Page 1

Alert_DEC2011.indd 18

11/18/2011 4:58:05 PM

From The Editor-in-Chief

Multiple business leaders at the recently concluded CIO Leadership Summit exhorted

Moving Forward Up. Around. Or Out?

CIOs to evolve into business strategists. Theirs was not a call for improved business-IT alignment, neither was it a move to make IT more meaningful in an organization’s scheme of things — it stemmed from a concern that the CIO role could get marginalized, even in the near future. Doomsday speak, huh? Let me walk you through what I believe might be plausible. For a while now, I’ve been observing two parallel trends develop in corporations; even as IT leaders turn business savvy, business leaders are beefing up their IT know-how. On the face of it both of these sound like good ideas. Greater understanding between business and technology makes for better synergies, thus taking an organization further. But, I believe, that these are also beacons that point to different paths that the CIO role is likely to go down, despite the personal CIOs who don’t step up attributes that IT leaders bring to bear. efforts to be a part of As their organizations’ tech decision making, might landscapes mature, one path will see find themselves out of a CIOs transition from a support function meaningful role. to being a trusted advisor. And, this could also mark their foundation for moving into general management. The other route worries me no end. For, as an organization’s technology maturity improves and its business leaders begin figuring out on their own which technologies would add value, the IT department will be restricted to an implementation role. I do not see CIOs existing in this situation. Not possible? I know of a few Indian companies where business units already ‘own’ technology and implement it, with the CIO pitching in only to maintain technology harmony and integration. Corporate executives scale managerial heights because the expertise they bring along is vital to an organization’s growth. Whether this means that IT leaders talk business or business leaders tilt toward IT is hardly the issue from an enterprise’s point of view. Either way, if CIOs don’t step up their efforts to be a part of corporate decision-making, they may find that if they’re still around, it won’t be to provide their company with weapons to take on competition. It will be to take orders and put out technological fires. What do you feel about this? How do you think your career will progress? Write in and let me know.

Vijay Ramachandran Editor-in-Chief

Vol/5 | ISSUE/04

Content,Editorial,Colophone_Page 4,6,8,10.indd 1

REAL CIO WORLD | fe b r u a r y 1 5 , 2 0 1 0


2/9/2010 7:29:44 PM

content c te t FFEBRUARY EBRUARY 15 2010‑ | ‑Vol/5‑ | ‑issUE/04


Ashish Chauhan, deputy CEO, BSE; Sanjay Sharma, MD and CEO, IDBI Intech; and Chinar Deshpande, CEO, Criti India, have taken three different routes to reach one destination: The CEO’s post.


Case File

COVER stORY thE InsIDERs| 22

ROLLED IntO OnE | 48 Essel Propack’s outsourced servers sucked up its resources. How a six-month virtualization program fixed the problem and shaved 40 percent off the company’s IT costs.

I P hOtOS by Sr IVAtSA Sh AndI lyA

A small but growing number of CIOs are earning a place in the inner circle of CEOs. Their success and failures hold lessons for CIOs looking to redefine their roles in the face of inevitable change. Feature by t team CIO

Deep Dive

COVEr: dESIgn by MM Sh AnI t h

WhAt MAkEs YOu DIFFEREnt FROM thEM | 36 Here’s how you can polish your skills to be CEO. Feature by Michael swenson

Feature by kim s. nash

IT Role

more » F E b R u a R y 1 5 , 2 0 1 0 | REAL CIO WORLD

| 55

DEsktOp VIRtuALIzAtIOn From introductory features to an in-depth test center, here’s all you need wanted to know about desktop virtualization.



Feature by Varsha Chidambaram

It’s ALL WROng | 50 Everything you’ve been told and all the advice you have been given is wrong. Here’s what IT should be doing instead. Feature by kim s. nash

more » VO l/5 | ISSUE/04


(cont.) departments Trendlines | 7 Survey | IT Budgets: Running in Reverse Quick Take | Karandeep Singh on Business Continuity Voices | Enterprise IT Invention of the Decade CIO Life | New Year’s Broken Resolutions User Management | Ready for Radical Change? Opinion Poll | Barriers to Green IT Storage | Datacenters Gear Up Staff Management | Upturn: Invitation to Attrition Alternative Views | Can Freelance CIOs Exist?

Thrive | 78 CIO Role | Dynamic Duos

Feature by Stephanie Overby

Mentor | 80 Business Leadership | Four Steps to Lead Business

Column by Jai Menon, Bharti Airtel

From the Editor-in-Chief | 1 Moving Forward

By Vijay Ramachandran

NOW ONLINE “It’s fairly unreasonable to expect a CIO — who is not on the managing committee —to deliver out-of-the-box.” says Manu Parpia, Founder and Vice Chairman, Geometric Software.


For more opinions, features, analyses and updates, log on to our companion website and discover content designed to help you and your organization deploy IT strategically. Go to


Executive Expectations View From The Top | 38 Manu Parpia, Founder and Vice Chairman, Geometric Software, says his recipe to be a market leader is to mix innovation with the fear of failure.


Interview by Gunjan Trivedi

Applied Insight Full Fix | 20 It’s time we stopped tinkering and started fixing root problems or these five big security mistakes will continue to haunt us forever. Column by Kenneth van Wyk


fe b r u a r y 1 5 , 2 0 1 0 | REAL CIO WORLD

Content,Editorial,Colophone_Page 4,6,8,10.indd 4

Vol/5 | ISSUE/04

2/9/2010 7:30:13 PM

Governing BOARD

Alok Kumar Global Head - Internal IT, TCS

Publisher Louis D’Mello

Anil Khopkar GM (MIS) & CIO, Bajaj Auto

Editoria l Editor-IN-CHIEF Vijay Ramachandran EXECUTIVE EDITOR (COMPUTERWORLD) Gunjan Trivedi Associate Editor (Online) Kanika Goswami Features Editor Sunil Shah Copy Editor Shardha Subramanian CorrespondentS Anup Varier, Priyanka, Sneha Jha, Varsha Chidambaram, Product manager Online Sreekant Sastry

Anjan Choudhury CTO, BSE Ashish Chauhan President & CIO, IT Applications, Reliance Industries Atul Jayawant President Corporate IT & Group CIO, Aditya Birla Group Donald Patra CIO, HSBC India

Custom Publ ishing D esig n & Productio n Lead Designers Girish A V, Jithesh C.C Vikas Kapoor, Vinoj KN SENIOR Designers Jinan K V, Sani Mani Designer M M Shanith Photography Srivatsa Shandilya Production Manager T K Karunakaran DY. Production Manager Jayadeep T K

HP Enterprises




HP Server

27 & 31

Gopal Shukla VP - Business Systems, Hindustan Coca Cola

Interface Connectronics


Manish Choksi Chief Corporate Strategy & CIO, Asian Paints

Krone Communications


Pravir Vohra Group CTO, ICICI Bank Rajesh Uppal Chief General Manager IT & Distribution, Maruti Udyog Sanjay Jain CIO, WNS Global Services

President Sales and Marketing Sudhir Kamath VP Client Marketing Alok Anand VP Sales Sudhir Argula General manager Sales Parul Singh SR. Manager Client Marketing Rohan Chandhok ASSt. Manager Marketing Sukanya Saikia Asst. GM BRAND Siddharth Singh ASSt. Manager Brand Disha Gaur ASSOCIATE MARKETING Dinesh P Ad Sales Co-ordinators Hema Saravanan C.M. Nadira Hyder



Navin Chadha CIO, Vodafone

Marketing & Sal es (National)

HCL Infinet Ltd (Toshiba)

Innova Telecom

Murali krishna K. Head - CCD, Infosys Technologies

VP Rupesh Sreedharan Senior Manager Chetan Acharya Managers Ajay Adhikari Pooja Chhabra Manager Projects Sachin Arora



Manish Gupta Director-IT, Pepsi Foods

Eve nts & Audience Development

Emerson Networks Power(I)

HP Storage Works

Dr. Jai Menon Director Technology & Customer Service, Bharti Airtel & Group CIO, Bharti Enterprises

Associate Editor Arakali A Harichandan Copy editor Kavita Madhusudan Correspondent Deepti Balani

Advertiser Index

Shreekant Mokashi Chief-IT, Tata Steel

Kronos Systems LG Oracle Safenet India

43 60,61 & 62 IBC 63

Tata Communications


Tata Teleservices


Tulip Telecom


Sunil Mehta Sr. VP & Area Systems Director (Central Asia), JWT T.K. Subramanian Div. VP-IS, UB Group V. K Magapu Director, Larsen & Toubro V.V.R Babu Group CIO, ITC

Regional sa l es Bangalore Ajay S. Chakravarthy Kumarjeet Bhattacharjee Manoj D Delhi Aveek Bhose, Mohit Dhingra Prachi Gupta, Punit Mishra Mumbai Dipti Mahendra Modi Hafeez Shaikh, Pooja Nayak Rajesh Punjabi

All rights reserved. No part of this publication may be reproduced by any means without prior written permission from the publisher. Address requests for customized reprints to IDG Media Private Limited, Geetha Building, 49, 3rd Cross, Mission Road, Bangalore - 560 027, India. IDG Media Private Limited is an IDG (International Data Group) company.

Printed and Published by Louis D’Mello on behalf of IDG Media Private Limited, Geetha Building, 49, 3rd Cross, Mission Road, Bangalore - 560 027. Editor: Louis D’Mello Printed at Manipal Press Ltd., Press Corner, Tile Factory Road, Manipal, Udupi, Karnataka - 576 104.


fe b r u a r y 1 5 , 2 0 1 0 | REAL CIO WORLD

Content,Editorial,Colophone_Page 4,6,8,10.indd 10

IDG offices Bangalore Geetha Building, 49, 3rd Cross, Mission Road Bangalore 560 027 Ph: 3053 0300 Fax: 3058 6065 DELHI 410, Hemkunt Towers 98, Nehru Place New Delhi 110 019 Ph:011- 4167 4230 Fax: 4167 4233

This index is provided as an additional service. The publisher does not assume any liabilities for errors or omissions.

MUMBAI 201, Madhava

Bandra Kurla Complex Bandra (E) Mumbai 400 051 Ph: 3068 5000 Fax: 2659 2708

Vol/5 | ISSUE/04

2/9/2010 7:30:14 PM






IT BudgeTs: T RunnIng In ReveRse Ts: S u r v e y IT budgets will only rise by a weighted global average of 1.3 percent in nominal terms in 2010, compared with 2009 levels where IT budgets declined 8.1 percent, according to Gartner. 2009 was a challenging year and CIOs faced multiple budget cuts wiping

away four years of budget increases, giving CIOs basically the same level of resources as they had in 2005. While there are some signs of recovery in the 2010 projections, these will not overcome last year's cuts, Gartner said. "In 2009 CIOs faced multiple budget cuts, delayed spending and increased demand for services with reduced resources," said Mark McDonald, group VP and head of research for Gartner EXP. "This is set to change in 2010, as the economy transitions from recession to recovery and enterprises transition their strategies from cost-cutting efficiency to value-creating productivity." McDonald said that while technologies are transitioning from 'heavy' owneroperated solutions to 'lighter-weight' services, CIOs are, in turn, transitioning

IT beyond merely managing resources to taking responsibility for managing results. "CIOs see 2010 as an opportunity to accelerate IT's transition from a support function to strategic contributorfocused on innovation and competitive advantage. They have aspired to this shift for years, but economic, strategic and technological changes have only recently made it feasible." Gartner EXP's CIO survey findings show that, in the near term, business expectations and CIO strategies appear stable, with a continued focus on business process improvement, cost reduction and analytics. The worldwide survey of 1,586 CIOs from 41 countries was conducted by Gartner EXP from September to December 2009 and represents CIO budget plans reported at that time, — Computerworld Hong Kong Staff

Quick take

Illust ratIon by MM shan It h; Photos by srIvatsa shandIlya

Karandeep Singh on Business Continuity S e c u r i t y The recent earthquake at Haiti not only changed the shape of the country and its people but also buried its IT systems. To arm themselves against such disasters, organizations turn to their business continuity (BC) plans. Priyanka spoke to Karandeep Singh, head-IT infrastructure, Fullerton Securities, to find out how he plans to shield his company from disasters.

What’s your BC plan during and after an emergency? During an emergency, IT ensures that users have access to critical applications, connectivity with stock exchanges and customers are able to reach us through all channels. The systems are kept on auto-mode, so that there’s no disruption. After an emergency, we roll back all transactions to the primary site and ensure that users are back online. Then we conduct a root-cause analysis of the incident. How do you decide which users must have access? Business users who have an in-depth understanding of core

vol/5 | I ssu E/04

business processes and can identify critical processes fit the bill. These users have the full support and documented signoff from their business heads and the CEO to ensure the effective implementation of BC plan. Do you test your business continuity plans? Absolutely. We ensure that we undertake tests at least twice a year. The frequency also depends on the criticality of the business. Mock BCP drills are conducted to validate identified continuity processes and it helps us refine the process. What are the three most important things needed for BC plan’s success? Robust planning and efficient processes, a reliable infrastructure and most importantly the readiness and availability of people to effectively implement a business continuity plan are the three most crucial factors for the success of any BC plan.

Karandeep Singh ReAL CIO WORLd | f e b r u a r y 1 5 , 2 0 1 0


New Year's What’s the Enterprise IT Invention of the Decade? T e c h n o l o g y | The first decade of the 21st century flew past us in a jiffy. As we make way for the next, we were curious to learn what IT leaders thought was the greatest invention in enterprise technology. Anup Varier asked a few of your peers and here’s what they had to say:

“Mobile apps. Because they


Shailesh Joshi Assistant VP-IT, Godrej Properties

"IEEE 802.11 standards for carrying out WLAN communication has to be the greatest invention because today businesses heavily depend on the Internet and need it wherever they go. " Ashish Mehta Director IT & Infrastructure - APAC & ME, Euronet

Dynamic computing. It provides enterprises agility by automatically scaling up or down, Photos by Srivatsa shandilya

depending on business needs. As the enterprise changes, it will help bring new capabilities online more quickly and in a more cost-effective way.

Lend Your


Write to 8

Resolutions It's been little more than six weeks since New Year and CIOs, like everyone else have probably dropped the ball on fulfilling their important work-related resolutions. How many of these apply to you?

CIO L i f e

Resolution: Embrace social media. First step: Start using Twitter. Excuse: What the hell is this whale thing?! 'System Overcapacity'?! Huh? I guess I'll try again tomorrow.

have brought the world to our fingertips and promise a revolution in communication. The market for mobile apps will be as big as the Internet. ”

Ranga Raj CTO, Celstream


f e b r u a r y 1 5 , 2 0 1 0 | REAL CIO WORLD

Resolution: Start reading The Economist to better understand global business trends and geopolitical issues, and make myself more knowledgeable. Excuse: Planned on reading it in the bathroom yesterday, but when I got in there, a copy of Autocar looked way more interesting. (I have no idea where that copy of The Economist is now.) Resolution: Tell my IT staffers how much I value their contributions to the department and the overall company. Excuse: Those lazy, good-for-nothing fellows messed up the patches they were supposed to do while I was out on vacation. And they still roll their eyes when I say alignment. Now where's that outsourcer's number. Resolution: I will not be a slave to my BlackBerry outside of work! Excuse: I'm sorry if it was rude, honey, but I had to respond to that e-mail. I know it was your father's funeral service, but it couldn't wait. Resolution: Get my head around this whole cloud computing thing. Excuse: Flying in the clouds to the Bahamas for some dark and stormy drinks counts, right? Resolution: I definitely have to expand my personal networking efforts. Excuse: Does leaving even cruder comments (when compared with 2009's entries) on my friends' Facebook pages count? Resolution: Learn something new about my business every day. Excuse: Well, after staying late one night to research the company's future, now I know that my boss is swindling money from the company. —By Thomas Wailgum

Vol/5 | ISSUE/04

Ready for Radical Change? M a n a g e M e n t In a world where most people use computers at home, where the Internet is a basic medium for everyone, and where younger generations often understand the latest technology better than IT does, maybe it's time for IT to shed its feudal mentality by giving end-users more freedom to choose the tools they use to do their jobs. Here are five seemingly heretical resolutions that will make IT's job easier in the long run.


1 trendlineS

Let employees use any PC they want. Give your end-users a budget so that if they want something really pricey they pay the difference. And if they choose something basic, let them use the leftover budget for other tech aids such as widescreen monitors or special input devices. Offer a standard option they can get pre-configured to IT's specifications. Employees who opt for their own PCs get to support those PCs themselves for user issues such as updating the OS and apps, issues with non-standard apps, and so on. Those who use your standard configuration get standard IT support. What's in it for IT: Trying to control all the endpoints is a losing game. Save the effort and refocus on what you can maintain: your datacenter and network. You'll end up with better systems and more resources to create better capabilities for your business.


Shift to Web-style apps. Wherever possible, deploy your specialty functionality through Web-based apps, whether through the intranet or over the (VPN-secured) Internet. Such apps aren't tied to specific device platforms, so you don't have to worry about vendors' or internal developers' platform choices. They also don't need local installation, so they are easier to maintain and modify. Avoid those apps, and development platforms that produce apps, that use proprietary, platform-specific 10

f e b r u a r y 1 5 , 2 0 1 0 | ReAL CIO WORLd

Trying to control all the endpoints is a losing game. Save the effort and re-focus on what you can maintain: your datacenter and network. You'll end up with better systems and more resources to create better capabilities for your business. technologies, such as ActiveX. The whole idea is that you are freeing both you and your users from unnecessary dependencies. Vendors will follow suit if you insist on not accepting their lockin strategies. What's in it for IT: As you move from non-dependent applications, you reduce the complexity of managing them and coordinating their deployments. Think

of all the effort spent to qualify apps for your current OSes and to do it all over again when you get a new PC or OS.


Map out a strategy for the use of client virtualization. Apps and user environments can exist in separate logical containers, yet work as part of a unified experience. Being able to run ‘foreign’ apps (the Mac users' motivation) is just the beginning: The same principles apply to separating corporate apps from personal apps, corporate data from personal data, encrypted data from unencrypted data, persistent data from temporary data, and so on. Comprising both application virtualization and desktop virtualization, this approach pushes the control and management to the datacenter, and removes all those headaches and complications on the client side — for both IT and the user. What's in it for IT: More control over what really counts, and less worry about client systems.

—By Galen Gruman

Barriers to

Green IT

Sustainability aims to lower costs, but it’s hard to show ROI.

Difficulty showing ROI Low priority Low employee awareness Lack of expertise in green IT strategies Lack of technology expertise

64% 47% 35% 33% 29% source: BT

vol/5 | I ssu E/04


an Invitation to attrition


gear up

It has been a long year for datacenters in the Asia Pacific Japan (APJ) region as they dealt with cost-cutting and staffing pressures. But a range of new technology initiatives are keeping IT leaders busy and they expect good times for technologies such as cloud computing and platform-as-a-service. Security software provider Symantec has presented key findings for datacenters in its report 2010 State of the Datacenter Asia Pacific & Japan. According to the report, mid-sized data enterprises are more aggressive than large-sized enterprises when it comes to new technology adoption and datacenter change. About 83 percent of mid-sized organizations are involved in continuous data protection and 53 percent of these firms intend to make significant changes to their datacenter in 2010. IT professionals are focusing on several initiatives in datacenters in 2010 and are prioritizing on security, backup and recovery as well as continuous data protection. About 84 percent of respondents said their companies find security to be absolutely important. An equal percentage (80) of enterprises prioritize backup and recovery and continuous data protection. The fourth finding of the survey shows that staffing remains tight in datacenters due to their increased complexity. The complexity of managing datacenters is increasing and thus it is difficult to find skilled professionals for these types of jobs. About half the respondents said their companies were somewhat or extremely under-staffed. Worldwide IT professionals are finding it more difficult to manage the datacenter due to changes in the network fabric, increase in the number of applications and more demanding service-level agreements. The respondents said skill set has become very narrow for datacenters and this has challenged staff productivity. About 33 percent find datacenters too complex to manage and two thirds of the respondents said their enterprise is working on 10 or more key initiatives for 2010. Symantec questioned people working in headquarters of small, medium and large enterprises in 26 countries.

Illust ratIon by MM shan It h



—By Anuradha Shukla 12

f e b r u a r y 1 5 , 2 0 1 0 | ReAL CIO WORLd

S t a f f M a n a g e M e n t the recession and its accompanying re-organizations, layoffs, and corporate turns to outsourcing have been corrosive to It employee job satisfaction. that job dissatisfaction is increasing concerns among many employment experts who say that key employees may leave current jobs as soon as they get what they perceive is a better offer. a mid-2009 job satisfaction survey by the Corporate Executive board (CEb), found that the number of dissatisfied workers continues to increase. the survey found that the willingness of It employees to exert high levels of discretionary effort — put in extra hours to solve a problem, make suggestions for improving processes, and generally seek to play a key role in an organization — has plummeted to its lowest levels since the survey was launched 10 years ago. In 2007, about 12 percent of the It employees fit in the category of 'highly engaged' workers, but that has since fallen to 4 percent. "these are literally the most critical employees," said Jaime Capella, a managing director in CEb's It practice. Moreover, such critical workers are 2.5 times more likely than the average employee to be looking for new opportunities. "they are likely to be the first ones to leave your company as soon as they can," Capella said. "When the economy starts to head in the right direction, the employees are going to vote with their feet," said Mike hagan, a vice president of infrastructure at a health insurance firm. hagan said that there is a lot of pent-up dissatisfaction in the It workplace, as well as a backlog of people who normally would have moved to a different job in a stable economy. t to keep key employees, hagan said that It leaders must find ways to engage employees, and offer them a "line of sight to the corporate vision." It's important that It leaders create jobs that have a purpose, he added. the opportunity of getting a new job may be improving. Job board dice is beginning to see some early indications of increased It hiring. a dice survey of 360 people found that over a third were planning to change jobs once the job market improves. to keep employees, Capella said they are t advising employees to take performance very seriously, work on motivating teams and communicating more openly. — by Patrick thibodeau

vol/5 | I ssu E/04

alternative views B Y Va r s h a C h i d a m b a r a m

Freelance CIOs Can they exist?

Companies already think the time is ripe

It is not easy for someone from outside an organization

to outsource IT and by logical extension, they will not balk at the notion of an ‘outsourced CIO'.

to walk in and attain the same level of trust and acceptability as an entrenched CIO.

Manish Gupta, CIO, Healthcare Global

Photos by Srivatsa Shan dilya


Companies already think the time is ripe to outsource IT and by logical extension, they will not balk at the notion of an ‘outsourced CIO.’ The question is: are CIOs ready to be freelancers? Incidentally, the word freelance originates from the term 'medieval warrior', which makes the question: are we CIOs ready to be warriors instead of foot soldiers? I already provide both CIO and consulting services to some healthcare groups and start-ups which are ramping up. Working in a fragmented industry like healthcare means that some services have to be farmed out to third-party, freelance experts. These services include technology, customer response, and medical records, among others. That’s why I decided to transition. Today, barring large and compliance-bound organizations, I don't see why all the others can't employ freelance CIOs. An outside CIO has obvious benefits over an inside CIO, and quite frankly, no drawbacks. I think CIOs must either have a business role within their companies or a versatile cross-industry role. Being a freelance CIO has allowed me to build a social network beyond an organization's 'LAN/WAN' and to feel what collaboration and contribution means in the true sense of those words. We CIOs are much more enterprising or capable than we think we are.


f e b r u a r y 1 5 , 2 0 1 0 | REAL CIO WORLD

Keshav Samant, VP & Head-IT, Financial Technologies India

The role of a CIO has been redefined; he no longer plays a support function. He has become an organization's chief innovation officer. Today a CIO is responsible for changing the nature of a business and channeling the focus and the energy of the marketing, sales, and production teams towards new avenues. If you look back at the last year, it was the CIO — more than anybody else — who found new ways of doing business and saving costs. Any innovation is accompanied with a lot of change and naturally people are resistant to change. To bring about successful innovation, a CIO has to have plenty lot of traction within an organization. He needs to have contacts across all the entire spectrum of business leaders and top management. He has to be someone who can be trusted to take serious business decisions — sometimes even at the displeasure of some other units. Is it possible for an outsider to have such traction? I doubt it. It is not easy for somebody from outside an organization to walk in and attain the same level of trust and acceptability as someone who’s spent years building relationships. It might work abroad, but in India, culturally, we are a suspicious lot. I believe CIOs have many alternate avenues to enrich their professional careers. Given the right attitude and experience they will make good CEOs, or even good consultants. However, looking at the current scenario, moving into freelancing seems like a dangerous path to tread.

Vol/5 | ISSUE/04

Bernard Golden

Think Tank

Change Your Ways To be able to truly benefit from the cloud, CIOs need to know that changes to everyday IT operations are mandatory.


Illustration by mm s hanith

recently had a really interesting conversation with my friend Bill Takacs, who works at Gear6. It’s a company that offers memcached appliances, used in applications that have very high data loads that preclude using a database as the primary means of data access. He shared with me a common pattern he sees in companies that are heavy users of memcached, which I concluded offers a vision of the future of cloud computing operations. He said that they are seeing companies put together applications which appear to be standard Web apps, but are in fact something more complex. Rather than a Web page being built by accessing a data source these applications are Web pages constructed on the fly from a number of different mini-applications — widgets, if you will — custom constructed by user, based on the user's history, immediate interactions, and common patterns of usage discerned by an analysis of aggregated user interactions — and most of the widgets are, in themselves, heavily loaded, memcachedenabled applications. In other words, a Web page is built from a portfolio of highvolume applications, some proportion of which are assembled to create that individual Web page. Bill uses the phrase "composed apps" to describe these constructed-on-the-fly applications. As you can imagine, constructing and operating these applications is complex, but they will represent an increasingly large percentage of future ‘enterprise’ applications.

Huge Data is the Future We all know that the scale of data is exploding. According to a study IDC did last year, over the next five years structured 16

f e b r u a r y 1 5 , 2 0 1 0 | REAL CIO WORLD

Coloumn_Cloud_Computing.indd 16

Vol/5 | ISSUE/04

2/9/2010 6:51:58 PM

Bernard Golden

Think Tank

data (the traditional row-and-column information contained in relational databases) will grow at 20 plus percent rate over the next five years. And unstructured data will grow at a 60 percent compounded rate during the same timeframe. This results in structured data storage requirements doubling, while unstructured data storage requirements will increase seven-fold. Seven-fold! Application scale is increasing — dramatically so. At large scale, variations in system load that, in traditional, smaller applications, would have been managed within the context of the unutilized capacity of a single server become major swings in resource needs — to the point where load variation can result in the need to be able to dynamically add (and subtract) virtual machines. Moreover, this variability is going to be common — even the norm — in the future. So the ability to respond to dynamic app load by rapidly altering application topology will be a fundamental IT skill. More to the

However, there is a difference between having a characteristic and being able to efficiently take advantage of that characteristic. One of the capabilities many vendors tout with regard to their cloud management offerings is orchestration. By this, they mean the ability to define a desired set of compute capacity in a single transaction, with the underlying infrastructure (that is, the orchestration software) obtaining the necessary individual resources that, combined, make up that capacity. And there's no question that orchestration is useful, even necessary, as far as it goes. However, it goes only part of the way to addressing the future application management needs of cloud computing. Too many offerings stop with the initial provisioning of resources, and leave subsequent resource level adjustment in the hands of a system administrator, who is expected to add or subtract resources as necessary — via the good old-

Failing to improve a set of processes to respond to change is sometimes called "paving the cow paths." Automating initial provisioning while leaving ongoing operations unchanged is worse: it’s like strapping a jetpack to the cow, but hewing the same old paths. point, the demand for dynamic scaling will outstrip established practices of most IT organizations, based as they are on stable application environments and occasional topology modification through manual intervention by system admins. A different way to put this is that, with scale growth, the standard deviation of the average application workload with respect to common resource allocations will increase dramatically. As an analogy, if the local restaurant experiences a short-term 10 percent growth in demand, it can typically respond by ordering a few more foodstuffs from the local restaurant supply company. If McDonald's experiences a shortterm bump in demand, accommodating it has repercussions throughout an extended supply chain. At large scale, change in demand can't be met by throwing a little more memory in a machine or sticking another server in the rack. It requires adding tens or hundreds of systems and terabytes of storage. And when the demand lowers, the large standard deviation necessitates releasing just as many servers or just as much storage.

Dynamic vs. Orchestrated Obviously, the scenario I've just laid out is what cloud computing is designed for. The UC Berkeley RAD Lab Cloud Computing report identifies the "illusion of infinite scalability" and "no long-term commitment" as key characteristics of cloud computing, which address the challenges we just saw.

Vol/5 | ISSUE/04

Coloumn_Cloud_Computing.indd 17

fashioned hands-on methods. This essentially leaves the established practices, designed for an older, smaller-scale computing world, in place — with the inability to adjust to the future of IT operations. Failing to improve a set of processes to respond to a changed world is sometimes characterized as "paving the cow paths." Automating initial provisioning while leaving ongoing operations unchanged is, perhaps, worse: it's strapping a jetpack to the cow, but hewing to the same old paths. More importantly, it leaves IT organizations exposed to being unprepared for the future needs of large-scale application management. Tomorrow's applications will require more than orchestration; they'll require dynamism — the ability to rapidly, seamlessly, and transparently adjust resource consumption, all without human intervention. Absent dynamism we're left with buggy whip processes in a motorized world. It can't be put any more bluntly than this: just as the (perhaps apocryphal) story about telephone call growth projections in the 1930s predicted a future in which every woman in American would be needed as a telephone operator, the growth of computing will, if current processes are left unchanged, require every able-bodied technical employee to be administering machines in the near future. Just as the future of every woman donning a headset never came to pass, neither will the future of massed ranks of system admins be economically unworkable. REAL CIO WORLD | FEBRUARY 1 5 , 2 0 1 0


2/9/2010 6:51:58 PM

Bernard Golden

Think Tank

The nature of iT operations will change as much over the next five years as it has in the past fifty. There's no question that cloud computing is the future of computing. What This Means The nature of IT operations will change as much over the next five years as it has changed over the past fifty. If you thought the Internet changed computing, wait until you see big data and the applications it engenders. There's no question that cloud computing, whether a public or private/ internal variant, is the future of computing. The challenge is that most of us (and I certainly include myself in this) have not yet begun to fathom the implications of infinite scalability and highly variable demand. We can expect to see massive stress in IT operations as it grapples with how to respond to workloads that are orders of magnitude larger. And, just as many mourned the passing of the friendly, service-with-a-smile telephone operator, many people, both inside and outside of IT, will grieve for the old days of smart, hands-on system admins.

Predictions for a New World Order: A need for highly-automated operations tools that require little initial configuration and subsequent ‘tuning’ because they operate on AI-based rules. A huge amount of turmoil as sunk investment in outmoded tools must be written off in favor of new offerings better suited to the new computing environment. A change in the necessary skill sets of operations personnel from individual system management to automated system monitoring and inventory management. A new generation of applications designed to take advantage of new computing capabilities and respond to the needs of huge data. CIO

Bernard Golden is CEO of consulting firm HyperStratus, which specializes in virtualization, cloud computing and related issues. He is also the author of "Virtualization for Dummies," the best-selling book on virtualization to date. Send feedback on this column to


f e b r u a r y 1 5 , 2 0 1 0 | REAL CIO WORLD

IMPORTANT. RELEVANT. INSIGHTFUL. Worldwide, CIO's and Senior IT management as well as the many functional managers responsible for implementing IT tactics and strategy within their organisation look to ComputerWorld for the most trusted take on technology. ComputerWorld is now in India. And it's online. Log on to today.


Kenneth van Wyk

Applied Insight

Eradicating the Problem It’s time we stopped tinkering and started fixing root problems or these five big security mistakes will continue to haunt us forever.


ow that the first salvo of New Year articles predicting the future are ending, I think it's a good idea to also take stock of where we are before we chart our course forward, so we can truly improve things for the future. You see, one of my pet peeves with our industry is how abysmal we tend to be at learning from our mistakes. Rather than blithely charging forward only to repeat those mistakes, let's study them and learn from them a bit first. With that, here are a few things (in no particular order) where we are making some really big mistakes. These are, in my view, some of the real fundamental causes of the biggest problems we're dealing with today — and into the future, no doubt.

Reliance on Signature-Based Defenses

Illustrat io n by MM Shan ith

We've seen this for years, and yet we keep doing it. In the late 1980s when PC viruses first started popping up on our systems, vendors started providing tools to detect and remove known viruses. Yet, pretty much every technically inclined person at the time acknowledged that these signature-based products were short-term solutions to a bigger problem. That same mistake was repeated when intrusion-detection systems (IDS) started to become popular in the late 1990s. Indeed, many of today's most prevalent IDS and intrusionprevention products still rely on static signature databases to detect attacks. Sure, the products have improved greatly, and the signature engines have gained capabilities like regular expression parsing and scripting to make them more accurate. But the underlying issue remains. 20

F E B R U A R Y 1 5 , 2 0 1 0 | REAL CIO WORLD

Coloumn_Security_Mistakes.indd 20

Vol/5 | ISSUE/04

2/9/2010 3:30:21 PM

Kenneth van Wyk

Applied Insight

Until we start really pushing for positive validation approaches — mechanisms that only allow things that are safe and prevent all others — we're going to continue to be ‘surprised’ by novel attacks. To do positive validation, we need to understand the context of what is going on, which means the solution must reside in (or very close to) our application software. I know full well this is much easier to say than to achieve, but we have to do much better.

Penetration Testing Penetration tests are a vital part of our security arsenal, but relying solely on them to determine whether an application or system is secure is downright negligent. The reason for this is that penetration testing tools and techniques are all too often simply based on network and application scanning. These are inherently outside-inside approaches that fail to look deeper into the underlying software architecture, design and source code. Any responsible security testing program must include appropriate design and source code reviews, in addition to other rigorous dynamic testing (module/API fuzzing, for example). All this, of course, in addition to penetration testing.

Erosion of Software Understanding

of our business systems, and then expect miracles. Instead, we get disappointment all too often. There's nothing wrong with stopgap solutions to nasty problems, but we have to recognize that they're just that: stopgap solutions. If we're not also keeping a diligent eye on the underlying systemic issue, you end up with ugly mishmash systems that are bound to fail at the worst possible time.

Overly Optimistic Code This topic is a bit out in left field, but it's something I've seen repeatedly. Many times, the software we rely on is written far too optimistically. Anyone who has written a line of code has no doubt made this sort of mistake — I know I have. What I mean by this is that our software often written with the assumption that the actions it takes will work just fine. A file written to disk, for example. We assume there'll always be adequate disk space to hold the file and that the write operation will work cleanly. The truth is that computer environments often throw unanticipated obstacles at us that cause our assumptions to fail in spectacular ways. And many of these failures have significant security ramifications: customer records stolen, authentication credentials spoofed, and so on.

Take on the mind-set of someone walking across a busy street with a toddler in tow. It is up to the adult — your software developer — to anticipate fail states and to keep the toddler safe.

When I got started in this industry in the late 1980s, it was pretty much a given that folks who had the title of system administrator were adept at programming. Nearly everyone in the field had at least a solid computer science background of some sort. Look around today, though, and you'll see that information security has branched out into its own specialty niche and has fewer and fewer practitioners who can even read software source code. This is a grave mistake, folks. It's not enough for us to know how the latest exploit (and exploit tool) works. We all really need to maintain a deep understanding of the underlying technologies we're working with. It is considered essential for security techies to keep up with the latest security technologies. Nearly everyone among us reads the likes of full-disclosure already. That's all well and good, but we've got to take that deeper.

When doing system reviews, I always look for and encourage an attitude that anticipates things going wrong. Take on the mindset of someone walking across a busy city street with a toddler in tow. It is up to the adult — the software developer, if you will — to anticipate fail states and to keep the toddler safe. When we adopt that kind of attitude in our code, things like positive input validation become obvious. These are just a few things to consider as we dive into 2010 and beyond. And no, I don't have all the answers, by any stretch. These are tough problems, but the only way we're going to stand a chance is if we understand them and work toward doing better. CIO

Bolt-on Security Whenever we read about a new attack tool or technique, it's a natural reaction to want to ensure that our business systems are properly protected against it. When they're not, we seek the quick fix. That's all natural and expected. But that search for a quick fix often leads us down a path of bolt-on security. We buy a product from a vendor, put it in front

Vol/5 | ISSUE/04

Coloumn_Security_Mistakes.indd 21

With more than 20 years in the information security field, Kenneth van Wyk has worked at Carnegie Mellon University's CERT/CC, the US Department of Defense, Para-Protect and others. He has published two books on information security and is working on a third. He is the president and principal consultant at KRvW Associates LLC. Send feedback on this column to

REAL CIO WORLD | F E B R U A R Y 1 5 , 2 0 1 0


2/9/2010 3:30:21 PM

Reader ROI:

The different routes to be CEO Why it’s less about risk and more about interest The importance of trust

The INSIDE NSIDE DER DE RS By Anup Varier, Priyanka and Sneha Jha

A small but growing number of CIOs are earning a place in the inner circle as CEOs. Their success and failures hold lessons for CIOs looking to redefine their roles as business leaders.


F E B R U A R Y 1 5 , 2 0 1 0 | REAL CIO WORLD

Pg32 4 2 g P

han Chau IO: h s i h As as C ies Job r Last e Indust tion: c n na a i g l i Re es D t n e Curr CEO bay ty p e D u ny: Bom a p e Com Exchang 2 crore k 9. Stoc ue: Rs 11 quarter) , n e uity 009 Rev ber 2 ding in eq m e c a (De : Tr d ts an rings Offe strumen rovides p in debt ives. Also t a d in deriv trading. abble D : p e onlin to the To . e Rout y of roles a r r an a

Pg 28

arma y Sh CIO: a j n Sa as Job Last nk tion: Ba igna s IDBI e D ent Curr d MD h Intec an IDBI 0 crore CEO : y n pa 10 Com ue: > Rs es IT n e rovid Rev gs: P I’s group hird n i r e DB at Off s to I d is also r the e c i v an ser r fo anies ovide comp ervice pr s party ector. ok p: To s BFSI to the To oth, high e m t u m o a R m ge of . char projects e l i f pro

ande eshp : D r a Chin b as CIO dia In Jo Last on Retail ion: o l a t n ig at Pan t Des n e r r Cu e IT eativ r C CEO : pany Com riti) re (C 0 cro India e: Rs 40 nu Reve revenue) , CRM, p BI (grou gs: ERP, ent, n i r e e gm Off mana nd e g n d re a cha ructu ement an . t s a r g g a inf n n i d nsult ty ma facili ement co Leverage : g p a o n T a m he e to t kills. Rout working s et his n


an of the Match By Sneha Jha

From finance to technology and then to corporate communication, Ashish Chauhan has played at every position possible. And now he has a team of his own to captain.

It’s rather strange. Every time Ashish Chauhan, deputy CEO, BSE, starts a new innings, he’s welcomed by bouncers. Take his stint at the IPL, for instance. As CIO of Reliance Industries Chauhan had held various positions within the organization that shot him into the spotlight. This garnered him so much management trust that they offered him the coveted position of the CEO of Mumbai Indians (the IPL team owned by the Reliance Group) — a role that he grabbed with both hands. But as soon as he took on the mantle of heading one of the most popular teams in the IPL, a spat between the Indian government and IPL’s management shifted the venue for the matches from India to South Africa. This meant increased expenditure, more complex logistics, having to make the team popular in a new country and scoring points with the media. But 41-year-old Chauhan was unfazed. Having headed the corporate communication department at Reliance, he knew what it would take to get media mileage. Not only that, he managed to use his interpersonal and PR skills to garner popularity for his team on foreign shores. “I used my entire gamut of skills to get my team ahead. I translated my people management skills into effective leadership,” says Chauhan. That’s why being a CEO isn’t everybody’s cup of tea. It is Chauhan’s belief in taking on different responsibilities and grabbing every opportunity — IT or otherwise — that helped him reach where he is today. Chauhan credits his decision to head corporate communications for helping him become a better CEO. “I wanted to identify other relevant areas of business and apply myself to them. I wanted new roles in which I could have a profound impact in delivering value to business. I believe one must diversify ones skills. If you harbor the dream of being a business executive, you need to hone your skills in each and every aspect of a business,” he says. 24

F E B R U A R Y 1 5 , 2 0 1 0 | REAL CIO WORLD

“It’s all about being a jack of all trades and the master of most.” What sort of CIO makes for the best business leader? Ashish Chauhan: Not being a straightjacketed CIO. I think the best thing to do is to take on responsibilities from different lines of business. It’s all about being a jack of all trades and the master of most. Being multi-skilled gives you the confidence to take on different roles. A CIO has a unique end-to-end view of business and he should leverage this advantage for his career advancement. What helps make the transition from a CIO to CEO? It’s good to have a formal business education. A CIO could probably try to acquire a part-time MBA or some other executive or management development program run by various management institutes. In my case, having a management degree has been immensely helpful. I learnt a lot about the dynamics of business and I applied those learnings to a real-time business environment. This ensures that when an opportunity arises I can seize it. Second, CIOs should be a part of their company’s strategy formulation process. If CIOs keenly observe their management’s decision-making process, they will acquire important insights into how the business thinks. Consequently, they will begin to treat IT as a strategic tool. How did you prepare yourself for the transition? After an education in management, I joined as a financial expert in IDBI. And then the IT role came at an opportune time in NSE. During my tenure at NSE, I concentrated more on business and gave up the technology role entirely. Then at Reliance Infocom (now Reliance Communications), technology returned to center stage. My career path is strewn with opportunities – be it business or technology. Solid experience in both fields pitch-forked me into prominence and gave management the confidence that I could fulfill their needs in different areas of business.

First Innings Juggling different roles has been a part of Chauhan’s career ever since he started in 1991. An alumnus of IIT Mumbai and IIM-Calcutta, Chauhan joined as an industrial finance officer in the project finance department of IDBI. During his two-year stint at IDBI, he delved into the strategic parts of business including financial planning, designing revenue models, managing project finances and fund raising. This experience, coupled with an adeptness for technology, made him the founding member of the NSE (National Stock Exchange). All of 25, Chauhan was cherry-picked to establish India’s largest automated exchange with four other people. He was instrumental in providing NSE with a first-mover advantage by setting up its satellite

Vol/5 | ISSUE/04

P hotoS by Sr IVatSa ShandIlya

Cover Story | CIO Role

Ashish Chauhan

Deputy CEO, BSE, honed his skills in multiple business areas before becoming a business leader.

Cover Story | CIO Role communication network. This enabled screen-based exchange as opposed to floor-based trading. But this was just one of the industryfirsts that Chauhan is responsible for. After quickly moving on to a more challenging business role, where he set up operations of equity and derivatives markets for over seven years, he created the NSE-50 Index, the largest traded stock Index in the Indian derivatives market. After having acquired an in-depth understanding of the financial market, Chauhan knew he had to search for greener pastures. “My perennial quest for new opportunities to create value for business led to my own capacity expansion and diversity. Diversity in my experience has given me an understanding of the various nuances of business,” he says. That quest brought him to Reliance where Chauhan faced his first bouncer. He joined Reliance Infocom at a time when the company was planning to revolutionize the Indian telecom market by introducing CDMA technology and offering it at a rate that made it affordable to everyone. “The execution of this project was challenging. I had to modify the billing system to get one million customers to Reliance Infocom every month,” he says. Although, he acknowledges that it wasn’t easy, Chauhan knew that a good leader stays calm on the face of challenges. “The target was very ambitious and I had to put in place robust processes to avoid pitfalls like a lack of a consistent database of customers. I set up a real-time data entry system, which not only added considerable value to the business but also introduced prepaid in CDMA technology for the first time,” says Chauhan. That project went a long way in proving that Chauhan could be trusted with

enterprisewide projects, touching millions of users. So, as the group CIO of RIL, he was handed the responsibility of implementing SAP. This project would provide a coherent framework for IT implementation, operations and maintenance in manufacturing, petrochemicals, refining, life sciences, consumer retail, urban infrastructure and several other Reliance group initiatives. Under his leadership, this project was executed in less than five months. Apart from that, he was also involved in the legal and commercial activities related to a de-merger of the Reliance group in five companies. For Chauhan, 19 years of extensive exposure to diverse areas of business have manifested itself in the form of an impressive track record. “The biggest benefit of taking on new roles was that I could acquire a unique end-to-end-view of the business. This gave management the confidence that I could take on any role with aplomb,” says Chauhan. Dabbling in an array of roles and leading from the front have taught Chauhan to deal with anything thrown at him. It’s this quality that led him to join the oldest stock exchange of Asia, the BSE, as its deputy CEO in September 2009. It’s been quite a journey. He has a word of advice for CIOs who want to step into the shoes of a CEO. “Risk-averse CIOs risk missing opportunities and making decisions that drive value for their career. A CIO should not adopt a straitjacket and purist approach in accepting opportunities that come his way. Seizing every opportunity helps accelerate and manage the transition to a full-fledged business role. I believe in doing my best to the utmost of my ability,” he says. That’s an all-rounder talking.

Lessons In Recovery

Entrepreneurs average 3.8 failures before final success. What sets the successful ones apart is their amazing persistence. — lisa M. amos

When you’re CEO risk is a constant reality. But that doesn’t mean the end of the road.

Ishwar Jha, former CEo, digital igital Media Convergence, is a man who has been there, done that — and is going back for seconds. In 2006, Jha, then a senior VP at Zee Entertainment, was asked to set up digital igital Media Convergence (dMCl), ( a whollyowned subsidiary of Zee that aimed to tap the potential in the Web and mobile V VaS space. Making Jha its CEo fit perfectly with the trajectory of his career graph. but ut in 2009, after a battering from the slowdown, the $2.5 million (about rs 11 crore) dMCl l was re-absorbed into Zee Entertainment and Jha stepped down. Interestingly, dMCl l wasn’t Jha’s first entrepreneurial initiative — nor his last. back when he was just 18-years-old and fresh from his higher igher Secondary exams, he rented and farmed land and made a clean rs 6,000. and nd as a senior VP at Zee, Jha incubated a number of money-making ideas for entertainment giant including the 57575 mobile platform and India’s first commercially deployed mobile tV service. but at dMCl l he was met with challenges he hadn’t foreseen. the CEo platform is a compelling environment where cost-optimization and operational efficiency aren’t easy issues to tackle, he says. achieving this while keeping expenses under control is a test that makes the role of any CEo CE a challenge. “and as if that isn’t enough, there are hurdles of mobilizing resources and attracting quality talent while heading a company that is not already wellestablished,” says Jha. t today, oday, Jha is head digital Services at Zee Entertainment, where once again he is brewing up new business initiatives. “I generate ideas and put them up in front of the board,” he says. but even his new responsibilities can’t dampen Jha’s entrepreneurial streak business. “this “ is definitely my last job,” he says. “Unless something goes drastically wrong, I will set up my own business after this.” — anup Varier

Cover Story | CIO Role

“I didn’t want to confine myself to a single function.”


laying for high stakes By Sneha Jha

Sanjay Sharma threw himself at projects that changed the way business did business. By choosing to grab these opportunities, he made his presence felt and bolstered his chances of being CEO. “Nothing speaks louder than success,” says 43-year-old Sanjay Sharma, CEO and MD of IDBI Intech. And he should know, because that’s the route he took to occupy the CEO’s cabin. After working at SBI for four years, Sharma took charge of IT at IDBI Bank in 1995. By that time, he knew that he wanted to see himself running a business. But he also knew that mere interest wouldn’t take him the distance. He would need his management’s backing. And one way to do that was to gain visibility across the board. So, Sharma took on projects that differentiated him from other CxOs and earned him recognition not only from within the organization but also within the industry. “It’s all about getting your success story out and being ‘visible’ internally as well as in the industry by way of industry conferences, seminars and leadership panels,” he says. One such opportunity came in the form of a merger between IDBI (which was a development bank) and IDBI Bank (the corporate banking wing of IDBI) in 2004. The former CEO of IDBI Bank Guneet Chadha, wanted to convert IDBI Bank into an aggressive commercial bank that would offer a complete bouquet of banking services. However, the project called for an enterprise-wide realignment of business processes and technology. The scale and scope of the project was monumental because the bank had to migrate all the branches of the new entity to a centralized platform under the name of IDBI Bank. Just the thought of what needed to be done made people within the IT department — some who were twice Sharma’s age and experience — apprehensive. But with help from his peers Sharma completed the project. The training of the entire staff was completed in less than six months and the actual implementation took only between six and 28

F E B R U A R Y 1 5 , 2 0 1 0 | REAL CIO WORLD

What drove you to the CEO role? Sanjay Sharma: After playing an IT role for 14 years in the banking industry, I had built close relationships in the business circuit. I reached a point where I wanted to create new technologies for the industry. I realized that there is a lot of potential in the market. Being a business-minded IT executive, I could appreciate the needs of the business. So, I decided to switch to a business role. Also, I didn’t want to confine myself to a single function. What’s the most important thing a CIO needs to do in order to make the transition? That would have to be experience across different departments including sales, marketing and finance. A business executive has to walk the tightrope while overseeing different lines of businesses. A CIO should speak the language of his executive peers. He should have a sound knowledge of the industry in which his company is operating. He should also know the ecosystem and the competitive challenges of his sector. What challenges did you face in the course of heading IDBI Intech? When you are starting a company from ground up, micromanagement is the most important thing. Because none of my team members had any experience in business, I had to get into every small detail of the business. Handling independent financial statements was another issue. It involved a fair amount of number crunching. It’s also tough to keep your team motivated while handling customer demands. Your vision should be communicated to the bottom of the pyramid. This helps you achieve targets easily. I also draw on analogies from movies. People relate to them instinctively. Whenever we have steep targets, I ask my team to handle it with a ‘Chak De’ spirit. And they put their hearts and souls into everything they do.

eight weeks. The project was so transformational it’s still used as a case study within the industry. For Sharma, the project was a milestone because he met dynamic business needs, managed a large team and executed an important project within budget and on schedule. More importantly, it got the bank’s management to look at him with new eyes. “My executive peers had seen me accomplish enterprise-wide mega projects. They had seen me play a proactive role in leading enterprise change. Management had the faith that

Vol/5 | ISSUE/04

Sanjay Sharma

CEO and MD, IDBI Intech, says it’s important to chose the right opportunities to showcase your skills in order to get management to believe in you.

Cover Story | CIO Role I could take the lead in delivering business results. Their confidence strengthened my case and bolstered my cause,” says Sharma. Sharma didn’t stop at that. In 2005, IDBI Bank acquired the Rs 70-crore United Western Bank (UWB), whose profits were dwindling. IDBI wanted to leverage UWB’s distribution channel to align product, service offerings, and its operations to tap into new areas of business. Sharma proved his mettle yet again by integrating 175 UWB branches with on core-banking systems to a common platform. Because IDBI Bank demaded no downtime, Sharma adopted a big bang approach and integrated 175 branches in a single day. “The projects not only gave me business insight but also catapulted me as a potential leader in the eyes of the management. The point is that even as I managed these projects as a CIO, I always thought and acted in terms of cost efficiencies, profits, and value for money. This inspired confidence that I could drive a business,” says Sharma.

Brand New Territory A year later that confidence took shape when he was asked to head IDBI Intech (a wholly-owned subsidiary of IDBI that takes care of the IT-related activities of the IDBI group companies). The 52-strong IT team from IDBI bank was shifted to IDBI Intech and Sharma became its CEO and MD. What’s significant is that IDBI Intech was in a dormant state, when Sharma took over. The company, which was started during the IT boom in 2000, hadn’t recovered from the slowdown that had clipped its wings in 2001. But today, the company rakes in profits of over Rs 100 crore. That’s primarily because Sharma realized that there were lucrative opportunities for his company in the BFSI sector. He convinced his management to harness IDBI Intech’s potential and then met external clients. “Getting your first deal is difficult even if it is free. I personally went to meet potential customers, gave them a patient ear and tried to understand their demands. In order to forge strategic alliances with the customers, you have to be more outward facing. I had to orchestrate everything,” says Sharma. Today IDBI Intech has 22 clients across India, the Gulf and East Africa. It helps that Sharma has spent 19 years in the banking industry and that has acquainted him with the nuances of business management. But it still required Sharma to adopt a customer-oriented approach in everything he did and explore new areas of business. Initially, his firm focused on providing IT services to the group businesses of IDBI, but Sharma decided to offer services to other players in the IT intensive BFSI sector. However, it was not easy. “Convincing your customers that you are not just the IT subsidiary of IDBI and can deliver services in a neutral environment is a tough job” he says. 30

F E B R U A R Y 1 5 , 2 0 1 0 | REAL CIO WORLD

One should fully exhaust all the inherent potential in the CIO’s job before taking on other roles. not all It leaders are hypnotized by the call of CEo-dom. Subodh dubey, CIo of Usha International, is amused by the constant chatter around ‘moving on’. “Strengths, capabilities and aspirations vary from person to person. I’ve always felt that there is so much to do in my field, which only a CIo can do, because he is trained to do so. I think that one should fully exhaust all the inherent potential in the CIo’s job before taking on other roles,” he says. but by doing that aren’t CIos alienating themselves from teams that contribute directly to the bottomline? dubey doesn’t think so. “I am a part of the core teams of hr,, supply chain management, and even sales, marketing and finance. I have developed competencies to understand their needs and then improvise ways to achieve business goals through It. I and doing so makes me happy,” he says. that, in turn, empowers him to generate revenue for the company. “I see a lot of opportunity to help business in terms of revenue generation and increasing productivity by improving the supply chain, sales and marketing, etcetera.” Catering to business needs is one thing, but CIos are constantly hounded about aligning It with business goals. “business-It alignment has been a buzzword for a long time. We have heard many say that business goals and It goals should be treated as one. but for this to happen, one must understand how to enable business through It. that’s why I say there is lots of scope, and lots of work that a CIo can do,” he says. So where does he see himself 10 years down the line? “Working as a global CIo for a fortune 500 company, “ he says “because even as a global CIo, I think there are many things that need to be taken care of.” — Priyanka

From working on the biggest projects as a CIO and reviving a dwindling company as a CEO, Sharma has come a long way. Today, he plays both roles as he is also IT advisor for IDBI. “A CEO should be very patient with customer demands and should involve all the people on board to achieve targets. Your vision should be communicated to the bottom of the pyramid. Only then everyone in the chain will work towards meeting customer demands. It’s a tough balancing act,” he says. And that’s what sets him apart.

Vol/5 | ISSUE/04

Cover Story | CIO Role


etworking to the top By Anup Varier

Chinar Deshpande made friends and nutured them. Years later, he called on them in his push to be CEO, proving that buildng bonds isn’t just good advice — it’s a very real way to grow a career.

Seated in the chair of the CEO at the heart of a plush 10,000 sq. ft office facility and a datacenter that can support upto 15 companies at, it is clear that the 41-year-old Chinar Deshpande is having a ball. But this luxury wasn’t gifted to him on a platter. It was built brick-by-brick on the strong foundation of relationships. It all started with the bonds that he built during the three years that he spent as senior IT manager at HLL (Hindustan Lever). “To begin with, I was no different from a traditional Indian good student, fulfilling the traditional Indian dream by enrolling myself into an engineering course,” Deshpande recalls. But, he says, he was always thrilled by the prospect of running a business. So, after completing his masters, he enrolled into the University of Louisville for an MBA in operations and healthcare management. He joined HLL in 1997 as senior IT manager. In 2001, Deshpande started his first stint as CIO at the India operations of the Dodsal Group — a construction and infrastructure company in Dubai. In just under three years, he had created a stable IT strategy for the company, and Deshpande felt that it was time to seek new challenges. Those new challenges were waiting for him right around the corner. Known for his sharp negotiation skills, Deshpande also possesses the ability to talk his way to the top. That’s why, in 2004, Future Group’s retail arm, Pantaloon Retail India offered him the CIO’s job. But joining a company when its industry is in a growth phase is never easy. Deshpande’s first task was to ensure that the company’s systems were ready to scale up to match its growth. To do that, Deshpande deployed SAP that armed the company with accurate data in real-time to make quick and precise decisions. Providing business with IT solutions is one thing, but a CIO’s biggest challenge is getting management buy-in. That’s where Deshpande scored. “When I had to convince the group of an internal IT project, I would first talk about the challenges we faced and then explain the business benefits of the technology,” he says. Deshpande was also able to develop acquaintances with business heads. “They were no longer just my internal customers, but were friends within the group.” 32

F E B R U A R Y 1 5 , 2 0 1 0 | REAL CIO WORLD

“CIOs tend to use technological jargon as a shield for job security.” How did you chart your course to become CEO? Chinar Deshpande: From the very start, I felt that if I had the resources I could do a lot more. After getting an engineering degree, I immediately moved on to do my MBA as I was clear that this would help me handle a business leadership role. So even before I started playing senior roles in the IT field, I had already completed my management education with a clear intent that one day I would like to head a company and be responsible for business and not just an independent IT function. What has this journey taught you? I realized quite early that as CIO, my primary objective was to understand all the aspects of the business and then design a strategy that encompasses the vision of the company and its growth plans. Another thing that made an impression on me was how Mr. Biyani, MD of Pantaloons, was keen on promoting innovation and out-of-the-box thinking within the group. He was always open to ideas that could help him expand the business. If somebody wanted to leave the group to pursue other opportunities, he was always willing to let go. His opendoor policy helped me move into my new role at Criti. Why do CIOs get stuck just being CIOs? Typically, CIOs tend to unnecessarily complicate matters when it comes to technological issues. For job security they maintain a certain level of secrecy around things. They tend to use technological jargon as a shield for job security. This, I feel, doesn’t help them grow. I make sure that even if I have to convince the group of an internal IT project, I would first talk about the challenges we are facing and then talk about the business benefits of the technology. This lets the management see that you are thinking in terms of business and not just technology.

And it was during one of his water-cooler conversations with his friends, that Deshpande’s business acumen was first noticed. That’s how Deshpande found his way into Future Group’s CEO Kishore Biyani’s core management team. He soon started contributing towards mentoring new recruits and management trainees, organizing brainstorming sessions on marketing and more importantly, expanding Pantaloons’ business. “In 2004, Pantaloons was a Rs 350-crore company with 20 stores. When I left the organization three-and-a-half years later, it was an Rs 8,000-crore company with over 900 stores,” he says. But, though he was part of Pantaloons’ growth story, he was still an employee.“I was already in talks with Mr. Biyani to play a role in Vol/5 | ISSUE/04

Chinar Deshpande

CEO, Criti, mixed a strong entrepreneurial streak with inherent networking skills to become CEO.

Cover Story | CIO Role

A Little Give; A Little Take

not ot a single person whose name is worth remembering lived a life of ease. — anon

In the journey to being boss what sometimes seems like a step back,

is actually a step forward.

It’s unlikely that alok lok Kumar, former senior VP at reliance Infosolutions, would have changed any of decisions he made even if he had read that quote. In 2008, as a member of the top brass at rs 19,068-crore reliance eliance Infosolutions, Kumar admittedly had a cushy life. backed acked by a gold-plated resume from years of working with companies like hutchison, reliance eliance Infosolutions, and reliance retail, he was at the top of his game. then, hen, he chucked it all in exchange for the thrill of entrepreneurship. “I’ve always looked for change and adventure. If I’ve grown it’s because I’ve taken risks and decisions that were different from what others would have taken,” he says. that’s hat’s exactly what he did in 2008 when he moved on from reliance and started Comfy Clover Consultancies. one ne of his first clients was Sears holding olding Corporation, the fourth-largest retailer in the US, which wanted him to assess the plausibility of running an It It services business in India. his is work impressed them so much that they wanted him to run their Indian operations. “I think, initially, they hired (my firm) to determine how well I understood the dynamics of the market,” he says. It was an offer he could not refuse, says Kumar — despite the fact that he would be heading a captive unit that only provided services to the Sears Group. Kumar represents a rare breed of leader; one that has been CIo CI then CEo of his own firm and then CEo CE of a captive unit. “the he key difference between being the boss of your own company and the CEo CE of another is that suddenly you have a big brand behind you. It definitely puts you on another plane and people treat you differently.” Kumar says he has the independence to make his own decisions — and in return for being the boss of someone else’s company he has both financial backing and a brand. It’s the trade-off he’s willing to live with — especially since he plans to offer It t services to companies outside the Sears group after two years. — Priyanka

Future Group as a business head or to setup my own company which he would fund,” says Deshpande. While he was in discussions with Biyani, he went on a vacation to the US. He was about to get lucky.

The Big Break A US-based IT company, Creative Information Technology (CITI), which offers identity management solutions wanted to move into India. So, the board of directors approached the then chairman of Computer Society of India (who prefers to stay anonymous) for the CEO’s post for their Indian operations called Creative IT India (Criti). While CITI set up its India operations it also wanted to get a feel of the market and longed to meet an Indian CIO from a reputed Indian company. Deshpande’s networking skills stood him in good stead again. The CEO of Criti was the former CIO of HLL and a good friend of Deshpande. The CEO soon arranged a meeting between Deshpande and CITI’s board of directors. With over a decade of experience in the retail sector behind him, it didn’t take much for Deshpande to impress them. Criti represented just the sort of opportunity Deshpande was looking for. “I didn’t run the risk of investing my own money. My responsibility was to scale up operations and take it to a new level,” he says. Deshpande joined Criti as a director under the then CEO in 2007. Because the CEO was about to retire, Deshpande was offered the job. It wasn’t going to be easy as he had to keep track of RBI regulations, understand Indian tax laws, HR and payroll and 34

F E B R U A R Y 1 5 , 2 0 1 0 | REAL CIO WORLD

generate balance sheets. But his challenges had only just begun. Criti didn’t have the luxury of unlimited funds from its parent in the US and business wasn’t easy to come by for the new company. “The recession of 2008-09 triggered by the financial meltdown in the US only made matters worse and getting new customers in a market characterized by tighter budget constraints was a real pain,” he recalls. Deshpande also realized that he was no longer in the position of power that CIOs enjoy. “As CIO, I was the customer and IT companies were my suppliers. But suddenly, the tables turned; I need to go doorto-door either to ask for more business or to ensure that our customers are satisfied or even just to collect our dues! It’s a very humbling experience,” he admits. Today, after about two-and-half years in Criti, Deshpande has expanded the company to cater to the IT needs of healthcare and pharma, government, education and entertainment. Its clientele includes big names spread across the world like My Dollar Store, HUL, Aditya Birla Group and Spencers, to name a few. Would Deshpande go back to being CIO? “Only if it is an exceptionally challenging role,” he says, “which involves influencing IT strategy across geographies and only if IT defines the future of the business would I think of going back to being CIO.” CIO

Send feedback on this feature to

Vol/5 | ISSUE/04

What Makes You Diffe fFromre fe r Them nt

Cover Story | CIO Role

By Michael Swenson


CIO Executive Council in collaboration with executive talent, recruitment firm Egon Zehnder International determined that the competencies listed below are core to C-level executive success. Which level are you?

STRATegIC ORIenTATIOn Strategic orientation is about the ability to think longterm and beyond one’s own area. It involves three key dimensions: business awareness, critical analysis and integration of information, and the ability to develop an action-oriented plan. Basic | Knows the objectives for one’s own area. Moderate | Has greater understanding of the organization’s strategic context and the ability to align with and contribute to it. Advanced | Generates a strategic plan that integrates numerous business issues, functions and resources for effective action.

CuSTOMeR IMpACT p pACT Customer impact is about serving and building valueadded relationships with customers or clients, be they internal or external. Basic | Willing to help reactively and seeks out information to understand the client better. Moderate | Understands the customers’ needs and uses this knowledge to anticipate future customer needs. Advanced | Proactively shapes the customer value proposition including but also well beyond the transactional relationship. Most Advanced | Has a high-impact relationship with one or more key external clients, with the ability to envision and advocate a mutually beneficial long-term partnership between one’s own organization and the client organization. 36

F E B R U A R Y 1 5 , 2 0 1 0 | REAL CIO WORLD

And how to become CEO. MARkeT knOwLeDge

Market knowledge is about understanding the market in which a business operates. This business context can include the competition, the suppliers, the customer base and the regulatory environment. Basic | Knows the basics of the market and business context. Moderate | Knows the market well enough to spot trends. Advanced | Anticipates, capitalizes on and possibly drives changes in the market.

COMMeRCIAL RCIAL ORIenTATIOn Commercial orientation is about identifying and moving towards business opportunities, seizing chances to increase profit and revenue. Basic | Knows how money is made and values doing so. Moderate | Prioritizes among and taps into available opportunities in one’s own area. Advanced | Invents new ways to increase commerce.

ReSuLTS ORIenTATIOn Results orientation is about being focused on the improvement of business results. Basic | Wants to do things well or better. Moderate | Meets and beats goals. Advanced | Introduces improvements, allowing higher goals to be set. Most Advanced | Transforms a business for significantly improved results.

ChAnge LeADeRShIp Change leadership is about transforming and aligning an organization through its people to drive for improvement in new and challenging directions. It is energizing a whole organization to want to change in the same direction.

Vol/5 | ISSUE/04

Results Orientation 5.5

Team Leadership


5 4.5

Market Knowledge

4 3.5

Change Leadership

External Customer Focus

3 2.5

Results Orientation 5.5

Team Leadership

Market Knowledge

5 4.5 4 3.5

Change Leadership

External Customer Focus

3 2.5

Collaboration and Influence

Commercial Orientation People and Organizational Development Average CIOs

Collaboration and Influence

Commercial Orientation

People and Organizational Development

Strategic Orientation Outstanding CIOs Outstanding CEOs


Strategic Orientation

Outstanding CIOs

Low | Accepts minor improvements or change in general. Moderate | Proactively challenges the status quo and points out what needs to be changed. Advanced | Mobilizes individuals or groups to change. Most Advanced | Creates massive coordinated change across an entire complex organization.

COLLABORATIOn AnD InfLuenCe Collaboration and influence are about working effectively with, and influencing those outside of, your functional area for positive impact on business performance. Basic | Helps if asked and supports people when required. Moderate | Is a genuine team player and effective influencer of others to get things done. Advanced | Creates partnerships and collaborative endeavors within the function or between functions. Most Advanced | Creates innovative partnerships that span the enterprise and reach beyond its walls.

finding satisfaction in influencing or even transforming someone’s life or career. Low | Identifies general areas for individual development among direct reports. Moderate | Provides feedback and guidance for each individual for their development. Advanced | Influences development of talent systemically across the enterprise for a broader impact on the organization’s capabilities.

TeAM LeADeRShIp Team leadership is about focusing, aligning and building effective groups both within one’s immediate organization and across different functions. Low | Uses a command-and-control style of leadership, providing goals but not a sense of purpose. Moderate | Actively engages with the team to drive performance. Advanced | Empowers and strengthens the team, delegating authority with the intent of enabling the team to work effectively without direct management. Most Advanced | Develops a high-performing team that delivers in a highly complex organization or situation. CIO

peOpLe AnD ORgAnIzATIOnAL DeVeLOpMenT People and organizational development is about developing the long-term capabilities of others and the organization as a whole, and

Vol/5 | ISSUE/04

Michael Swenson is research director of the CIO US Executive Council. Send feedback on this feature to

REAL CIO WORLD | F E B R U A R Y 1 5 , 2 0 1 0


Trendline_Nov11.indd 19

11/16/2011 11:56:19 AM


from the TOP

Taking the


By Gunjan Trivedi

In September 2000, Geometric Software Solutions issued a profit warning — a declaration that a company issues to inform its stakeholders that its profits would fall that quarter — becoming the first Indian company to do so. Its share price had fallen to Rs 52. But in just under two years, the company which provides engineering services and digital technology solutions for product lifecycle management (PLM), bounced back with a share price of Rs 338. It sure wasn't easy. Ask Manu Parpia, founder and vice chairman, Geometric Software Solutions. It took a spate of pink slips and a bunch of new ventures to put the company back on its feet. But those tough decisions have paid off. And today, those same ventures that were started on the face of adversity, are responsible for half of the company's revenue. Parpia took it upon himself to pull the company from falling off the edge and made it a market leader in its own right. In this interview, Parpia, a product of the Harvard Business School, shares what drives him and why IT innovation means competitive advantage.

You have always been able to spot changes in the IT market. How do you do that? View from the top is a series of interviews with CEOs and other C-level executives about the role of IT in their companies and what they expect from their CIOs.


F e b r u a r y 1 5 , 2 0 1 0 | REAL CIO WORLD

View from the Top.indd 38

Manu Parpia:

The first thing you need to be clear about is the fact that you cannot be always right. What matters is your mental makeup. You need to do two distinct things: first, constantly

listen to your customers. And second, harbor a fear of failure. Customers tell you what they need the most — not how you should innovate or come up with radically different products or services. That, you need to do yourself. But listening to your customers ensures that you are always abreast of evolving market changes. That keeps companies constantly driven and ensures that they

Ph oto by Srivatsa Sh an dilya

Manu Parpia, Founder & Vice Chairman, Geometric Software, says his recipe to be a market leader is to mix innovation with the fear of failure.

Vol/5 | ISSUE/04

2/9/2010 3:50:39 PM

Manu Parpia expects IT to: Initiate innovation Enhance customer experience Provide competitive edge

View from the Top.indd 39

2/9/2010 3:50:41 PM

View from the Top

come up with good ideas. It also forces them to keep their minds open, to think radically, and to develop solutions that meet relevant requirements. The fear of failure or the paranoia that their competitors are gaining on them, keeps companies grounded and on their toes. When this fear is added to innovative ideas that companies develop by listening to their customers, they create a path to get to the top and the ability to stay there. This is my recipe to gain competitive edge and be a market leader.

How can companies balance immediate business needs and still build vision? It is a fact that companies have to balance the two to survive. If you just keep looking at long-term goals, it is only a matter of time before you're dead. And, with shorter-term goals alone, you will not be able to survive for too long. Here, planning is quite critical for the organization that wants to figure out its long-term goals and then create a roadmap to achieve them. With the direction in sight, they will be able to move faster towards their goal. Another critical factor is to keep questioning that direction itself. Otherwise, you'll continue to be oblivious to the changes occurring around you, your organization, and your stakeholders. You need to remember that at every stage you are answerable to your stakeholders and it is your responsibility to do your best to ensure steady returns for them. If you are embarking on a plan that may not guarantee immediate returns then you should be transparent with your stakeholders.

How do you define success for an IT project? Let me give you an example. Let’s say you are implementing ERP at your


F e b r u a r y 1 5 , 2 0 1 0 | REAL CIO WORLD

View from the Top.indd 40

one question: Did you achieve what you set out to achieve?

"It’s fairly unreasonable to expect a CIO — who is not on the managing committee — to deliver outof-the-box." — Manu Parpia

organization, which promises to provide consolidated results in a very short time. If the project is not able to achieve that, then according to me, it's a failure. But if you have achieved your promised benefits by increasing your budget by 50 or 100 percent then the perception of that being successful changes. In that case, you can at least say that though you spent double, generations to come will benefit from your initiative and build further on, depending on their needs. But perception of success can be tricky and should be carefully dealt with becasue success means different things to different people. While success for a user means that his or her expectations are met, IT leaders may get lost in the specifics of a project. Even our development staff gets bogged down in the ‘how’ and not ‘what did you achieve’. The ‘what’ is more critical than the ‘how.’ I would say that the definition of success for a project boils down to this

How do you measure customer satisfaction? Well, a company may establish all sorts of indices to measure customer satisfaction. But, though there is no malignant intent, these indices can easily be distorted. Customers are usually nice people and when they give feedback they do not want to unnecessarily rock the boat. Hence, the real way to judge customer satisfaction is to figure out the number of issues that were escalated and whether you got repeat business. You also need to ask yourself if your users consider you a partner or a pain. If you are considered a partner, people will come to you with their problems. If you are considered a pain, people will avoid coming to you. This can simply be the best way to judge customer satisfaction.

How do you see engineering services and PLM technology solutions evolving in future? I think both engineering services and PLM solutions have been extremely conservative. In fact, I feel that in some ways they have been laggards as IT revolutions do not take place so easily in this domain. I think this is a mindset problem because even CIOs often keep themselves away from it. Though things are changing now and CIOs are increasingly getting involved with engineering IT, engineering services are still restricted to product design and manufacturing departments. It is considered a niche-within-a-niche and is controlled extensively by users. The engineering services and PLM on the other hand, still report to the relevant business groups and not to

Vol/5 | ISSUE/04

2/9/2010 3:50:43 PM

View from the Top

SNAPSHOT the IT department. The outsourcing opportunities in PLM and engineering services have been in the nascent stage for the last five years. They are developing at a far slower pace than BPOs and other IT businesses. That’s why I think it is a conservative sector.

Then, why are such niche tech domains enigmatic for CIOs? This has a lot to do with the size of an organization. While CIOs at smaller organizations are swiftly getting involved with the engineering and PLM technologies, CIOs at larger organizations are slow movers in that regard. Because if you are implementing SAP corporatewide in a large organization, it touches every element of the organization in one way or another. But when it comes to the niche aspects of PLM, it is relevant to no more than 15 percent of users. But things are changing and now we are approaching a number of our customers for our PLM solutions through their IT departments.

What is the best way for CIOs to sell ideas to their managements? The best way is to say that you will provide clear competitive advantage. I think it is the best way to get the full attention of your management. For example, in 1996, when I was at Godrej Pacific, we deployed a nationwide online network through VSATs for our supply chain. It provided our customers with an updated status of their stocks and receivables, among other things, irrespective of their location in India. None of our competitors had that edge. This project, thanks to IT, gave us the competitive advantage that lasted for about five years. Hence, I believe IT should strive to be more than just an enabler; it should be a provider of competitive


F e b r u a r y 1 5 , 2 0 1 0 | REAL CIO WORLD

View from the Top.indd 42

advantage. This way, IT has an opportunity to not only transform organizations and individuals, but also change market dynamics. Obviously, the second best way to get management buy-in is traditional and also effective in nature: establish concrete ROI justification.

Geometric Software Established:

1994 Headquarters:



Rs 600 crore

or a catalyst. A CIO’s role has to be driven by initiatives. However, it completely depends on the CIO. In my perception, most Indian CIOs are currently driven by costs and implementation rather than innovation. It's time that it changed.



What does senior management look for in an IT leader?

First of all, you need to have ownership. You must take responsibility for your decisions. Innovation is the other factor. You can follow the tried-and-tested path, but it is always nice to deviate and do things differently. I believe that senior management should expect IT leaders to continuously learn and innovate.

How would you define your leadership style? It is more important to consider what others perceive of my style rather than how I define it. I would like to believe that I am decisive and lead from the front. Rarely, would I ask someone to do something that I wouldn’t do myself. The core of my leadership style is integrity. I am upfront and say what I mean, obviously with reason, objectivity and responsibility. I am fairly aggressive and there is always a hint of paranoia in me that keeps pushing me, as I strongly believe that we as a company should always be at the forefront.

If a CIO is not in the managing committee, how can he add value to business?

Personally, I think CIOs need to be on the management team or managing council. I believe that any C-level person has to be there. I am sure CIOs would want to be among the top management. The fact that he is not on the managing council makes me wonder why one would stick on in such a company. If a CIO is not part of the managing committee he will be able to contribute just like any other employee who isn’t a part of the management council: by following instructions. It’s a fairly unreasonable expectation from a CIO, who is not on the managing committee, to deliver out-ofthe-box. He can be an implementer — not an innovator. Hence, I think it is critical for CIOs to be on the upper management echelon if they are to add significant value to business. CIO

Is an Indian CIO’s role driven by initiative or by the board? I don’t think boards can drive the role of a CIO, barring a few exceptions if there are any at all. The board can be an instigator

Gunjan Trivedi is executive editor of ComputerWorld India. Send feedback on this interview to gunjan_

Vol/5 | ISSUE/04

2/9/2010 3:50:44 PM


Baiting The

Customer Reader ROI:

How retailers are using social networks as a marketing tool Why cell phones encourage impulse buys The future of e-commerce


F e b r u a r y 1 5 , 2 0 1 0 | REAL CIO WORLD

By Kim S. NaSh

Forget the mall. Retailers are tapping Facebook and mobile phones to get closer to customers wherever they are. Vol/5 | ISSUE/04


IllUSt ratIon by MM Sh an Ith


t least 22 retailers have been driven into bankruptcy protection during the recession, including RedEnvelope and Eddie Bauer, or gone out of business altogether, like Circuit City. Blockbuster, Virgin Megastores and many more have closed stores. Survivors, suffering deflated profits and slow sales, warn of bleak holidays: The National Retail Federation predicts a 1 percent sales decline for the season compared to last year. Even Wal-Mart felt the slump, with same-store sales down 1 percent in its second quarter — its first such drop in years. Baby, it's cold outside. But smart retailers are going where it's warm: the hot little hands of cellphone — and laptop — toting consumers who want to shop right now, wherever they happen to be sipping their lattes or watching their kids' soccer games. Technology-backed projects to increase revenue include mobile e-commerce, coupons by text message, even storefronts on social networks. As enablers of these projects, CIOs are moving ever closer to the customer. Out of the recession develops one picture — finally — of what true business-IT alignment looks like, says Drew Martin, CIO of Sony Electronics. "IT is becoming part of the product offerings." Whether that's hotel kiosks, mobile banking, hospital patient portals or retail, CIOs are getting their IT groups to the front line in the competition for consumer dollars. When a customer logs on to his new Sony e-book reader, for example, the device automatically connects him to his existing customer profile, from which he can start buying e-books. This feature is thanks to Martin's efforts to connect product development with Sony's internal customer relationship management system. As exciting as it is to live on the progressive edge of the CIO profession, though, it's a new world to navigate at a time when wrong moves can severely hurt a company. "The challenge is that now you're entering into the revenue space," Martin says. "You need to commit to delivering your part of what needs to be delivered."

Social Shopping E-mail marketing is in full swing now; the number of messages that were sent this holiday shopping season is expected to far surpass last year's four billion, according to Experian Marketing

Vol/5 | ISSUE/04

Services, a consultancy. Of course, just a fraction of these will be opened. Even fewer messages will coax recipients to visit a website and buy something. "Websites and e-mail — that's just too many steps now," says Brett Michalak, CIO with, which sells tickets to games, concerts and other events as well as its own ticketing technology. Social media such as Twitter, Facebook and YouTube take e-mail out of the equation, putting offers in front of customers on sites they already visit. Dell, JetBlue, Whole Foods and other big brands have pounced on Twitter as marketing and promotion tool, tweeting special deals to followers. Dell, for example, attributes more than $2 million (about Rs 9 crore) in sales to its 14 Twitter accounts that promote offers to 1.4 million followers. Sony is using Twitter, among other social networking sites, to hype the SonyReader. A recent tweet included a link to a page at Sony's site comparing the product favorably to Amazon's Kindle. "You can't build a site and expect people to come. We are on YouTube, Facebook and Twitter to go out and get them," Martin says. On Facebook, millions of people declare themselves as fans of performers, products, even the president. The number-one fan page on Facebook is dedicated to the late Michael Jackson, with 10.3 million members. Starbucks is the biggest retail brand with 4.8 million fans. 1-800-Flowers intends to find out whether social networkers are also social shoppers. In July, the $714 million (about Rs 3,213 crore) flower delivery company launched the first Facebook storefront. Collectively, Facebook's 300 million active members spend eight billion minutes per day on the site, according to the company. An Experian survey found that dwell time for an adult visiting a social network is 19 minutes and 32 seconds. Meanwhile, 35 percent of adults who had been on a social network had also bought something online, the survey found — a ripe demographic. Still, there's a lot to do on Facebook, so any shopping has to be fast, says Vibhav Prasad, vice president of Web marketing and merchandising at 1-800-Flowers. The company's Facebook store, therefore, offers only 10-15 percent of the several hundred bouquets available from the main 1-800-Flowers website and the checkout process has been pared down. No suggestions to buy related products pop up, for example, and four special occasions tabs span the top of the page, instead of the eight on the main site. "It's a fairly impulsive purchase in this channel," Prasad says. "As simple and as quick as we can make it, the more effective we'll be." Impulsiveness is key. Every time Facebook members log in, they see updates about who among their friends is having a birthday. Prasad wants those regular reminders to spark flower buys. The company is also tuning its marketing volume to match Facebook's atmosphere. That is, rather than promote products all the time in the store's status bar, there are trivia contests and craft ideas to keep fans engaged. Facebook users spend most of their time looking at their own homepages. They read their news feed — a display of their friends' REAL CIO WORLD | F e b r u a r y 1 5 , 2 0 1 0


E-commerce status updates, quizzes taken, notes posted and games played. So, 1-800-Flowers is planning a way into the news feed. When a fan fills out a wish list to indicate which flowers she'd like to receive, notification would go into the feeds of her friends. Carol logs on to Facebook, sees Alice has a birthday on Thursday and wishes for the 'Pleasantly Pink' bouquet. Ding! Carol clicks over to the 1-800Flowers store and $30-plus-shipping (about Rs 1,350) later, takes care of that gift without ever leaving Facebook. "We think people will do it because social networking is all about you expressing your interests and your friends responding," says Wade Gerten, CEO of Alvenda, the Minneapolis software developer that built the Facebook store for 1-800-Flowers. "Shopping online can be social again, as it was in person." The wish-list feature is an Adobe Flex application that Alvenda tweaked to work with Facebook's application programming interface. Gerten says the investment is "small" for 1-800-Flowers because Alvenda gets paid part of the sales 1-800-Flowers makes on Facebook. "So we're incented to find them more ways to make money." The company declines to say how much revenue the storefront has rung up so far. Going social was "a logical extention" for 1-800-Flowers, which was one of the first retailers to put up an e-commerce site, in the early 1990s, notes Kevin Ranford, director of Web marketing. "It

Sony Electronics CIO Drew Martin talks as much about customer strategy as he does technology, suggesting ways IT can contribute beyond servers and wires.

4 6 F e b r u a r y 1 5 , 2 0 1 0 | REAL CIO WORLD

comes from listening to customers and responding to the channels in which they're interacting," Ranford says.

Sales on the Cell Some people are so addicted to their phones that they develop 'BlackBerry thumb' and 'cell phone elbow,' requiring medical treatment for repetitive stress injuries. There is perhaps no combination of vices so bursting with commercial promise than that of cell phone-plus-caffeine. Starbucks is there. In September, the $10 billion (about Rs 45,000 crore) coffee chain began testing a system to let customers pay using their iPhones or iTouch devices. They download the Starbucks Card Mobile App and type in the number of their Starbucks loyalty card, preloaded with spending money. A 2-D barcode appears that cashiers can scan. Just 16 of Starbucks' 11,000 locations are testing this mobile payment option, and the company hasn't decided whether to expand it, a spokeswoman says. The company will measure transaction frequency, speed of payment and overall customer feedback and participation, she says. So far, 37 percent of people who downloaded the mobile commerce application are using it. Best Buy is going about mobile e-commerce differently, creating an e-commerce site honed for mobile phones that strips away the ads and images of its corporate Web store. Instead, it serves a simple search box, store locator and a clickable list of product categories. Both of these systems aim for speed and convenience, which is what cell phone culture is all about, says Cathy Hotka, president of Cathy Hotka & Associates, a retail IT consulting firm in Washington. "You're in, you're out. It's extremely effective for sales." Mobile sales, though, aren't without problems. Royal Oak Music Theatre, a Michigan music and comedy venue where acts such as Train and Bob Saget have played, started mobile ticketing three years ago and has adjusted its marketing to cover for finicky technology. Anyone who's done self-check out at the supermarket knows that scanning takes a special, knowing touch. Still, scanning barcodes on the screens of mobile devices often requires extra wiggling of the phone and slanting it at different angles. It's slower than scanning paper tickets. To avoid ticking off patrons lined up to run in and grab general-admission floor spots, Royal Oak created a separate VIP entrance for the mobile customers. There, staff use the newer model scanners required for reading mobile barcodes, and it's not so apparent that the scanning takes longer, says Diana Williams, box office manager. Mobile customers are also allowed to get into the theater a few minutes before traditional

Vol/5 | ISSUE/04

customers, which encourages more people to buy their tickets by cell phone, she says. That's cheaper for the theater than handling paper tickets — saving money and hassle time is Williams' goal. But it also positions the theater well for collecting future revenue. Mobile ticketing skews young, Williams observes. The theater does shows for all ages, and for a typical adult event, 16 percent of tickets sold are through the mobile channel. But for a recent show by the boy-band Hansen, popular with teen girls, mobile accounted for nearly 40 percent of tickets.

Impulse Buys Mobile and social commerce projects will change the business of any company that invests in it, says Russ Stanley, managing vice president of ticket services and client relations for the San Francisco Giants. For example, instead of being a long-planned activity, a Major League Baseball game can become an impulse buy, Stanley says, bringing in more sales for the organization. Every game day, the Giants have 40,000 seats to sell. If they've sold only 30,000, then the remaining 10,000 spoil every bit as badly as old pears. Last year, the team changed prices daily on about 2,000 seats. Stanley imagines the day when he'll have a database of fans who, say, live within a mile of the ballpark to whom he can text last-minute offers. "Hey, the Giants have $5 tickets (about Rs 225) left for tonight. For $5, I'll walk down there," he says. "As they're walking up to the entrance, they're buying on the mobile." The Giants started to offer mobile tickets midway through the 2008 season, when they sold about 100 tickets that way per game. In 2009, it was about 200 and Stanley expects to do about 400 per game in the coming year. "Fans who use it love it. It's getting the people to use it," he says. Like hot dogs and cold beer, holding a ticket is part of the rite of baseball, he says. Plus, there's the souvenir value. When pitcher Jonathan Sanchez threw a no-hitter against the San Diego Padres in July, about 50 mobile fans, as well as people who had bought tickets online and printed them on plain paper at home, later requested the team print "real" tickets for them to commemorate the event. "We did that for them. It's good relations," says Stanley. And, he adds, it could turn into a money-making service in the future. Start small and expand gradually, Stanley advises. He could outfit all 42 entryways at AT&T Park with scanners to read mobile tickets, but the Giants just don't sell enough of them yet to make that cost worthwhile. Not until about 1,000 mobile tickets are sold per game — 81,000 in a season — does he expect to see real labor savings compared to handling paper tickets. "Eventually there will be far more things that are accessible via your phone," Williams says. "I would rather have our box office be on the forefront of that than scrambling to catch up years down the line." Today the payoff comes in other ways, she says. The novel technology makes retailers who use it more memorable among consumers and no paper — or less, anyway — makes it a greener way to do business. These kinds of projects demonstrate new IT thinking about business alignment. That is, IT can clear the channels between

Vol/5 | ISSUE/04

The number of adults who have been on a social network and have bought something online. customers and the company. At Starbucks, for example, the mobile commerce application came out of its ‘My Starbucks Idea’ website where registrants submit and discuss ideas they want the company to adopt. Sony CIO Martin talks as much about customer strategy as about technology. "We're trying to emphasize the out-of-thebox experience," he says of the SonyReader's built-in customer knowledge. "Right away, you can download content and get reading." But Martin admits this commerical orientation isn't yet a common role for a CIO. He still has to propose ways to other executives that his department can contribute beyond servers and wires. Martin points out that his IT department supports Sony's CRM system, which contains the data that will differentiate and polish the customer's experience. "Our systems are going to touch the customer no matter what," he says. "Even if [an outside developer] creates something elegant, it will come across to consumers as the left hand doesn't know what the right hand is doing."

Innovation for Growth Weak signals of an abating recession have begun to appear. But lasting recovery will take time. CIOs can, nevertheless, use this period to lead their companies to new sources of revenues, says Hotka, the consultant. Experimenting with mobile and social commerce creates the opportunity for forward-thinking projects that mwany companies in many industries will eventually adopt, she says. Help pave the way, advises Sony's Martin, by not reporting to colleagues only the naked costs ofw corporate IT. Instead, those numbers should be accompanied by specifics about where and how the technology department can help generate sales for the company. "Every CIO has the opportunity to be involved. You have to step right out and take it." CIO

Send feedback on this feature to

REAL CIO WORLD | F e b r u a r y 1 5 , 2 0 1 0


SoU rcE: Ex pErI a n MEr kEt I ng S ErVI c ES


Case File

Rolled into

one Reader ROI:

How virtualization can get rid of outsourcing costs

Why it works even in multi-location companies

By Varsha ChidamB Baram

Spread across 21 locations in 13 countries, Essel Propack’s outsourced servers sucked up resources and made it hard for one of the world’s largest tube-manufacturers to collaborate. How a six-month virtualization program fixed the problem and shaved 40 percent off the company’s IT costs.


f e b r u a r y 1 5 , 2 0 1 0 | REAL CIO WORLD

Vol/5 | ISSUE/04

Case File


rom being one of the largest specialty packaging companies to owning 32 percent of the worldwide market for laminated tubes (like toothpaste tubes), Essel Propack has achieved many a milestone. The company, which is part of the Essel Group, is also a Forbes ‘best under a billion’ company for four consecutive years. The company has plenty going for it. But until recently, its IT infrastructure wasn’t one. Essel Propack operates out of 27 servers across 21 locations in 13 countries spanning four continents. Managing these physical servers for mailing, communication and collaboration applications was proving to be quite a challenge. In response, the company had outsourced the task of managing its global datacenters to local service providers, but the cost of outsourcing was beginning to pinch. Moreover, it was impossible to deploy a standard set of policies across such geographically-dispersed IT partners. “We had no single directory of information neither did we have centralized control; we didn’t even have all of their (IT partners) mailing IDs,” says Zoeb Adenwala, Global CIO, Essel Propack. Adenwala knew what he needed to do. “I wanted to get all inputs in one active directory, which would shift the reins of control in my hands. Also, it was pertinent that we had a standard set of policies deployed across all locations,” he says.

IllUST RaTIon by MM S HanIT H ; PHoTo by SRIVaTSa

In One Tube Established in 1984, Essel Propack earned revenues to the tune of Rs 1,300 crore in 2008-2009. It manufactured and sold 4.5 billon laminated and plastic tubes, and medical devices globally. But the piecemeal nature of its IT infrastructure was slowing down its success. And Adenwala wasn’t going to let that continue.

Vol/5 | ISSUE/04

We did a cost benefit analysis of deploying 22 physical servers versus six blade servers. The virtualized environment would reduce operational costs and also give scalability and basic hardware redundancy.” Zoeb Adenwala, Global CIO, Essel Propack

He turned to an idea he had been toying with for sometime: virtualization. But he didn’t want to jump into the bandwagon without considering his options. “We did a cost-benefit analysis of deploying 22 physical servers versus using a virtualized environment with only six blade servers. We realized that besides lower one-time costs, the virtualized environment would help reduce operational costs and also provide scalability and basic hardware redundancy,” says Adenwala. So, in June 2008, Adenwala decided to bring down the shutters of all the datacenters spread across 13 countries and consolidate them into one datacenter in Mumbai. After a thorough analysis, he finalized on what was best-suited for the x86 platforms that Essel Propack ran on. The company phased out the migration process over three months. In phase-I, India went live, followed by countries in the Far East in phase-II. In the final phase, they turned to Europe and America. By December 2008, the rollout was completed. “We removed all the 27 servers, leaving just one local file at each location and packed them into one SNAPSHOT datacenter in Mumbai,” Essel Propack explains Adenwala. The ESTAbLISHED: project was implemented 1984 on six blade servers and EmPLOyEES: SAN storage. Multiple 2,700 virtual machines were REvENuE: created to service various Rs 1,300 crore requirements and today all HEADquARTERS: Mumbai users across the world access their applications over high-

speed international MPLS link. Thanks to virtualization, now the company’s uses just half the ,administrative — V. srinivas, s srinivas rinivas, CIO, Nagarjunaresources that it used to. There is also a centralized Fertilizers and Chemicals helpdesk in India to attend to problems from any corner of the world. Today, Adenwala’s hard work has paid off. Moving to a blade environment has helped the company increase CPU utilization from 25-30 percent to 55-60 percent. They now use five blade servers in a virtualized environment, comprising about 21 virtual machines, with a sixth blade server for expansion. Adenwala no longer has to depend on outsourced partners for management. “We now have a standard set of procedures in place and managing the organization globally has become significantly easier,” he says. The company’s datacenter costs including management, maintenance and real estate have been reduced by 40 percent. It has done away with all its outsourced IT partners. In just about a year, the company has saved Rs 20 lakh in procurement costs. A corrupted server, which used to take up to seven hours to fix can now be up and running in just 10 minutes. Server deployment time has been reduced from three weeks to three hours with almost zero downtime. “Today, I use only 50 percent of my blade server capacity. So, for the next five years, I don’t need to worry about investing in the datacenter,” says Adenwala. CIO

Varsha Chidambaram is correspondent. Send feedback on this feature to varsha_chidambaram@

f e b r u a r y 1 5 , 2 0 1 0 | REAL CIO WORLD


IT Role

By BoB Lewis

Reader ROI:

Why the IT role according to conventional wisdom is wrong The problems this approach introduces How to do it right


Run IT as a business, that’s what they all say, right? Well, that’s a train wreck waiting to happen. The truth is everything you’ve been told and all the advice you have been given is wrong. Here’s what IT should be doing instead.

F e b r u a r y 1 5 , 2 0 1 0 | REAL CIO WORLD

Vol/5 | ISSUE/04

IT Role

If you board the wrong train, it’s no use running along the corridor in the other direction,” said famed World War II German resistance fighter Dietrich Bonhoeffer. IT boarded the wrong train a long ago. It’s the ‘standard model’ of IT organizations — the familiar litany that says CIOs should run IT as a business, meeting the needs of its internal customers. This refrain has been endorsed by the industry’s holy trinity, too: analyst firms, consultancies, and ITIL. So we’ve had to run along the corridor, trying to make sense of it all. But you can’t make sense of nonsense. Admittedly, this conclusion is not a growing consensus. It isn’t even an emerging trend. It’s more a guerilla movement, promoted by some renegade CIOs and supported by a few consultants and commentators who have rejected the conventional wisdom and industry punditry in favor of what their experience tells them works in real organizations. Bassam Fawaz, CIO of a large global logistics company, is one of the renegades. “The IT conventional wisdom that is generously dispensed by many IT think-tanks and opinion makers is largely theoretical and offers little or no practical value,” he says. Businesses are starting to shake off the recession and think about the future instead of simply making it to next week. It’s the perfect time to board the right train — the one headed to the promised land, where IT is a strategic partner to the rest of the business, not a subservient order taker content to process work requests while accepting the blame for everything that goes wrong.

Want to Board the Right Train? Your ticket to the promised land begins with this: No one inside your company is your customer. Thinking that they are is the core fallacy of the standard model, and it has caused no end of trouble. Take the common complaint voiced by (among others) Dirk Huggett, an IT business analyst for the North Dakota IT Department: “You are always too expensive. A classic example is PCs,” he says. “Executives get flyers from vendors for $299 laptops (about Rs 13,500) and get upset when the ones they buy cost them $800 (about Rs 36,000). It is tough to explain why the cheaper PC won’t run their mission-critical apps.

There are No IT projects When IT is a business, selling to its internal customers, its principal product is software that ‘meets requirements’. This all but ensures a less-than-optimal solution, lack of business ownership, and poor acceptance of the results. Adam Hartung, author of Create Marketplace Disruption: How to Stay Ahead of the Competition, has the tale: “I had an experience with the head of field services for a very large pharmaceutical company. He was working himself ragged, and complaining about

Vol/5 | ISSUE/04


hargebacks are an attempt to use market forces to regulate the supply and demand for IT services. If that’s the best a business can do, it means the business has no strategy, no plans, and no intentional way to turn ideas into action. insufficient budget to build all the Web apps his internal customers wanted. So I suggested that instead of trying to deliver on ‘customer needs,’ why didn’t he meet the business with a set of recommendations for how he thought he could deliver a superior set of solutions that would meet their needs in 2012 and beyond. “Instead of reacting to users, he should be their peer. Primarily, I asked him why he didn’t transition from building Web apps to instead creating a solution using cloud technology and true mobile devices like BlackBerrys, iPods, and emerging tablets. He could offer a better solution, at about a quarter of the cost. “He told me he had never thought of dealing with the situation that way, but it sure made a lot more sense than letting his ‘customers’ run him ragged to deliver stuff with a short life.” Tim Hegwood, CIO of MRI Companies, is trying to steer his company’s mindset away from a focus on software delivery. “We’re still struggling to institute the concept that ‘there are no IT projects — only projects designed to solve business problems,’” he says. “Our biggest issue is accountability. It’s hard to get the business leaders to step up and take control of the project and make decisions.” Larry Sadler, IT service manager at ONFC, experiences similar difficulties. “The ‘customer’ concept is deeply embedded in the departmental silos here,” he says. “This results in an attitude of ‘I want this or that aspect done, and without any interruption.’” Fawaz also sees the damage that comes from limiting IT’s role to delivering software to internal customers. “I’ve spent so much time arbitrating between business, which won’t put anything in writing as a requirement, and my IT team, which have been slammed so often for not delivering ‘exactly what is needed’ that they insist on receiving complete requirements before they make a move.” He likens IT’s proper role to that of an engineer designing a car. “It doesn’t matter if the customer asks for the horn on the backseat. Placing it there would meet the specs and ‘satisfy requirements.’ It would also defeat the usability of the horn, render driving the car dangerous, and could lead to a crash that ruins the whole effort. “I am,” he continues, “drawing on real-life examples, where a boneheaded software design was delivered to the requirements of the business process owner but made the software dead on arrival as users shied away from using the non-intuitive and unnecessarily complicated program.” REAL CIO WORLD | F e b r u a r y 1 5 , 2 0 1 0


IT Role According to Fawaz, “IT should relinquish its increasing stance as an order taker, and earn and advance its intended role as the qualified engineer of what makes a business hum.” Huggett explains what happens when the conversation is about the software: “We have always been good at delivering a quality application. It functions exactly as designed. Unfortunately, that doesn’t always line up with what the ‘customer’ wanted or expected.” His agency is trying a new approach now, built around a more collaborative relationship. “We currently have a large project where we have a partnership agreement with the agency,” he says. “The agency is responsible for all business-side decisions, and we are responsible for the IT-type decisions. We were part of the RFP process to select the vendor, and we are working side by side with agency and vendor personnel. I think it is a model we will see more often in the future.” Architecture: Another Victim. One of my former clients — a large financial services firm — had embraced the IT-as-a-business concept. When my firm arrived on the scene, the client’s information architecture was in shambles because IT’s internal customers weren’t willing to invest in sustainable engineering. Why would they? To achieve a quality architecture, the internal customer of one project

Are Chargebacks Coming Back? A recent Forrester Research report details how with the ongoing economic condition, evolving service management processes and maturing tools in the market, enterprise IT leaders are rethinking their take on chargeback. In the past, the technologies used to track IT services and the costs associated with them perhaps didn’t offer enough automation or proved to be cost-exorbitant. Now with added economic pressure and updated technologies, Forrester analysts say the best practice is garnering a second look from many IT executives. Forrester had tracked (since September 2008) inquiries around understanding IT services and found that 73 percent of some 30 requests focused on IT chargeback. “Nearly one out of four of these inquiries asks: Why now — why has IT chargeback suddenly emerged as a strategic topic for CIos and what are they doing about it?’” the report reads. “After years of either ignoring the need for IT chargeback or cruising along with the status quo, there is suddenly a renewed interest — in some cases, almost an imperative — to implement chargeback.” Forrester identified three drivers for the renewed interest in IT chargeback: the global economic recession, the inclusion of chargeback processes in ITIl Version 3 and the availability of more mature tools. Still the reason that IT chargeback hasn’t seen wide adoption is because it’s not easy. It involves gathering data from several systems and developing a service catalog of sorts for IT. — Denise Dubie

pays more so that a different internal customer, some time in the future, receives the benefit. The client’s IT staff described the resulting mess as going far beyond the usual spaghetti or spider web. They called it “The Hairball.” In an average development project, much more than half the total effort was devoted to coping with The Hairball, leaving relatively few resources to devote to new features and functionality. The Impact on Relationships. Another unintended consequence of running IT as a business, while less tangible, might be even more important: Defining IT’s role this way creates an arm’slength relationship between IT and the business. That’s a problem says Jim Struve, director of IT supplier management for WEA Trust, “Relationships matter. A lot. When people have built a good relationship there is trust and it’s easy to get things done. It’s difficult to get things done when there is no trust.” When IT acts as a separate, stand-alone business, the rest of the enterprise will treat it as a vendor. And business executives don’t trust vendors to the extent they trust each other. Nor should they.

Chargebacks or Effective Governance: Pick One Businesses that run IT as a business have to bill IT’s internal customers for services. That means instituting chargebacks, also known by the more impressive-sounding synonym ‘transfer pricing’. Most CIOs dislike the idea, but the pressure to try it is strong. Its proponents paint it in rosy terms. Take Dan Woods, CTO and editor of Evolved Technologist, for instance. In a recent Forbes editorial How to run IT as a business he wrote, “Right now, about 70 percent of IT costs go toward keep existing systems running; only 30 percent finances new development. Without chargeback, business has little incentive to demand efficiency.” When the only incentive managers have to promote efficiency is the impact of chargebacks on their departmental budgets, chargebacks are just a Band-Aid. They won’t fix the real problem: that nobody cares about the success of the business, only their own fiefdom. Anita Cassidy, president of IT Directions and co-author of A Practical Guide to Reducing IT Costs,, has seen the damage that chargebacks can do. “Although chargebacks can discourage frivolous spending,” she says, “I’ve seen it create too many undesirable results. I watched one company make poor strategic decisions. Because of its chargeback system, its managers were more concerned about reducing their individual costs than doing what was best for the enterprise. Chargebacks had a chilling effect on using the central IT services.” Chargebacks are an attempt to use market forces to regulate the supply and demand for IT services. If that’s the best a business can do, it means the business has no strategy, no plans, and no intentional way to turn ideas into action.

What Works The alternatives begin with a radically different model of the relationship between IT and the business — that IT must be integrated into the heart of the enterprise, and everyone in IT must collaborate as a peer with those in the business who need what they do.

Vol/5 | ISSUE/04

IT Role


nlightened companies don’t have IT projects — they have business change projects that aren’t done until the planned business change has been accomplished, and users are trained, not in how to operate software, but in how to do their redesigned jobs using the new software.

Nobody in IT should ever say, “You’re my customer and my job is to make sure you’re satisfied,” or ask, “What do you want me to do?” Instead, they should say, “My job is to help you and the company succeed,” followed by “Show me how you do things now,” and “Let’s figure out a better way of getting this done.”

Governance, Not Chargebacks Cassidy sees proper governance as the superior alternative to using chargebacks to set IT’s priorities. The company’s leaders have to collaborate to determine how funds are spent, or the company won’t be able to set and implement a strategic direction. “This results in a more productive and effective organization,” she says. When IT is integrated into the heart of the enterprise, its priorities aren’t defined by who has the budget to spend (by chargebacks). Rather, they’re defined by a company leadership team whose members have a shared purpose, who understand what the company must do to achieve that purpose, and who understand the role new technology will play. That’s what proper governance requires: effective leadership. It’s the hard work of turning the company’s top executives into a team that agrees on strategy and turns it into a plan for coherent action. IT’s priorities are built into that plan. They aren’t bought and sold by whomever plays the budget game best.

The Superior Alternative to IT Projects When IT runs as a business, it ‘sells’ software that ‘meets requirements’ to its ‘internal customers’. Because its product is software, it has no choice — it has to ask the wrong question: What do you need the software to do? Asking business managers to describe what software is supposed to do is the unavoidable consequence of a relationship in which IT’s job ends with delivering software to its internal customers — in which projects are considered successful when software is installed, users 54

F e b r u a r y 1 5 , 2 0 1 0 | REAL CIO WORLD

are trained in its operation, and using it to improve the business is someone else’s problem. Companies that have integrated IT and no internal customers define success differently. Instead of asking what the software should do, they start by asking how their business counterparts run their operations now, what are their biggest problems, and how they want to run things differently and better in the future. IT’s job is to recommend better ways to operate, using technical capabilities business managers might not even know are possible. These enlightened companies don’t have IT projects — they have business change projects that aren’t done until the planned business change has been accomplished, and users are trained, not in how to operate software, but in how to do their redesigned jobs using the new software. A few IT pundits have been pushing this approach for years. Peter Fingar, for example, co-author of Business Process Management: The Third Wave is emphatic that IT’s job doesn’t finish with software delivery. “Forward-thinking CIOs will change their titles to CPO,” he says. “Chief process officer — for it’s agile business processes that companies want to manage, not technology infrastructures.” David Kaiser of SFM Mutual Insurance is one of those forwardthinking CIOs (although without the change in title). “Businesses that get it,” he says, “understand that IT is a part of business process change, not the owner, and that success comes in small steps. It’s no longer about large projects with specs handed off to IT for implementation. What really works is a strong vision of success shared by everyone involved in a business change, with an iterative process for making the change happen.” When IT is integrated into the enterprise, the CIO acts as a strategic peer of the company’s other executives and the clear goal of every project is to make business change happen. The job isn’t done when the software satisfies requirements. It’s done when the business runs differently and better.

Whose Idea Was This, Anyway? Where did the standard model come from in the first place? The answer is both ironic and deeply suspicious: From the IT outsourcing industry, which has a vested interest in encouraging internal IT to eliminate everything that makes it more attractive than outside providers. Operating informally, doing favors, gaining deep knowledge into how the business works in order to offer suggestions to make it work better — these are what people do when they’re in the same boat. Take it all away and start acting like a separate business, and what do you have? A separate business, but without a marketing department, sales force, or possibility of turning a profit. Don’t act like a separate business. Do the opposite — be the most internal of internal departments. Become so integrated into the enterprise that nobody would dream of working with anyone else. The train is leaving the station. There are plenty of seats available. It’s time to get on board. board CIO bob ob Lewis is president of IT Catalysts, an independent consultancy specializing in IT organizational effectiveness and strategic alignment. He’s the author of four books and over 475 articles on managing IT organizations. Send feedback to

Vol/5 | ISSUE/04

everything you wanted to know and more

Desktop Virtualization 101

Illustration by MM Shan it h

Interest in desktop virtualization is growing but with so many flavors and vendors out there, it’s no wonder many CIOs are bewildered. We clear the air.

Vol/5 | ISSUE/04

Deep Dive_February2010.indd 55

What’s Inside Deep Dive Features The How, What, Why of Virtualizing Your Desktop���������������������56 Flavors in Desktop Virtualization������������������������������������������������ 57 What’s Hot (and Not So Hot) About Desktop Virtualization����58 Windows 7 Tool Box��������������������������������������������������������������� .......75 Case Study Swept into Virtualization�������������������������������������������������������������64 Test Center The Virtual Desktop Infrastructure Shootout���������������������������66

REAL CIO WORLD | f E B R U A R Y 1 5 , 2 0 1 0


2/9/2010 7:36:46 PM

Deep Dive | Desktop Virtualization

Virtualizing Your Desktop is desktop virtualization? What

The use of software to abstract the operating system, applications and associated data from the user’s PC.


hy do IT shops use it?

Virtualization, according to vendors, makes it easier to manage user PCs, provision new desktops, push out patches and enforce security policies. TCO can be reduced with desktop virtualization, depending upon the choice of software and hardware, but projects usually require higher upfront costs than a regular PC refresh.

What’s in it for users?

Users get the option of running multiple operating systems on their computer, and can access hosted desktops from any location and any device. However, a hosted desktop model typically prevents offline access.

hat are the two kinds of desktop virtualization W products? There’s local desktop virtualization, which runs the entire desktop environment in a protected ‘bubble’ on the user’s PC. The second one is hosted desktop virtualization, which stores the users’ desktops in the datacenter on a server or PC blade, requiring users to access their desktop images through a network connection.

hat are the new developments in W desktop virtualization? The biggest development is the emergence of bare-metal hypervisors, a type of local desktop virtualization that installs the hypervisor on top of the PC’s operating system. They are not yet widely available, but vendors say they will provide better security than Type 2 hypervisors, because the bare-metal type runs independently of the client operating system. It will deliver better performance than hosted desktops, because apps run on the local


f E B R U A R Y 1 5 , 2 0 1 0 | REAL CIO WORLD

client instead of a remote server. The technology is in various stages of development.

? By Jon Brodkin

There’s huge interest in desktop virtualization, thanks to its promise to improve security, manageability and flexibility. But to get the best out of it, you need to know how the technology works and why — or why it doesn’t — fit your company.

many IT shops are virtualizing desktops? How

Forty-one percent of companies are investing in desktop virtualization, according to a survey by the IDG Research Services Group of 340 IT managers in 2009. Respondents were virtualizing 6 percent of desktops at the time of the survey, and expected to virtualize one-third in 2010. According to Gartner, worldwide revenue for hosted virtual desktop software will quadruple this year, going from $74 million (about Rs 330 crore) to nearly $300 million (about Rs 1,350 crore).

much will it cost to virtualize my desktop? How

It varies. Neocleus plans to charge between $50 (about Rs 2,250) and $100 (about Rs 4,500) per desktop, while the premium version of VMware View costs about $250 per ( about Rs 11,250) virtualized desktop. But the cost of the software is just the beginning. A hosted desktop model requires servers or PC blades to deliver virtual machines, as well as networked storage for apps and data. Forrester Research says that enterprises spend about $860 (about Rs 38,700) per user, plus network upgrades, to get a desktop virtualization project up and running in the first year. If all goes well, desktop virtualization should eventually pay for itself and provide longterm cost savings. But the ROI can be anywhere from six months to a few years.

Who are the key vendors?

Desktop virtualization software is provided by established vendors such as VMware, Citrix and Microsoft, as well as numerous start-ups, including Neocleus and Virtual Computer. Thin clients and PC blades, which are often paired with virtualization software, are sold by various hardware vendors including Wyse Technology, HP, Dell, Sun and ClearCube. (To weigh the pros and cons of each offering, read our shoot-out on Pg 66)

Vol/5 | ISSUE/04

Fla vo rs Flavors vors Flavors

think of when they think terminal services. a server runs one image of an operating system or application and many clients log in to it using connection broker software that is the only part of the software hosted on the client machine. Client machines operate only to show an image on the monitor of the application that the user is sharing, and to transmit keyboard and mouse input back and forth.

Remote Virtual Applications: What you get in every Web app you’ve ever used. all you need is a browser and standard Web protocols to create secure connections and transmit graphics and data. Depending on the design of the applications (think Flash downloads) the end-user’s machine may process some of the application’s logic or graphics, or may only light up the monitor and send clicks to the server.

Remote Hosted Dedicated Virtual Desktops: the next step up in power for end users and step down in cost and resource conservation for It t from Web apps or terminal services. rather than having many users share one instance of the same app or oS, the server hosts an entire oS and set of apps within a VM that is accessible only to that user.

Local Virtual Applications: think Java. applications download from the server to the client machine and run there, using local memory and processing power. but they run within a sandbox that enforces a set of rules on what the local machine can do and to what it can connect.

Local Virtual OS: Present in two major versions. one is a client-side hypervisor that can create a VM within a laptop or desktop computer, which can function as a completely standalone unit that keeps itself separate from hardware and software on the client machine outside of the VM. the second version is a hypervisor that runs on the machine’s bIoS (basic input/output system), allowing the user to run multiple oSes with no host oS.

Vol/5 | ISSUE/04

Low cost and a high degree of control over data and applications.


Remote Hosted Desktops: What most people


of Desktop Virtualization

By Kevin Fogarty

Performance depends on the quality of the network connection. Display protocols often can’t handle complex graphics. Some apps designed for desktops can’t run in shared mode on a server. It does not work when disconnected.

Doesn’t require that It It control the hardware or software environment of the end user.

Doesn’t allow It t to control the hardware or software environment of the end user, which could affect performance. Does not work when disconnected.

Can run apps that balk at running in shared mode; isolates activity of each user to prevent resource constraints.

uses far more bandwidth than shared desktops and far more hardware on the server. Performance still depends on the quality of the network connection and ability of the display protocol to handle graphics. Does not work when disconnected.

Better performance than remotely hosted apps. less ess bandwidth consumption. Can be used offline.

Less It t control over the hardware and security of the data.

Multiple Oses O on a single system. no concerns about oS S compatibility, can run on smartphones or PDas. PD

Potential conflict for resources, relative immaturity of client-side hypervisors leaves security unproven.

REAL CIO WORLD | f E B R U A R Y 1 5 , 2 0 1 0


Trendline_Nov11.indd 19

11/16/2011 11:56:19 AM

Hot What’s

(and Not So Hot)

About Desktop Virtualization By Denise DuBie

As CIOs get comfortable with server virtualization, more want to see the technology’s benefits applied to their desktop environments. But they should be prepared because desktop virtualization is a different animal. Here’s the good and the bad. 58

f E B R U A R Y 1 5 , 2 0 1 0 | REAL CIO WORLD

Vol/5 | ISSUE/04


Deep Dive | Desktop Virtualization


uccessful server virtualization deployments lead many IT leaders to believe desktop virtualization would provide the same benefits. While that is partly true, companies need to be aware of how the two technologies differ, industry experts caution. “Desktop virtualization is a very different beast and should not be treated as simple enhancements to the server strategy,” says Natalie Lambert, principal analyst at Forrester Research. “The drivers are entirely different and the environment will present new challenges to those experienced with server virtualization.” For instance, desktop virtualization doesn’t offer the near-immediate cost benefits many cite with virtual server rollouts. And while virtual servers present new security and management challenges, many argue that in the desktop realm, virtualization improves security and manageability for IT departments. In addition, the sheer numbers involved can be strikingly different. “IT could be taking on 500 virtual servers, and that is a lot, but it is nothing compared to 10,000 desktops,” Lambert says. According to industry experts and IT pros, there are some similarities and many differences between virtual servers and virtual desktops. Here we highlight key factors that could help avoid major headaches when moving virtualization to the desktop.

Complexity Intensified Most IT departments at enterprise companies have exponentially more desktops to support than servers, virtual or otherwise. The sheer volume of desktops should be one of the first criteria IT leaders consider when making a move to a virtual platform. With more than one billion PCs in the world, there’s a huge opportunity for virtualization, but “all the requirements

Vol/5 | ISSUE/04

the Hot Security. business continuity is a breeze.

longer hardware refresh cycles. Imagine the smile on your CFo’s face. Fewer helpdesk calls. a lot of end users irritation stems from hardware glitches. With less hardware, you have fewer problems.

And Not So Hot

More network and storage planning. you’re going to have to account for that y in a per-virtual machine costing. More numbers. y you have plenty more PCs than servers, right? Expect more problems. More complexity. Desktop virtualization is far more complex because the desktop environment is far more disparate. Slow roI. If you’ve come to expect quick returns from virtualization, you’ll need to think again.

of the PC world need to be maintained as you migrate into the datacenter,” says Mark Margevicius, vice president and research director at Gartner. “The desktop realm represents a lot more moving parts, considering all the uniqueness that happens on a PC needs to be maintained.” Server virtualization teams are unlikely to be responsible for the desktop infrastructure, beyond the servers that host the virtualization platforms. That means desktop groups need to rethink patch management, software distribution and other functions when applying them to a centralized system rather than a slew of disparate desktops.

“Desktop teams know how to manage 100,000 machines so the practices and policies are completely different. In the virtual realm the desktops come back to the server environment but cannot be thought of in the same terms,” Forrester’s Lambert says. For Jake Seitz, expanding his company’s VMware server virtualization deployment to include desktops was driven by compliance requirements and a move away from supporting desktop hardware. The enterprise architect at The First American Corp says his group may be supporting less desktop hardware, but now they are responsible for maintaining “all these unique virtual machines.” With 22,000 desktops, Seitz says the plan is to migrate 3,000 to 4,000 per year as hardware comes off its lease or as it fails — a plan that will help his team stay on top of the new virtual environment as well. “The desktop has its own challenges, including the uniqueness of images personalized by end users. With a ‘patch once and push many’ approach, the risk of breaking software goes up exponentially,” Seitz says. “We have one-off machines in legal or finance, for instance, and we patch them ad hoc as needed. We realize we can’t do desktops in a big bang move; it has to be an incremental move.”

Double the Cost Half the RoI While server virtualization virtually guarantees a speedy ROI, desktop virtualization can be cost-prohibitive to start and deliver a somewhat less immediate and difficult-to-quantify return on the substantial investment. Analysts estimate choosing virtual desktops can cost 150 percent to 250 percent more than traditional PCs — and that’s just for the direct cost of acquiring the technology. Savvy IT leaders realize when pricing out a project they need to also calculate indirect costs. “Desktop virtualization is a lot like hybrid cars. No one REAL CIO WORLD | f E B R U A R Y 1 5 , 2 0 1 0


Deep Dive | Desktop Virtualization

Benefits CIos Associate with Desktop Virtualization 54% Reduced costs 54% More manageable desktop environment 52% Ability to provision client devices with software from a central location 50% More secure desktop environment 49% Provide IT with greater flexibility over desktop resources 46% Simpler deployment of patches and upgrades


43% Stretch hardware resources 41% Reduce on-site support requirements 40% Support business continuity/disaster recovery initiatives 34% Allow IT to distribute resources selectively 29% Minimize application conflicts

disputes the value and they love the idea, but it is just too expensive to write a check and pay a lot when the traditional version is cheaper and already paid for,” Gartner’s Margevicius says. Yet for some organizations the benefits are enough to warrant the investment. For Kevin Nolan, the potential cost, time and labor savings associated with virtual desktops is driving his organization to evaluate the technology. Nolan, manager of systems engineering at Mohawk Industries, says his company is expanding their use of virtualization


f E B R U A R Y 1 5 , 2 0 1 0 | REAL CIO WORLD


of Cios are not familiar enough with the technology to respond.

technology beyond the 500 VMware virtual servers his group supports. “If you have a virtual desktop, you can stretch hardware for more like five or six years, rather than the standard three-year PC refresh cycle,” Nolan says. “With a lot less hardware, there are a lot fewer opportunities to break and have to fix machines.”

Consider the Costs Nolan says his desktop and server team are working together to evaluate several vendors, including VMware and Citrix. Nolan realizes the desktop realm

requires expertise in managing multiple PCs, which Citrix has mastered, but because the technology will reside in the datacenter and involve the server group, VMware might be a better option. Analysts say customers could realize price cuts if they did add desktop technology from their virtual server vendor. “Definitely, the more customers buy from one vendor, the more discounts they will receive and the lower the cost per seat could be,” Forrester’s Lambert says. For John Turner, desktop virtualization isn’t the right move yet. The director of networks and systems at Brandeis University says his group evaluated the possibility of extending their successful server virtualization implementation to the desktop and the argument didn’t stand up. For one, being a university it would be a challenge to “lock down” a PC image for the majority of students, faculty and others to use. And without solid support for streaming video across the virtual PCs, Turner says he couldn’t sign on just yet. “From a university perspective, we have such a diversity of functions and we can’t dictate too much to the end users. And without gigabit to the desktop, performance would be poor,” he explains. “We imagined replacing only computers that fail, stretching the refresh cycle, going back to dumb terminals, but we have to also provide what people want with a powerful operating system.” First American’s Seitz agrees that many virtual desktops need to be cloned from one golden image, with some changes applied depending on groups. But the majority of desktops incorporate “Microsoft Office and some basic functionality because that is all they need,” he says. While First American is using VMware VDI primarily because

Vol/5 | ISSUE/04

Deep Dive | Desktop Virtualization it represented “the most cost-effective option,” Seitz is also realizing benefits not directly related to costs. “The number of help desk calls drops substantially because they related to hardware and we threw that out, and business continuity plans are more easily implemented,” Seitz says. “Auditors are happier that our data doesn’t leave our datacenters and go overseas. The end user on a virtual desktop only sees a representation of the data and not the data itself, which simplifies a lot of what we do.”

Don’t Forget Network and Storage IT leaders must also look closely at network and storage requirements in their virtual desktop environment because if they don’t, what is already an expensive endeavor will become too costly to continue deploying. “Typically when doing an ROI against desktops, you don’t factor in network and storage costs. You need to break that all down in a per-virtual-machine model,” Seitz says. “But storage could be a big cost; shared storage is not cheap.” Storage is a lesson already learned by server teams deploying virtualization, says Andi Mann, vice president of research at Enterprise Management Associates. For that reason, desktop groups should depend upon the experience of their peers when considering storage. For instance, 5,000 desktops each with a 60-gigabit drive built-in could prove to be cost exorbitant. But by bringing those storage requirements back to the datacenter, Mann says, via thin provisioning and data de-duplication, desktop teams will lessen their costs and optimize resources. “Storage management is one of the biggest concerns about


f E B R U A R Y 1 5 , 2 0 1 0 | REAL CIO WORLD

Don’t Pedestalize Your Experts “It t groups shouldn’t concentrate their virtualization expertise in too few a number of individuals. y you could have one or two people that develop the expertise, and then you are at greater risk of losing those people to other employers,” says Ed holub, research VP at Gartner. “We are a few years off from virtualization being a standard skill, and it is hot and in demand right now. y you don’t want to go too deep with just a few individuals.” today, virtualization specialists are hot in demand. but the good news is that as t the technology becomes mainstream for servers, desktops, storage and networks, industry watchers say virtual know-how will become a standard requirement for many It t job candidates. “Virtualization is having a significant impact on operations and infrastructure organizations in It. t. Most will start in a stovepipe fashion: server, desktop, network and t storage,” says Ed holub, research VP at Gartner. “but organizations are beginning to treat virtualization more horizontally than vertically.” It t leaders say for now they have to dedicate resources to virtualization exclusively, but they can already see the writing on the wall — especially in smaller It t shops. “that specialized area of technology is going to be rolled into the systems administrator roll,” says John t turner, director of networks and systems at brandeis University. “but in a couple of years, there won’t be a need for specialized skills. If you don’t know virtualization, then your systems administration skills are old.” With the most recent rash of virtualization projects, the technology area has become a subset of the server team in many It t organizations, analysts say. but as companies look to broaden their adoption, subject-area expertise in desktops, networks and storage will require those It t staffers to also become virtualization experts. “It t organizations will continue to need domain experts, not virtualization experts. Going forward, virtual talents will become part of a standard skill set for sys admins,” says andi Mann, VP of research at Enterprise Management associates. — Denise Dubie

desktop virtualization. A lot of resources can be wasted if not managed properly,” Mann says. He adds that the network is another area of concern, thought it’s not typically on desktop managers’ minds. While Gigabit Ethernet is a standard for datacenters, it has yet to be widely deployed to the desktop. Determining network capacity and understanding if an upgrade is in order could help IT managers decide on virtual desktops, Seitz says.

“The network needs to be able to handle aggregate traffic from many desktops to one location in the data center, so an upgrade from 100MB Ethernet to Gigabit might be necessary,” he says. CIO

Denise Dubie is senior editor, Network World (a sister publication of CIO.) Send feedback on this feature to to

Vol/5 | ISSUE/04

Deep Dive | Desktop Virtualization

Swept into

Virtualization By Kevin Fogarty

ricane might have forced t r u h A he


Univ ersit y of T exas M edical Branch to turn to

ost companies that launch into virtual desktops do it to cut support costs or increase security. But sometimes, mother nature provides her own impetus. A major disaster led the University of Texas Medical Branch — a sprawling campus of hospital and office buildings plus a spray of clinics and smaller facilities all over Texas — to shift virtual desktops from a fringe technology to its main platform. “We realized after Hurricane Ike, when people were coming in here with PCs that had been flooded asking us to put them in a closet so they could use them remotely, that this was ridiculous; we didn’t need to be doing this,” says Landon Winburn, Citrix systems administrator for the University of Texas Medical Branch (UTMB). Hurricane Ike, which had battered Cuba and gained strength as it swept north hit Texas at 3 a.m. September 13, 2008, with winds up to 110 mph. It killed 72 people in the United States and caused $29 billion (about Rs 1,30,500 crore) in damage. With the hospitals and clinics frantically busy treating the injured, lost and homeless, UTMB’s IT crew had to get as many data and applications online as they could in the


f ebruary 1 5 , 2 0 1 0 | REAL CIO WORLD

Deep Dive_February2010.indd 64

days following the storm. Rather than rescue and maintain each of the PCs and servers damaged by Ike, Winburn and his colleagues bought 100 licenses for Citrix Systems’ XenDesktop and hosted the rescued machines on Citrix servers. “We converted a lot of PCs into virtual machines, and we no longer had to keep running to individual offices to work on them,” Winburn says.

Out in the Rain The newly virtualized systems weren’t quite as simple to support as the 2,000 machines UTMB had already set up to use more traditional Citrix Systems shared virtual desktops as part of a 2005 migration to an electronic medical records (EMR) system. But they were easier than sending technicians out to troubleshoot hardware problems in remote, stormravaged locations, Winburn says. Unfortunately, the same setups and requirements that had satisfied the medical departments and most branch offices — most of which were won over because 30 or 40 users could work happily on a single T-1 with a Citrix

Vol/5 | ISSUE/04

2/9/2010 7:36:53 PM

Deep Dive | Desktop Virtualization

setup — couldn’t meet the needs of the other departments. Even extending an implementation of environmentmanagement applications from AppSense-which cut login/logout times to a few seconds didn’t help get most of the 6,000 to 7,000 PC users in UTMB’s research, academic and business departments on board. One big problem: They couldn’t run the applications they wanted and didn’t like the shared operating-system

device, according to Andi Mann, head of systems and storage-management research at Enterprise Management Associates (EMA). Flaws in the end-user experience — which included the lack of graphics support, USB and other PC-friendly technologies — were the number one user complaint and the number one organizational barrier cited by clients responding to a poll EMA released in September. A feature Citrix calls HDX — which supports both peripherals and graphics applications such as Flash that are designed to run within a browser on a local machine

irtualization. But it has le v p o t ssons fo desk IOs. r everyo C n a i ne, especially Ind environment, Winburn says. “The terminal servers were running on Windows Server 2003, but some people needed applications that wouldn’t run in a shared environment, or had to run on Windows XP,” he says. The solution was to give those users dedicated virtual machines that could run a separate OS and even separate applications without affecting the rest of the end users, because each VM was isolated from the server and was erased and re-launched from a master image whenever the user logged off. That worked well enough to satisfy users whose machines were waterlogged and to migrate many other users to virtual machines; but it wasn’t enough to get whole departments on board with virtual desktops, Winburn says. One sticking point was peripheral connections. The sticking point was users such as nurse managers, researchers and other users who have to connect their machines to peripherals such as printers, bar-code readers, lab or diagnostic equipment and other specialty devices that, until XenDesktop 4 shipped, the Citrix client software couldn’t support. It sounds silly to say you can’t virtualize a system because you can’t plug something in to a USB port, but it’s a big problem for anyone who has to print something too confidential for a shared printer, or has to use any local

Vol/5 | ISSUE/04

Deep Dive_February2010.indd 65

rather than from a server — expand the range of end users UTMB can satisfy with virtual desktops, Winburn says. The ability to support local peripherals and graphics is winning over more PC users, but UTMB won’t reach what Winburn expects will eventually be a 50/50 split between virtual and real PCs until end users are able to install their own applications and have them available through the network as if they were running on local PCs. It looks as if UTMB will eventually virtualize about half its total complement of client machines, which will cut both its support and hardware costs drastically, and make life much easier for the 30 or so desktop-support staffers within the 300-person UTMB IT department, Winburn says. “With thin clients, the number of devices a technician could support went through the roof,” Winburn says. “The cost model around thin clients is just so much lower, it’s just amazing. Cost-per-seat for PCs is about $30 (about Rs 1,350) per month, versus thin clients that are more like $20 (about Rs 900) per month, and that includes the hardware, software, network, everything to support that device.” CIO

Send feedback on this feature to to

REAL CIO WORLD | f ebruary 1 5 , 2 0 1 0


2/9/2010 7:36:53 PM

V i

the irtual




Shootout! We pit six software-based desktop virtualization solutions against each other and three hardware-based solutions. The answers speak for themselves. By Tom Henderson and Brendan Allen


irtual desktop infrastructure is a hot topic for a number of reasons. Companies familiar with server virtualization are looking to extend to the desktop. Microsoft is delivering virtualization capabilities in Windows 7 (Read the Windows Tool Box on Pg 75) . And VDI offers a way to control desktop costs, improve security and management — even deliver enterprise apps to phones and other mobile devices.


f E B R U A R Y 1 5 , 2 0 1 0 | REAL CIO WORLD

Vol/5 | ISSUE/04

Deep Dive | Desktop Virtualization

With VDI, users call up a terminallike session on a remote host machine. Client sessions can run on Mac or Linux OSes, but typically they run Windows. On the server side, the host runs Windows Server, often a

full instance of a VM. We tested six software-based products that are designed to provision, authenticate and manage VDI sessions. We also tested three hardware-based virtual desktops. We looked at the client

Citrix XenDesktop 4


Flexible and fast. Citrix’s XenDesktop 4 was the most accommodating VDI platform tested, likely owing to its origins as a hybrid of linux and Citrix. While it’s not a lightweight platform, we found it to be the most flexible. Microsoft recommends XenDesktop for its own Microsoft Standard VDI and Premium VDI suite client-side components. XenDesktop runs on Microsoft hyper-V, VMWare’s ESX/vSphere platforms, as well as XenServer. XenDesktop requires two Windows-based server virtual machines on the administrative side. these VMs cover provisioning and administration of desktop deliveries as a connection broker.on the client side, XenDesktop supports most Windows clients, Mac MacoS, linux, inux, plus various cell phones and hardware terminals. the initial ‘tax’ in terms of hosted hardware is high. Citrix recommends using two physical servers at minimum, one to host the VMs of the server, and the other to house the desktops, which are standard virtual machines. that said, we used the two servers for most of the other tests, too. We found that making XenDesktop work was simple if you read and follow the supplied guidelines studiously. XenDesktop requires Microsoft’s active Directory with DhCP and DnS/DDnS services running. XenDesktop host services use the Microsoft .n net Framework SP1 and Microsoft SQl l Server 2005. although the large number of provisioning options initially shocked us, we found that provisioning revolves around creating generic XP versions, then using the generic versions as the basis for subsequent groups. With XenDesktop we could create two kinds of desktops: pooled desktops, which are non-persistent and are returned to the pool or simply reissued for subsequent use and assigned where the first user to connect to that desktop ‘sticks’ to it, or where a user is specifically assigned to a VM. XenDesktop automatically creates pooled desktops via the XenDesktop Setup Wizard. assigned desktops are created manually. the XenDesktop Delivery Services Console unfortunately doesn’t use templates to create new hosted VMs for use by external clients. therein lies the drudgery, as unless VMs are the pooled variety, they have to be built and assigned one at a time. If you need thousands, prepare for a wait. Vol/5 | ISSUE/04

side experience and the server-side maintenance and administrative qualities of each product. In the past, terminal services sessions were plagued by choppy screen refreshes and slow response

reconfigurations are difficult, since there aren’t options in the XenDesktop Setup Wizard to change a desktop pool once created. besides using the XenDesktop Setup Wizard, pools of VMs can also be built through the Delivery Services console, but must already exist (or be created manually), then assigned to the pool. VMs in pooled environments use a PxE boot (remote program load) when they start from one of the Desktop Delivery server VMs. VMs that are assigned use storage allocated when they’re created. Clients logon through a browser that’s pointed to the Desktop Provisioning server’s Web site. Users supply credentials, whose security is a function of active Directory via the Citrix online ‘plug-in.’ When we tested responsiveness, XenDesktop, with Citrix’s ICa a protocol, was consistently fast with both Windows and Mac clients. VMware View 4, with its PCoIP protocol, was unbeatable in our tests with Windows clients, but VMware uses the older rDP protocol on Mac clients and is significantly slowe.

VMware View 3/4 superior uperior speed and management features. We began testing with VMware View Version 3, but upgraded to Version 4 during the testing cycle. the big difference between the two is that View 4 adds a new transport protocol – PCoIP — that speeds communications between hostedVMs VMware 4 and clients. like XenDesktop, View connects to an active Directory, and optionally one can install View Composer. View requires ESX 3.5 with VMware’s vCenter on a VM or another machine. an additional virtual machine is required to host View Connection Server and View Composer needs to be installed on the vCenter machine. View Connection Server is the central console and administrative service for View, and links to the world via a Web browser connection. View Connection Server is the broker between clients and hosted VMs, which must live only on VMware ESX- or vSphere-hosted VMs — or other hosts so long as a compatible VMware View agent is installed on it. both versions of View were the most talented at creating and managing VMs. In View, there are three types of desktop


REAL CIO WORLD | f E B R U A R Y 1 5 , 2 0 1 0


Deep Dive | Desktop Virtualization provisioning methods: individual, automated Desktop (in either persistent or non-persistent varieties), and a Manual Desktop pool (either persistent or non-persistent.) View can also broker a Microsoft t terminal Services pool of available VMs. automated provisioning is set by an administrator through a Web-based interface credentialed through active Directory. the optional tool, View Composer, which needs VMware vCenter, can provision linked clones,VMs that share a common parent VM, from a snapshot that becomes the base of subsequent provisioned images. When you want to update the linked-clone VM, another snapshot must be created so that subsequent VMs get the changes. In persistent VMs, snapshots take up storage space. It’s also possible to make persistent VMs without using linkedclones and therefore without snapshots. there are lots of different combos available in View 3/4. the client experience of VMware View was good on View 3, but becomes awesome on View 4, when using persistent or nonpersistent VM access. like XenDesktop, one accesses a Web page, presents active Directory credentials, then gets a downloaded application that in VMware’s case, runs from a Java-launched client applications to link to its desired VM. the PCoIP transport in View 4 makes you y t tube usable even through two hypervisors. View wasn’t without its glitches, however. During initial provisioning or after snapshots, the VMware View agent application wouldn’t initialize, forcing us to reboot the specific non-connecting VMs administratively. like XenDesktop, VMware View can be used for access by other devices, like the Wyse and Panologic units we tested. Despite occasional buggy behavior, the administrative ease of VMware View was strong, even if it’s captive to VMware’s comparatively expensive VM hosting platform. VMware customers looking for VDI and a compelling reason to upgrade to vSphere 4 will find the client-side speed of View 4 to be a good one.

Sychron OnDemand simple to use but has some rough edges. With onDemand, users access VM sessions via Web page authentication. Session links from client to VM are accomplished via Java (JrE 1.6). the host session can be Windows XP, Vista or Windows 2003 Server.

times, partly due to the use of Microsoft’s Remote Desktop Protocol (RDP). Many vendors have replaced RDP or have augmented products with faster protocols and we found the current crop of VDI products to be vastly more flexible and speedier than prior platforms — although still somewhat daunting to maintain. 68

f E B R U A R Y 1 5 , 2 0 1 0 | REAL CIO WORLD

Sychron’s onDemand software runs VDI sessions on either Microsoft’s hyper-V (tested) or VMware ESX 3.5. onDemand software components for hyper-V use Microsoft’s Internet Information Services (IIS) as a portal to link clients in VMs running atop hyper-V. Initial configuration took a while, because the PDF documentation was incomplete, including one section with a ‘tba’ which we guess to mean ‘to be added’. Four packages were added to hyper-V/Windows 2008r2 server. We then set about creating the ‘substrate’ policy, IIS, and hyper-V settings. after a bit of work, we were able to create habitats, which serve as VM access aggregations that the onDemand Portal software uses to assign users to machines via Sychron Policy agents. the Portal also load balances user VM requests across multiple Sychron onDemand Controllers. the onDemand Enterprise Manager is the management application, and we found that creating ‘gold’ images was similar to the parent/child relationships in VMware View and XenDesktop. onDemand client access was fast to authenticate and logon from a browser, whose credentials follow the configuration set via Policy agent and active Directory settings. the you y t tube test we used to track multimedia didn’t work as well as we’d have liked, and when Sychron supplies updates to become compatible with VMware View 4/vSphere, we believe it may speed up multimedia client response vastly. overall, Sychron onDemand is a more difficult installation, and gave us the feel of a work in progress, but one with promise. Clients will enjoy its simplicity of access, and between clever load balancing and astute active Directory controls (on the hyper-V side we tested), it should be soon ready to recommend.

Ericom WebConnect Lots of promise but needs work. Ericom’s ‘secret sauce’ is a transportation protocol called blaze, which is an adaptation of rDP for terminal services, which is Ericom’s historical strength. blaze is designed to improve speed for multimedia, like VMware View 4’s PCoIP

How We Carried Out the test t We confined our testing to Windows XP sessions, since Vista is unpopular and Windows 7 is only now trickling in. We tested using three different platforms. The first platform, our ExtremeLabs cloud, was located in a network operations center (NOC). In the NOC was a switched Gigabit Ethernet

platform using an HP DL 580 G5 (32GB, 16 cores), an HP DL585 G5 (32GB 16 cores), as well as a Dell Equallogic iSCSI SAN (4TB), Dell Force 10G Ethernet Switch, Dell R710 Server (32GB eight cores), connected to a Cisco multi-NAP connected infrastructure. In this platform, we tested products with VMware ESX Vol/5 | ISSUE/04

Deep Dive | Desktop Virtualization protocol. at press time, we received Ericom’s WebConnect and continued testing from beta software Ericom had sent. (the code we were sent was labeled as final, but we detected that we received a special build of Ericom’s server software, so we can’t reliably state right now that our results are what you’ll see.) Ericom insists this code is what you’ll receive until the next release, and covers bugs we found in initial testing. WebConnect can use many hosted VM platforms, ranging from ESX/vSphere, hyper-V, XenServer, to Parallels Virtuozzo and oracle VM. We initially tested their software with VMware’s ESX 3.51, but had ongoing difficulties with that release. We then tested with VMware vSphere. Ericom claims wide directory services compatibility (we tested on active Directory) with eDirectory, openlDaP, Sun’s lDaP or IbM tivoli. the server software we tested was installed on Windows 2003 Server in a VM on vSphere. the Ericom Server software (which lives in a VM on Windows 2000/2003/2008 Server editions) can setup two kinds of VM pools for client use, static (where each user is manually assigned a specific VM) or dynamic VMs that can be either persistent or non-persistent instances. once persistent, a user ‘owns’ the VM indefinitely as though it were a static use. this allows provisioning of static pools that’s easier than VMware View or XenDesktop’s method. our attempt at creating non-persistent linked VMs was painful, as the process of making new VMs crashed consistently — without generating an error message. Ericom’s VM naming scheme limits the administrator’s ability to name VMs to 10 characters (as it adds five characters as a suffix to each name). If one doesn’t know this, the extended account name is too long, won’t login and causes problems. the problem goes away if we create desktops manually, but then the ease goes away, too — and it wasn’t fixed in the updated build we received. We later found that if the template VM was on a local hard drive, rather than the San, that the process worked; perhaps this is another bug. VMs are required to have Ericom’s tools installed on them, otherwise the VM can’t be cloned for multiple images. Pools of images are then created utilizing either static or dynamic images (with or without ‘auto-sizing’ — actually auto-cloning). the upside to Ericom’s VDI was that the client-side use was simple to configure and the updated blaze code that Ericom sent came far closer to matching VMware’s speed in our you y t tube tests.

3.51, VMware vSphere, Microsoft Hyper-V V2, and XenServer 5.5. Servers were connected to the Dell iSCSI SAN through the Force10 switch. The second platform was a local network-based platform, where we tested NComputing X550, inside of an HP system, as the X550 is a terminal server that hosts a total of 11 users. The third platform used a Dell server connected in our lab to our switched Gigabit Ethernet network, hosting Hyper-V underneath Windows 2008 Server. And for Pano Logic, we used a Dell PowerEdge 1950 70

f E B R U A R Y 1 5 , 2 0 1 0 | REAL CIO WORLD

Be PrePared To… Watch the network: Most desktop-virtualization tools have some kind of remote presentation protocol to reduce the hit on the network. Still, moving every desktop to a central server and provisioning from there is bound to bog things down a bit. When network performance problems crop up, they can be deal-breakers, especially for centrally hosted Virtual Desktop Infrastructure (VDI) scenarios. Such was the case at the University of Maryland in College Park, says Jim Maloney, network applications manager at the school. after conducting a six-month pilot of Sun’s virtual desktop software running atop VMware ESX, he didn’t get network buy-in right away. “We found that the most important thing is that if you don’t own the network, you need to be talking to the network people,” Maloney says. “you you need to make them understand what you’re y going to do and what impact that will have. If you don’t, you can run into trouble.” Mitchell ashley, CEo of Converging network, agrees. “you y you have to make sure your network is capable of doing this, because it could suddenly be dealing with a huge load,” he says. “What if no VoIP calls get made at 9 a.m. because all these virtual PCs are booting up?” he asks. Brace yourself for management headaches: at the University of Maryland, the evolving desktop environment now includes Sun VDI, traditional Citrix thin clients and regular desktops — which makes management tough. “right now, we use three separate management consoles,” says network applications manager Jim Maloney. “It’s somewhat of a nightmare putting reports together for our executives on what we’re using and what we’re doing.” the good news is that most desktop-virtualization vendors recognize the nascent management problems and are working to address them.

Anticipate security unknowns: Centralized desktop images might seem easier to secure than traditional, physical desktop setups, but they may hold unknown risks. “Early adopters not only can get bitten because the security products aimed specifically at desktop virtualization haven’t been released yet, but also because they’re just now learning what the security issues are,” says Mitchell ashley, CEo of Converging network. “hackers aren’t going after virtual PCs and virtual servers yet, because there isn’t a big enough bang for their buck. but as more of it goes virtualized, they’ll make that shift.”

—Joanne Cummings Vol/5 | ISSUE/04

Deep Dive | Desktop Virtualization Until Ericom’s code stabilizes, we can’t recommend it. It shows much promise but seems to be a work in progress rather than a finished product.

Quest vWorkspace 6 strong security features. like XenDesktop, vWorkspace works with many VM server platforms, including Virtual Iron, VMware ESX/vCenter, Microsoft hyper-V, Parallels Virtuozzo, and also supports Microsoft terminal Services. External (meaning remote) t access uses a vWorkspace SSl l proxy gateway that’s installed on a dedicated gateway Windows 2000/2003 server in a physical or virtual machine. the gateway’s ability to use X.509 certificates, trusted root certificates, and certificates generated from the Windows 2000+ certificate authorities was a strong security benefit. Most of the products we tested used either their own authentication or active Directory’s username/password/ domain authentication regimen. Desktop time availability was an additional option that made a lot of sense to us and was unavailable elsewhere. the vWorkspace product requires active Directory in place, and requires a number of policy and setup steps to get it running, similar in nature to Sychron onDemand. once installed, the Quest vWorkspace Management Server can then track applications, documents (even Web pages), and the use of desktops; in our case, virtual desktops. From its console, we selected our platform, then created groups of VMs that we could make ‘temporary’ (non-persistent) or persistent VMs for VDI use. the vWorkspace manager can also create relationships with individual machines (think blades in blade servers), or other hypervised platforms for VDI use. Clients can connect through the vWorkspace appPortal, a separately installed application, or via another application called Webaccess. Microsoft’s IIS 6+ Web services must be alive, along with aSP.nEt t and .nEt t Services 2.0+. We used the appPortal which works only with 32-bit clients, and logged in via active Directory authentication.

with 8GB RAM hosting vSphere and vCenter. We tested provisioning of each product’s VMs as well as how the VMs related to any security issues; everything we tested was secured via Active Directory services authentication. We accessed VMs either through another server running Windows XP clients, XP clients in 72

f E B R U A R Y 1 5 , 2 0 1 0 | REAL CIO WORLD

the clients aren’t easy to setup to connect with the vWorkspace server/broker. In order to make it easier, you have to setup something on the default DnS server to point to a “provision.” entry. If Webaccess is installed, it should automatically download a configuration file, otherwise, you must enter the server IP address, and supply username/password/ domain name credentials to configure the client to connect correctly to the service provided. We had difficulty when auto-provisioning the copies of the Windows XP VM that were created. numerous copies that were created didn’t join the domain when launched, and we had to manually join the VM to the desired active Directory Domain in about 10 percent of the copies. the overall responsiveness of the client experience was good, but the you y t tube video test showed lots of lags and video/audio synchronization errors. non-multimedia use, however, was fine and reasonably fast. the Quest vWorkspace has a larger-than-VDI control plane, and the control provided for VDI use was strong, as were the security considerations Quest gave to the product. Client-side use is good, if poised towards non-multimedia use.

MokaFive LivePC vDi with a twist. MokaFive is an image and virtual desktop management platform that’s a VDI ‘crossover’ product for mobile desktop use. MokaFive is VDI that’s up-close-and-personal because it’s downloaded or distributed as an image directly to a Windows PC or Mac and lives not on a VM server, but inside the client Windows PC or Mac workstation. the image might be permanent, and it might go away after a single use or at the discretion of an administrator. there’s no server hypervisor or connection brokering gateway to live with. It’s all in the download. MokaFive can be installed onto a Windows 2003 Server machine and can be used in a VDI platform (such as VMware ESX), although it’s not necessary to use a hypervisor platform at all.

hypervisor mode on laptops, native XP machines, MacBook Pro systems, and Linux Ubuntu 9.10 as hypervised atop MacOS. The Sychron server was hosted on Sychron-recommended Fedora Core 8 in a virtual machine. We used connections to various YouTube videos to judge multimedia quality, and used various Windows

apps to test perceived latency and responsiveness. the Results The race for the top score was exceedingly close. Citrix XenDesktop 4 and VMware View 3 tied for first, until VMware released View 4 mid-way through our test cycle. View 4’s blazing fast transport protocol called PCoIP Vol/5 | ISSUE/04

Deep Dive | Desktop Virtualization


Wyse effective, but proprietary. Wyse makes a number of devices that can display Windows (or other oS) sessions. We tested the Wyse V10l/VXo terminal device, which is a lightweight and booksized terminal. We believe that this device is poised towards value-added resellers and others that want to take the time to understand Wyse’s unusual and proprietary configuration system; we’ve never seen anything like it before. With the V10l terminal, you can display host sessions/VMs, but you can’t copy anything onto the device’s storage (there isn’t any) or to the US USb ports, or anywhere else save a printer port — without enabling this feature in an externally administrated control file. the V10l box uses a standard monitor, keyboard and mouse — but the computer inside uses a proprietary operating system called W WtoS for Wyse terminal t operating System, Version 6.4. barebones. o WtoS requires external configuration files (it saves very little in its onboard flash storage) that access an F FtP server for ‘I ‘InI’ file configuration of the terminal’s settings and access. as FtP is an insecure protocol at best, we feel that the device provides vulnerability to organizations using it, even within secure network boundaries. While the V10 is more difficult to configure than most proprietary devices we’ve seen, once working, it did a great job of displaying Windows XP VMs on our VMware View 3/4 or XenDesktop configurations using rDP and ICa protocols — both atop VMware vSphere-hosted XP VMs. Wyse also offers optional multimedia components specific to the Wyse tCX Multimedia Server (tested), tCX bridge Sound Server (tested), tCX Multi-display options (not tested), tCX USb Virtualizer. Even with the Multimedia Server and bridge Sound Server, we were unable to obtain satisfactory multimedia in our you y tube tests. Video was choppy and sound was intermittent and lagged the video over our test transport. It seemed to work better when we didn’t use the extra Multimedia and Sound bridge server software.


MokaFive is all about the livePC image, which can be created from scratch, or converted from VMware images — although we found this was tough to make work and it created huge images. livePC Creator and Player are used on the client side. Creator builds the image, and Player is used to connect the livePC image (the image is actually downloaded to a user’s machine before first use). Creator is typically for admins only, but it could be for non-admins if the MokaFive admin lets other users create VMs. the created VMs are stored on the MokaFive server, but it’s possible to add more Image Store locations by installing them on another machine. the livePC image that is initially created with MokaFive’s Creator is downloaded or otherwise distributed to users through the MokaFive player application. the MokaFive Player contacts the MokaFive server for login, policy control and updates, but can also be used in an offline mode using cached credentials. Policy controls can be embedded in the livePC image to do things such as “retain user apps after image restarts”, “allow automatic sign on”, “allow drag and drop between guest and host”, and “access to USb drive” as examples. In order to actually download the image, you must login with your username on the MokaFive Server’s website and “subscribe” to your livePC. In either online or offline mode, the question of responsiveness of the session is moot, as it’s executing in the client’s hardware. this also means that sparse, lightweight Windows XP images can use less space to execute, and so we recommend stripping images to barebones before building a livePC image. otherwise it will take forever to download a new image if you work from home or have a slow connection. the MokaFive method is very lightweight, although it needs certain VMware pieces to make it work. Virtualization hypervisor server hosts are moot, because images execute as hypervised guests, yet can be updated from the MokaFive ‘mothership’ or just used in ‘offline’ mode until the next available server connection method is available. It’s VDI, but with a twist.

We found that there gave it a slight edge over are three levels of VDI XenDesktop. of Indian CIos o os sessions, so potential The final results look VDI customers need this way: VMware’s use desktop to determine how these View 4 is our winner, virtualization. capabilities match up Citrix XenDesktop source: with your remote desktop and View 3 both tie at cio research mobility needs. A basizc the second place. On the session would be a simple remote hardware side, PanoLogic wins logon to a Windows virtual machine besting NComputing and Wyse. Vol/5 | ISSUE/04

or shared instance from a Windows client or hardware device. In the next level, a remote session could share local resources, such as USB, disk, or even antivirus inputs. The ultimate VDI experience was being able to watch fully synchronized remote redisplays of YouTube videos or even Hulu video Web sessions. Few of the vendors could deliver that level REAL CIO WORLD | f E B R U A R Y 1 5 , 2 0 1 0


NComputing X550

Pano Logic (Winner)

Low-cost, simple and effective.

Fast, easy and vMware-based.

the X550 is a genuine old-fashioned terminal server with a twist. one or two PCIe ports are needed in a server box to host nComputing’s Ethernet boards. a small, smartphone-sized box called the XD2 has speaker, Ethernet, PS/2-style mouse and keyboard jacks and a VGa jack. t two PCIe cards yields 10 machines, and the 11th is the host computer itself. the host machine can run Windows XP, 2003 Server or 2008 Server editions. Each Ethernet port connects in turn an XD2 box, where keyboard, mouse, monitor (in high resolutions) and even a speaker can be connected. the supported operating systems, controlled by nComputing’s VSpace virtualization software, are Windows XP, Windows 2003 and 2008 Server editions. Each user of the X550 system gets their own session, as though they were a simple logged-in user of the operating system. Users share the machine’s Internet connection, and peripherals such as printers. Policy controls of the host operating system control user accessibility to installed applications, file shares and the security of the host operating system’s configuration. the benefit of the X550 (smaller versions are available with fewer ports) is low cost, and low number of instances of an operating system in use. If applications can handle multiple users in this configuration, application costs may be lower as well. the beauty is that VSpace allocates resources readily and simply, and virtualization and VM instances are spectacularly simple to control by comparison to VMware, MS hyper-V, and even XenServer costs — even though XenServer is free! We like the idea of a single box to run applications, although it represents a single point of failure, where the other virtualized platforms are often able to be made redundant through various schemes. It’s a small office/retail/branch scheme that we found worked simply and was difficult to load down with work in a multi-core desktop server box (we used a dual-core hP media server). the X550 is an old-school idea with a virtualization-controlled twist that may please some organization’s budget needs.

of performance. Overall, we found that each of the nine products worked well, with varying degrees of kinks that needed straightening out. Our winner for VDI software is VMware View 4. It was certainly the best in terms of both client and administrative qualities, but it’s also relatively expensive and it’s captive to VMware VSphere 4. We liked 74

f E B R U A R Y 1 5 , 2 0 1 0 | REAL CIO WORLD

Pano logic’s Pano Cube is a very small ‘designer’-looking cube containing three USb jacks, VGa and audio/mic jacks. It ostensibly has no CPU or memory/storage inside, permitting it to be used strictly as a KVM+ access device. Pano logic also makes a USb dongle called Pano remote for Windows-based machines that logs them onto a VM as well, but we couldn’t find any use for it. Pano remote does have the ability to constrain data transfer between a host and client PC, including print data, but this was not extensively tested. the Pano Manager provisions desktops through ESX/vCenter and also enables policy controls about what Io can go through the Pano Cube. It’s possible to restrict printers, and so on for any particular session. the Pano Gateway in turn, sets up connection brokerage relationships for VPn and proxy access from branch to ‘home’. Pano Device setup was very simple, as there’s little to set. Pano Manager allows for persistent and non-persistent VMs to be used. VMs can be organized into collections, which can host a number of VMs in which the Pano Cubes connect as a single logical unit). the collections can be user-based collections where VMs have specific relationships with users (like first cousins), Pano Logic Pano Cube or Device-specific relationships (for example this Cube always gets this VM). If you don’t want to do either, VMware View can manage the VMs. the Cube Clients, we found, are wicked fast. they logon in just seconds, and were able to reproduce multimedia very well — even when we loaded the hosted VMware server down (a local host with 8Gb of raM) with all 10 Cubes sent to us. the Pano Manager and Cube require VMware, but is a decent investment atop this expensive platform. Its simplicity is bliss, and it doesn’t require VMware’s vCenter to do the majority of its work. a baseline VMware server platform should do the trick, and it can use the “free” VMware ESXi platform.


XenDesktop’s egalitarian platform support, although XenDesktop was a little slower on the client side, and a bit more difficult to manage on the server side. On the hardware side, we liked Pano Logic’s approach. It was clean, simple and offered a lot of value in a small cube. We were impressed by ease of deployment, small profile,

and excellent client responsiveness — especially in such a small device. CIO

Henderson is principal researcher at Extreme Labs. He is also a member of the Network World Lab Alliance, a cooperative of the premier reviewers in the network industry. Send feedback to

Vol/5 | ISSUE/04

By Kevin Fogarty

Microsoft’s Desktop Optimization ay. aw ing go ’t isn 7 s ow nd Wi t, no or Whether you like it ilities are packaged — gives you ab cap n tio liza tua vir its of st mo ich Pack — the add-on in wh lization andWindows 7. more reasons to look at desktop virtua


t seems as if every vendor is putting out new products or touting old products designed to help make Windows 7 a good platform, or to cement justification for desktop virtualization projects. Microsoft recently released version 2 of the Microsoft Desktop Optimization Pack 2009 — the add-on in which most of the Windows 7 virtualization capabilities are packaged.

MDOP Microsoft Desktop Optimization Pack R2 ( available now in beta) supplies a host of acronyms previously inaccessible to most customers. Most of the virtualization capability is built into these specific modules: Microsoft Enterprise Desktop Virtualization (MED-V): Allows Virtual PC to launch on top of Windows 7 and adds management capability by tying in to Microsoft’s management server and providing the client-side support for policy-based usage controls, provisioning, and delivery of a virtual-desktop image. Application Virtualization (App-V): Provides the client that will connect to a Windows server and allow the launch of a remote application, which can be either viewed remotely from the client, or streamed down to it and executed on the local PC. Provides connections for AppLocker policy management for applications, BranchCache data caching point, and integration with third-party LDAP directories. Advanced Group Policy Management (AGPM): allows IT leaders to create Group Policy Objects that can be applied to Windows machines in multiple domains and tracked to monitor usage of specific applications.

MDOP’s Main Functions XP: Windows 7 Professional comes with emulation and auto-tuning capabilities to help existing applications run on it. For apps that won’t, it includes the ability to run Windows XP as a Virtual PC within the Vol/5 | ISSUE/04

Deep Dive_February2010.indd 75

same machine. Microsoft doesn’t charge for the license to run XP. Management: A new version of MDOP contains most of the virtualization components. Most critical are Microsoft Enterprise Desktop Virtualization’s ability to let incompatible XP and Win7 applications run seamlessly; AppLocker’s ability to create a whitelist of software that is allowed to run; AGP’s ability to define how and when applications should be used locally or remotely. Footprint: Windows 7 takes up far less space on disk than Windows Vista, making it more friendly for setups that use many Windows 7 VMs running on a single server.

My Documents Since Windows 2000, Microsoft has been expanding Windows’ ability to recognize and backup changes in a user’s data. Windows 7 takes a substantial jump in maturity in the ability of server and client software to automatically back up not only documents, but also user configuration settings, so an end user can log in from a different machine and still get access to the same files. Application Virtualization: The App-V client, built into the MDOP software package provides the client side for virtual application launches, which Microsoft expects will remain far more popular with customers than virtualization of full desktops with operating systems. This allows users to click on icons on their desktop and launch a server-based application which they can use as if it had launched on their own machine.

License Tracking The Asset Inventory Service is part of Microsoft’s Software Assurance program to help track software licenses and make sure you don’t violate them, either with real or virtual installs of Windows 7 and other Microsoft applications. CIO Send feedback on this feature to to

REAL CIO WORLD | f ebruary 1 5 , 2 0 1 0


2/9/2010 7:37:09 PM

y o u r l I f e & C a R e e R pa t h

Dynamic Duos By Stephanie OverBy Let's face it: As CIO, you're lonely. You've got teams of people working below you, a boss and board weighing in from above and executive peers who don't get what you do. What you need is a partner. Not the kind of partner that's become a C-suite cliché — "We're partnering with a new vendor" or "We have to partner with the business" — but a real honest-to-goodness collaboration between you and another human being reaching common goals you could never achieve individually. "Isolation is quite literally unhealthy — as bad for you as smoking or lack of exercise," explains Rodd Wagner who, with fellow Gallup executive Gale Muller, co-authored the book Power of 2: How to Make the Most of Your Partnerships at Work and in Life. The more we collaborate, the more we accomplish. In fact, Wagner and Muller, who studied thousands of one-on-one collaborations to determine what makes them successful, found that the highest levels of happiness and engagement kick in when a person has five to 10 good alliances. Raytheon vice president and CIO Rebecca Rhoads credits some of her success to alliances formed with peers in engineering, finance, supply chain, communications, HR, business development and legal. "They often give me new insights," she says.


IllUSt ratI o n by M M Shan Ith


Kick the lonely CIO habit.New research suggests partnerships are the career boost we need.


f e b r u a r y 1 5 , 2 0 1 0 | REAL CIO WORLD

Vol/5 | ISSUE/04

Our culture emphasizes being the hero. It’s a weakness in business strategy.

Send feedback on this feature to

Vol/5 | ISSUE/04

Thrive.indd 79

threeminute coach Help ! How can I assess a potential employer's office space to determine whether its corporate culture suits me? Elaine Varelas is managing partner at Keystone Partners and has over 20 years of experience in careerdevelopment consulting.

Always: Identify the culture where you thrive, and pursue that culture. Do you excel in more formal hierarchical organizations or informal, loosely organized structures? Often, the address of a company will tell you all you need to know about the company culture. If they are located in the business district of a city rather than a funkier part of town, there is a good chance the office is more likely to be business professional than business casual. Is the receptionist working with equipment that is part of current communications technology plan or an obsolete phone system? If it's outdated, that may be an indication of where investments in technology fall as a business priority. Sometimes: Ask current employees to describe the culture. If there are differences between what former employees have said, ask about that, and identify why. Take note of private office space. Are cubes or offices used? Are there many private conference rooms being used? Also notice whether office doors are open or closed. This is a good indication of how well the company collaborates on projects. And note the technology each person has. Are they limited, or part of each person's repertoire of tools to work more effectively? Never: Don't compare one company to another and don't disparage other companies. Don't be threatening, judgmental or hasty in your assessments. If you find things lacking or not up to par, remember that those short comings may provide tremendous professional opportunities, if you take a position with the company. CIO

t h ri v e

Potential partners can be found among your Mdirect reports or in the C-Suite Wagner says. The problem is you can't just throw any two people together and expect a fruitful relationship to flourish. To create more perfect unions, Wagner and Muller layout eight requirements: complementary strengths, a common mission, fairness, trust, acceptance, forgiveness, communicating and unselfishness. That means the assistant that doesn't exactly share the workload may not be partner material. And that VP who sees you as his main competition? Not a partner. Also avoid partnering with your corporate doppelganger. "You don't need another person just like you as a partner," Muller explains. "You need someone who has what you don't." Savvy IT executives should foster solid partnerships among their staff, too. Employees with one collaborative relationship are 29 percent more likely to say they'll stay with their company for the next year and 42 percent more likely to say they'll intend to stick it out for their careers, according to Gallup research. Wagner and Muller also discovered that workers who are wellpartnered generate higher customer satisfaction scores, safety, retention, creativity, productivity and profitability for their companies. If it seems your reports are competing rather than collaborating, take a closer look at your incentives. "There is a pervasive bias for shining the spotlight on one person. You can see it in how the press wanted to know whether Edmund Hillary or Tenzing Norgay stepped first on the summit of Everest," says Muller. Although serious violations of trust are rare, even the best relationships can go astray. "There are crucial moments when one of the partners has to make a leap of faith," says Muller. "This often means forgiving an error or being willing to give more. Partnerships need to be fair, but fair doesn't mean equal." If all this sounds like foreign territory, that's because it is. Corporate history may contain examples of successful partnerships — Disney's Michael Eisner and Frank Wells, Bill Hewlett and Dave Packard — but business books tend to focus on how to be a great leader, not a great betterhalf. "We have a culture that emphasizes being the all-around hero, even though research is quite clear that each of us is a mixture of strengths and weaknesses. It's a real blind spot in business strategy," says Wagner. To forge good partnerships, "you have to recognize both that you need help and that you are also the help someone else needs." CIO

Send queries you might have to

REAL CIO WORLD | f e b r u a r y 1 5 , 2 0 1 0


2/9/2010 5:27:44 PM

Insights from Members of the CIO Governing Council

Jai Menon

The director for technology and customer service at Bharti Airtel and the group CIO of Bharti Enterprises, Menon joined the company in 2002. He started his career at IBM’s T.J. Watson Research Labs, USA, and rose to become an IBM executive where he assumed the office of executive director in IBM’s Software Group. Before joining Bharti, he was corporate officer and EVP at AT&T and also played the role of CTO across its businesses.

Four Steps to Lead Business Jai Menon, the man behind Airtel's outcome-oriented IT models, tells you how to be a business CIO.

Photos by Srivatsa Shandilya

Business Leadership | In the last two decades the CIO's role has changed dramatically. Today, the primary challenges for CIOs are how to extract greater business value from IT implementations and how to provide greater differentiation, agility and intelligent insight. This necessitates that CIOs start thinking like business men. They need to really internalize the business proposition that can be brought to bear because of a technology intervention. Here are the four competencies CIOs of the next decade have to acquire to do that. End-to-end technology delivery in business speak. Today technology is no longer about CPUs, clock rates and storage. It is about an integration architecture and about how a CIO can talk about the value of technology in business terms. Take for example, a mechanism we created called the ARB or the architectural review board. This is a collaborative effort between business and technology to decide the roadmap of a technology stack based on our business evolution. The ARB looks at all package and architecture decisions around B2B and B2C IT stacks. It also decides which IT function stay in and which are outsourced. The ARB creates a roadmap of how a business process will evolve over the next three years — and therefore how a technology stack will evolve. This is updated every year. Financial depth and modeling. This is about cost innovation. At Airtel, an example of this is the S1 Utility Outsourcing Model (the revenue-sharing deal between Airtel and IBM.) But this could only be created after a huge amount of financial cost engineering. 80

Mentor_Page 92.indd 80

f e b r u a r y 1 5 , 2 0 1 0 | REAL CIO WORLD

And to be able to have the financial acumen to do something like that, it is important for CIOs to play roles in different business functions, perhaps even run a small P&L responsibility. This will help them acquire financial depth and understand the various pushes and pulls of a business. For example, I was given the opportunity to run Airtel's Enterprise Services business (the telecom business of Airtel) for about a year as a joint president and it taught me what it takes to run a business. Business development and partner relationships. The CIO of the next decade will have to turn their suppliers into partners and create alliance-type relationships. This will allow a CIO to introduce new revenue streams. At Airtel, for example, we have been working with providers like Google, Blackberry and Apple to bring new products into the market place. If you are thinking this is easy for a CIO to do, here’s an example for a manufacturing CIO in the auto industry: introduce communication services —

CIOs really need to internalize the business proposition that IT can bring to bear. smart, intelligent devices — into products that are rolled off the manufacturing floor. Deep people and customer engagement. The IT model at Bharti is based on what we call the IT Community Practice. It encourages a virtual organization in which the partners and employees of Bharti weave together, creating one entity. This promotes deep engagements with our partners’ employees so that there is no feeling of an ‘us’ and a ‘them’. On the customer engagement side, my team has been made responsible for running Airtel's customer services. Opportunities like this can help CIOs get closer to the customer of the business. These are the skills that CIOs of the 2010 decade will need to acquire as they evolve so that we can have CIOs as business leaders, sitting at the head of the table, steering the course of business. CIO As told to Sunil Shah Send feedback on this column to

Vol/5 | ISSUE/03

2/9/2010 7:54:49 PM

CIO February 15 2010 Issue  
CIO February 15 2010 Issue  

Technology, Business, Leadership