broken hardware on a PC is a question of when, not if. So Microsoft’s attempt to build better security into its OS — a laudable goal and extremely overdue — is inevitably going to cause end-user headache, since no one will keep track of the keys necessary to retrieve encrypted data. It seems there must be a better way to solve spyware than this. I'd hate to be the IT help desk person who explains to an end user that because his PC's motherboard went on the fritz and the backup encryption keys aren’t available, all data on the machine is lost. Perhaps more obvious to end users is the DRM capability built into the system. To protect itself from the onslaught of digitization, Microsoft has signed up for an end-to-end, hardware-enabled, DRM scheme that will protect new generation digital content from being accessed except through this DRM scheme. And, by the way, you’ll need a lot more than a new HD DVD drive for your computer if you want to access high def content. A new monitor, new cables, and, presumably, a new DRMenabled computer are also required for access. Some blames Microsoft for enthusiastically embracing DRM and others depict big media as the culprit, due to its refusal to enable access to high-def content unless the scheme was in place; in the latter scenario Microsoft is an unwilling victim forced to acquiesce in order to enable its customers to access new-generation digital entertainment. I'm not really interested in whether to despise Microsoft or to pity it; however, I know that no end user is going to see this functionality as helpful in his or her daily life. This seems like functionality put into the system not to serve the actual user, but to appease a powerful constituency that, through money and legislation, can bring more pressure to bear than can individual users. I predict an uproar around DRM when Vista rolls out, and a widespread rejection of new-gen media on PCs due to the onerous requirements. At the end of the day, I’m struck by the curious nature of this release: it delivers little functionality that will make end users happy, and lots of functionality that will tick off end users. This seems like a release driven by motives other than end user demand. CIO


Bernard Golden

Meet Your New Host Supply chain software has been considered too risky and important to be hosted by outsiders. That is, until you consider the risks and expense of installing and supporting it yourself. Blogs Help Win the IT Talent Search The benefits of using the Web to gauge candidates’ current work and interests. Read more of such web exclusive features at

Columns Everyone Gets to Play Good IT governance is not about committees, processes, forms and procedures. It’s about involving as many people as possible. And then it’s IT’s job to support them. Who’s your Boss? Whom a CIO reports to is directly related to IT’s impact in an organization. Read more of such web exclusive columns at Resources Podcasts from CIO Live Atul Kumar, the CIO of Syndicate Bank discusses the challenges of holding on to the talented people within your organization. S Sridhar, CIO, Hutchison Essar talks about the innovative uses of VoIP Download more web exclusive podcasts from

Log In Now!

REAL WORLD 12/30/2006 1:20:30 PM

Vista is tectonic — it is going to affect your organization, like it or not. Here's what to train your eyes on. Early Vistas Page 24

Two early adopters who've left signposts on the way.

The CIO OS Survey Page 30

Where do your peers stand on OS migration?

Beyond Vista Page 32

Inside Microsoft’s plan to dominate the Web 2.0 enterprise.

Pros and Cons Page 39

Deploying Vista is no game of dice. Here's the upside and the downside to the new OS.

Migration 101 Page 40

Gartner analyst Michael Silver discusses Vista security issues and migration pitfalls and what you should be doing now to avoid problems.

Mobility Features Page 45

Deploying Vista is no game of dice. Here's the upside and the downside to the new OS.

Want to test Vista Risk-free? Try Virtualization Page 46

In a virtualized environment, users can try out applications and even operating systems — without having to formally install them.

Making Your Move: What You Need to Know Page 50

You’re ready to release the clutch on Vista, you have the allocation, you have the green light from management, but do you know how to make it go vroom?

12/30/2006 1:26:17 PM

Early a y Vistas


Cover Story.indd 24

J A N U A R Y 1 , 2 0 0 7 | REAL CIO WORLD

Vol/2 | ISSUE/04

12/30/2006 1:26:28 PM

Enterprise Software

the long night has ended. While cIos kept vigil during Vista’s development cycle to stay in the know, few have had first-hand experience with a live pilot. Here are two that have. BY Gunjan TrIVeDI


ista is slated as the most secure desktop operating system in the Microsoft stable. But it’s taken its time coming. By January 30 — the date for its worldwide release — it will be over five years since the release of Windows XP. The in-between period has been peppered with multiple alpha and beta releases and RC builds. Hordes of Windows enthusiasts have kept track of every bleat the giant OS has made. Many enterprises have kept vigil to stay clued into the development cycle, but few have had first-hand experience with a live pilot. If you are one of them, read on and see how two of your peers visited Vista and came back with stories to tell.

ImagIng by bInESH SrEEdHaran

Securing ProdUctIVIty

Vol/2 | ISSUE/04

Alok Kumar, global head of internal IT at TCS, looked at Vista with interest because it enforces desktop security and enhances users' productivity. A few months ago, Kumar migrated 500 users from various groups and practices to the Vista expanse. He is currently working on migrating the next 1,000, and soon the entire organization. “The enhanced technologies and breakthrough user experience with Vista was found to be the need of the next generation of computing experience. Besides this, a number of issues have been addressed with improved security features and ease-of-use for the end user,” says Kumar. This philosophy of being a forerunner, where new technology adoption is concerned, is true to the DNA of TCS, which has a reputation of being a trailblazer. The IT consulting services major has a presence in over 34 countries across six continents, serving seven of the Fortune Top 10 companies. Reader ROI: Hence, being ready to new market developments is Migration to a new desktop critical. Kumar is aware of this, and plays a pivotal role operating system in introducing new technologies internally to help the The benefits of a phased approach to deployment organization develop core strengths in IT services. REAL CIO WORLD | J A N U A R Y 1 , 2 0 0 7


Vol/2 | ISSUE/04


“Vista IS tHE moSt secure version of WIndoWS yEt”

ImagIng by an Il t

“The reasons to adopt Vista are simple: incorporate new technologies to develop the knowledge-base of an IT services organization to make it more agile to future market demands; and to introduce end-users to more secured and productive desktop environment,” he states. Kumar began to evaluate Vista in a controlled environment, running the pilot on pre-determined, Vista-ready PCs that had at least 1 GB RAM. A zero-touch deployment application that took four manmonths to create was developed in-house. It enabled the seamless and remote deployment of Vista across desktops identified for the pilot. The competency to deal with a Vista environment was developed by an internal IT team. A self-paced Computer Based Training module and FAQs pertaining to various Vista features were developed and hosted on an internal learning site. “Our internal IT team is geared to test and deploy Vista across the organization. The global help desk is adequately trained to handle questions on Vista. In addition, Vista awareness sessions were organized for end users,” he says. Post-pilot, TCS is readying to migrate from Windows XP as its main desktop OS to Windows Vista in a phased manner. Kumar has identified optimized desktop infrastructure that banks on the advanced technologies at the core of Vista. He also stresses on the improved security and compliance for desktops and a mobile workforce as Vista’s features that showed immediate benefits, allowing him to go ahead with the migration. Based on these core technologies, it wasn’t too hard for Kumar to showcase benefits in terms of ROI to management and enhanced security and productivity to the end users. Vista, using technologies called ReadyBoost and ReadyDrive, offers improved system performance while working with fast flash memory on USB or hybrid hard disk drives. The technologies do this by caching often-used programs and data. This translates into improved battery life for notebooks as hybrid drives can be spun down when not in use and frequent hits to the USB drives to fetch data can be avoided. The OS includes comprehensive wireless networking support and doesn't require third-party wireless networking software — unlike the earlier versions of Windows. Vista provides improved support to wireless standards like 802.11i. It also offers a Fast Roaming service that allows users to move from one access point to another without losing connectivity. Vista also has IPv6 incorporated with several networking performance improvements such as TCP window scaling. “Vista has tools and technologies that help manage desktop imaging efficiently. It has lots of features like Search, Meeting workspace for ad-hoc, peer-to-peer collaboration that enables users to be more productive. It also has lots of security tools like anti-phishing, Windows Defender, BitLocker, etcetera that make Vista even more secure,” explains Kumar. The new OS maintains security as its primary objective and packs in more punch than any of its predecessors, according to Microsoft. Its security and compliance features make Vista come close to the Trustworthy Computing initiative of being inherently secure, available and reliable. “Protecting computer users is an industrywide obligation. With Windows — Alok Kumar, Vista, Microsoft is taking steps to evolve the operating global head of internal IT at TCS system with current and future threats in mind,” says

P Hoto by Sr IVatSa SHan dIlya

Enterprise Software

Enterprise Software

Microsoft’s technology adoption program as Vista graduated Rishi Srivastava, director-Windows Client Business Group, from alpha to beta builds. Deputy GM Pankaj Dikshit, who Microsoft India. heads the internal system integration at NIIT, ran pilots Controlling access to desktop computers and corporate of Vista on a handful of machines in the first half of 2006, resources is one of the keys to a more secure environment. graduating to a team of more than 50 users beta testing Vista Robust access controls limit the ability of malicious code to as the year closed. cause damage, even when a PC is compromised. Vista's User “We had a core team that helped determine the features that Access Control (UAC) helps protect information and services the new operating system came with and what we needed to do by validating access to authorized users and applications. to use them well. Out of the experiment came the realization of UAC also enables the deployment of a fully usable machine the problems we could face and their solutions,” says Singh. with Standard User privileges. When a user logs on with After running successful Vista pilots, NIIT now plans to Standard User privileges, the attack surface of the desktop is rollout the new OS organizationwide. Vista is being rolled out greatly reduced. “Windows Vista virtualizes files and settings for applications that require administrative access, so these applications will still run normally. When elevated privileges are required to carry out a task, a new user interface asks the user for their credentials,” adds Srivastava. Kumar points out to another significant security feature of Vista that protects critical data e beers’ knowledge of diamonds, the hardest substance on earth, has enabled on a stolen or lost laptop from being misused. it to take a cold, hard look and a down-to-earth approach to Vista upgrades. This feature, called Windows BitLocker, enables all companies require computing security, but some need it more. bangalore-based a mobile workforce to encrypt the entire volume de beers India, part of the world’s largest diamond mining company, is one of them. of data on their notebooks. It works in conjunction de beers India has field-based teams in seven states. these teams, which consist with the Trusted Platform Module chip on the of geophysicists, geologists, security specialists, etcetera, explore for diamonds motherboard (that can be used to authenticate a and guard their data zealously. and this forms the chief reason why the company hardware device) or a USB key. Data on a missing is very keen on shifting to Windows Vista. laptop is encrypted and remains safe from prying Sanjay deogiri, information and communication technology manager, de beers eyes. “Vista is the most secured version of the India, is very pragmatic while discussing Vista. He says that he likes Vista because it Windows yet,” says Kumar. provides improved networking features, security and gUI enhancements. However, in the same breath, he also knows when de beers India will shift to Vista: “once the ISVs (independent software vendors) make their software compatible with Another early Vista adopter is NIIT. A pioneer in Windows Vista.” Until then, he says that de beers India will stick with Windows XP. IT education and training, NIIT's need to innovate de beers India ran a Vista pilot on just five computers, but this was sufficient to instructional design methodologies and develop show them the road ahead. deogiri didn’t face any problems with buy in, either from cutting-edge curricula makes it a natural early the end users or from the management. “End users wanted the latest, including the adopter of new technologies. Vista is key to NIIT fancy aero interface. So, it was relatively easy to convince them. the management as it pilots, tests and adopts new technologies and was briefed about the enhancements in terms of lower tco, reliability, improved platforms. troubleshooting and easy deployment bundled with security enhancements.” Since “Certain technologies are always on our radar. de beers needs a lot of security, Vista proved particularly appealing. For instance, a new OS or a PC application such but de beers is willing to wait for compatibility. deogiri also prefers a phased as MS Office — these are always part of our approach to deploying Vista. “We have several departments like administration, curriculum so we are always looking at how to logistics, Hr, accounts, finance and others. We will start deploying it departmentuse them. The internal IT rollout has also been wise,” he says. He proposes to achieve this migration by “using deployment tools influenced by the changing nature of the market’s and a mix and match of everything, including complete reinstalls.” demands. What works for us is that the internal deogiri is also quite clear about what the upgrade will result in — easier experience [of adopting Vista] gives us confidence administration of It resources and better manageability. but since de beers has in training our students,” says Udai Singh, faced problems with Vista in areas like lack of drivers, browser incompatibility, executive VP of NIIT. Java incompatibility, and a lot of third-party applications that don’t install or work The partnership between NIIT with Microsoft with Vista, he is prepared to wait until these issues are resolved. nevertheless, dates back to 1993. Since then, NIIT has been deogiri is bullish about Vista. “the security advantages of Windows Vista will help trying out new technologies internally to better us safeguard proprietary data on portable computers and devices, enhance user design course materials and figure out how productivity, and guard the integrity of our entire network,” he says. customers can use new technologies. This relationship enabled NIIT to be close with — balaji narasimhan

SloW and Steady d

Deploying tImES

Vol/2 | ISSUE/04

REAL CIO WORLD | J A N U A R Y 1 , 2 0 0 7


ImagIng by an Il t


P Hoto by kaP Il SHrof f

Enterprise Software


internally on about 3,000 computers at various locations, including the corporate office at Gurgaon, over the next 12 months. “Once the consumer versions are available, we’ll be deploying it across the board, including training centers and in-house. Our education system, which has between 4,000 and 5,000 PCs will have Vista soon,” says Singh. While testing and deploying Vista, Singh and Dikshit figured out that, in addition to its various security and productivity features, Vista also featured comprehensive support for deployment, administration and remote management. This came handy, especially in the context of the market requirements of the current IT education business. “Many new roles have been created in the industry and we find that our students, when they join the market, face the need to do a lot more invasive tasks such as system administration, remote support and software deployment. Some of these tasks were difficult with XP. In Vista, a lot of these issues are addressed. We could even have a second OS installed on the same machine like a virtual PC. This has opened up new opportunities in the way we design courses,” explains Singh. Unlike TCS which developed its own zerotouch deployment application, NIIT gave Vista's deployment features a shot. “With Vista, we don’t need people to go from computer to computer, installing software,” says Dikshit. Vista’s Business Desktop Deployment makes it a thing of the past. “The average user doesn’t need lot of applications. For most users, we can create a backend and remotely deploy apps, without user intervention. But it requires careful planning,” he says. The OS is deployed using a hardware independent image format called Windows Imaging Format (WIM). This imaging technology can help an organization maintain only one image of the OS to deploy across machines with different hardware configurations. It enables enterprises to maintain and patch deployable instances of the OS, without having to rebuild new images. These installation images can be deployed o rg a n i z at i o nw i de using Vista’s Business Desktop Deployment and Windows Deployment Services that help enterprises to integrate various tools and platforms and perform end-to— Udai Singh, executive VP, NIIT end deployments.

J A N U A R Y 1 , 2 0 0 7 | REAL CIO WORLD

“tHE concErn SHoUld not bE If tHE oS WIll Work, but whether we can exploit all its features”

Enterprise Software

“These features make support easier for us. As our offices proliferate, we don’t need to add more people to support them,” says Singh.

Vista’s blUES

a dEPloymEnt Contest

Despite the host of new, improvements, Vista has its share of troubles. The two most prominent are or nIIt limited, knowing how Vista worked went beyond the cIo’s perspective. application compatibility and costs involved in It would also impact the company’s core business — teaching software getting the machines to pack the kind of punch applications and development. needed to run Vista. “We started with about seven to 10 Pcs from when the alpha [version of Vista] “We have found application compatibility with was turning into beta one,” says Udai Singh, executive vice president of nIIt. an third-party tools and Vista’s performance on r&d group within his team looked at the technology. 512MB RAM — which is the minimum required Pankaj dikshit, a deputy general manager with the company, whose team on machines to be Vista-capable — to be the two handles system integration internally, came up with the idea of running a contest major irritants in using Vista,” says Kumar of built around a larger one that microsoft was sponsoring. the idea, he explained, was TCS. Microsoft’s Srivastava continues, “Application to find a cross section of users as well as hardware within nIIt. compatibility is the top concern for most In april 2006, Singh and dikshit gave nIIt staffers early information on Vista and organizations. Although most legacy applications asked them to participate. “We created our own portal, asked them if they wanted will run on Vista without modification, there are to be end-users; and the technical people could learn new ways of deployment to always exceptions.” help others use Vista,” says dikshit. Diskshit of NIIT also faced similar issues with In July, when microsoft had its worldwide deployment contest, pitching Vista during the pilots. “There were compatibility geographies against each other, Singh and dikshit ran their own contest within issues with some legacy applications. For instance, nIIt. Staffers competed on knowledge of new features and ability to use them. the ERP client came from a different vendor and In effect, an internal local event was organized around the global event. this, says not all the compatibility problems were handled,” Singh, made it easy to get the first 50 volunteers across the organization, rather he says. “Device drivers were also not available for than handpicking them. He got volunteers both across the cross section of work various hardware systems. Our users had moved to that people did and across the cross section of hardware they used. Vista but couldn’t access wireless connectivity until “this gave us the confidence to move to the commercial versions. We had a core the drivers were available.” team that helped determine the features that the new operating system comes with Vista has a number of tools to assist with and what we need to use it well,” he says. So, new hardware bought was always in application compatibility planning and that context. “from april, every system we bought has been Vista-ready.” integration. One such tool, the Application — Harichandan arakali Compatibility Toolkit (ACT), helps reduce the time and cost of integrating legacy applications to Vista. ACT is available for free. According to migration. This ensured that we have a standard environment Microsoft, the newest version of the toolkit, ACT 5.0, uses across the board for the next three years,” says Singh. a community-driven model, allowing organizations to take Even while the retail version of Vista is not yet commercially advantage of accumulated knowledge and experience in available, enterprises are already rolling out VistaThey are planning their deployment. now eagerly awaiting the release of the server version. “Vista can run applications as far back as Windows 95 Kumar notes that Vista’s inbuilt security and self-healing using Microsoft Virtual PC Express. Virtual PC Express technologies have increased user productivity, reduced TCO creates a virtual legacy OS within Vista, allowing Vista and eased the pressure on internal helpdesk. “The right mix desktops to run legacy applications until compatibility issues of technology allows an easy deployment compared with the can be addressed,” explains Srivastava. traditional way of deployments of desktops and management The costs of hardware upgrades or procurements is also across thousands of PCs in an organization,” adds Diskhit. a issue. Vista needs a powerhouse to run. The Vista-ready Singh of NIIT, however, throws a word of caution for machines need to have a dizzying 1GB RAM, along with enterprises keen on adopting Vista. “It will pay to upgrade DirectX9 capable graphics card supporting at least 128MB the knowledge of technical people in the organization first, memory, and over 15GB of free space on the hard disk. In and then plan and deploy Vista. The concern should not be order to reduce TCO and upgrade overheads, both Kumar and whether the OS will work but whether we can exploit all its Singh have synchronized their Vista rollout with periodical features well,” stresses Singh. CIO hardware refresh cycles. “Since the last upgrade was three to four years ago, we With inputs from Assistant Editor Harichandan Arakali synchronized the hardware upgrade at NIIT with the Vista Send feedback on this feature to and


Vol/2 | ISSUE/04

REAL CIO WORLD | J A N U A R Y 1 , 2 0 0 7


The 'CIO OS Survey' was conducted online. Readers of CIO India were invited to take the survey via e-mail. The results shown in this report are based on the responses of 109 senior IT executives of medium to large enterprises. The margin of error for this study is plus or minus 1 percent.


Which server OS does your enterprise run on?








Linux + Windows


Unix + Windows


Linux + Windows + Unix





Do you have plans to migrate to another OS?

Why not?







Why do you plan to upgrade or switch?

Already committed to another OS 3%


Software upgrade costs too great

To help with scaling-up operations



Features are not sufficiently compelling

For future-proofing my organization



User interface changes too dramatic; user (re)training will be an issue 13% Support for other OS inadequate or costs too much 16% Other 8% Unspecified 2% Don’t know

To cut down on OS license costs

We will try to synchronize the "migration with the hardware refresh cycle."

— Sunil Mehta, senior VP & area systems director (Central Asia), JWT

upgrade "willTheresult



Which OS will you move to?

9% 35%




in easier administration and better manageability." — Sanjay Deogiri, information & communication technology manager, De Beers India



When does your organization have plans to migrate?


Will you upgrade existing systems or wait to buy new ones?

6 22%

In next 6 months 35%

Not sure/ undecided

In next 7-12 months 30%



In next 13-18 months


13% Later than 18 months


Phase in new

9 8

How are you going to support the migration?

What type of end-user training are you planning to provide?

Not sure / undecided 9%

13% Brief introduction only 44% Full- or part-day introduction 17% Series of classes

Both internal and outsourced teams




With an internal IT team


Don’t know/haven’t decided

Outsource it Note: Some percentages may not total to 100 due to rounding

Vista_SURVEY - 01.indd 45

Leading Microsoft into the world of software-as-a-service (left to right) CEO Steve Ballmer, VP of Server and Tools Marketing Andy Lees, and COO Kevin Turner

Enterprise Software

By Ben Worthen

BEyond Inside Microsoft’s plan to dominate the Web 2.0 enterprise.


Reader ROI:

What tools Microsoft believes CIOs will need in the future built on Web services How it plans to provide those tools Where Microsoft will fit into the CIOs ITstrategy going forward

Vol/2 | ISSUE/04

very decade or so, a new platform emerges that reduces the cost of running an IT department to such an extent that vendors have no choice but to embrace it or die. In the 1990s, PCs with powerful operating systems spelled the end of mainframe development and ushered in the client/server era. Today, cheap servers and high-speed Internet connections are triggering a move away from traditional desktop PC software and to software-asa-service, hosted by a third party and delivered over the Internet. No company has as much to lose from this shift as Microsoft, which dominated the client/server era on the strength of its Windows operating system. Microsoft is currently enjoying a moment in the spotlight thanks to Vista, the fruit of five-plus years of development and what Microsoft COO Kevin Turner calls the “biggest R&D investment in the history of Microsoft and arguably the history of business.” But Vista isn’t a part of the software-as-a-service trend, and all the pomp and circumstance around its release mask a growing concern inside the company, one that comes through in executives’ demeanor, internal communications and candid conversations about what the IT world will look like five years from now: software-asa-service is a threat unlike any the company has faced before, and REAL CIO WORLD | J A N U A R Y 1 , 2 0 0 7


Enterprise Software

Microsoft must make dramatic changes if it wants to remain the most important technology company in the world. Microsoft has started to develop a software-as-a-service strategy over the past year. Its initial offerings — Windows Live and Office Live — provide Web-based mini-applications. But those services are only a small part of the grand vision that CEO Steve Ballmer, COO Kevin Turner, Chief Software Architect Ray Ozzie and others hope will make Microsoft as indispensable to the Web 2.0 enterprise as it was to the client/server one. In a series of exclusive interviews with CIO, Microsoft executives explained that Web-based applications are just the beginning, and that the company’s future lies in developing the tools CIOs will need to manage the softwareas-a-service environment. “It’s easy to whip up a Web app, throw it online, and say it’s for businesses,” says Ozzie. “But that’s a naive view of what CIOs have to go through.” To Microsoft’s way of thinking, the Web services world will make a CIO’s life messy and difficult. While each software service that a company subscribes to will be cheaper and easier to operate than its client/server counterpart, collectively they will make the enterprise exponentially more complicated, unless CIOs have tools to provision and manage those services as a suite. Microsoft vows to develop those management tools and make them the centerpiece of its enterprise business. Once those tools are built and deployed, Microsoft says, it won’t matter if the applications an IT department supports are Web-based services hosted by an outside party, client/server software hosted internally, or a combination of the two. “[CIOs] have to have a way of provisioning an account, providing the initial connection and user interface,” regardless of an application’s source, says Ballmer. “At least that’s our vision.”

1999 TOTAL REVENUE rs 88,650 crore

Where Microsoft SEES ItS opportUnIty The widely preached gospel of software-as-a-service says that companies willing to give up the control that comes from running an application internally will save money by not having to maintain and host those applications and, by freeing up those resources, will become more agile and productive. CIOs running services, the gospel goes, don’t have to buy and operate farms of servers or trudge from desktop to desktop upgrading software. Instead of a model that encourages long, costly upgrade cycles (the very model upon which Microsoft built its enterprise empire), software-as-a-service allows for small, steady, incremental improvements. That’s just one reason it could kill CIOs’ appetites for traditional client/server software like Microsoft’s. Furthermore, all a user needs to access a Web-based application is a browser — not a robust operating system tightly integrated with the application. Therefore, unlike in its past battles with Netscape and others, Microsoft cannot rely on its Windows strength to pull its bacon out of the fire. And while Microsoft argues compellingly that it would be foolish not to take advantage of all the processing power a PC offers, the company is simultaneously planning for a future that will rely upon less powerful mobile computing devices and ubiquitous high-speed Internet connections.

CloSIng WIndoWS, opening Doors oS and applications revenue, once the stars of Microsoft’s financials, continue to lose their luster. the company’s future plans emphasize the




But even Ballmer admits that right now, a vision is all it is. Microsoft has accepted and internalized the idea that the software market has shifted ineluctably to services, and the company has seen there a critical opportunity to move forward. But to succeed, analysts say, to change its corporate strategy, identity and DNA, Microsoft must overcome equally critical barriers of technology, strategy and culture.

server and tools division,


which the company believes will produce an increasingly large slice of its overall revenue pie.

39% Other*


2005 TOTAL REVENUE rs 193,600 crore


29% Applications 25%

22% Other*


* other revenue, as of 2005, includes Microsoft Business Solutions, MSn, Mobile and Embedded devices, and Home and Entertainment.

3 4 J A N U A R Y 1 , 2 0 0 7 | REAL CIO WORLD

Vol/2 | ISSUE/04

Enterprise Software


The hard truth is that Microsoft has no choice but to confront software-as-a-service. But rather than fighting it, Microsoft looked for an opportunity. And, it says, it found one. “Some people say that [software-as-aVista’s flexibility should appeal to CIos with smaller service] is a panacea and that everybody staffs, but its hardware requirements will be tough on should immediately switch off everything their wallets. they have and go to this world,” says Andy Lees, VP of Microsoft’s server and tools marketing, his sarcasm foreshadowing what ow that the marketing onslaught for Microsoft’s new Vista operating comes next. “But here’s a problem with it: system has begun, mid-market CIos will have to present upgrade plans to the first service that you have is beautiful, CEos — many of whom will probably get their information about Vista from the the second service that you have is kind of aforementioned marketing. CIos who’ve been beta testing the new oS say you’ll nice; from then on you have all of the same like the security improvements, but you’ll want to roll out slowly for reasons that problems that you had before.” include Vista’s beefier system requirements. In other words, the CIO still needs to past versions of Windows made control over desktop settings an all-ormanage a lot of applications. It’s just that this nothing proposition, but Vista lets CIos give users more freedom by treating each time the applications are hosted somewhere configurable element differently. CIos can, for example, give users permission else. It’s a problem that CIOs are aware to change the system clock time but prohibit them from loading information of, even if the conventional wisdom (and through USB drives. this flexibility should particularly appeal to mid-market CIos enthusiasm) surrounding software-as-awith smaller and more time-pressed It support staffs. So should the security service often ignores it. improvements, including a myriad of fixes to Xp holes and bugs, and a new feature “Managing multiple services applications called Bit locker, which encrypts local files and makes it harder to access data on — as well as the things you run yourself — is a stolen or lost laptop. going to be a challenge,” says Joseph Devenuto, In Microsoft’s estimation, companies currently standardized on Windows Xp CIO of Norton Healthcare, a hospital chain can reduce It labor and support costs rs 1,575 per pC by moving to Vista and in Kentucky. “You’re looking at a world around rs 15,300 per pC by upgrading to all the Vista-related infrastructure of headaches.” products (including firewalls and Active directory). But it’s unlikely mid-market When someone leaves a company (for companies will be able to do either because of the new operating system’s dramatic purposes, let’s say a disgruntled hardware requirements. Microsoft advises enterprise customers to run Vista on accounts payable clerk is fired for gross computers with at least 40gB of storage, 1gB of memory and a 1gHz 32- or 64-bit misconduct), instead of deleting her account processor—meaning that most mid-market companies will have to buy brand-new from the internal systems, a CIO in a services computers in order to support it. environment would need to make sure that “We can’t replace every desktop,” says Joseph devenuto, CIo of norton all the software providers — everything from Healthcare, a rs 4,500 crore hospital chain in Kentucky. So devenuto will upgrade e-mail to CRM — make the change in their to Vista on his normal technology refresh cycle, which covers about 25 percent of systems, Lees says. Since the disgruntled exhis 5,000 machines a year. Microsoft’s Brad goldberg, a general manager in the employee can access the hosted applications Windows division, suggests that mid-market CIos doing phased-in rollouts start through a browser on any device, the with laptops, since the security benefits will be felt the most by mobile users. risks multiply. devenuto has one other concern. “the look and feel of Vista is different,” he says. “Quick, get all the IT guys and dial in to that means that mid-market CIos could end up with one additional expense that those six, seven, 15 different systems that you they hadn’t counted on: training. no longer own,” says Lees. “you’ll you’ll need at least an hour to teach people the intuitiveness of it,” he says. y Obviously, you can do that, says Ballmer, — B.W. but the problem is that doing so will devour a disproportionate amount of time and resources. Microsoft’s vision is to come up exceptions, he adds. Today’s CIOs “spend all their time with products and services that allow CIOs to manage configuring and changing and monitoring,” Lees says. Web applications — as well as internal client/server ones “[CIOs] feel like cost and complexity weigh them — from a single place. In addition to providing a central down,” says Ballmer. “I want to make sure we’re place for provisioning, Microsoft, according to Lees, will eliminating that cost and complexity and letting them let CIOs set rules and enforce policies — for example, all focus on taking advantage of new innovations and things orders must be processed by 3:30 in the afternoon. And that can add value to the company.” workflow features will help CIOs automatically manage

tHE BIg Upgrade n

Vol/2 | ISSUE/04

REAL CIO WORLD | J A N U A R Y 1 , 2 0 0 7 3 5

Enterprise Software

What’s the Answer? StEVE? KEVIn? rAy? Microsoft is a product company, and for the past decade its Windows and Office products have stood head and shoulders above all others. Historically, those two business units have been responsible for almost all of the company’s earnings. However, that’s changed over the past several years. Revenue for Windows and Office has remained relatively flat, while the server and tools division has posted double-digit revenue growth for 16 straight quarters. Today, the server and tools division is almost as large as the veteran groups — generating 22 percent of Microsoft’s Rs 198,000 crore in revenue, compared with 29 percent and 25 percent for the Windows and Office business units respectively. If the company is going to reinvent its enterprise business around one of its units, this is the one to pick, says Rick Sherlund, an analyst who covers Microsoft for Goldman Sachs. But creating tools that allow CIOs to manage, configure and provision a suite of disparate applications is both a technical and strategic challenge. And no one, inside the company or out, can articulate exactly how Microsoft is going to get there. Ballmer says that Microsoft has many of the tools in place but that they are “certainly not anywhere close to sufficient,” adding that “no one product is this vision.” However, he believes that Microsoft has the right combination of enterprise and Web experience to pull it off. Oracle and SAP, he argues, have a scope limited to their suite of products. IBM has reinvented itself around consulting services. No other company besides Microsoft, says Ballmer, combines as much enterprise and Web experience with a rich understanding of business process. Analysts, however, say Microsoft’s competitive position may not be as strong as Ballmer describes. For starters, managing a customer’s computing resources is something that Microsoft has historically left up to partners. “They have to piece about moving toward managing services,” says John Rymer, an analyst at Forrester Research. Microsoft knows how to help CIOs manage its own products, but incorporating other companies’ products is a substantial leap, Rymer says.


work of supporting a plethora of applications easier: software-asa-service

3 6 J A N U A R Y 1 , 2 0 0 7 | REAL CIO WORLD

The biggest leap, without a doubt, is that Microsoft’s vision requires it to embrace a heterogeneous computing environment. Yet Microsoft executives, historically averse to working with anything they haven’t built themselves, seem united in their commitment to supporting nonMicrosoft technology. “We want to do it whether you’re developing [applications] or whether you’re consuming them, and whether we’re delivering them or whether someone else is [delivering] them for you,” says Lees. One factor could make Microsoft’s work supporting this plethora of applications easier: software-as-a-service applications all have the same delivery mechanism — the Internet — which requires that they be built with a specific set of standards. These standards — XML, SOAP, WSDL and UDDI — are the same ones that Microsoft and IBM helped push through standards organizations like the W3C and Oasis at the beginning of the decade. Microsoft will have an easier time using these standard protocols to integrate with Web-based services than it would integrating with a more traditional client/server application that uses a proprietary standard, says Dwight Davis, an analyst with Ovum Summit. There’s probably a market for Microsoft’s vision, says Dave Girouard, general manager of arch rival Google’s enterprise division — and it may not be that difficult to achieve, since software-as-a-service providers are going to want their applications to work with a CIO’s existing infrastructure. But provisioning and single sign-on are one thing; deeper integration, like porting data from an online CRM system into a legacy ERP package, will be complicated, promises Girouard. And in the end, superficial integration will not be enough to charm CIOs. The reason that companies will adopt a particular software as a service is that its features are a good fit, says Roger Kay, president of consultancy Endpoint Technologies. Giving CIOs a single place where they can manage their software services is a great idea — but only as long as the management interface preserves the array of features that drove a company to choose a particular software service in the first place, Kay says. Can Microsoft truly make all sorts of Web applications communicate well and play nicely? “That’s really ambitious,” says Kay, noting that Microsoft will have to interact with all kinds of proprietary file formats. “It doesn’t mean that they can’t do it, but it will be hard.” If Microsoft really wants to be the vendor that companies turn to for managing their IT assets, it will have to learn how to support, well, all of a company’s IT assets. “They have to be willing to go cross-platform, and historically Microsoft hasn’t been willing to do that,” says Goldman Sachs’s Sherlund. “It’s a bold strategy that will require broad support of other platforms and knowledge of other systems.”

Vol/2 | ISSUE/04

At the moment, all Microsoft is offering is talk. But at least it’s talk that CIOs already using open source want to hear. “The reality of the world is a lot of companies are built through acquisition,” says Ron Markezich, Microsoft’s CIO. “As you build through acquisition you have a lot of different platforms, and the CIO doesn’t always have the power or the budget to standardize.” Markezich says that it will be up to Microsoft to learn how to work with the other systems. “Take open source,” he says. “We interact with it now, but it’s difficult. But it’s something we have to do.” For a Microsoft executive, using open source in a sentence without an introductory pejorative is the first step in what promises to be a multiyear struggle.

Can they pUll It off? Putting the technology challenges aside, there are other reasons to doubt Microsoft’s ability to execute its vision. “Their approach has always been ‘put in our stuff’,” says Forrester’s Rymer. Changing that will require a large cultural shift for a company that has more than 71,000 employees and is about to lose its guiding visionary, now that chairman and co-founder Bill Gates announced in June that he will leave the company in 2008. Another challenge is this cultural shift will have to take place at the same time the company is marketing Vista and Office, two products only tangentially related to Microsoft’s long-term strategy. Over the next year-plus, it’s unlikely that a CIO will be able to turn on a TV or read a magazine without seeing an advertisement for Office or Vista. This will keep the company’s marketing and sales organizations squarely focused on the company’s old product-oriented business model. In fact, for all the talk about the Live initiative in the business and IT press, trying to find out about it from Microsoft’s sales department is very difficult. Barbara Gordon, Microsoft’s VP of enterprise sales, says she doesn’t sell ‘Live’ anything and doesn’t know when her organization will. They’re focused on selling Vista. Customers see this reality too. “I don’t think that Vista is the link between the current environment and the Web services one,” says Norton Healthcare’s Devenuto, who has been beta-testing Vista for Microsoft. It’s a more secure operating system, he says, “not a transitional tool.” And, while reinventing its enterprise line, Microsoft is taking on Google and Yahoo for consumer applications, and Sony and Apple for consumer devices — game consoles and

Vol/2 | ISSUE/04

Enterprises will have to manage trust between components of composite applications, says Ray Ozzie, chief software architect, Microsoft

tHE WEB 2.0 World According to ozzie We asked Microsoft Chief Software Architect ray ozzie: Besides managing the use of disparate Web services, what other challenges will CIos face in the new era of software as a service?


zzie cites two big hurdles: Building composite apps and managing trust boundaries between Web apps. “We’ve talked about composite apps as an industry for years, and it’s finally really happening. We’ve been talking about XMl and Web services for a long time...and people are finally using those technologies to weave together systems both within the data center and with partners,” ozzie says. “At the scripting level...mash-ups and page-level composition have proven to be quite useful. Even though it’s not deep, it’s really easy, and you can get things together very quickly, so that’s very powerful. And at the end user level, individuals are bringing together a number of different things that are useful to them in terms of small services, whether inside or outside. you can almost think of this as business intelligence for the masses, and we feel that there’s a huge opportunity within office, at that level, to help people weave together multiple services. “In terms of managing trust boundaries, one of the huge challenges that enterprises are going to have is...managing trust between components of composite applications. In a services world, if you have a service and you want to incorporate a partner’s composite, a component of that service, it’s very easy to just give them a password and a Url and they have access to all your internal data. “We believe there should be significant auditing within service components — such that when you do expose a partner to certain enterprise have a complete record of the kinds of things that their app did.” —B.W.

REAL CIO WORLD | J A N U A R Y 1 , 2 0 0 7 3 7

Enterprise Software

music players. “If I were a CIO I would wonder if the investment in MSN and Xbox is a distraction that will not allow them to deliver [on their enterprise strategy],” says David Yoffie, a professor at Harvard Business School. “Any company, no matter how large, has a limited number of A teams. Do you put that team on search or Xbox or the vision that you described?” Microsoft counters that it doesn’t comment on the makeup of its project teams but that the number of people working on the software-as-a-service management tool will increase as Vista and Office development efforts wind down. But even if it is able to redirect significant energy to the enterprise, the new vision requires that the company move outside of its traditional comfort zone. “Microsoft’s management offerings [such as the Microsoft Management Console and Active Directory]

— have historically been spotty,” says Davis, the Ovum Summit analyst. “So it doesn’t arrive at the table with any overarching credibility.” Microsoft’s executives are all saying more or less the same things about the company’s need to embrace a heterogeneous IT environment and the opportunity that managing software as a service presents. That has to continue for Microsoft to reinvent itself. “Talking the talk is step one when you are trying to change culture,” says Laraine Rodgers, a change management consultant. But while Microsoft’s executives are preaching the gospel, their language sometimes betrays the company’s famously closed culture. Lees, for example, introduced the concept of supporting applications built on non-Microsoft platforms by saying that’s “what’s called interoperable,” as if no one in the room had ever heard the term before. Slips like this demonstrate just how large a change Microsoft is trying to make. Ozzie, the man replacing Gates as the chief visionary, says supporting a Web services environment is just a logical extension of the expertise to provide products and services that will help CIos manage t Microsoft developed in the disparate Web apps, Microsoft must overcome at least three client/server era. And at the end of the day, Ozzie says, the same serious technological challenges. skill set that made Microsoft the most important vendor then — an understanding of business Building management tools. Microsoft isn’t known for providing management tools, issues like security, manageability says John rymer, an analyst at forrester research. right now it leaves that to partners and compliance, as well as its like Amberpoint. “[Microsoft] has products that let you manage Microsoft servers,” says experience with development rymer, “but I dare say that if you talked to the 10 It shops that are using it, they would say tools like .Net — will prove to be it was for the development tools — not management.” the most important factors in the software-as-a-service world. Supporting applications built on non-Microsoft platforms. Microsoft has Microsoft has the experience promoted some open standards around XMl l and Web services, says rick Sherlund, an to build the tools that will make analyst who covers the company for goldman Sachs, but actually supporting applications the services era manageable, he built on non-Microsoft platforms isn’t something that the software giant has done. “I hear says. “It’s unsexy,” Ozzie says, them say [Microsoft’s future enterprise environment] will be heterogeneous, and maybe “but it’s what’s going to make there are things they can do to help people to bridge that environment,” says Sherlund, “but [hosted] services as important as we haven’t seen the pieces of that.” one place to look for clues as to whether Microsoft is technologies inside the data center making progress working with cross-platform technology is in its longhorn server, which are today.” CIO is slated to be released by the end of 2007.

now Comes tHE HArd pArt 1



Preserving the unique features of services while integrating them. Companies will choose one software service over another based on features. Microsoft’s challenge will be developing technology to work as a common interface with these applications without eliminating some of the more specialized features, says roger Kay, president of consultancy Endpoint technologies. t that will require Microsoft to develop technology that interacts with all sorts of file formats. And if it can’t deliver,” Why would you bother with it?” he asks. —B.W. send feedback on this feature to


J A N U A R Y 1 , 2 0 0 7 | REAL CIO WORLD

Vol/2 | ISSUE/04

Enterprise Software

aND By Michael GartenBerG

Deploying Vista is no game of dice. Here's the upside and the downside.

What’s Hot Improved reliability and security. Windows XP was a good OS, but five years ago, no one foresaw the security and reliability issues that would plague PCs. Microsoft has learned a lot since the launch of XP, and it shows. Vista is much more stable and secure than any previous version of Windows. Protected-mode Internet Explorer. One of the biggest vulnerability points has been the IE browser. While the new IE7 addresses a lot of security issues, IE7 running on Vista is better. Running in protected mode, IE7 is totally isolated from the rest of the OS and protects against malicious code. Aero Glass. Computers on TV never run XP; they run slicklooking user interfaces (but, alas, draw text on-screen as if it’s moving at 300 baud, with annoying sound effects). It’s mostly eye candy, but it’s really nicely done eye candy. Vista’s user interface is actually pretty slick and might even look good on CSI. Reverting to XP after using Vista with the all of the Aero elements enabled is a chore. This is how computers should look in the 21st century. Media centricity. Media is a first-class citizen in Vista. Tight integration with Windows Media Player and the Windows shell make it really easy to browse, navigate, tag and play all the content that’s important to you. Music, pictures and video all work just the way you think they should.

Vol/2 | ISSUE/04

What’s Not Gratuitous UI changes. I love the user interface, but I have a lot invested in the old Windows experience, and some of the changes just make no sense to me. It also seems that, given the size of some of the targets you have to home in on with your cursor, Microsoft is hiring a lot of young workers who have great eyesight and use high-resolution monitors. Performance. All this goodness comes at a price. While most features are enabled to some degree on stock PCs, older machines just won’t be up to snuff. If you want to run the latest and greatest with all UI features enabled, you’re going to need an upgrade. Older laptops in particular are unlikely to be able to run Vista well with all the UI stuff turned on. Compatibility. This isn't a new problem, but Vista will confront business users for the first time in a long while with major backward-compatibility issues. In general, drivers and low-level utilities will be the worst hit, but all critical applications will need to be tested carefully to see what works and what doesn’t. Cost. There’s more to the cost of migration than the price of the operating system. Installation, testing, hardware and software upgrades have to be factored in. That means wholesale migrations are going to be costly.

Bottom lINE There’s a lot to like in Vista. While most organizations will be best served by a phased migration, many users will be able to benefit immediately. Either way, Vista is on the short-term horizon, and it’s best to start planning now. CIO Reprinted with permission. Copyright 2006. Computerworld. Michael Gartenberg is VP and research director at JupiterResearch. Send feedback on to

ImagIN g by UNN IkrISHN aN aV


icrosoft announced that it's on track to deliver Vista in January 2007. What does this mean for you? Every organization will need a policy for Vista deployments soon. When Microsoft launched Windows 95, I estimated that about Rs 2,250 crore would be spent on marketing. This time, it’s likely to be over Rs 4,500 crore. I see four major things that are compelling about Vista and four big issues with migration. Here’s they are:

REAL CIO WORLD | J A N U A R Y 1 , 2 0 0 7


Vista is a good release says gartner's Michael Silver. How beneficial, is up to you.

Interview | Michael Silver

MIG IGrat ratIIon

By Team CSO

Gartner analyst Michael Silver discusses Vista security issues and migration pitfalls and what you should be doing now to avoid problems.

comes from. It’s not when you would start working on a migration, but it will take most organizations 12 to 18 months to do all the preparation that they need to do leading up to a migration that starts for mainstream users in 2008. To really begin your migration in 2008 for most of your users, you’ll need to begin pretty soon by taking a look at your applications and working with your application vendors to understand when they’re going to support Windows Vista and with what versions of their products.

Vol/2 | ISSUE/04

IMaGIn G by an Il t

cSO: at the Gartner conference in San Diego in June, Gartner recommended that enterprises consider a phased migration beginning in 2008. Why 2008, and is this still Gartner’s recommendation? Michael Silver: It’s really important to understand where the 2008 date

real ciO WOrlD | J a n u a r y 1 , 2 0 0 7


Interview | Michael Silver

What types of questions should they be asking their vendors?

Well, there’s two pieces to application support. The first is: will my application work? That’s something they should be asking their vendors and verifying for themselves as well. The second piece is when will the vendor actually support them on Windows Vista for a specific application, and on which version? If it’s not the version they’re using, that means that they may need to take a look at upgrading as well, which could delay the project or make the planning phase take longer. If the vendor is not planning on supporting Windows Vista for their product for some time, and the organization really needs to use that product, that could be a showstopper. Organizations need to decide how critical these products are and for more critical products, they may decide that the risk of moving to Vista without a safety net, without the vendor officially supporting that product on Vista, may actually be too high. how long should the evaluation phase be when you’re considering a migration?

It’s evaluation, but it’s also testing, building images and doing pilots. So that’s where we believe this 12-to-18-month time line comes in. You’re not actually doing headstand work that whole time. Part of that time you may actually be waiting for some of your application vendors to support Windows Vista. The larger application vendors should support Vista relatively quickly, but as you start looking at smaller vendors and more vertical applications, it’s certainly likely that those vendors won’t support Windows Vista right out of the box and you may be waiting some number of months, or even more than a year, for them to actually support the operating system. So during that 12 to 18 months, there’s testing of your applications, training of your technical support staff and planning for user training, if any, which is probably more required for Office than for Vista. And we 42

J A N U A R Y 1 , 2 0 0 7 | real ciO WOrlD

also include a three-month pilot program in that 12 to 18 months, so that’s sort of how it all breaks down. What would you say the top issues are for a company that’s considering migration?

The top issue is always applications, applications, applications. A large company may have hundreds or thousands of applications. In fact, my rule of thumb is that if I divide the number of users at a large organization by 10, I get roughly a number equal to how many applications they have to worry about. So a 10,000 user organization may have 1,000 applications. Not all applications may be officially supported by IT, but when push comes to shove, if users consider their apps business critical, IT needs to support them to some extent, or at least make sure they work before the migration starts. You need to get a handle on what your applications are, which ones are actually in use, which ones may not be in use, how many users are affected by each and then testing and, again, working with those vendors to understand the time line for application support. is there an estimated total cost of migration for desktop at this point?

“The top issue for a company conSIdErInG MIGratIon IS alwayS applications.” — Michael Silver

When we look at migration costs, we look at costs for two different kinds of users: structured task workers and knowledge workers. The structured task workers usually have many fewer applications that the IS organization has to worry about. Beyond the type of user, we also look at how those users are managed. Are they totally unmanaged? Does the organization use tools to manage their desktops or are the users locked down to the point where they can’t install software by themselves? If so, they probably have half as many applications as the typical unlocked and unmanaged organization. The third component that I didn’t mention yet is enduser operations, which is lost productivity due to the move time out of the office, time in class, time reconfiguring your machine so it looks the same as it did.

Vol/2 | ISSUE/04

So the cost is really going to range, probably from less than Rs 45,000 per user, to maybe as much as Rs 90,000 per user, depending upon the type of user and how they’re managed. I know those numbers sound pretty high, and they certainly are, but some components of those numbers include hardware and software, and the more organizations move through PC hardware attrition, as they buy new PCs, they’re more likely to be able to bring those costs down significantly. One of the most important components of the number to look at is the IS labor component, which is probably closer to the out-of-pocket expense that the organization will spend on labor. It could be as low as a little over Rs 9,000 for a locked, well-managed task worker, or perhaps over Rs 31,500 for an unmanaged, unlocked knowledge worker. These numbers won’t be finalized for a few weeks. What users do you think will benefit from vista soonest, if any?

From an organizational standpoint, organizations that are running Windows 2000 are the ones that really need to jump on Vista quickest. That probably means starting their testing earlier and planning more rapid deployment. Microsoft will support Windows 2000 until the middle of 2010, but we’ve already heard from a lot of our clients that some of their application vendors are not supporting Windows 2000 for the newest versions of their applications. There are a lot of organizations who are still on Windows 2000, and they really need to start moving to Windows Vista before they end up with real support problems. You mentioned before that applications were the biggest potential issue for a migrator to consider. in Gartner’s experience, what are the biggest challenges in making in-house corporate applications run on vista?

A lot of new security features will be an issue, especially for in-house applications. So the best practice for a long time has been to make sure applications run as standard user, but in most internal application development shops, that wasn’t done. And frankly, in most ISVs (independent software vendors) that wasn’t done either. From an internal organizational perspective, that’s probably the biggest issue. We’ve heard from some of our clients that they have old 16-bit applications and some even have old 8-bit applications, some of which need to be updated or retired. But going through all the applications, making sure they’ll function as a standard user is probably the biggest issue for making sure that they’ll be compatible with Windows Vista. Do you expect that any of the security in the new vista system is going to have interactions with those corporate applications?

Well, it’s certainly possible. You know, a lot of organizations don’t run firewalls on their desktop PCs,

Vol/2 | ISSUE/04

and with Windows Vista, they’re more likely to really turn on that firewall function. They need to make sure that — whatever they do to lock down the user or configure the firewall — they configure the firewall to understand which applications are going to need to go through it, so that the user has as few elevation prompts or warnings as possible. What one OS feature, or enterprise requirement, would make vista migration a no-brainer?

“By the end of 2007, Vista will be installed on only about 9 percent of PCs, wHile less tHan 30 percent of pcs will HaVe tHe new operating system installed by end-2008.” Source: Gartner

What I’ve been hearing from my clients for the last three years is a real desire to lock down their desktops. So UAC (user account control) is probably the biggest thing in Vista for enterprises. UAC allows organizations to make their users standard users instead of administrators, and it does it without breaking applications. However, organizations really need to understand that locking down their desktop is more of a cultural issue, actually, than a technical one, and they need to make sure that the users who really need access to be able to install their own applications will still have that so they can get their jobs done. if you look at the enterprise requirements and features that would simplify vista migration, what restrictions or limitations are there that would make a ciO or cSO question it and say, “ah, i think i’m going to wait a year.”

Well, certainly this big question on application compatibility is one, and if you’re taking a look at doing what we would call a forklift migration, trying to move all your users at once, the hardware requirements certainly could be an issue. While I think to some extent, the hardware requirements have been a little bit overblown in the press, we do think that the best move to Vista is one that’s only done as new hardware comes in the door. And for most organizations who are going to start moving to Vista in 2008, a 2005 machine that they bought will already be three years old and not really a great candidate for migration. Looking at hardware, trying to figure out if forklift migration makes sense, or if maybe running Windows XP on their existing PCs until they are removed from the organization and just bringing in Windows Vista on new PCs may be a better idea. real ciO WOrlD | J A N U A R Y 1 , 2 0 0 7


Interview | Michael Silver

There’s been a lot of uproar in the security community about vista. Symantec wrote a few reports, different people are looking at different elements in terms of compatibility issues with existing security software, but also there have been viruses that have come out that were proof-of-concept. What do you think about vista’s security?

Well, a couple of things. First of all, the issues around PatchGuard that Symantec, McAfee and everyone has had are really only around the 64-bit version. We would say that the vast, vast majority of the market in the next couple of years will really be deploying 32-bit Windows Vista. So certainly if you’re deploying 64-bit Vista — and that’s really going to be mostly for your scientists, mathematicians, GIS users, very, very large database users — that’s definitely a concern that you have to worry about.

You’ve been using vista for a few weeks. Do you have any words of wisdom for enterprises based on what you’ve learned?

Test your hardware and test your software before you do anything. I think anyone who is in the early testing phases really needs to make sure that all of their critical applications run before they really start using Windows Vista in production. Security products, as you’ve mentioned, are some of the most important because in many cases, those have a very close tie to the hardware and to the operating system. For other issues, like virtual private networks, you need to contact those vendors and make sure that the VPNS run on Vista. WAN adapters, any special hardware that you’re running, really needs to be tested before you can fully commit to running Windows Vista in production. What items do you expect to be on the help desk’s F FaQ list 30 days after vista is installed?

whIlE a nEw VErSIon of wIndowS USUally brInGS SoME bEnEfIt, the bigger benefit is how you manage it — Michael Silver

The help desk will certainly be on the lookout for any user interface issues. Probably the biggest issues will be around security and perhaps elevation of permission, especially if users are now set to be standard users. Another big issue could be permission to open ports in the firewall, if the organization doesn’t configure those properly. Beyond that, I think some of the bigger questions will be around Office, which has really a radically new user interface, and many organizations may actually end up deploying Windows and Office 2007 together. in a nutshell, what do you think of vista for the enterprise?

The biggest security issue, I think, is that Microsoft has made such a big issue on it because they’ve really had a lot of bad security experiences over the last few years. I think anyone who is expecting to see a totally secure, impenetrable operating system is really going to be disappointed. Vista has some new security features that will be of benefit. Microsoft has vastly improved their security development processes, but no operating system is totally secure.

Overall, I think Vista is a good, evolutionary release. Don’t expect that it’s going to revolutionize your IT department. While a new version of Windows usually brings some benefit, the bigger benefit is always how you manage it. Just because Vista has the opportunity to help you lock down your users doesn’t mean that you’re going to do it. You still need to put a lot of process and policy and perhaps additional tools around the deployment of the new operating system to try to get the most out of it and really make a good, cost-justified business decision to move to it. ciO

We’ve already seen viruses targeting vista. are vista’s security measures enough to protect it as the malicious code evolves?

You know, again, nothing is totally secure. Microsoft has put in a lot of effort to try to fill in the holes and then to try to make holes that are found less exploitable. So some of the proof-of-concepts were done in the beta time frame, and I would think that Microsoft has removed most of those issues. But certainly, it’s unrealistic to think that Vista will be totally secure once it ships.


J A N U A R Y 1 , 2 0 0 7 | real ciO WOrlD

reprinted with permission. copyright 2006. cso. michael silver has been with gartner for more than a decade. He specializes in it asset management and personal computers. send feedback on this interview to

Vol/2 | ISSUE/04

Enterprise Software

VIS ISt ta’S ’S fEat atU UrES

Updated power options, a dashboard for core mobile concerns... See what else Vista has for notebook users.


ven though it’s covered with snow, the Microsoft campus is bustling in anticipation of launching Vista. I’m still running the thing on this fantastic HP DV9000 notebook that Microsoft’s PR firm sent me. That means I should do another Vista column, but the only thing I can think of that I haven’t already done or set aside for future pieces is a quickie on Vista-on-a-notebook. So here goes. First, the most blatant: the Mobility Center. Head over to Control Panel, then Mobile PC and the link is there at the top. It’s meant as a one-stop dashboard for your core mobile concerns: battery level, wireless network connectivity, external displays, handheld syncs, external displays or projectors, and more. It really is handy; I just can’t figure out why Microsoft dropped it three levels deep into the UI. It’s also available off the Accessories menu, but that’s still two mouse-clicks in. I also like the updated Power Options. All the old battery schemes are still there, but Vista adds a few new things. You’ve also got control over what the power buttons do as well as what happens when you close the notebooks cover. Basically, this lets you choose between Sleep and full Hibernate modes. The HP came with a 2GB USB flash drive that was pre-configured for ReadyBoost. No, this isn’t something a manufacturer has to do. You can turn any fast USB thumbdrive into a ReadyBooster by plugging in the drive

Vol/2 | ISSUE/04

and then instead of clicking the ‘Open folder to view files’ option, just hit the ‘Speed up my system’ option. Click the ‘Use this device’ option on the next screen and you configure how much memory space Vista is going to grab. Unfortunately, according to Microsoft’s ReadyBoost site, the best ratio for system RAM to USB RAM is almost oneto-one, so the 2GB drive I had was almost entirely devoted to performance across from the DV9000’s 2GB of system RAM. Finally, while you will notice some performance boost, I found this is a big deal only when you’re doing something heavier like cutting a DVD, making a big calc, or working with big docs. E-mail and browsing didn’t seem affected by ReadyBoost, which is good because running around an airport with a thumbdrive sticking out of your PC is a pain. Two deals that aren’t so useful are the Network Projector wizard and the Sync Center. I do quite a few sales calls and I’ve yet to encounter a networked video projector. It’s local. It’s S-Video or RGB, and that’s pretty much it. If I ever do encounter a networked video projector, I suppose I’ll like the functionality, but it seems like a rare instance for which to build an entire wizard. CIO Send feedback on this column to

ImagIn g by UnnIkrIShn an aV

By Oliver rist

REAL CIO WORLD | J A N U A R Y 1 , 2 0 0 7


Want to tES tES ESt t VIS ISta ta try VI VIrt rtU Ual alIIzat zatIIon

Testing Time

By Eric Lai

In a virtualized environment, users can try out applications and even operating systems — without having to formally install them.

VMware Server and Player: FEatUrE-rIch and FrEE Longtime virtualization market leader VMware offers both its VMware Server and VMware Player products to users for free. Using both products is necessary, says Srinivas Krishnamurti, director of product management at VMware, since VMware Server actually creates the Vista ‘guest’ — also called a ‘virtual machine’ — in a process very similar to installing the operating system on a PC. Users then install VMware Player on either

Vol/2 | ISSUE/04

Linux or any version of Windows up to and including XP, to run the Vista virtual machine. Going with VMware has several advantages, says Krishnamurti. Users can create Vista virtual machines for either 32- or 64-bit CPUs, and those with multicore PCs can allocate up to two CPUs worth of processing power to a single virtual machine. VMware also lets users create a Vista virtual machine once and run it on different PCs without tweaking. Finally, Krishnamurti claims that VMware, as the veteran in the marketplace, handles device drivers very well. “We’ve tested this pretty extensively,” he said. “But if you plug in some random USB device, and it doesn’t work, we want to know about it.” Krishnamurti does admit that the latest official versions of its Server and Player products support only USB 1.1, though beta versions out now do offer USB 2.0 support. Those updates will be released officially by the first half of next year, probably after Vista’s January 30 launch to consumers.

Parallels Workstation: FaSt and FUrIoUS Another offering is Parallels Workstation for Windows & Linux from Parallels. The firm made a splash earlier this year when Workstation’s sister product for the Mac was the first to allow Intel Mac owners to run Windows simultaneously with OS X. (VMware has subsequently released a similar product, while Apple’s Boot Camp lets users run either Windows or OS X, but not both at the same time.) Parallels announced recently that the latest update to Workstation, Version 2.2, will run Vista virtual machines. Workstation 2.2, which leverages virtualization technology built into newer AMD and Intel processors

ImagIn g by mm ShanIt h


iving together is a pretty accepted way for modern couples to test a relationship before marriage. So shouldn’t there be a way for modern computer users to test Microsoft’s Windows Vista before making the deep commitment of buying and installing it on their PCs? There is, using virtualization software. Virtualization is one of the hottest server-side trends today. The technology lets IT managers run multiple applications, with each encapsulated in its own ‘virtual machine’ — a setup that protects them from crashing one another and minimizes security risks. By letting servers safely run multiple workloads, IT managers can save bucketloads on hardware purchases. Maximizing CPU usage is less important for desktop users. But virtualization can still be useful, letting users try out applications and even operating systems without having to formally install them. There are three main virtualization options, all of which support Vista to varying degrees. All are free or offer free trial versions. We take a quick look at each, and then explain issues potential Vista testers face now that the operating system is completed but not yet released to the public.

REAL CIO WORLD | J A N U A R Y 1 , 2 0 0 7


Testing Time

for faster performance, will be able to run Vista Ultimate and Vista Business, which cost Rs 18,000 and Rs 13,500, respectively. Parallels Workstation itself costs Rs 2,250, though it can be downloaded for a free 15-day trial. But why pay for Parallels when VMware comes for free? For one thing, Benjamin Rudolph, marketing manager for Parallels, claims his company’s software runs much faster. “We think their product is a dump truck and ours is like a pickup truck,” he said. “Ninety-nine out of a hundred times, we offer all that customers need.” Zippier performance was also the assessment of our sister publication InfoWorld in its August review of Parallels Workstation. Parallels’ product suffers from some of the same disadvantages that VMware’s does. There is no USB 2.0 support today. There may be driver issues. And unlike VMware, Parallels does not support 64-bit guests or hosts at all now, nor can it delegate more than one CPU to a guest or virtual machine. All of those features will be present in the next major update to Parallels, which is due in the first half of next year, Rudolph said.

You Can aCCuRatelY teSt ViSta on YouR PC without uninStalling YouR CuRRent VeRSion of windowS, by creating a separate partition of about 20GB.

Microsoft Virtual Pc 2007: a blEnd oF both Microsoft got into virtualization when it bought Virtual P C in 2003. After VMware made its entry-level products free earlier this year, Microsoft followed suit, making Virtual PC 2004 free for all. While Virtual PC 2004 doesn’t run on Vista or support Vista virtual machines, Virtual PC 2007, currently in beta, does. Detailed instructions on downloading VPC 2007 and setting up Vista in a virtual machine are at Microsoft’s Vista blog. Virtual PC 2007 blends the capabilities of the products mentioned above. Like VMware Player, VPC 2007 can run on 32- and 64-bit PCs, though it can only create 32-bit virtual machines at the moment. Like Parallels, Virtual PC uses Intel’s and AMD’s chip virtualization for faster performance. And while Virtual PC can support a wide range of guest operating systems, it can itself only be installed on PCs running Windows as the base operating system, not Linux. 48

J A N U A R Y 1 , 2 0 0 7 | REAL CIO WORLD

One similarity between all three products is their inability to support 3D accelerated graphics. That means you won’t be able to test Vista’s Aero graphical user interface or play the latest first-person shooter video games. In general, virtualized interfaces tend to look rougher and ‘paint’ more slowly than non-virtualized ones.

Getting your Hands on a tESt VErSIon oF VISta Let’s say that you’re now convinced to take Vista for a test spin. Is it too late, now that Microsoft has closed its beta programs? Not at all. The release candidates and betas of Windows Vista, while not available from Microsoft anymore, will still work until June of 2007. Microsoft says that millions of people have downloaded and tested Vista. It’s likely that some of your friends or co-workers have copies. Craigslist and eBay certainly have copies available. Otherwise, you can wait until January 30, when consumer versions of Vista will be available in stores. According to’s Scot Finnie, our inhouse Windows Vista expert, users can install and run Vista as a virtual machine on top of, say, Windows XP for 30 days without activating Vista. But be sure you know the details of your store’s return policies, such as what the time limit is and whether you’ll have to pay a re-stocking fee. Microsoft officially recommends that users interested in testing Vista virtually buy the Windows Vista Enterprise Edition, which grants users the right to install one copy of Vista on a physical machine and up to four times in a virtual machine on the same device for the same user. But Enterprise Edition is available only to corporate volume license customers, putting it out of reach of any hobbyist or small business owner. And postings on Microsoft’s Virtual PC 2007 newsgroup seem to indicate that there’s nothing technically preventing you from buying and testing other versions of Vista using Virtual PC.

a Final altErnatIVE If you’re only interested in testing Vista and don’t think you’d ever want to use a virtualization program to test other software, there is an easier solution, said Finnie. You can accurately test Vista — including the Aero interface — on your existing PC without uninstalling your current version of Windows, by creating a separate partition of about 20GB on your hard drive and installing Vista there. This creates a dual-boot situation, so every time you log in, you can choose to run either Vista or your old version of Windows. When Vista expires in 30 days, you can uninstall it without having affected your original operating system. CIO

Reprinted with permission. Copyright 2006. Computerworld . Send feedback on this feature to

Vol/2 | ISSUE/04

Trendline_Nov11.indd 19

11/16/2011 11:56:19 AM

MakIng YoUr to VIS VISta ta

By Scot Finnie and Valerie Potter

Enterprise Software

You’re ready to release the clutch on Vista, you have the allocation, you have the green light from management, but do you know how to make it go vroom?

Vol/2 | ISSUE/04

is 256MB of dedicated video RAM. We have seen some 64MB dedicated video RAM mobile graphics processing units that support Aero nominally, probably because they share main system memory beyond the dedicated 64MB. The rest of the requirements for a Vista-capable system: 1-gHz 32-bit (x86) or 64-bit (x64) processor 1gB of system memory 40gB of hard drive capacity with 15gB free space DVD-roM drive audio output capability Internet access capability Our real-world experience indicates that an Intel or comparable Pentium Centrino or M 2-GHz CPU should be the minimum. You should have at least 1.5GB of RAM, and if you’re buying a new machine, get 2GB of RAM. Your hard disk should be at least a 60GB drive, and we’d recommend 25GB free to allow for new applications. Don’t forget the DVD drive. The Vista disc is a DVD, not a CD. If at all possible, get Vista on a new machine. Our limited experience with upgrading Vista over Windows XP has been surprisingly positive. But be aware that you

IMagIn g BY p c an oop


y now you should be aware there are many pluses and minuses to Vista. It’s not a slam-dunk decision, but there’s a lot to like about the new Windows. Once you decide to make the upgrade, you’ll find that you’re confronted with more than the usual number of questions to answer and details to sort through before you arrive at your Vista upgrade path. For starters, are you buying new hardware? Or are you upgrading to Vista? Most of Microsoft’s system requirements should definitely be described as minimum — or overly minimum. It’s even a little contradictory because the video requirement is more in keeping with advanced newer hardware, while the CPU and memory configuration is more like what you’d expect from a PC circa 2004. Or let us put it another way: this is the salient information you need to know about system requirements if you want to fully enable Windows Vista’s Aero user interface: DirectX 9 (DirectX 10 preferred) 3-D graphics processing unit with a WDDM driver, 128MB graphics memory (minimum), support for ‘Pixel Shader 2.0’, and the ability to display a color depth of 32 bits per pixel. Although graphics cards that share main system memory are acceptable, you will find that the best approach

REAL CIO WORLD | J A N U A R Y 1 , 2 0 0 7


Enterprise Software

can’t uninstall a Vista upgrade the way you could those of previous versions of Windows. And you’ll be absolutely assured of driver support if you buy Vista pre-installed from a reputable hardware vendor. Anyone planning an upgrade installation should review Microsoft’s Upgrade Planning for Windows Vista. There are two aspects of the term upgrade worth considering. The first is saving on the cost of Vista. The second is something new and different. There are heavy limits on which previous versions can be upgraded to four of the six main Vista versions. So, for example, even though you can upgrade from 2000 to Vista at the cash register, you can’t actually perform a Windows 2000 upgrade of the software. You have to clean-install Vista when moving up from Windows 2000. The same is true of Windows XP Pro x64. Windows XP Home Edition can be software upgraded to any version of Vista. But the other three versions, XP Pro, XP Media Center and XP Tablet PC can upgrade only to some of the new Vista versions.

Versions anD prIcES In the US, Vista will be offered in five basic editions: two for businesses and three for home users. Not sure which one to choose? You’re not alone. Please see the Comparison of Selected Features in Windows Vista Versions chart at the bottom of the page, which gives detail about the differences among Vista versions. Here’s a quick summary:

For largE organIzatIonS: tESt VISta rIgHt awaY. But you know the drill; hang back anD lEt tHE FIrSt aDoptErS MakE all tHE MIStakES.

For businesses: Windows Vista Business (Rs 10,928 new; Rs 6,943 upgrade) supports the Aero interface and includes features aimed at IT manageability, including Fax and Scan, wireless network provisioning, system-image-based backup and recovery, and Group Policy support. In keeping with its business focus, this version lacks many digital media features. Windows Vista Enterprise (only for volume licensees, pricing not released) adds advanced management features like BitLocker drive encryption; a subsystem for Unix-based apps; and Virtual PC Express, which lets you run legacy apps on a legacy Windows OS inside a virtual environment on Vista. Like Windows Vista Business, this version does not include Media Center or DVD-burning functions.


J A N U A R Y 1 , 2 0 0 7 | REAL CIO WORLD

For home users: Windows Vista Home Basic (Rs 7,402 new; Rs 3,611 upgrade) offers parental controls and not much else. It does not support Aero, and it lacks many digital media capabilities. Windows Vista Home Premium (Rs 8,776 new; Rs 5,585 upgrade) adds features like Media Center, DVD Maker, Tablet PC functionality and scheduled user data backup. Windows Vista Ultimate (Rs 14,650 new; Rs 9,098 upgrade) combines all the multimedia features of the home editions with the advanced file- and network-management features of the business versions. It has it all but it’s costly. Our recommendations? Nobody should opt for Vista Home Basic. Especially if you’re buying a new PC. If you can afford a better PC, get one — one that supports Vista Home Premium. Even in an upgrade situation, you might want to move your retail version to better hardware someday. Spend a bit more for Vista Home Premium— it'll deliver the ability to run Aero, support for Media Center and DVD-burning capabilities. If your hardware doesn’t support Aero, Vista degrades to the Vista Basic interface automatically. On a desktop PC, you may be able to get Aero by updating your video card. IT organizations will make the decision about the business version that’s best for their users, and we suspect the choice will have more to do with their license agreement than the minor differences in the feature set. Any enterprise that needs BitLocker or the Virtual PC legacy app utility on employee machines will need Vista Enterprise. What if your computer is the primary computer you use 24/7? You use it for work, you use it for entertainment, it’s your weekend shopping tool, your DVD player and the machine you give business presentations with? Well, first, we’d like to congratulate you. Because you’ve eliminated one of the biggest frustrations of computing: where’s that file? Oh, yeah, that was on the other computer. All your data is in one place, the way it should be. Microsoft has a version of Windows for you. It’s called Windows Vista Ultimate Edition. You’ll notice it’s not cheap. But it does everything you want, and then some.

compatibility anD tIMIng Microsoft has done several things to make hardware work better with Vista. One of our favorite features is that it can now search an entire CD, DVD or directories and subdirectories on your hard drive to find a specific driver, without requiring you to click into the specific folder. So you no longer have to guess or remember where that legacy hardware driver is. On the other hand, hardware support in the on-DVD driver pack is definitely not perfect. About 70 percent of the drivers that we’ve seen Vista come up empty on are mainstream components, such as the SoundMax driver set and Linksys’ PCI Gigabit NIC. Microsoft is claiming excellent hardware support; we think the company intends to rely heavily on Windows

Vol/2 | ISSUE/04

Enterprise Software

Update to deliver driver support. comparison of Selected Features in Because, really, it’s no better than wInDowS VISta VErSIonS previous versions of Windows. Home Home Business Enterprise Ultimate About software compatibility, that’s Basic Premium still a wild card. The gold version Price (new) Rs 7,402 8,776 10,928 NA 14,650 of Vista hasn’t been out there long Price (upgrade) Rs 3,611 5,585 6,943 NA 9,098 enough to draw hard conclusions. We think you can expect issues with Supports Aero user interface security software, utilities and many Windows Anytime Upgrade enterprise applications designed to run on older Microsoft operating systems. We’ve even been hearing Remote Desktop Client Client Host & Host & Host & rumblings about issues with IE7 and Only Only Client Client Client some enterprise Web applications. Parental Controls For more information about Media Center functionality hardware and application compatibility in advance of Windows DVD Maker installation, download and run the Tablet PC functionality Windows Vista Upgrade Advisor on Scheduled user data backup the machine on which you intend to perform the upgrade. You may not like Fax and Scan what you learn from this exercise, but Wireless network provisioning you’ll be forewarned. We recommend Windows Shadow Copy that everyone considering Vista take this step. System image-based backup and Should you jump in with both feet recovery on the first day Vista is available to Policy-based QoS for networking you? Corporate IT professionals Rights Management Services already know that would be patently absurd. XP works well enough for Policy-based device driver control now. But there are reasons why large Network access protection organizations might be interested Integrated smart card management in making the move. Perhaps your hardware is tired and needs an Domain join for Windows Server upgrade now, and you’re planning Group Policy Support to move to Vista. Perhaps you need Off-line files and folders the security or some of the other improvements. Test it right away. Roaming user profiles But you know the drill; hang back Internet Information Server and let the first adopters make all the mistakes. Support for two processor sockets Home users have a different set Virtual PC Express of issues to consider. Need new BitLocker drive encryption hardware? Hey, let’s be honest with *prIcES at tHE tIME oF prIntIng. Do not InclUDE taxES ourselves, most of us can wait another six months. That would be our very best advice. If you’re going to jump, jump into the higher in this way has no downsides. You can buy it this way and end. The first wave of PCs for any new Windows is often a test it for a while before making your decision about how little lacking in the right stuff to run the operating system and where to install it more permanently. CIO properly for the long haul. Instead of an upgrade installation, advanced home users should consider installing Vista in a dual-boot arrangement or as a virtual machine. To virtualize Reprinted with permission. Copyright 2006. Computerworld. Send Windows Vista, your utility must support ACPI. Working feedback on this feature to

Vol/2 | ISSUE/04

REAL CIO WORLD | J A N U A R Y 1 , 2 0 0 7


The Path of

Technology Leadership BY SUNIL SHAH

Arun Jain: IT was an enabler in the 20th century. Now, it is a basic necessity. Technology forms the very core of any business nowadays, especially in the services business. View from the top is a series of interviews with CEOs and other C-level executives about the role of IT in their companies and what they expect from their CIOs.


J A N U A R Y 1 , 2 0 0 7 | REAL CIO WORLD

View from the Top.indd 54

How has IT evolved at Polaris Software Lab? From day one, we looked at IT as a source of knowledge. Even in 1997, when

we were small — maybe, just a Rs 15crore company — we made significant investments in technology. As a software company, we believe knowledge is key. And questions like how do you store and retrieve knowledge are critical. We felt that if Polaris had to grow from being a Rs 15crore company to a Rs 100-crore company, we would need the strong support that technology provides. At that time, our CIO, V. Balakrishnan (who has been with us since then), put up a portal to manage technology. This was at a time when portals were emerging. We implemented Lotus Notes as a mail system sometime in 1998. In 1999, we built up a


CIO: Would you describe IT in the modern enterprise as an enabler — or something more?

P hoto by S rivatsa Shandi lya

When Polaris Software Lab merged with Citigroup’s Orbitech Solutions in 2002, it didn’t just entail a surge in size. Polaris also became a products-cum-software company — and acquired IPs from Orbitech, a trigger for further innovation, to find a place in the future. Chairman and MD of Polaris, Arun Jain, is one for strategic restructuring and differentiation. In his books, choosing a technology for the future forms a significant part of any restructuring process. In this interview, he outlines the role IT plays in an enterprise’s game plan for the future.


Arun Jain, chairman and MD of Polaris Software Lab, says IT needs a leadership team — and everyone on it has to buy into the technology an enterprise needs.

Vol/2 | ISSUE/04

12/30/2006 1:45:00 PM

View from the Top

Arun Gupta wants I.T. to: Build repeatable processes for scalability Develop a definitive technology to anchor the future of enterprise Make a difference to growth and business process management

Vol/1 | ISSUE/16

View from the Top.indd 55

REAL CIO WORLD | J U LY 1 , 2 0 0 6


12/30/2006 1:45:02 PM

View from the Top

portal that is run by associates, so that they could access information, including things like attendance to workflow. It allowed them to bypass departments to get their work done. Then, we implemented ERP. We invested in PeopleSoft and, then, enterprise project management and technologies required for financial accounting and human resources. Then, we integrated business analytics and used it to make business decisions. Earlier, we had discrete business analytics, but we now have a four-in-one system where four different inputs join and help us make a more integrated decision across geographies and businesses.

How has IT helped Polaris in scaling up? We’ve had to build systems and processes that are scalable. It is important to have repeat processes, especially with new managers joining us. We’ve have to build these repeatable practices and encode them into technology. These help in ramping up and bringing in lateral talent into the company.

Do the CIO and CTO, since you have both, help you build these processes? Or is that a business prerogative? I think both business and IT must be an integral part of this process. Many say that CIOs are technology people. My belief is that technology has to be led by the CEO himself and not just regular business heads. Corporations that have CEOs who run their technology are very different companies. Take Citibank, for example. From day one, John S. Reed (former chairman and CEO of Citicorp, Citibank and Citigroup) invested in technology to make Citibank the technology bank of the world. The major growth they showed during the 1980s came because of the money they put into ATMs and technologies. So, I say that IT shouldn’t only be the realm of managers. IT needs a leadership team — and 56

J A N U A R Y 1 , 2 0 0 7 | REAL CIO WORLD

View from the Top.indd 56

And, what about the CIO: a technologist first and, then, a business person?

“For a CIO, information comes first. How it comes should not matter. When a CIO gets into the jungle of technology, he'll get lost.” — Arun Jain

everyone on it has to buy into it. Getting such a leadership team to work together is a CEO’s role. He needs to become the person who keeps selling technology to every person on it until the team believes that technology, more than any individual, is a business driver.

So, should the CEO be a technologist? He needs to be committed to technology. Look at ICICI and HDFC Bank. Look how IT is making a huge difference to their growth. This is happening because their CEOs believe that technology can make a huge difference. I’m not saying that CEOs should know technology. But in any other organization, a CEO’s commitment to technology sends a very, very important signal to the leadership team. It is only then that IT is implemented.

A CIO should be a business person first — and then a technologist. The CTO, however, should be a technologist first. For a CIO, information comes first. He should look at information as information — how it comes to him should not matter. As soon as a CIO gets into the jungle of technology, he’ll get lost. The CIO needs to be clear what dashboards the business needs and what matrixes will make a difference. Once this is his focus (more than ‘how data will be collected’), he will be able to build better systems. The external CIO — what we call a CTO here — is the alter ego of the customer’s CIO. We have structured our entire organization towards a CIO-centric mindset; so, my CTO interacts with the worldwide CIO of Citigroup. He would, in turn, have a line of business CIOs. Similarly, we have a line of business CIOs embedded into different business solution centers — and below them are the business solution architects. So, we have a CIO for retail banking, I have a CIO for corporate banking and a CIO for lending, and so on.

Does this setup exist now? We haven’t given designations yet, but we have this mindset. Our CTO works with a model that has five levels. At the top, we start with what drives profitability. Then, we look at the operating model and what products can drive profitability. This includes questions like: what combination of products will help? Mortgage products? Consumer finance products? Below this is the performance model. Here, they look at the criteria of various stakeholders and the dashboards they need. An operations manager will need to look at a different set of parameters from a product manager. Below this is the process model, where technologists typically work — they look at how to orchestrate a process.

Vol/2 | ISSUE/04

12/30/2006 1:45:03 PM

View from the Top

The fifth layer is where it all comes together. Business needs a certain job done and a product can fulfill that. This is how a CIO or CTO can make a difference in business process management and create a mindset.

What has the role of the CIO or CTO been in Polaris’ transformation phase? One of the biggest and more important pieces in a transformation is looking at how we can build the organization for the next decade. This is the job of a CTO: to envision new technologies and see how to implement it in a business environment. Companies that don't act on choosing the right technology at the right time get bought out; they disappear after a decade.

Would this apply to ITeS companies like Polaris, in particular, or all enterprises? It’s the same thing: aren’t we, after all, the ones selling these technologies to companies? Look at the progression. First, there were mainframe technologies. Then, there were client-sever technologies and, now, there is a pattern where people on the business side are looking at service-level technologies. Today, you need an architecture that is service-oriented. We chose this in 2003. When we launched our Intellect suite of products, we decided to have them on SOA-based technologies. And, we made a Rs 100-crore investment to transform all our technologies. It was a big decision because we made the move when client-servers were still in vogue. Today when people say we’re transforming, it is because we took those decisions in 2003.

A number of enterprises in India aren’t sure of the ramifications of SOA. What’s your take on SOA? There are early adopters of SOA, though they are based in the US. Its benefits really

Vol/2 | ISSUE/04

View from the Top.indd 57

depend on how companies look at their businesses. If a business wants to be dynamic and competitive, they need to be breaking down their business into services. And you need to combine threefour services to make one product out of them. This is only possible when you have the flexibility to break it down and reassemble it. Client servers or mainframes cannot provide this.


Polaris Software Labs Revenue

Rs 825 crore Profits after tax

Rs 21.3 crore Employees

> 7,000


Nine countries CIO

seeing some of this. Look at AIG — they are getting into consume finance. And Wal Mart is coming into banking. Now, Citibank is selling insurance.

To what extent must a CIO participate in business model innovation?

V. Balakrishnan

A CIO has a role there, although it is more of a CTO Jaideep Billa leadership function. Business But doesn’t SOA models are really the work of entail greater both business managers and changes within a CIO. In US companies, for enterprises? instance, operations and technology report That’s a myth. SOA doesn’t require to an O&T head who reports to a CEO. you to change everything. At Polaris, we Typically, this works in American banks, use SOA in such a manner that it coexists especially among the top 10 banks. And with the mainframe. We’ve built an entire either a business manager or a technologist methodology, which we call non-disruptive, can become an O&T head. In this set-up, major step methodology — or NDMS. This business models can be created together. suggests that you shouldn’t use a Big Bang approach to change. You are likely to fail But, a majority of CIOs tend with the Big Bang approach. If you’re going to report to the CFO? to make changes, do it in bite-sizes with each bite not being longer than 90-180 days, It isn’t a right model. It’s a convoluted and create projects in 6 to 12 bites. This will model from the 1980s that is still hanging increase you chances of success. It’s also the around, and I have no idea why. A CFO has innovation that makes a difference. no role to play in a scenario that includes so many business processes. It’s a problem Hasn’t Polaris been showing with the way industry has evolved. Earlier, money was the most important element for interest in retail too? the business. So, everything was controlled There are three segments that target the by those who handled money. Today, money same customer. These are retail banking, is not the important piece. Innovation is. It’s the retail consumer segment through retail totally changed. CIO stores, and the insurance sector. They all target the same consumer. Personally, I believe that these three segments should be compressed into one. There will be retails stores that will get into the banking space, banks will become insurance players or insurance companies will become bank players. We’re already Send your feedback to REAL CIO WORLD | J A N U A R Y 1 , 2 0 0 7


12/30/2006 1:45:04 PM

Special advertiSing Feature


Executive Partner

Booming levels of productivity also mean a surge in information. The onus then is on authentication, agreed the panelists of the CIO security roundtables on identity management.

Managing Federated ID Consider this:

A supervisor in an automobile company finds an employee, who prepares invoices, on leave. He hands over the employee’s username and password to another employee, to ensure that workflow is not affected. However, the other employee, who is using those credentials to prepare invoices for the day, turns out to be the one who otherwise releases payments against the invoices! OR‌ How about a situation where an overworked senior executive at an airline ticketing counter hands over her login credentials to her junior to carry out certain major changes in the transactional system, such as advancing flight tickets for a passenger?

Anand Sengupta Head-IT, Daikin Air Conditioning India

Ajay Khanna, Dy. GM & Head-IT, Eicher Motors


JANUARY 1, 2007 |

Rajeev Seoni, Asst VP & Head-IT, Aricent

Alaganandan Balaraman, Sr VP- IT & Corporate Development, Godfrey Phillips India



C R Narayanan, CIO, Alstom

Tamal Chakraborty, CIO, Ericsson

Special advertiSing Feature Such scenarios do arise in the normal course of a day. And here’s what is scarier: the organizations in question were unaware of such (mis)arrangements! These were some of the anecdotes CIOs shared at the CIO Security Roundtables on 'Does Identity Management Secure Business Value' in Delhi and Mumbai, earlier this month. The CIOs agreed that considerable threats pertaining to data and business loom large over enterprises who do not manage identity of their employees or customers well enough. The participants, from a range of sectors like manufacturing, healthcare, banking, IT/ITeS, government and media, discussed the need for identity management, its drivers, the implications and challenges, to determine the business value of identity management (IM).

IMPaCTING BUSINeSS The discussion kicked off with a pertinent query: is IM a strategic concern for enterprises? The participants unanimously agreed that IM, currently, makes a lot of sense. Arun Gupta, director of Philips Electronics India, stated that it is the solution to a problem created by IT itself over a period of time. “It hits everybody because wherever you have people, you need to manage them, their security and access," he said. "The biggest benefit we get is that it helps us in taking care of compliance, which is complicated in terms of segregation of duties. identity management helps an enterprise to take care of management overheads that come up in managing these issues,” he noted. “IM means giving the right people access to right information at the right time, which is rightly reviewed periodically,” said V. Subramaniam, CIO of Otis Elevator India. Alaganandan Balaraman, senior VP-IT and corporate development, Godfrey Phillips, noted that business interest in IM is picking up because it evidently impacts user productivity. “More than a couple of years ago,” he recalled, “we wanted to introduce user-centric computing to figure out what a user needs at one point, his desktop, to

Identity management means giving the right people access to right information at the right time, which is rightly reviewed periodically” — V. Subramaniam, CIO, Otis Elevators India do his job effectively. For that, we needed to know who he was, what role he played, and what he needed to do. So, we initiated certain IM-specific exercises. Productivity has been a key gainer.” As an example, Gupta spoke about his organization, which ran over 27 login servers managing usernames and passwords of 1,500 users accessing multiple applications across business units. This seriously impacted user productivity, as they were required to login every time they moved from one system to another. “We have started consolidating our login servers and putting IM solutions on them. It is much better to have one login and proper access controls built in, rather than six of each,” he says.

DrIvING FOrCeS The more important drivers of identity management for businesses today are security and regulatory compliance. Senior GM-IT at Moser Baer, V. Muthu Kumar, observed that as more information assets are becoming available to users and boosting productivity, security also needs to be enhanced. “We need to figure out who is accessing what information at any given point of time. This makes IM critical,” he said. Ajay Khanna, deputy GM and headIT, Eicher Motors, added that managing the identities of contractual employees is also critical. Ensuring better governance and security practices is another reason why organizations are undertaking user identity management exercises. Sandeep Parikh,

S R Balasubramanian, Executive VP, ISGN

Jay Huff, Software Practice Marketing Director, Sun Microsystems

S S Mathur, GM-IT, CRIS

Manish Gupta, CIO, Fortis Healthcare

Sandeep Parikh, GM-Internal IT & Procurement, Keane India

V Muthu Kumar, GM-IT, Moser Baer India




Special advertiSing Feature GM-internal IT and procurement, Keane, asserted: “As an American company and with SOX breathing down our neck, we have to be strategic from the word go. For us, IM is not merely an IT problem — it is something that warrants much more seriousness from the CEO and CFO, and becomes more of a business issue than IT.” But does IM secure business value? Ishwar Jha, senior VP-business technology, Zee Telefilms, said, “It doesn’t secure business value, unless it is inculcated deep in the culture of a business. The problem starts when despite these systems, users start to share their login credentials to either load-balance their work or ease a job process.”

IDeNTITy CrISIS Despite the business value that identity management has, CIOs face a number of challenges. While certain CIOs struggle with the magnitude of identities to be managed with expensive solutions, others face the dilemma of including external identities in their IM net. Rajeev Seoni, head-IT, Flextronics, said: “Scale of operations adds to these woes. Managing a huge number of identities regularly during a churn, because of attrition, becomes painful.” Tamal Chakraborty, CIO, Ericsson India, added, “Time is the essence. If it takes too much time to define roles and provide employee with credentials, employee dissatisfaction jumps.” P.A. Kalyanasundar, GM-IT, Bank of India, mooted IM challenges of a different scale. “With over 25

We face a different scenario of ID management in relation to the 'Know your Customer' concept:the external users are the challenge.” — P.G. Kalyanasundar, GM-IT, Bank of India

Pradip Bhowmick, Practice Leader, Custom Software Solutions PricewaterhouseCoopers

P A Kalyanasundar, GM-IT, Bank of India


JANUARY 1, 2007 |

Ishwar Jha, Sr VP-Business Technology, Zee Telefilms

Arun Pande VP-IT, Colgate Palmolive


million customers, many of whom are accessing banking services through the Internet and other delivery channels, we face a different scenario of IM in relation to the concept of KYC (Know Your Customer). Managing internal users is not too difficult. It’s the external users that create problems,” he said. Manish Gupta, CIO, Fortis Healthcare, agreed, “I would like to focus more on IM of our patients or customers.” Reliance Infocomm also sails in the same boat as it has 29 million subscribers who use their phones as devices to connect to its infrastructure. “They connect to us making queries, and we have to give them responses. With them interacting with our IT infrastructure, KYC takes a different turn,” said Sumit Chowdhury, CIO, Reliance Infocom. “For us, the identity of a customer has to be married to the identity of the phone. This in turn has to marry with the identity of the telecom infrastructure the customer is connecting to. The identities of IT and datacenter infrastructure have to align. So, for us, a number of things need to align before we can provide end-to-end IM,” he explained. Manish Choksi, CIO of Asian Paints, pointed to prioritization challenges faced by CIOs. “The capability to invest in these solutions obviously comes somewhere at the bottom of the stack when you want ERPs and dashboards to be available to enable people to run business first. Identity comes later. The challenge is to slot it into the right place at right timeframe,” he said. Securing management buy-in can also be an issue. Arun Gupta felt that it can be tackled if CIOs do their homework well. “Management buy-in is always a function of what the management listens to, and what the management believes in. If you create a strong story that spells out the benefits to the organization, I don’t think selling is a difficult proposition. Selling is again a function of education. If they don’t know what you are doing, nobody is going to support you.” he said.


Arun Gupta, Director IT, Philips Electronics India

S R Mallela, CTO, AFL

Special advertiSing Feature

aTTaINING NIrvaNa Jay Huff, marketing director (software practice), Sun Microsystems, addressed various IM issues at the roundtable. The problem begins right from the very definition of IM in the minds of CIOs, he said. “Traditionally, security in IT is attached to an asset. There is more concern for asset security and not identity. But security and IM are not the same thing. Similarly, single sign-on and IM are not the same thing. IM is about authentication — this is where single sign-on could save you the need to remember many passwords — and authorization,” he clarifies. Huff stated that IM is a layer that sits on top of security. It is the layer that has a centralized index representing individuals with core elements, credentials and defined job roles. He defined IM as a workflow based administrative system. “It is part of implementation process where you define the workflow and put in exceptions. If an employee is attached to say Peoplesoft, it makes the IM realize what role this employee plays and kicks off the provisioning process in the workflow,” he said. Huff explained that if companies are supposed to provision for employees before they join an organization, it would have been easier. All you need to do is set up everything, define roles and kick off provisioning in the IM workflow as soon as the first employee joins. This is, however, not the case. “The biggest chunk of work is pulling out identity information from your existing systems. Data cleansing and fuzzy matching exercises are important. In a lot of companies, job roles don’t exist: there will be job descriptions in terms of HR systems, but exactly what are they allowed to do? These are the two biggest exercises an organization needs to do. Once this is in place and mapped to the workflow, the rest becomes much simpler,” he said. Pradip Bhowmick from PwC added, “In addition to defining roles and rights, we need to have process and risk owners. Ownership to a set of processes also means

The big chunk of work is pulling out identity information from existing systems. Data cleansing and fuzzy matching exercises are important.” — Jay Huff, Marketing director (software practice), Sun Microsystems

the right of the owner to give or deny access to the set of people who belong to the process. IT department should not be the only entity driving the entire exercise of defining roles and giving permissions.” With regards to external users, Huff explained that when IM moves out of organization, its challenges are compounded, and it needs to be federated. Federation starts with business agreement with its third party. “You need to define the level of access to the systems these parties are going to give each other. You need to have a circle of trust,” said Huff. Once it is federated, an authentication engine permits one group to be part of the circle and by default one trusted entity has access to certain levels of resources on the other’s system. “This federation is more like a single sign-on. Once the token is given to me, I can then access systems based on privileges assigned to me,” he added. “All these years, we have been talking about security of exclusion: how to keep people out. Now we are talking about how to keep people in. IM, in addition to the perspectives of compliance, security and minimized administrative costs and efforts, can also be favorably looked at in terms of better managed processes and better governance framework laid out,” concluded Bhowmick.

Sumit Chowdhury, CIO, Reliance Infocom

Manish Choksi, CIO, Asian Paints

V Subramaniam, CIO, Otis Elevator Company

Sunil Mehta, Sr VP & Area Systems Director (Central Asia), J WT

Satish Pendse, CIO, Hindustan Construction

Anwer Bagdadi, Sr VP & CTO , CFC International India Services





technology New, focused, lightweight applications rewrite the knowledge management rules. The best part? People will actually use them.


Essentisl Tec.indd 62


From Inception to Implementation — I.T. That Matters

Knowledge Management 2.0 By Scott Spanbauer Knowledge Management | Business runs, by default, on e-mail. It’s always there, and it just works, so we end up using it for everything — as a telephone, as a filing cabinet and as a conference room. But the trouble with e-mail is that it happily gobbles up our ideas, crucial documents and business acumen and doesn’t give them back. So why haven’t enterprisewide knowledge management tools caught on like wildfire? There’s one main problem, says Gartner VP of Research Jeffrey Mann: users and IT administrators hate them. Sophisticated KM products like EMC Software’s Documentum put the burden of management on the users, who must take additional steps to access documents and register them with the system. And some IT departments dread the arrival of Microsoft’s more user-friendly SharePoint because of its hunger for in-house server and support resources. But recently, a new wave of smaller, lighter and less expensive tools has started to go where the larger KM systems often don’t — bringing corporate knowledge back out into daylight.

Vol/2 | ISSUE/04

12/30/2006 1:28:27 PM

essential technology

Borrowing from blogging, file sharing and other successful Web 2.0 ideas, new options like iUpload’s Customer Conversation System, Tacit Software’s Illumio and Koral’s eponymous collaboration tool aim to help companies solve specific KM problems without forcing additional work or structure on collaborators. Attention, CIOs: a notable aspect of this new generation of knowledge management tools is the way they offer themselves for casual involvement. “It’s not as huge a commitment to use any of these things as it is when you have to set up a server, and install it and license it,” says Gartner’s Mann. Acting independently, and without need of server space or tech support, business units can simply try out the new KM systems, sometimes in stealth mode.

knowing about related projects under way in other departments, making it difficult to coordinate efforts or learn from what others were doing. Charged with addressing these communication bottlenecks and fostering a culture of open communication, assistant director of corporate communication Andrea Austin found an answer in the form of corporate blogging: this promised to put information out in the open, where anyone could find it. The problem with e-mail, according to Austin, is one of reach: “You may be aware of only some subset of people that may have an interest in what you’re working on,” she notes. Sharing information via a blog brings those people back into the loop. “You’re not determining and limiting who your potential audience may be,” she adds.

Sophisticated KM products put the burden of management on users, who must take steps to access documents and register them with the system.

KM 2.0 Tools The new wave of knowledge management software helps you do KM-light right. Tacit Software’s Illumio: Web-based information broker matches end user information requests with users in the company who might know the answer. Standard search tools: (Google’s or Microsoft’s) help make it work with a minimum of fuss for end users. iUpload’s Customer Conversation System: Blogging platform helps enterprise customers bring knowledge to light via grassroots participation. Includes enterprise security, workflow and regulatory compliance tools. Koral: Web-based document collaboration and sharing tool also categorizes documents automatically. Notifies users of updates and new documents published by authors or topics to which they’ve “subscribed.”

— By Laurianne McLaughlin

“In many cases they don’t have to sell it to IT, they just go and do it,” notes Mann. “You just [use] a credit card, or it’s free.” Now’s a good time for CIOs to get up to speed on what these apps can do.

Spur Grassroot Collaboration Until last year, one of the knowledge management problems facing insurer Northwestern Mutual was the way the company’s formal hierarchical structure and communication channels often inhibited information flow across departmental boundaries. Relying heavily on e-mail and structured reporting systems, employees tended to send information up the chain of command, in hopes that the people on top would take action and disseminate the results back down and across to leaders in other departments. Naturally, this often prevented one department from

Vol/2 | ISSUE/04

Essentisl Tec.indd 63

Not just any blogging application would do, however. Because Northwestern Mutual is part of a highly regulated industry, it must be ready to produce a complete record of all communications at any time. The company chose iUpload’s Customer Conversation System, because it combines Web-based blogging and content management with enterprise security, workflow and regulatory compliance tools. Northwestern especially liked its extensive versioning capabilities. “We need to be able to document at any point in time that we know exactly what content has appeared in anything that we produce,” says Austin. “We couldn’t have moved forward with this application if it did not have that capability.” Moving forward was also easy because iUpload dovetailed with Northwestern Mutual’s existing user authentication software to ensure a single sign-on

process for users. Finally, because the blogs are externally hosted on iUpload’s servers, IT gains flexibility and can free up resources to work on other projects, as opposed to managing blogs on the company’s own hardware, Austin says. The costs of a blogging tool like this one don’t even compare to those of traditional KM systems, which easily run into the millions; iUpload Customer Conversation System Enterprise Edition starts at Rs 67,500 per month for 100 users. (Smaller groups can get going with iUpload Express Edition, which starts at Rs 11,250 per month for 10 users.) Northwestern Mutual’s experience echoes the larger trend among KM 2.0 apps: a business unit sought out a tool to solve a specific, tactical KM problem, in this case, opening up communications REAL CIO WORLD | J ANUARY 1 , 2 0 0 7


12/30/2006 1:28:27 PM

essential technology

(as opposed to establishing a formal, overarching KM program). Northwestern’s IT department helped the business unit users navigate the technical choices and select iUpload among several blogging tools. Both users and IT liked the solution to the tactical problem. This scenario is a long way from the old model for KM, where users often were unilaterally presented with a complex Knowledge Management system by IT. Northwestern considers itself still in the early phase of its experience with iUpload, with about 100 people actively blogging since an enterprisewide rollout to 5,000 users in June. But it’s working well, Austin says, to jump-start collaboration and spark a larger change in the corporate culture. “This is the first time we’ve had a grassroots application that allowed employees to share what they’re working on directly,” says Austin. Sometimes, corporate knowledge remains locked up in employee files and inboxes even when other knowledge management tools are in use. For a couple of years now, Procter & Gamble has been

Hart eventually heard about a similar program that combines automatic discovery of corporate expertise with user control over privacy. Tacit’s Illumio, available as of Nov. 15, is a Webhosted information broker that accepts information requests, such as, “How do you hire good employees?” and sends them out to other users. Individual users may optionally install one of two desktop search utilities, Google Desktop and Microsoft Desktop Search, which Illumio queries for answers to requests. However, Illumio doesn’t just send your data out; no information leaves your computer unless you explicitly agree to send it out. Illumio consists of a Web-based host site run by Tacit, the Google or Microsoft search software installed on your PC that digs up data, and the Illumio client software, also running on your PC, that acts as a broker between the two. The Illumio client forwards requests from other Illumio users to the desktop search tool, then asks for your permission to send out the data discovered.

Acting independently,and without a need of server space or tech support, business units can try out the new KM systems,sometimes in stealth mode. looking for new ways to retrieve these internally exiled intellectual riches, says Arthur Hart, section manager of P&G’s information and decision solutions department. He tried out several “expertise finding” KM applications designed to index and publish mail and files from end user PCs. These failed because they required the users to keep their own profiles of expertise up to date, which they never remembered or had time to do, he recalls. Other programs published too much of the data they discovered, and employees perceived them as an invasion of privacy. 64

Essentisl Tec.indd 64


According to Tacit, Illumio will come in several flavors. The standard version, for use in public groups via the Internet, will be downloadable for free. Pricing of a managed, private group option with added controls, for enterprise users, had not been set at press time. (Qualifying enterprises that sign up in 2006 can get an extended free trial, as a reward for early adoption, the company says.) Hart, who has been beta testing Illumio since June, hasn’t made the final decision whether to recommend it for use at Procter & Gamble. He’d like to do a bit more testing. “We believe Illumio

"In a KM-intensive organization, the role of a leader shifts from being the source of knowledge to managing the process through which people use knowledge." — Wendi R. Bukowitz, director Intellectual asset management practice, PricewaterhouseCoopers

might solve the problem if we could get a large percentage of the organization to install a desktop search utility and use it,” Hart says. “You have to ask if the tool will fit in your corporate culture,” he says. Ultimately, success will depend on how willing employees are share the information that Illumio digs up, he adds.

Solve Document Dilemmas One of the driving forces behind Web 2.0 is the virtual office — teams of farflung experts collaborating online to create a whole greater than the sum of its contributors. When Denise SenterLoyola, a principal with business consultancy Milestone Group, needed to get her virtual marketing and sales team members to collaborate on creating some key documents, she first used a Web-based intranet for document management. That failed as content grew and folder hierarchies became cumbersome. Soon, team members stopped contributing content. “People gave up because they had to log on and make all of the decisions about categorizing,” Senter-Loyola says.

Vol/2 | ISSUE/04

12/30/2006 1:28:27 PM

essential technology

Finding the most recent version of a document required extra work as well — resulting in productivity losses and missed deadlines when team members mistakenly worked from the wrong version of a document. She found a better take on Web-hosted document management in Koral, a newly released Web-based tool that lets users share and collaborate on documents from any location. Koral is notable because it does much of the heavy KM lifting for you, categorizing documents and notifying collaborators of new versions automatically. When you upload files to your team’s private Koral workspace, the service searches them and suggests tags — categories you’ll use later to find documents relating to a particular subject. And borrowing from another Web 2.0 buzz technology, Really Simple Syndication (RSS), Koral doesn’t wait for you to come looking for documents it knows you’re interested in. Subscribe to a particular document, and Koral notifies you when it is updated. Subscribe to a team member (or a person with expertise similar to yours), and it notifies you when that person publishes new documents to the workspace. “Because of the nature of our work, it caught on virally,” says Senter-Loyola, who has been using a prerelease version of Koral for about three months and plans to upgrade to access some of the enterprise-level permission features. There is no end user license fee for Koral, but the company plans to charge between Rs 675 and Rs 2,025 per user per month for access to the enterpriselevel editing and security controls. Koral also integrates with via Salesforce’s AppExchange platform. Senter-Loyola reports tangible results from Milestone Group’s switch to Koral last summer, noting that it cut staff hours and the cost of producing documents by approximately 20 percent on the first startto-finish project. “The system is actually being used by the organization,” she states.

Vol/2 | ISSUE/04

Essentisl Tec.indd 65

Do-It-Yourself KM At Parsons Brinckerhoff, an approximately 10,000-employee engineering firm, knowledge gets very granular — like hands-on experience designing a particular type of bridge — and it’s often needed immediately to solve a project problem or win a new engagement. So a KM strategy that connects subject matter experts is crucial. But no one KM product has cut it for the firm, says Christopher M. Rivinus, the company’s leader of knowledge systems. So while his company uses some KM tools, it also supports a big do-it-yourself effort. “If you cannot get people to change their behavior, you’re sunk,” Rivinus says.“The more complex the [KM] product, the harder it is for people to change.” Today, he’s beta testing Microsoft SharePoint 2007, which he hopes to use in the future to crawl e-mail messages for some content. But e-mail crawling alone isn’t ideal, he says.“I’m more interested in a tool that tells me this person has written about this topic three times a day for so many years. That’s a tool that would be important to us as engineering consultants.” To make up for this and other KM app shortcomings, Parsons Brinckerhoff’s DIY effort stresses what it calls practice area networks, or PANs. Since 1994, the firm has encouraged these groups of like-minded experts to form voluntarily. Today the firm actively supports 54 PANs, around industries like aviation, or areas of expertise like tunnel engineering. PANs help engineers get answers from global experts quickly, Rivinus says, and they spur less formal communication, say on career development. At first, the groups primarily used e-mail and meetings to share knowledge, but they now use webcasting as well, so sessions can be recorded and broadcast on demand, Rivinus says. CIOs who want to set up a DIY effort will need to allocate administrative support and training funds to make it work, he says. “These people are providing business value. You have to give them real resources,” Rivinus says. For example, he says, make sure the leaders get training. And keep participation voluntary, he advises. What kinds of results have the PANs delivered? The firm’s CADD PAN tracks the number of floating software licenses (shared among staffers) worldwide and keeps the number and expense to a minimum. It also helps IT make better upgrade decisions, he says. In another example, the firm’s environmental community of practice responds to specific inquiries from clients, then turns appropriate answers into best practices, which can often be used to help win future work, Rivinus says. — By Laurianne McLaughlin

A Winning Pitch A knowledge management system that’s “actually being used” — this kind of language hints at the skepticism both users and CIOs have had about knowledge management for years. But apps like Illumio and Koral could win enterprise users over one workgroup at a time via viral adoption One final bit of good news: users say the new, simpler knowledge management tools make it easier to justify the investment to your fellow C-level executives. “It can be very difficult to make a pitch to senior management about why knowledge

management is important, because it’s not real to them,” explains Northwestern Mutual’s Austin. Now, she just shows them blog users engaged in explaining their projects to coworkers. CIO

Scott Spanbauer is a freelance writer and contributing editor to PC World. Edited by Laurianne McLaughlin. Send feedback on this feature to



12/30/2006 1:28:28 PM

ESSEntIal technology


The Devil’s Guide to Vista Security If you don't need protection from yourself, then here's a way around Vista's security measures. BY JoNATHAN HASSeLL security | Microsoft has spent time and millions to make Vista more secure and protect users from themselves. But you don’t need this hand-holding. You were infested with malware that one time, but it wasn’t your fault. You and your network are ready for Vista without the locks. Here’s how to fly. Turn User Account Control off User Account Control, or UAC, limits the authority of accounts users are running in,

‘User Account Control’ under Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options. Expose the hidden administrator account Windows Vista hides and disables the true administrator account that you’ve come to expect in NT-based versions of Windows. The idea is that you should use regular user accounts with ‘Vista administrator’ permissions, which grant administrative

command prompt (i.e., a shell running with administrative credentials): bcdedit.exe /set {current} nx AlwaysOff Neuter built-in IE protections The new Protected Mode runs IE in an isolated security setting, working in conjunction with most other under-the-hood architectural improvements in Vista. With Protected Mode enabled, IE runs within a low-right environment no matter which user actually

Microsoft has spent time and millions to make Vista more secure and protect users from themselves. But some folk don’t need the hand-holding. restricting them from entering protected areas or performing sensitive actions on the system. Users log on, whether they are power users, ordinary users or administrators, and are assigned a security token. When an action is requested that requires administrative privileges, a logon prompt is displayed and the user must enter credentials. An administrative security token is then assigned to users that allows them to carry out the function. This bothers some people who think they don’t need to be protected from themselves. If you're one of them, it’s relatively easy to turn off UAC. You’ll need to open the file GPEDIT.MSC, acknowledge the very UAC prompt you’re trying to disable and then disable everything beginning with 66

J A N U A R Y 1 , 2 0 0 7 | REAL CIO WORLD

tokens to a normal user, allowing them to perform restricted operations. However, you can expose the true administrator account in Windows Vista. Data Execution Prevention Off Data Execution Prevention (DEP) is a security feature introduced in Windows XP, Windows Server 2003 and now in Windows Vista that looks for malicious code. If DEP’s analysis makes it think that executing code will cause unwanted activity, DEP intervenes and shuts the process down. Sounds good in theory, but often DEP shuts down legitimate programs. Equally often, DEP fails to show any warning telling you it shut a process, leaving you wondering. You might want to turn off DEP globally by issuing the following at an elevated

launched the process.Add-ins like ActiveX subsequently run with low rights too. This helps prevent browser-based malware from latching onto your system. But maybe you want to surf with all caution to the wind. Maybe some of the restrictions of Protected Mode, like having to open separate windows to switch between intranet and Internet sites, drive you crazy. In this case, you can turn it off by double-clicking the lower right corner of any IE window and on the resulting dialog box, uncheck the Enable Protected Mode box. CIO Jonathan Hassell is an author, consultant and speaker on IT topics. He is currently an editor for Apress LLC, which publishes books for programmers and IT professionals. Send feedback to

Vol/2 | ISSUE/04

CIO January 1 2007  

Technology, Business, Leadership

Read more
Read more
Similar to
Popular now
Just for you