March 15 2006 by Sreekanth Sastry

Cover_october011_checklist.indd 84

11/16/2011 4:30:11 PM

From The Editor

Many moons ago, I spent time with Richard M. Stallman trying to understand his

Of Rights and Wrongs The underlying order that governs open source might be under threat.

vision of a world without software patents. He was convinced that free and open-source software was the way forward. The GNU guru’s view of programmers churning out opensource software while supporting themselves financially by coding for proprietary software companies left me astonished. There was something too unstable, too stupendous and too utopian about this vision. What was more radical and impressive about Stallman was GPL—the GNU General Public License that he developed in the late 1980s. Recipients of a computer program released under GPL have the ‘freedom’ or right to run the program, for any purpose; redistribute copies; study how the program works, and modify it; and improve the program, and release the improvements to the public. Obviously, access to the source code is a precondition for these ‘freedoms.’ The four freedoms are not driven by monetary considerations. They simply ensure that the authors of new software can charge what they want, as long as they share the code. This in turn promotes consistent versions of the software under GPL—very critical given the flux that surrounds its development. But now that underlying order that governs Torvalds says he'll release open source might be under threat. the next version of the Stallman tweaked GPL in 1991, and he’s Linux kernel under the now tinkering with Version 3. The spread existing GPL, and Stallman of open-source code has given Stallman an shows no sign of budging. opportunity to push his social agenda of free software forward. The draft of GPL Version 3 contains provisions aimed at limiting the growth and influence of proprietary or patentprotected software and digital content. This approach is not intended to impress Hollywood, the producers of devices based on Linux, and proprietary software vendors. Not so surprisingly, IBM and a bunch of industry players (Linus Torvalds included) are setting out to figure ways to ‘improve the quality of software patents,’ while fighting off attempts to patent programs that are already in wide use (this incorporates open-source code). A showdown seems imminent. Torvalds has declared that he’ll release the next version of the Linux kernel only under the existing GPL, even as Stallman shows no sign of budging. If this goes on, it might rock the foundations of GPL and completely mess up the status of all prior code released under copyleft. What do you think about the to-do over GPL? I look forward to your opinion, mail me at vijay_r@cio.in.

Vijay Ramachandran, Editor vijay_r@cio.in

M A R C H 1 5 , 2 0 0 6 | REAL CIO WORLD

Content,Editorial,Colophone.indd8 8

Vol/1 | ISSUE/9

3/11/2006 4:29:08 PM

content MARCH 15 2006‑ | ‑Vol/1‑ | ‑issue/9

Open SOurce This special report takes a close look at the ins and outs of open source for the CIO who's tempted—but still needs a bit of convincing.

5 8

5 4

3 0

Feature Free cOde FOr SAle | 30

CoVEr: ImagIn g by Jayan K narayanan

Open source is becoming a vital piece of enterprise infrastructure. It's development is also becoming profitable. Understanding the people that create and sell open-source code is becoming a critical part of your job. By christopher Koch

4 5

Open SOurce AScendAnt | 45 How Cendant Travel Distribution Services replaced a Rs 450-crore mainframe with 144 Linux servers and lived to tell about it. By christopher Koch

deVelOpInG SuperpOWer | 54 S. Ramakrishnan, Director General, C-DAC (Centre for Development of Advanced Computing) believes that only a team of technologies, riding on Linux and other opensource software can bring the best results. Interview by Gunjan trivedi t

AjAx ArrIVeS FOr the enterprISe | 58 Ajax looks like its going to stay. But, like every new Web technology, CIOs must look how not to drop the ball on their companies. By christopher lindquist

M A R C H 1 5 , 2 0 0 6 | REAL CIO WORLD

Content,Editorial,Colophone.indd10 10

Vol/1 | ISSUE/9

content

Essential Technology | 58 Pundit | Can Vendors Control Open Source?

By Christopher Koch

From the Editor | 8 Of Rights and Wrongs | The underlying order that

governs open source might be under threat. By Vijay Ramachandran

Inbox | 16

5 0

NOW ONLINE For more opinions, features, analyses and updates, log on to our companion website and discover content designed to help you and your organization deploy IT strategically. Go to www.cio.in

c o.in

Govern Weather Wizards | 50 New forecasting methods and technologies are helping predict weather. But with the bewildering number of variables, the future of analyzing monsoon trends is likely to remain sometimes sunny and occasionally cloudy.

2 2

Feature by Balaji Narasimhan

Total Leadership | 22 Shopping for a Future CIOs soon will be able to pick their career paths according to their strengths as leaders and whether they want to focus on technology or business. Column by Asiff Hirji

M A R C H 1 5 , 2 0 0 6 | REAL CIO WORLD

Content,Editorial,Colophone.indd12 12

Vol/1 | ISSUE/9

3/11/2006 4:29:36 PM

Advertiser Index

Manage m ent

President N. Bringi Dev

COO Louis D’Mello

Avavya

4, 5

Interface Connectronics

Canon

Microsoft

Cisco

Seagate

Cubic

Webex

Hitachi

Wipro Infotech

6, 7

Xerox

9,15

Editorial Editor Vijay Ramachandran

Bureau Head-North Rahul Neel Mani

Special Correspondent Balaji Narasimhan

Senior Correspondent Gunjan Trivedi

COPY EDITOR Sunil Shah www.C IO.IN

Editorial Director-Online R. Giridhar D esign & Production

Creative Director Jayan K Narayanan

Designers Binesh Sreedharan

IBM India

13,25,28,29,64

Vikas Kapoor Anil V.K. Jinan K. Vijayan

Imation

Unnikrishnan A.V. Sasi Bhaskar

Photography Srivatsa Shandilya

Production T.K. Karunakaran Marketing and Sales

General Manager, Sales Naveen Chand Singh

brand Manager Alok Anand

Marketing Siddharth Singh

Bangalore Mahantesh Godi

Santosh Malleswara Ashish Kumar

Delhi Nitin Walia

Aveek Bhose Mumbai Rupesh Sreedharan

Nagesh Pai Swatantra Tiwari

Japan Tomoko Fujikawa

USA Larry Arthur

Jo Ben-Atar

Singapore Michael Mullaney UK Shane Hannam

Form IV Statement of ownership and other particulars about the magazine Real CIO World, as required to be published under Section 19-D Subsection (b) of the Press and Registration of Books Act read with Rule 8 of the Registration of Newspapers (Central) Rules) 1956. Place of Publication: Periodicity of publication: Printer Name: Nationality: Address: Publisher Name: Nationality: Address: Editor Name: Nationality: Address:

Bangalore Fortnightly N Bringi Dev Indian 10th Floor, Vayudooth Chambers 15-16 MG Road, Bangalore 560001 N Bringi Dev Indian 10th Floor, Vayudooth Chambers 15-16 MG Road, Bangalore 560001 Vijay Ramachandran Indian 10th Floor, Vayudooth Chambers 15-16 MG Road, Bangalore 560001

All rights reserved. No part of this publication may be reproduced by any means without prior written permission from the publisher. Address requests for customized reprints to IDG Media Private Limited, 10th Floor, Vayudooth Chambers, 15–16, Mahatma Gandhi Road, Bangalore 560 001, India. IDG Media Private Limited is an IDG (International Data Group) company.

Names and addresses of individuals who own the magazine, and partners or shareholders holding more than one per cent of the total capital: IDG Media Pvt. Ltd 10th Floor, Vayudooth Chambers 15-16 MG Road, Bangalore 560001 I, N Bringi Dev, hereby declare that the particulars given above are true to the best of my knowledge and belief.

Printed and Published by N Bringi Dev on behalf of IDG Media Private Limited, 10th Floor, Vayudooth Chambers, 15–16, Mahatma Gandhi Road, Bangalore 560 001, India. Editor: Vijay Ramachandran. Printed at Rajhans Enterprises, No. 134, 4th Main Road, Industrial Town, Rajajinagar, Bangalore 560 044, India

15 March 2006

M A R C H 1 5 , 2 0 0 6 | REAL CIO WORLD

Content,Editorial,Colophone.indd14 14

N Bringi Dev Signature of publisher

Vol/1 | ISSUE/9

3/11/2006 4:29:38 PM

reader feedback

kindly let me know the BI tools used by ICICI Bank that you refer to in Banking on Intelligence (March 1). AnurAG MAthur A Athur GGM (MIS), CONCOR

Global Lookout I’ve been tracking CIO India from its inaugural issue and I think it has a very to-the-point approach; the articles it carries are concise and focused on the real problems that confront CIOs. This makes it stand apart from other vendorfocused magazines. The issue on Business Intelligence (Banking on Intelligence, March 1) showcases how BI can be used to the benefit of an enterprise. Although sizes and means may differ, many of the problems the article highlights affect all of us. Interviews like View from the Top enrich and inform us what CEOs expect from technology departments. It is important to know the view of the top management and their expectations from IT. For example Passion in Motion, (March 1), gives the views of Neeraj R.S. Kanwar, COO, Apollo Tyres, and how he would like his field sales force to stay connected with critical data to take better and faster decisions. I would like to suggest that CIO also cover the ‘Global View.’ I am sure readers would like to know the thinking and reactions of global CIOs vis-à-vis important issues in technology and IT management. This will certainly help us take better decisions since some of us work in global environments. AnAnd SenGuptA upt uptA Head of IT, Daikin India

M A R C H 1 5 , 2 0 0 6 | REAL CIO WORLD

ICICI Bank went in for data warehousing tools from Teradata in early 2000. They have also been using COGNOS’s BI reporting tools (like COGNOS PowerCubes). Recently, ICICI Bank has deployed SAS Enterprise Intelligence Platform, using tools like the SAS ETL Server, SAS Enterprise BI Server and the SAS E-Miner. — Editor

textile Spin t It is good to see a magazine that discusses the role of CIOs and their contribution within various verticals. I have been a regular reader of CIO for sometime now and have been watching the advisory board which consists of many industries but not textiles. I currently head IT for the textile wing of the LNJ Bhilwara Group. The industry, in India, is growing and it will continue to grow for years to come. Technology plays an important role for many textile companies in a bid to survive the competition in the world’s open market. Many are not aware, however, that some organizations like Indorama, Rajasthan Spinning (the textile wing of LNJB) and Arvind Mills have employed technological systems that other industries are only employing now. A good example is BI tools, which many organizations are What Do You Think? We welcome your feedback on our articles, apart from your thoughts and suggestions. Write in to editor@cio.in. Letters may be edited for length or clarity.

editor@c o.in

“Technology plays an important role for many textile companies in a bid to survive competition in the world’s open martket.” implementing now, although we've had them since 1999-2000. I request CIO to cover technologies used in the textile industry. I am sure this will attract readers who would like to broaden their scope of knowledge. There’s more to the economy than FMCG, pharma and the automobile sector. There are others who probably use technology better than they do . ArindAM SinhA General Manager IT, Rajasthan Spinning & Weaving Mills

Our approach to features in CIO is to look at issues (like Business Continuity or e-Commerce or Business Intelligence) based on best-in-class implementations across verticals. We would like to know more about and understand the business goals of the textile industry and how IT is helping to achieve them. We’d also value knowing more about you and the work and issues you face in your role as General Manager IT, Rajasthan Spinning Weaving Mills. The Editorial Advisory Board as it stands attempts to cover a lot of ground by including as many categories of industry as possible (such as IT or manufacturing or pharma or automobiles). The Board is not cast in stone, and we plan to periodically induct new members by identifying eminent and active CIOs. I’d be grateful for your inputs on this score. Your active participation is a critical element in helping us build a strong and vibrant CIO community. — Editor

Vol/1 | ISSUE/9

open SouRce

SpecIAL S pecIAL

new

hot

unexpected

Closing Open-source Patent Loopholes The Free Software Foundation has released a draft version of its new general public software license (GPL) that is designed in part to protect open-source users from being sued over software patents. The document (available at http://gplv3.fsf. org/draft) is the first major revision to the popular software license in 15 years and would change the terms under which a variety of open-source software, including Linux, Samba and MySQL, is used. The GPL is a license that allows users to freely copy software as long as they share any modifications they make to it. The draft includes a provision requiring software distributors to ‘shield’ users against patent infringement claims when they distribute software that incorporates patented technology.

LICENSING

The provision is aimed at discouraging patent infringement suits and preventing users from being hurt in intellectual property disputes. The patent provision is likely to kick off a lot of discussion, especially from large companies with lots of patents that may wonder exactly what they must do to protect users, says Karen Copenhaver, general counsel with intellectual property management vendor Black Duck Software. Linus Torvalds, developer of the Linux kernel, a key component of the Linux operating system, says he’ll oppose the new license for another reason: Its rejection of digital rights management. The new license will most likely be finalized in early 2007. —By Robert Mcmillan

Free Code Runs Giant wi-Fi Network N E t w o r k I N G If securely deploying 10,000 wireless access points across 1,700 locations in five months to create what is said to be the world’s largest enterprise Wi-Fi network sounds like a challenge, Victoria’s Department of Education (DET) in australia took it all in its stride—with the help of a little penguin. The department’s head of ICT security, loris meadows says that the Wireless networks in Schools (WInS) project required a

42,000 teachers ImagIng by U n nIKRISHn an aV

With 540,000 students, 42,000 teachers, more than 200,000 540,000 computers, and 40,000 students notebooks spread more than across the 1,700 sites, 200,000 the wireless network computers cost Rs 21.6 crore 40,000 (A$6.5 million) notebooks to implement.

Vol/1 | ISSUE/9

Trendlines.indd 17

custom proxy and security services appliance dubbed ‘EduPass’ to be engineered due to the Wan’s complexity. “at the heart of the system is EduPass. We had an aging fleet of proxy servers and needed to roll out 1,700 of them so we saw a good opportunity to add proxy to radius,” meadows said. “We looked at best of breed open source solutions like Smoothwall and Freeraduis; we have our own kernel based on Red Hat linux and did a lot of development.” With the EduPass design and development done, 1,700 linux and amD-based ‘black boxes’ are now running in nearly every school in Victoria. neither microsoft nor Intel were impressed, meadows said, adding this is almost certainly the largest unified enterprise wireless network in the world. So far, DET has had about five education departments knocking on their doors to get access to EduPass, but its source code will not be released in the short-term. — by Rodney gedda, edda, Computerworld REAL CIO WORLD | M A R C H 1 5 , 2 0 0 6

3/11/2006 4:55:05 PM

trENdLINES

Software That Knows

whatYou

want to Hear Using computers for a task as subjective as discerning your music tastes sounds like a tall order. Nevertheless, some commercial companies and research organizations are developing software designed to analyze the music you like and recommend tunes, even from groups you’ve never heard of. Gracenote, a digital entertainment company, says that it will offer a product for online music stores by mid-year that will help the stores make smarter music recommendations for their customers. And a project partially funded by the European Union is ready to license similar technologies to service providers and consumer electronics makers. Early efforts at recommending music relied on signal processing techniques to uncover similarities in music, such as sound quality, according to Xavier Serra, who is managing the C U S t o M I Z At I o N

EU-funded Semantic Interaction with Music Audio Contents (SIMAC) project at Barcelona’s Pompeu Fabra University. That was enough to group tunes with the same acoustic properties, but the method might still have linked a fast-paced classical overture with a thumping techno beat. The next generation of the technology will combine signal processing with information from databases containing input from music experts, or even personal data supplied by a consumer.

—By James Niccolai

The Travels of a T-Shirt in the Global Economy By Pietra Rivoli John Wiley & Sons, 2005, Rs 1,597.00

Traveling the Supply Chain The Travels of a T-Shirt in the global Economy: an Economist Examines the markets, Power, and Politics of World Trade B o o k r E V I E w Rarely is a business book so well written that one would gladly stay up all night to finish it. The Travels of a T-Shirt in the Global Economy is just such a page-turner, however. It begins with Rivoli, an associate professor at Georgetown University’s McDonough School of Business, attending a protest against global working conditions. A young woman confronts the crowd with a question: Who made your T-shirt? She intends to provoke guilt—or action— among her audience when she

asks whether the shirts they’re wearing could have been made by Vietnamese children chained to sewing machines. Taking the question as a call to arms, Rivoli sets out on a quest to discover not just who manufactures T-shirts but also who’s involved in each step of the supply chain. Tracing the life of a T-shirt from raw materials to finished product might sound gimmicky, but Rivoli uses the device to gracefully uncover a story of world trade and market dynamics.

M A R C H 1 5 , 2 0 0 6 | REAL CIO WORLD

To get to the beginning, she starts near the end. Rivoli plucks a random T-shirt from a Florida Walgreens bargain bin. She tracks down the screen printer in Miami to find out where he got the blank shirt. That information leads her to Patrick Xu of Shanghai Knitwear. Xu strips away the first of many author (and probably reader) misconceptions, when he tells her where the cotton he uses came from: Texas. Each stop on Rivoli’s travels brings surprises. In the story she weaves, social problems stem

not from free market conditions, but from the avoidance of them; farm subsidies and importer tax breaks result in lower wages in poorer countries. Rivoli says she wrote this book to tell a story. However, she’s not entirely without an opinion. Like it or not, she writes, the trade skeptics and the corporations need each other, while the Asian sweatshop worker and the African cotton farmer need them both. To get a full understanding of just why that is, grab this book. —By Stephanie Overby

Vol/1 | ISSUE/9

Forty-six percent of respondents said they used ITIl for re-engineering IT services and delivery. r E P o r t The Information Technology Infrastructure library (ITIl), a set of best practices in IT management, is helping companies align IT with their larger business objectives, according to a recent survey by consultancy firm Evergreen Systems. of 167 CIos and other senior IT executives who participated in the survey, 95 percent said they had budgeted for or approved ITIl projects during 2005, and 85 percent said their ITIl l plans included business goals as well as technical priorities. In addition, 87 percent said that their companies have a CIo or senior VP committed to these projects. ITIl adoption is rising as involvement of IT executives increases, says Don Casson, CEo of Evergreen Systems. This isn’t a surprise, he says, because “ITIl is about processes, so you’d [expect] the first people to grab hold of it would be IT executives.” He says successful implementations occur only when the CIo is involved from day one. First developed in the late 1980s by the british government, ITIl is a seven-volume catalog of best IT practices. It covers major aspects of IT operations, including service support, delivery and management; security, infrastructure and application management; and business alignment. European companies have widely embraced all of the practice areas. but in the United States, organizations are most interested in service support and delivery. The survey found that 46 percent of respondents, a plurality, said they are using ITIl for reengineering IT services and delivery. Thirty-one percent are adopting every aspect of ITIl, while 19 percent are focused on improving management of services such as the help desk. although it’s critical that a CIo get involved at the beginning of an ITIl l implementation, Casson says companies should proceed with it at their own pace. Close to 70 percent of respondents said they set strategic goals and RoI targets for each phase of adoption. “This is a large, multi-year enterprise change,” says Casson. “That’s a terrific risk. [but] one of the benefits of it is that it can be done in a serial fashion. y you can capture value from reasonably short phases.” MANAGEMENt

— by C.g. lynch l Vol/1 | ISSUE/9

trENdLINES

ITIL Gains Priority

VoIp Security

debate heats up Voice over IP (VoIP) telephony and malicious software for mobile devices are among the mosthyped IT security threats, according to Gartner. Lawrence Orans, principal analyst at Gartner, and John Pescatore, vice president and Gartner fellow, say that while attacks on IP telephony and mobile devices may come eventually, vendors of security technologies and services have overblown the current danger of such attacks. They say businesspeople are worrying so much about overhyped threats that they’re not deploying technologies that can help their companies, such as wireless LANs. These worries are, for now, unfounded, says Orans. Since eavesdroppers need access to the corporate LAN, it’s currently nearly impossible to eavesdrop on an IP

SECUrItY

telephone call without being inside of the building where the call is initiated or received. Meanwhile, says Pescatore, viruses and worms that attack smart phones and other mobile devices will have a limited impact because there is, as yet, no mobile operating system as dominant as Windows is for PCs. The vendors beg to differ. Stan Quintana, vice president of managed security services for AT&T, says protecting VoIP networks is more complex than protecting dataonly networks. Users of IP telephony need to secure not only their phones and IP servers, but also signaling and other voice equipment. Meanwhile, Vincent Weafer, senior director of Symantec Security Response, says that while mobile device security isn’t a big issue now, his company is trying to educate users. “What we’re trying to tell people is, if they’re deploying these devices, they should deploy them in the right way,” Weafer says. —By Grant Gross REAL CIO WORLD | M A R C H 1 5 , 2 0 0 6

To protect Germany’s athletes, coaches and media representatives during the Olympic Games in Turin, Italy, Berlinbased Bundesdruckerei GmbH is using a biometric finger scanner— the L Scan 100 from Cross Match Technologies Inc.—to limit access at the German House, or Deutsches Haus. The facility, used by the National Olympic Committee for Germany, serves as the central meeting point for Germany’s athletes, officials, commercial partners and media representatives during the Olympic Games. Bundesdruckerei is providing the entire biometric accreditation system for the facility. To gain access to the German House, a visitor must prove his identity by showing an official travel document such as a passport or

SECUrItY

a German ID card, said Georg Hasse, vice president of International Marketing for Cross Match, which is based in Palm Beach Gardens, Fla. Then a photograph of the visitor is taken, and the photo and the personal data are printed on a plastic card from Bundesdruckerei.A visitor’s fingerprints are also taken and stored in a database for the duration of the Winter Games. Whenever a visitor wants to enter the German House, he must have the ID card read at a verification station at the entrance—at which time his fingerprints and photo are again taken. This ‘live’ data is then compared with the stored data. Using the biometric features of the accredited person significantly increases security at the German House, Hasse said. “We believe that including biometrics in credentialing and access control systems for big events like the Olympics will definitely be used in the future,” he said, adding that this system was also used at the 2004 Olympic Summer Games in Athens. — By Linda Rosencrance Computerworld

VoIp and wi-Fi where

there are No telephones

d I V I d E What do you get when you cross a laptop with a bicycle? Mobile Internet. No joke. The non-profit company Inveneo has developed a low-energy, Linux-based computer that is powered by bicycle and solar energy. The technology was designed to bring Internet and voice over IP (VoIP) to poor villages in rural areas of Africa and Asia. In 2003, Inveneo cofounders Mark Summer and Robert Marsh developed a wireless system for villagers in rural Laos while volunteering for a nongovernmental organization there. The duo wanted to use this technology to bring local, national and international dialing to other remote

d I G I tA L

M A R C H 1 5 , 2 0 0 6 | REAL CIO WORLD

areas. Last year, they teamed up with a group named ActionAid and began working with villages in western Uganda, where the nearest phone is a three-to-four kilometer walk. Already, the team has installed computer stations in four isolated villages in the Bukuuku region of Uganda, serving a total of nearly 3,200 villagers. Each computer is wired to an analog telephone and a Wi-Fi antenna, which transmits the Internet signal to a central hub at one of the villages. The Inveneo system costs Rs 90,000 ($1,995), according to Summer. It comes with 80-watt solar panels and an optional bicycle-powered generator that can provide power when there isn’t any sunlight.

Some farmers are using VoIP to call friends in larger cities and obtain market prices for produce before deciding whether the trek to town is worth it, says Kristin Peterson, Inveneo’s chief marketing officer. The technology has attracted attention from big-name IT companies such as Intel and Wyse Technologies. Peterson says Inveneo will use support and non-monetary contributions from these companies to expand its work to other parts of the world. Next on the company’s list: Other regions of Uganda, as well as additional countries in Sub-Saharan Africa. — By Matt Villano

Vol/1 | ISSUE/9

trENdLINES

Biometrics Protect Olympians

ten tips

to Develop Mobile Policies

need to get a rein on your companyâ&#x20AC;&#x2122;s mobile environment? Hereâ&#x20AC;&#x2122;s a ten-point framework to assist corporate decisionmakers in developing their mobile policies.

1. Develop classification criteria for different types of mobile workers and their unique network, device, application and support requirements.

2. Determine the devices and services you will pay for, based on employee level, function and mobility patterns.

3. Establish how RoI will be measured. 4. Distinguish between broad, horizontal requirements and specific vertical needs.

5. Develop a methodology for effectively

communicating your expectations to service providers and vendors based on their specialities, as well as criteria for measuring and benchmarking them.

6. Consider security requirements at the access and

device level. mobile security should be integrated more effectively into the broader enterprise security framework.

Determine how personal use of mobile devices and services will be handled.

Develop rules for customer access to the mobile framework.

Establish policies and a structure for helpdesk support of mobile employees, and determine whether this is handled internally or outsourced.

10.

Develop mobile policies as part of broader IT framework and vendor and partner relationships.

â&#x20AC;&#x201D;by mark lowenstein Vol/1 | ISSUE/9

Asiff Hirji

TOTAL LEADERSHIP

Shopping for a Future CIOs will soon be able to pick their career paths according to their strengths as leaders and whether they want to focus on technology or business.

Illust ration Sasi Bhas kar

ecently I participated in a panel at a financial services technology conference. During the question and answer period, a senior partner from one of those high-dollar strategic consulting firms had the temerity to ask me how quickly I thought the role of CIO would disappear. This gentleman is a friend and former colleague and was himself a successful CIO. He and I have been discussing this very question for a number of years now. But there, in front of dozens of current and aspiring CIOs, I had to admit that I believe the role as we know it would disappear at many companies—and in the not-too-distant future. Perhaps you’re skeptical, but hear me out: Change in the CIO role is already upon us, and I would argue that it’s a natural evolution. Although technology will always have an integral role in business—we’ve become dependent on it— we’ll see a segmentation of CIO duties. In many instances, the CIO will continue as an operations leader, delivering services to the business units of an organization. However, in time we’ll see more CIOs evolving into strategic leaders, driving and enabling business strategy. This evolution will be good for all of us because we’ll have the opportunity to make the best use of our strengths as leaders, whether as operations experts or strategists.

Two Visions of IT Leadership Which type of leader a CIO becomes depends on how critical technology is to a company’s operations. A useful way to think about this is to use a measure that I call ‘IT Intensity.’ IT intensity is a company’s IT expense as a percentage of total 22

M A R C H 1 5 , 2 0 0 6 | REAL CIO WORLD

Coloumn Asiff Hirji.indd 22

Vol/1 | ISSUE/9

3/11/2006 3:59:28 PM

Asiff Hirji

TOTAL LEADERSHIP

operating expenses. In firms with high IT Intensity, it may be said that technology is part and parcel of the business and that it is difficult to separate the two. An example would be my company, Ameritrade. Technology is paramount in everything we produce, from the tools our clients use online to the backend technology that routes their orders to the stock markets. At the other end of the spectrum are low-IT intensity companies, such as retailers or hospitality companies, for which other factors, such as efficiency or client service, are more critical for achieving business goals. At low-IT intensity companies, the CIO will become a manager of relationships with outsourcers. For such companies—where IT is not a core function—efficiency, availability and cost are likely to be the primary drivers of IT decisions, and these companies will be better off having someone else deliver IT.

The role of a CIO, as we know it, will disappear at many companies in the not-too-distant future. Last year, a global bank did away with the corporate CIO role entirely after the incumbent CIO successfully outsourced most of the IT functions. The company needs flexible cost structures that can accommodate changes in business needs. The only part of the traditional IT organization that remains is a small application development function, the responsibilities of which include the creation of quantitative models for the trading and risk management groups. Those tasks were folded into the business lines, with technology supporting deployment through an operations leader. In this type of environment, IT isn’t glamorous; there will be pressure to get things done with fewer resources, and innovation will not necessarily be the top priority. Therefore, the successful CIO will have to be good at motivating and retaining in-house staff. In addition, because the IT department is in the role of providing services to the business, the CIO at a low-IT intensity company must be a good facilitator with excellent communication and organizational skills. At the other end of the spectrum, we have high-IT intensity companies where technology is a core business function. Within these companies, the CIO will take on a broader role in defining and executing the strategy of the company. A driver of IT decisions at such companies is likely to be whether IT fosters business innovation or creates products. In this environment, the IT leader is a key business leader. My role as Ameritrade’s CIO was to create a highperformance, innovative culture within the IT organization. This role required me to develop a comprehensive understanding of all key business functions, the strengths, 24

M A R C H 1 5 , 2 0 0 6 | REAL CIO WORLD

Coloumn Asiff Hirji.indd 24

weaknesses, opportunities and threats affecting each, and how this information related to the company’s strategy. CIOs who develop such knowledge have the opportunity to offer strategic insight to their business peers, which in turn enables them to participate in strategy development. CIOs at high-IT intensity companies must also excel at communication. However, the role of strategic leader means this CIO’s influence extends beyond the technology group and the corporate management team. In the highIT intensity environment, the CIO becomes a key external ‘face’ for the organization, requiring both charisma and a keen business sense.

Leading the Evolution No matter which type of company we work for, of course, we have to understand the interconnectedness of technology and overall business strategy. Our ability to provide corporate leadership, not just IT leadership, will be the key to becoming whichever type of CIO our companies need. At every company, today’s CIO is expected to enable the business strategy by, among other things, keeping budgets flat, providing transparency and driving change across the organization. To figure out which future role is right for your company, ask yourself whether IT provides a competitive advantage or is an integral support function. If you rank operational efficiency or client service as a core competency, you are less IT-intensive. If IT cannot be separated from the business and is essential to your products, you’re in a high-IT intensity business. Once you have the answer, your challenge is to buy or develop the talent that will enable you to move in the direction required to support the strategy of your firm. Though it may seem as if the times ahead are uncertain, those of us who have dedicated our careers to the pursuit of exceptional IT leadership are on the cusp of something extraordinary. The changes in store for the CIO have potential to afford more opportunities for IT leaders than ever before. Current and aspiring CIOs will be able to write their own tickets—to choose the type of organization they want to work in. These choices will be based on each CIO’s skills, interest and sometimes the specific opportunity offered. And whatever you choose, you can continue to play an important role in your company’s success. CIO

Asiff Hirji served as CIO with Ameritrade from 2003 until August 2005, when he was promoted to COO. Send feedback on this column to editor@cio.in

Vol/1 | ISSUE/9

3/11/2006 3:59:28 PM

Michael Schrage

MAKING IT WORK

The Key to Innovation: Overcoming Resistance CIOs should be investing less time in brainstorming good ideas and more time in targeting the sources of resistance to change.

Illust ration Sasi Bhas kar

y far the most common question I get from CIOs and their direct reports is some heartfelt permutation of, “My IT group—our company— needs to become much more innovative. How can we do it? How should we do it? Help.” Those questions are invariably followed by a tragic but true innovation tale: The well-meaning Jedi Knights of IT are thwarted by organizational Darth Vaders ruthlessly intent on crushing digitally-enabled change enterprisewide. I nod sympathetically and brace for what’s almost always said next: “Michael, I really need to come up with better ideas faster.” Without hesitation, I say what I always say to these frustrated innovators: “No, you really don’t. Honest.” Nothing in the business world is more overrated than a ‘good idea.’ Nothing. I’ve never gone into an organization anywhere in the world that didn’t have—with a little prompting and encouragement—more good ideas than it could possibly use. Indeed, most firms enjoy a surplus—a glut—of good ideas. As a rule, a glut of something makes it less valuable, not more. Economics 101. By contrast, I’ve never gone into an organization where the process of implementing good ideas was fast, cheap, easy and successful. There seems to be a terrible scarcity—a corporate famine—of good implementations. Simply put, good ideas are cheap; good implementations aren’t. Experience teaches that aspiring IT innovators don’t need better ideas that make more sense. They need better implementations that make—or save—more money. If organizations can boost their ‘return on innovation’ by investing more in good implementations than in good ideas, then that’s where their capital should go.

M A R C H 1 5 , 2 0 0 6 | REAL CIO WORLD

Coloumn Michael Schrage.indd 26

Vo l/1 | ISSUE/9

3/11/2006 4:00:58 PM

Michael Schrage

MAKING IT WORK

Despite the fervent hopes of bright people with brilliant ideas, successful innovation can’t be divorced from successful implementation. The best insights into innovation cultures don’t come from the quantity and quality of its ideas but in the nature of the resistance to their successful implementation. Grasping the essence of an innovation culture is astonishingly easy. Simply fill in the blanks. Whenever a good idea is proposed, you’ll find the core values of an innovation culture in the words that follow this common phrase: ‘We can’t do that because...’ Whatever reasons, excuses and evasions people use to explain away why good ideas can’t be implemented is the organization’s innovation culture. Period. We can’t do that because...it’s too expensive, the boss won’t like it, the lawyers won’t let us, it’s not in the budget, we don’t think it will

Understanding the innovation culture of your organization is critical to understanding which good ideas will take root or vanish without a trace. work, the vendor will charge us too much for changing the code, marketing will take it from us if it actually succeeds, the woman championing it is a credit-hog, IT shouldn’t be leading this kind of initiative, it distracts us from our main mission, and so on.

It’s Human Nature to Resist Sound familiar? Alas, these sources of resistance are the real ‘brand attributes’ of an organization’s innovation culture. Listen to them, learn them and respect them. They are how organizations truly define innovation. Never fool yourself into thinking you’re just a good idea away from innovative success. Resistance, not ideas, is the most powerful lens for viewing innovation behavior. Doubt that? Most people in the Western world are significantly overweight; maybe you’re one of them. Fortunately, there’s a proven algorithm—a very good idea—for successfully alleviating this condition: Eat less, exercise more. Alas, only a tiny fraction of the chunky population consistently implements this very good idea on a daily basis. But, honestly, just how good of an idea is ‘eat less, exercise more’ if so few people actually implement it? The economic value of a good idea—if it is, indeed, a good idea—lies more in its successful implementation than its clever articulation. Just as actions speak louder than words, implementations are more compelling than ideas. The infinite varieties of how

Vol/1 | ISSUE/9

Coloumn Michael Schrage.indd 27

people cheat on their diets and exercise regimes is a microcosm of the organizational frictions that innovations can generate. After all, liposuction is one of the world’s fastest-growing surgical procedures for a reason. For a growing segment of the marketplace, it really is faster, cheaper, easier and more successful than ‘eat less, exercise more.’ Consequently, the innovation challenge is the challenge of diagnosing and overcoming organizational resistance. When you hear, ‘We can’t do that because it’s too expensive,’ the serious innovator’s obligation is to demonstrate that, in fact, the proposed innovation is cheaper. Build a demo or simulation that makes the case. A better idea isn’t going to do it. When the resistance is that the boss won’t like it, the serious innovator’s response is to determine if the boss’s boss is a better target market for the innovation proposal. Perhaps some other constituency can make the boss see the error of his ways. (For example, one Procter & Gamble brand manager sent prototypes to his boss’s wife for her advice as a target customer and turned her into the most influential internal ally the innovators could have ever hoped to have.) Whether resistance is overcome by an act of persuasion, seduction, manipulation, intimidation or bribery, the fact is that it has to be overcome. In this context, the models, prototypes and simulations that IT builds are less mechanisms to solve problems than ways in which to surface the real reasons for resistance. Bitter experience affirms that individuals and organizations don’t hesitate to offer dishonest, misleading or ignorant reasons for not wanting to implement an idea. At one bank, online marketing absolutely refused to allow a subtle yet important interface change to be tested on its consumer site. IT convinced the firm to adopt the change by making a similar change on the bank’s human resources intranet site and then quickly debugging the problems associated with the modification. Resistance was overcome by a cost-effective example. The smartest thing innovation-savvy CIOs could do to boost their chances of success is to invest less time brainstorming and more thought targeting the sources of resistance to innovation implementation. Innovation initiatives should have explicit flowcharts and tactics explaining how internal resistance will be identified and finessed. Overcoming resistance should be the driving dynamic for implementing innovations within the enterprise. Alas, even as I write this I can just see you muttering to yourself, ‘We can’t do that because...’ CIO

Michael Schrage is co-director of the MIT Media Lab’s eMarketing Initiative. Send feedback on this column to editor@cio.in

REAL CIO WORLD | M A R C H 1 5 , 2 0 0 6

3/11/2006 4:00:58 PM

FREE C IMAGIN G BINESH SREE DHARAN

Reader ROI:

How open source is being monetized Why CIOs need to know opensource business models Which business models will thrive; which wonâ&#x20AC;&#x2122;t

Cover Story.indd 30

M A R C H 1 5 , 2 0 0 6 | REAL CIO WORLD

Vol/1 | ISSUE/9

Open source is becoming a vital piece of enterprise infrastructure. Open-source development is becoming a moneymaking proposition. And now understanding the companies that sell and the communities that create opensource code is becoming a critical part of the CIOâ&#x20AC;&#x2122;s job.

E CODE FOR SALE B YC H R I S T O P H E R K O C H

Vol/1 | ISSUE/9

REAL CIO WORLD | M A R C H 1 5 , 2 0 0 6

3/11/2006 5:00:58 PM

OPEN Why theSOURCE Model Matters SPECIAL

The future of open source

Who Makes Open source? You do. As OpEn-sOuRCE sOftWARE becomes increasingly important to the corporate infrastructure, IT staffs are beginning to contribute to the code bases—not just at night and on weekends, but on company time. Barry Strasnick, CIo of CitiStreet, a benefits management company, sometimes turns his programmers loose on the open-source Web server program Apache—if their work has a direct benefit for the company. “The quality of open source has become so high that there is now the incentive for companies to pay the staff to work on them because they reap the rewards,” says lee Hughes, CIo of owens Forest Products, a manufacturer of interior doors and flooring. Hughes is working with open-source consultant JasperSoft to rebuild owens’ business intelligence system on top of open-source software, including JasperReports (opensource BI software), Tomcat (an application server) and Postgres (a database). But there are key pieces missing—namely a set of generic user interfaces and business rules that link to the open-source infrastructure. “It’s basically turnkey except for those pieces,” he says. Hughes’s staff is tiny (three or four programmers), but as he expands to five or six in 2006, he wants to devote one programmer full-time to R&D. “Tomcat and Postgres cut our development time for this project by a third,” he says. “If we had those other pieces, we could cut it by another third. It pays to have a hand in the outcome of open source.” The open-source model is becoming so popular among CIos, claims Strasnick, that they are banding together. Strasnick says these groups are mostly formed around work that no one in the open-source community is volunteering for but that would help CIos improve productivity. “There are things I need, but people in the community think it’s too boring to work on them—like Unix utilities or an open-source Cobol,” he says. large corporations are contributing to these kinds of projects, says Strasnick, but they’re doing it anonymously for fear of alerting hackers to what’s in their software infrastructures. — C.K.

M A R C H 1 5 , 2 0 0 6 | REAL CIO WORLD

is not Linus Torvalds. It’s Marty Roesch. In 1998, Roesch, then 28 and an engineer at telecom company GTE-I, created an open-source program called Snort for detecting intrusions into computer networks. Today, he sheepishly acknowledges that he’s a multimillionaire, having sold Sourcefire, the company he created to sell add-ons to Snort, for Rs 1,012.5 crore to security software leader Check Point. (The deal is expected to be finalized before the end of the first quarter of 2006.) Roesch’s road to riches—using the Internet to distribute open-source software for free and selling proprietary (closedsource) pieces that enhance the free stuff—is emerging as the most popular new business model in the software industry, according to venture capitalists. Call it the mixed-source model. On the surface, it would seem to offer the best of both worlds: CIOs get free software, and the companies developing the code get e-mail addresses from downloaders, so they can try to sell them proprietary add-ons. Venture capitalists love this model because they can invest their money in software that can be sold rather than in big sales staffs or expensive marketing and branding campaigns. But in the rush to monetize the open-source model, these startups could be on a collision course with the communities that spawned them. When a venture-backed company builds both open-source and proprietary software under the same roof, it invites a showdown between the people contributing the free stuff (the open-source community) and the company looking for competitive advantage from the proprietary stuff. “It’s an inherent conflict of interest,” says Jo Tango, general partner at Highland Capital Partners, a venture capital company. “Whose additions to the software get approved? And how are those additions prioritized? Is it for the opensource product or the for-profit stuff?” And that could lead to situations in which CIOs are seduced into using what seems to be free technology only to find they must pay to make it work down the road, says Michael Goulde, senior analyst for Forrester Research. Adds Tango: “This model has been around for years. It’s called a trial version.” Proprietary software companies have been giving away trial versions of their software for years. But the code is closed, and the free versions are lesser versions of what you’d get if you paid full price. “That’s no different from what these so-called open-source firms are doing with their community [open source] and enterprise [proprietary] editions of their software,” says Barry Strasnick, CIO of CitiStreet, a benefits management company. In other words, the free stuff becomes nothing more than a come-on. Adds Lee Hughes, CIO of Owens Forest Products, “My fear is that, if a company has a free open-source version and a commercial version with enhanced features, the free version [may suffer] down the line.”

Vol/1 | ISSUE/9

OPEN Why theSOURCE Model Matters SPECIAL

Why the Model Matters Strasnick and Hughes wouldn’t be so concerned if open-source software were still a casual plaything for their developers trying to save money on a few Web servers. But open source has

become a vital part of the CIO’s software acquisition strategy—especially when it comes to infrastructure software. Research company Gartner predicts that, by 2010, Global 2000 IT organizations will see open source as a viable option for 80 percent of their infrastructure software investments. CIOs can’t afford to treat open source as a throwaway, and they can’t afford to do without support for the open

source that becomes a vital component of their infrastructures. But shopping for open-source software is a very different animal from the traditional software acquisition process. The company you’re buying from is a community, the references you’re checking when you’re doing your due diligence are postings on a bulletin board, and the developers posting them may not even be employed.

Your guide to Open-source Business Models Open Source + Service WhAt A It MEAns: Companies sell support and services At around open-source software. WhO’s DOIng It: Compiere (ERP), JBoss (middleware), Red Hat (linux) ADvA v ntA vA nt gEs fOR CIOs: You pay only for support, not software. The cost to switch providers is relatively low because the source code is available to anyone. stAR t tup ChALLEngEs: Difficult to build businesses because tAR switching costs are low, as are barriers to entry. CIos will always favor large, established vendors over startups unless the startups also control code development. Hard to get venture funding because venture capitalists are looking for sustainable competitive advantage in their investments. Unless the software is complex or mission-critical, CIos may choose to support it themselves.

Mixed WhAt A It MEAns: An open-source code base with proprietary At add-ons. WhO’s DOIng It: Sourcefire (security), SugarCRM ADvA v ntA vA ntAg AgEs fOR CIOs: CIos may not need the proprietary stuff, but if they do they’ll already have acquired deep experience with the open-source product before buying the add-ons. stAR t tup ChALLEngEs: There’s ample motivation to make tAR the open-source product inferior to the proprietary package, transforming the open source into trial software. If that happens, there may be a backlash among open-source developers and users wanting to see all the code.

Open Source + Buy Off WhAt A It MEAns: Companies offer a proprietary license At for their open-source software so that users can modify

Cover Story.indd 34

M A R C H 1 5 , 2 0 0 6 | REAL CIO WORLD

the software and redistribute it without having to make the code changes available to the public. WhO’s DOIng It: MySQl (database), Sleepycat (database) ADvA v ntA vA nt gEs fOR CIOs: The open-source software has all the features of the proprietary version. stAR t tup ChALLEngEs: Sales of the proprietary version tAR are limited mostly to those companies that want to redistribute it as part of their own hardware or software packages.

Open Source + Aggregation WhAt A It MEAns: Companies assemble various openAt source software packages into integrated units that are easier for CIos to consume. WhO’s DOIng It: Exadel, Navica, Sourcelabs, SpikeSource ADvA v ntA vA nt gEs fOR CIOs: Simplifies open-source integration and support. stAR t tup ChALLEngEs: Barriers to entry are low, brand tAR differentiation is difficult, lack of ownership of open-source projects limits the influence of the company in the development of the code.

Open Source + Hardware WhAt A It MEAns: Hardware makers use open source as the At foundation for the software that runs their machines. WhO’s DOIng It: Cisco, Digium, Netezza ADvA v ntA vA nt gEs fOR CIOs: lower prices on hardware. stAR t tup ChALLEngEs: It’s difficult to differentiate on tAR hardware alone, especially when CIos are looking to standardize their infrastructures.

— C.K.

Vol/1 | ISSUE/9

OPEN Why theSOURCE Model Matters SPECIAL

Conventional wisdom says you don’t want to see how your breakfast sausage is made, but to predict whether they will still be around in a year or two. This is now critical business research for CIOs. It’s every bit as important as tracking Microsoft’s or Oracle’s stock price, acquisition strategies and upgrade announcements.

The Money Game Roesch bristles when you bring up the fears CIOs have about ‘crippled’ open source. He’s got a right to be touchy. Eight years ago, he single-handedly developed the core of Snort. Since then, he estimates that he has written 3,000 postings to the Snort discussion list and carefully built a large community of users (more than 2 million downloads and 100,000 active users, he says). In return, he got what every open-source developer craves: Respect, recognition and the occasional free beer from grateful users at technology conferences.

Snort. When he made the rounds, he says, there were no takers. “They wouldn’t go near it unless we had some [proprietary] intellectual content wrapped around Snort,” Roesch says. Once he developed some proprietary management tools and a friendly GUI to run on top of Snort, Roesch got his money. And he’s never looked back, partly, he argues, because he has no choice. Snort competes against software from wellknown, well-funded companies such as Cisco, and “if you’re going into a highly competitive area of software, as we did, you have to take venture capital,” he says, adding that others have built proprietary tools around Snort. “You’re going to have people who are going to try to ride on your coat tails,” Roesch says. So far, according to Roesch, no one in the Snort community has held his financial success against him. “I like writing code,” says Glenn Mansfield Keeni, a professional developer who contributes to Snort in his spare time. “I derive great satisfaction by contributing towards building a secure Internet. The code remains open source so

to its paying customers first; others have to wait five days. And unlike Bleeding Snort’s updates, Sourcefire’s are no longer released under an open-source license. Companies that have built proprietary software on top of Snort (Sourcefire is not the only one) have to pay a fee to Sourcefire to get those updates now. But Bleeding Snort often beats Sourcefire to the punch with new rules, says Alan Shimel, chief strategy officer for StillSecure, a security software company that uses the Snort engine as part of its proprietary software. Shimel obviously has a vested interest in keeping the Snort engine open source, but he says “there were a lot of people in the Snort community who weren’t happy when [Roesch] formed Sourcefire. I’ve spoken to people inside Check Point who say they intend to keep Snort open, but as they say, the road to hell is littered with good intentions.” For its part, Check Point’s website states that it is “committed to the Snort open-source community, and we look forward to growing the Snort solution and the Snort community in the future.”

CIOs are going to have to peek into the kitchen before committing themselves to an open-source diet. With so many different business models emerging besides mixed source, CIOs will have to cast a careful eye on companies and communities. Roesch got everything except money. And that was OK. For a while. “I was never motivated by financial gain,” recalls Roesch. “It just ended up that way. People don’t develop open source for monetary gain. You develop it for reputational gain.” Roesch could have used his reputation to land a high-paying job at a software company, but he liked working on Snort. So in 2001 he began courting venture capitalists to see if they would back his plans to start a company to support 36

M A R C H 1 5 , 2 0 0 6 | REAL CIO WORLD

there is no bitterness or feeling of being let down. If the commercial framework helps Snort take greater strides forward, that’s welcome.” But others in the community wanted to guarantee that Snort would remain open. They formed a group in 2003 called Bleeding Snort to provide open-source intrusion-detection rules and definitions for Snort (similar to the virus definition files you download for your antivirus program). It was a prescient move. Sourcefire now makes its updates available

But the fact is, not all open-source security software has remained open. A software package called Nessus was initially released under an open-source license in 1998, but the latest version (3.0) has been released under a commercial license (earlier versions remain available as open source)—though it is still free to users. Nessus’s original developer, Renaud Deraison, who, like Roesch, has started a company (Tenable Network Security), says his commercial customers pressured him to close the source. “Many of them had prohibitions against [open-

Vol/1 | ISSUE/9

OPEN Why theSOURCE Model Matters SPECIAL

source] software or had to jump through legal hoops to get permission for it,” he says. “What they want is quality, free software. The license is less important.” Though Nessus’s shift has brought criticism from some opensource advocates on discussion websites like Slashdot.org, Nessus usage seems not to be affected—at least not yet. M e a nw h i l e, C I O s —w h o are constitutionally skeptical of vendor promises—are worried about Check Point’s purchase of Snort. “It’s definitely a concern,” says Kirk Drake, vice president of technology for the National Institutes of Health Federal Credit Union, which uses Snort and Sourcefire’s add-ons. “But it’s no different from what we’ve seen before. We buy a good product, and it gets bought by another company and the product can change. And the pricing changes.” According to Roesch, those who see mixed source as a Trojan Horse for an inevitable march back to proprietary software are underestimating the power of the open-source community. “Check Point got one of the most tested and deployed code bases in the world, and if they manage it carefully they’ve got the community too,” says Roesch. “I would argue that the goodwill generated by Snort among users and developers probably outweighs the value of [the proprietary software], and I think Check Point believes that as well.” In other words, continuing to support an open Snort will cost Check Point less than alienating the community by closing the source.

The Trojan Horse Scenario No one in the open-source community faults Roesch or Check Point for making money from open-source software. After all, ‘free as in free speech, not free beer’ is the mantra of Richard Stallman, the father of the free software movement (now more widely known as open source). But the open-source community, though far from monolithic, can agree on one thing: No one likes companies that would try to use open 38

M A R C H 1 5 , 2 0 0 6 | REAL CIO WORLD

Your Open-source Checklist open-source software has to meet all the criteria of software success...and then it has to meet some more. 1. thE LICEnsE — The most restrictive open-source license is the General Public license (GPl), but it applies only if you intend to modify the software and redistribute it. Vendors have to make the source code for their changes available or work out a deal with the copyright owner to be released from the GPl. (The Free Software Foundation, which developed the GPl, is now in the process of revising it.) If you have no intention of distributing your modifications to software governed by the GPl, or anything integrated to it, then GPl l is fine. But if there’s any chance you may distribute it outside your company, you should purchase an indemnified version.

2. thE hIstORY — If the open-source project is just getting started, it may not survive. The developers’ initial enthusiasm can wane; the software may encounter bugs that can’t be fixed; users may abandon the project if something better comes along. You don’t want to end up with an orphan product, unloved and unsupported.

3. thE COMMunItY — Most successful open-source projects have a leader who is respected by the developer community and is willing to delegate important pieces of the work to others. Delegation creates a healthy environment that attracts new developers. look for projects that have a clear process for joining the community, for managing the project and for making contributions. Find the central communication core for the project (a message board or e-mail list) and read the history.

4. CODE OWnERshIp — Companies are more likely to attract capital and build trust with customers if they own the copyright to the code they support and their developers are the project managers and primary contributors to the code base.

thE usER COMMunItY — Projects involving complex software need big, active, happy user communities. Big communities mean that the software is filling an important need and that it works well enough for users to invest time trying to make it better. Small, unhappy user communities usually mean the project is poorly managed or the software is flawed. Again, check the main discussion board.

6. thE COvERAgE — open source thrives only when it is attractive to a large group of users. That’s why the most successful projects have been platform applications that can be used in virtually any company. Industry-specific or niche applications do not attract large communities.

7. hOW It IntEgRAt RA Es — open source is usually designed to fill a specific gap RAt or fix a specific problem, often without concern for how the software will play with others. Check bulletin boards to see if the project’s developers are open to solving user integration problems. If they’re not, tread carefully.

COMMERCIAL suppORt — This is one of the better indicators of a project’s health. For CIos who cannot afford to devote staff time to support, a robust commercial support ecosystem is critical.

Y uR COsts — It’s easy to get carried away when something is free. Normal due YO diligence for open source is still in order because implementation time isn’t free.

10. pROOf Of COnCEpt — Don’t overlook open source just because it doesn’t scale or have all the bells and whistles. It can make a great testing platform or a proof of concept for a larger project that will use proprietary software. — C.K.

Vol/1 | ISSUE/9

OPEN Why theSOURCE Model Matters SPECIAL

source as a Trojan Horse for feebased proprietary software. At some point in the near future, companies without a sufficient understanding of what makes the opensource community tick are going to test the limits of mixed source, predicts Geoffrey Moore, managing director of TCG Advisors, a consultancy. “I think there is a potential for backlash from the open-source community against companies that do not play according to the aspirations or ethics of that community,” says Moore. Fallout from this kind of uprising could put a big hurt on a CIO’s infrastructure. For example, open-source projects could be left for dead by their communities, with no one left to support them. Then there’s ‘forking,’ in which the open-source code base is used to start a new project that is incompatible with the original version. Finally, there’s the doomsday scenario: Malicious hacking of a formerly open-source code base. CIOs are concerned about getting caught in the middle of this fragile relationship—especially if their software provider goes under. “If I have some proprietary software, I have to worry about disrupting my infrastructure if I need to take it out and then find a replacement for it,” says Strasnick. But if the code is open, as is the case with Strasnick’s JBoss middleware system, users can take the code with them to another provider if the relationship sours. “If JBoss decides to stop supporting my software,” says Strasnick, “I will have the source code, and I can simply go find someone else to support it.”

Why VCs Don’t Like What CIOs Want CIOs prefer the open-source business model that Roesch couldn’t sell to potential investors: A services model in which the company sells 40

Cover Story.indd 40

M A R C H 1 5 , 2 0 0 6 | REAL CIO WORLD

Open-source Yardsticks Resources for CIos. fIguRIng Out which open-source software packages are for you is still mostly a DIY proposition. But there are a few general frameworks out there to guide you. Most offer obvious recommendations like ‘make sure there’s good documentation,’ and all are untested and lack objective data about actual open-source projects, but at least they capture some of the unique issues involved in considering open source. Here are some sources to try: CApgEMInI OsMM: www.seriouslyopen.org BusInEss READInEss RAtIng fOR OpEn sOuRCE: www.openbrr.org thE nAvICA OsMM: www.navicasoft.com/pages/osmm.htm hOW tO EvALuAtE OpEn sOuRCE sOftWARE/fREE sOftWARE (Oss/fs) pROgRAMs: www.dwheeler.com/oss_fs_eval.html

—C.K

support for a single, open-source code base. “I like the services model because all my money goes into implementation and support,” says Strasnick. A few wellknown open-source companies, such as Red Hat (Linux), JBoss (middleware) and MySQL (database), are built around this model. But because the software code base is open to anyone, barriers to entry for competitors are low. These companies have to be extremely lean and mean to go up against comparable proprietary software companies. “CIOs expect to pay less for open source,” says

Forrester’s Goulde. “It has to provide 30 to 50 percent savings.” That would seem easy when the software is free, but the software usually isn’t free for the companies that support it; many must provide their own employees to lead, manage and code the open-source products. The unpaid community that appeared around Linux took many years to develop and is the exception rather than the rule. Worse, venture capitalists don’t like the services-only model because the margins on service are invariably lower than those for proprietary software. “The venture community is committed to getting a disproportionate amount of return on its capital,” says Moore. “At some point, the company [they invest in] has to have sustainable competitive advantage.” This helps explain why open-source companies have been slower to grow than their proprietary counterparts. Another limiting factor is that it’s next to impossible to build a business around open source in niche markets or in vertical industries. Only a small percentage of downloaders will pay for support from vendors (for example, Snort has 100,000 regular users, but only 800 have signed up for support), and developer and user communities won’t grow unless the software is used by many, many people. So big, successful open-source products have certain things in common: They are broadly applicable across many types of companies and industries, and they tend to be in areas that companies don’t believe provide a competitive advantage (such as infrastructure) because everyone— including competitors—will have access to the software source code. Yet, even if the open-source software qualifies on all these fronts, building a business around it will still be difficult unless the software is complex and is an important part of keeping the business running. In this case, CIOs, especially those in small or midsize companies with small staffs, cannot afford to go without

Vol/1 | ISSUE/9

commercial support. Indeed, support is consistently the biggest concern of CIOs on Forrester Research’s surveys, according to Goulde. “We need a vendor to take a portion of the risk if we’re going to go with any software package,” says NIH Federal Credit Union’s Drake. And CIOs always prefer to go with a big, established vendor for support rather than a small startup. That’s why MySQL, for example, has formed partnerships with Hewlett-Packard and Dell to support its opensource database. MySQL takes a cut of the proceeds, and CIOs get the warm-and-fuzzies from knowing that a big vendor is standing behind the product, according to MySQL CEO Marten Mickos. Yet the combination of CIOs’ nervousness about small vendors and the venture capital community’s reluctance to back open-source software means that CIOs will see more and more mixed-source sales pitches in the coming years. It pays to vet these vendors carefully.

Cover Story.indd 41

The ROI of Trust For his part, Roesch believes that the Snort community will survive. “Check Point needed education about why it’s important to keep it open, and they get it,” says Roesch. Part of that education was that the open-source development model creates relationships between project owners and users that cannot be duplicated in the proprietary world. “A lot of the guys buying Sourcefire software are people who started using Snort in college, and now they’re bringing it into their companies,” he says. “It’s hard to quantify the value of being able to go into a sales meeting against big vendors like Cisco and having someone [from the prospect company] ask for your autograph.” But that relationship, based on mutual trust and forged over many years, is

fragile. If Check Point were to shut down Snort and close the source, says Roesch, “you would lose the goodwill of the community overnight. “Getting these people’s trust takes years,” he adds. “Losing it takes minutes.” CIO

Send feedback on this feature to editor@cio.in

Mario Gasparri, Managing Director, New Holland Tractors India, says CIOs can harvest greater profit by sowing imagination.

Planting

Innovation BY Rahul Neel Mani Mario Gasparri, Managing Director, New Holland Tractors India, believes that CIOs with their bird’s-eye view of a company are perfectly placed to till and reap value across organizational functions. Innovation is the new fertilizer, without which he feels IT is a dead investment.

CIO: How would you describe New Holland's use of IT?

View from the top is a series of interviews with CEOs and other C-level executives about the role of IT in their companies and what they expect from their CIOs.

M A R C H 1 5 , 2 0 0 6 | REAL CIO WORLD

View from the Top - 04.indd 42

Mario Gasparri: We are not among the largest players in the Indian farm equipment market. It is a complex, competitive business with a lot of pressure on margins. Nor are volumes very high. Making a tractor requires managing specific complexities. We sell our products in some of the strangest pockets of this geography. Reaching them requires a strong sales network and a commercial force spread across the country. These specific needs have created our approach to IT. We never look at IT as an isolated island of excellence. Unlike many other enterprises, our IT department doesn’t work as a department separate from business. Our IT thinks, breathes, walks and talks business. We do monthly reviews of IT projects and focus on innovations and

the results they have reaped for internal users. The way ERP supports assembly is an example of running an analysis of businessneed before building IT support. So far, we’ve been able to take advantage of our innovative use of IT. We have developed IT systems that can beat best-of-breed solutions in the industry. The streamlining of production and the reduction of certain costs is a direct benefit of IT systems. Its impact is clearly visible in dollar terms. Another example is our communication infrastructure, which we use to reach out to a large customer base. The old set-up was costing us a fortune and wasn't delivering with sufficient efficiency. IT replaced it with a Web-enabled communication system that’s both efficient and cost-effective. We also have SMS integrated with the ERP system to enable field personnel to access real-time data.

Vol/1 | ISSUE/9

3/11/2006 4:51:45 PM

View from the Top

"I believe that if there arenâ&#x20AC;&#x2122;t new ideas coming from IT, its time to rethink the IT policy." Mario Gasparri, MD, New Holland Tractors India.

Vol/1 | ISSUE/9

View from the Top - 04.indd 43

REAL CIO WORLD | M A R C H 1 5 , 2 0 0 6

3/11/2006 4:51:47 PM

View from the Top

Does innovation rein in costs and increase operational efficiency? Innovation is vital. It is impossible to harness your IT investment 100 percent without it. Hardware and software can't be changed with every new product variant. Forget investment protection, isn’t innovation by itself a good habit? If IT is innovative, it means we’ve the best minds working for us. There are other benefits from in-house innovation, which would have been hard to achieve if a point product was deploy and left to its own. I believe that if there aren’t new ideas coming from IT, its time to rethink the IT policy. We are really fortunate to have innovative people in New Holland’s IT team.

“Forget investment protection, isn’t innovation by itself a good habit?”

How do you ensure a business case for IT projects?

played an innovative and intelligent role in saving us manpower costs. More importantly, IT systems help us avoid 90 percent of the errors that occur on the shop floor. We've introduced wireless bar-coding and are working on RFID. We are also building a potential customer database with detailed customer information on it.

All the answers to that question start with the fact that IT sits with the core management team. Right from conceiving an idea and its business goal, IT constantly supports business. Our business-need assessments keep costs under control, and also flesh out reasons for an IT project. IT implementations are put through a budget approval process and we also make sure that optimal usage is received by the department that requested it.

What are the priorities you’ve set for IT? Since we are growing in volume and in the number of markets within and outside India, we're encountering new problems. Since India will be a major export-centric production hub, we need to sync our systems with those in other geographies. Our topmost priority is to work as a single group across the world. This will become critical once there is a constant flow of orders from other countries. Different markets have different product configurations and these have to be understood so that we can deliver correctly. It’s technical and complex and already IT has 44

M A R C H 1 5 , 2 0 0 6 | REAL CIO WORLD

View from the Top - 04.indd 44

— Mario Gasparri

How will IT continue to contribute to your vision? As our growing numbers tell, we are chasing the number one slot in the Indian market. Our long-term plan is to be a formidable player in other agricultural equipment segments as well. This can’t be achieved without very strong IT infrastructure. With the volume we expect in the next two-to-three years, we will need an even more committed approach from the IT team. I'd like them to come up with new and profitable ideas. The major focus area will still be at the industrial level where complexity will increase.

How does IT here compare to other countries? Indian IT professionals are more business-oriented than others I have worked

with. I have found, in previous experiences, people in IT working with isolated ideas with little or no link with business realities. My CIO introduces IT systems only when there is a compelling business-need. It’s important to absorb into our DNA that IT systems can't deliver 100 percent without a specifc business-need.

Can a CIO’s contribution to the enterprise be facilitated? CIOs can’t be an annex to the whole operation. They have to be integral to the core of an enterprise. I've involved my CIO in projects which were not exclusively IT. CIOs can think business and can contribute in other areas. We need to let their imaginations work. Simultaneously, CIOs are responsible for convincing their CEOs of their ability to contribute more than just in terms of IT. My CIO has been a leader of transformation many times. For example, the e-catalogue was his idea and it worked better than any other suggestion that crossed my table. The CIO is someone who must think across processes and have a vision similar to the CEO’s.

Have you set specific goals for your CIO? We've discussed a project which would make order-processing—for dealers looking for part—easier. The result could be an ecatalogue which efficiently help dealers recognize the parts they want. They also help order and track goods till the time of delivery. IT also needs to address certain problem areas in logistics. I want to make ordering more process-driven and reduce turnaround time by 50 percent. It is critical to cut costs on delivery and to make them happen on time. CIO

Senior Correspondent Gunjan Trivedi can be reached at gunjan_t@cio.in

Vol/1 | ISSUE/9

3/11/2006 4:51:48 PM

OPEN SOURCE

SPECIAL

How Cendant Travel Distribution Services replaced a Rs 450-crore mainframe with 144 Linux servers and lived to tell about it. BY C H R I STO P H E R KO C H

In the summer of 2003,

ImagIn g by Jayan K naRayanan

Reader ROI:

Why Cendant Travel Distribution Services adopted a Linux infrastructure Technical issues to consider during development and deployment future holes Staffing requirements when using Linux

Vol/1 | ISSUE/9

Mickey Lutz did something that most CIOs, even today, would consider unthinkable: He moved a critical part of his IT infrastructure from the mainframe and Unix to Linux. For Lutz, the objections to Linux, regarding its technical robustness and lack of vendor support, had melted enough to justify the gamble. “The issues raised around open source, around its viability, were in the past,” recalls Lutz, CIO for Global Agency Solutions with Cendant Travel Distribution Services, the parent company of online travel brands Orbitz and CheapTickets.com. Few CIOs agreed with Lutz then or now. Many CIOs are experimenting with Linux these days, but less than 10 percent of the Fortune 1000, according to research company Meta Group, have been willing to bet their core infrastructures on it—to transform the Linux penguin mascot from cute to brute. REAL CIO WORLD | M A R C H 1 5 , 2 0 0 6

OPEN Why theSOURCE Model Matters SPECIAL

They’ve had some good reasons for their fear of flying. For starters, the technical challenge is significant. You need many carefully formed flocks of Linux-based Intel servers to equal the might of a single mainframe. In addition, the slow uptake of Linux in high-transaction applications has kept support for big, complex Linux environments more scarce and slightly more expensive than traditional heavy-duty platforms such as Unix and mainframes. And the savings from Linux and Intel matter less in a complex environment where applications, databases and their related support and maintenance can account for as much as 80 percent of the overall cost of running a system, adds Jerald Murphy, a Meta Group analyst. And it’s true that Cendant has needed every bit of support that it could get for Linux so far. Lutz’s IT group rewrote a complex, realtime airline pricing application that serves hundreds of thousands of travel agents around the world and that also acts as the system of record for all of United Airlines’ ticket reservations. When this application came up on Linux, it proved to be so demanding—it handles up to 700 pricing requests per second—that it completely redefined Cendant’s expectations about what it would take to get Linux to work. “We have broken every piece of software we’ve ever thrown at this platform, including Linux itself,” says Lutz.

The final hurdle for the adoption of Linux at the highest level of the corporate infrastructure is the comfort level of CIOs.

M A R C H 1 5 , 2 0 0 6 | REAL CIO WORLD

That has resulted in some scary moments, including an initial slowdown in the system that left United Airlines agents intermittently unable to access the reservation application (one outage lasted about 45 minutes) over the course of four days in July 2003. If you are United Airlines and move roughly 8,000 passengers per hour, you need the computers to work all the time. “Even a little downtime is a big deal,” admits Lutz. But he maintains that the gamble on Linux has been worth it. “Our business strategy is to be as efficient as possible [while] processing transactions,” he says. “To do that, we have to bring down the cost of our technology.” Lutz claims he has done that. A platform on the mainframe that was projected to cost Rs 450 crore now costs about Rs 11.25 crore on Linux and Intel servers. The final hurdle for the adoption of Linux at the highest level of the corporate infrastructure is the comfort level of CIOs. Just as few CIOs are interested in first versions of software, few are ready to risk their most important applications on a technical infrastructure that most of their peers haven’t embraced. Furthermore, although Linux is closely related to Unix, for a staff trained on the mainframe, the change to the Intel environment will be complete and dramatic. The morass of litigation threats and fears about the open-source model of development and support haven’t helped, even though a number of high-profile vendors—such as IBM, HewlettPackard and Oracle—have loudly pledged support for Linux. That means adopting Linux is still very much a personal decision and a personal risk for CIOs. It is a chicken-and-egg game. Which comes first, adoption or vendor support? Reduction of risk or cost savings? Solid vendor support is critical, as is an internal staff capable of handling technical issues and finding answers that vendors—who don’t control the development of Linux any more than CIOs do—cannot provide. Proper testing is also crucial, because Linux runs on an architecture—namely, Intel chips—that has not yet been widely used for mission-critical, transaction-intensive workloads. In other words, Linux is free, but not risk-free.

FROM BLEEDING EDGE TO LEADING EDGE Linux moved from bleeding edge to leading edge in Lutz’s mind as Cendant looked for ways to bring down the high cost of maintaining an ancient transaction infrastructure. The pressure to save money became intolerable after the the dust from the Internet bust cleared. Travel—led by brand names such as Expedia, Travelocity and Orbitz—emerged as one of the most powerful online channels left standing. Lutz was in command of the alternative to those bright, shiny websites: An expensive, aging global distribution system (GDS) called Galileo. It is one of the original four mainframe-based travel reservation systems developed in the 1970s (the others are Amadeus, Worldspan and Sabre) that travel agents access through their desktops. A perennial also-ran to Sabre in the travel agency market, Galileo, like the other GDS relics, has lost more than 40 percent of its market share in the past decade to Internet rivals—including the airlines themselves—that have lower infrastructure costs and can afford to charge smaller fees to agents and travelers, according to Morgan Stanley analyst Christopher Gutek. “The GDSs aren’t growing; they’re fighting to keep from shrinking,” says another analyst, James Wilson, managing director at JMP Securities. “What [Galileo] has to do is keep driving its processing efficiency.”

Vol/1 | ISSUE/9

IT Value

Build the Case for a Linux Infrastructure

In 2001, to cut costs and to try to differentiate Galileo from its GDS rivals, the business brass authorized an update of the centerpiece of the aging Galileo infrastructure, an airfare pricing application called Galileo 360° Fares. While it was hot stuff in the ‘70s, Fares had fallen behind the times. For example, it was very fast at reaching into the mainframe and Four things to consider when deciding retrieving flights, but it could not automatically whether to move to open source. administer any of the rules that applied to pricing the flights—such as requiring a Saturday night stay-over of sticking to qualify for a discount. Galileo IT employees had with the current environment for the next one to three years. to match the rules to the flights and manually input Factor in the cost of servers, operations, floor space and other them—thousands per day—into the system. The expenses, and the benefits of staying with a known platform update would eliminate all the manual work and the and support mechanisms. errors it created and push new fares to travel agents in a fraction of the time. It would also give Galileo a to determine leg up (temporarily, anyway) on its GDS competitors, throughput on a Linux platform using Intel servers (‘Lintel’). Use some of whom were rushing to update their pricing this data to calculate the number and cost of servers needed to software too. support your system over one to three years. Lutz also saw an opportunity to reduce the cost of the infrastructure behind Fares by moving it from the —including coding, mainframe to Unix, which by then had matured enough testing, support, operations and training—and the benefits of to run the volumes and speeds necessary for Fares. At using Linux. the time, Lutz looked into Linux and rejected it. “The performance of the hardware and the software just and benefits of the wasn’t there,” he recalls. Questions about finding real current environment versus the Lintel environment, and make enterprise support and the long-term viability of the your call. open-source model also rang in his ears. —C.K. But the Fares rewrite took time. By 2003, the outlook for Linux had changed dramatically. Linux could operate on larger systems, Intel servers were much faster and Lutz’s data center provider, IBM, had emerged as the leading champion of the platform. The testing was risky, however. The Linux The technical robustness of the hardware and software and support architecture called for the application and availability all crossed an invisible baseline that Lutz (and every IT leader) the data to be distributed over more than has in his mind for new technologies: Lutz felt personally comfortable with 100 servers. This model meant that the team it. He decided that the benefits finally outweighed the risks. “I saw many could not build a subset of the production companies adopting it, and the vendor support was there,” he recalls. “There environment to accurately predict how the are significant cost savings possible with open source, and they became far penguins would fly. That was deemed too too compelling for us to ignore.” costly and time-consuming. The decision not to focus more on testing came back to haunt them. In June 2003, after three months of testing, Cendant moved the Fares production system to Linux. Lutz and Wiseman were at a conference in Portugal when The transition of Fares to Unix was already 25 percent complete, but calls started coming in, saying that the system Lutz halted it, ordering a five-person internal team to put the application was experiencing mysterious slowdowns. through its paces on Linux servers. They would check to make sure that The team had not envisioned the intensity with data flowed properly and that the servers could handle the expected which Fares would crunch the data being held on speed and volume of the transactions. If Linux held up, the potential cost multiple storage servers. For example, when travel savings would be enormous—up to 90 percent over Unix, according to agents asked the Fares system for a price for a ticket Robert Wiseman, CTO for Global Agency Solutions with Cendant Travel from Boston to Denver, they unleashed a torrent Distribution Services.

1. Estimate costs and benefits

2. Conduct performance tests

3. Estimate other costs 4. Compare the costs

WILL THIS PENGUIN FLY?

Vol/1 | ISSUE/9

Feature - 02.indd 47

REAL CIO WORLD | M A R C H 1 5 , 2 0 0 6

3/11/2006 4:56:41 PM

OPEN Why theSOURCE Model Matters SPECIAL

of calculations. According to Lutz, the number of possible combinations of flights and prices for all the airline carriers be tween two major cities has been estimated by researchers at MIT to be 10 to the 30th power. The Fares software pulls millions of different combinations out of Galileo’s storage complex and calculates prices within a second. According to Wiseman, Fares’ vast appetite for data being held on the storage servers quickly created hot spots in which the demand for certain data types began to overwhelm some of the storage servers. Wiseman says that the volume and data distribution requirements of the Fares application (which he declined to identify) forced him to find a different replication solution that the original environment could not satisfy. Meanwhile, the application servers were literally pecking them to death with requests for data. Some slowed down to a crawl. The application slowed down with them.

HARD LESSONS LEARNED

Frantic calls began coming in from some of the 44,000 travel agency locations in 116 countries that were unable to access Fares. Worse, because of significant outages, United Airlines’ employees could not access core flight information— including schedules and connections—for as long as 45 minutes. The problems were intermittent over the course of four days. Lutz would not comment on the financial losses incurred by United or Galileo during the downtimes. Once the problem servers were pinpointed, a 40- to 50-person cutover team of IBM, Red Hat and Cendant engineers brought the problems under control by throwing more servers into the mix. “In hindsight,” says Lutz, “we shouldn’t have tried to cut over to a new infrastructure at the same time we were deploying a new software application. It was too much at once.” Wiseman faults the limited testing of the new system—especially the storage servers—for the failure. “We were focused on testing [the performance of Linux on] individual servers, and we didn’t have a full ratio of servers in the testing environment to predict the load on the storage servers,” he says. Rather than falling back to the old platform at the first signs of trouble and reworking the new one, the engineers always thought the answer was around the corner. “We always believed that the next fix would solve our problems,” recalls Wiseman. “Eventually it did, of course, but not without system slowdowns and occasional time-outs during high-peak periods for the next few days.” To make sure the new system would remain stable over the long haul, the team Cendant Travel Distribution Services runs linux on Intel servers decided to re-architect it after the at a fraction of the cost of either the legacy mainframe or Unix. failures in 2003, creating about a dozen redundant clusters of 12 servers apiece, each using a UNIX new network-attached-storage Rs 112.5 crore/year) crore/year)* architecture that Wiseman says Began rewrite in 2001 was not utilized the first time. 100 to 120 Unix servers Each cluster is designed to handle Running AIX MAINFRAME the full transaction load of Fares, Rs 450 crore/year * Estimated. The Unix-based architecture was but if demand for a particular Written in 1970s abandoned in favor of linux before completion function starts to peak, a single 4 IBM mainframes server no longer faces down Authored in TPF thousands of impatient travel agents on its own. Together, the LINUX clusters are designed to handle Rs 11.25 crore /year the largest experienced Fares Unix rewrite ported to Linux peak, with 25 percent headroom in 2001 for situations such as outages 144 servers in 12 clusters and fare wars. “The things Red Hat Linux that are most important for an environment like this are stability

The Incredible Shrinking Budget

M A R C H 1 5 , 2 0 0 6 | REAL CIO WORLD

Vol/1 | ISSUE/9

and availability,” says Wiseman. “We’ve designed it so that the possibility of all those clusters failing at once is so small as to be almost incomprehensible.” The new architecture also makes testing more predictable and accurate. “We build a single complete cluster, and we can scale the results linearly,” says Wiseman. “As long as our testing on one cluster is accurate, we can predict how it will scale over the rest because they are all the same.” Despite having to re-architect the Linux platform, Wiseman says the combination of Linux on Intel servers still saves more than 90 percent over Unix. All told, the platform cost for Fares for the three years beginning in 2001 went from a projected Rs 450 crore for the mainframe to an estimated Rs 112.5 crore for Unix to Rs 11.25 crore for Linux, according to Lutz.

CULTURE SHIFT Yet, hardware and software don’t account for the entire picture in such an infrastructure change. “When anyone in my position makes a commitment to a new technology, it’s not simply the cost of the project, it’s the cost of everything moving forward,” says Lutz. “You’re retraining people. And so if you have a Rs 9 crore project to implement a Linux system, you’re maybe making a Rs 45 crore to Rs 67.5 decision, because you’re changing the whole course of IT development— training, support [and] application development.” The change to Linux and subsequent projects that use open source, such as Web services, has affected probably 50 percent of his 380-person staff, says Lutz. “Open source is propelling us to adopt Java and a new way of programming,” he says. For some of his staff, those changes haven’t been for the better, he says. “We had to reassign those who could not—or would not—move forward.” The staff (both applications developers and systems administrators) who did make the change had to become more aggressive and intuitive in finding solutions to problems on their own. “We have to have a higher degree of technical support internally now,” says Lutz. “When you’re working with [commercial software], there are pretty standard diagnostic methods to use when things don’t work. [But] Red Hat isn’t going to give us the solution to every problem,” he adds, because it doesn’t control the core development of Linux. “My teams have to be far better technically and in their problem-solving skills than before.” This frontier approach to problem solving has made architecture a more critical component of project planning and development, adds Lutz. “Before open source, our architects were much more involved at the beginning of the project and less at the end. Today, our architects are living with the architecture and living with the project teams, because the technology is more difficult to figure out, and the cause of problems are more difficult to diagnose.” That has driven total costs up 5 percent for application development and support, as Lutz has brought in more architects and more skilled support people to manage the new infrastructure. “That is an easy price to pay for free software,” he adds.

LINUX WITHOUT FEAR The savings from the new architecture have Cendant looking at an even more ambitious migration to Linux. The Fares application and infrastructure represent just 10 percent of the Galileo computing platform. The rest houses the massive collection of flight information for every airline, every route in the world, written in a 1970s-era mainframe language called the Transaction Processing Facility (TPF). “Unlike today’s

Vol/1 | ISSUE/9

Feature - 02.indd 49

The ‘black box’ of open source has become something any CIO can appreciate: Reliable performance and consistent uptime. operating systems, TPF was designed almost exclusively for speed,” says Wiseman. Wiseman has no idea how many flocks of penguins he would need to displace the polar bear mainframe, but he is looking into it. Such a move would put Galileo on the same infrastructure footing as the other pieces of Cendant Travel Distribution Services, most of which have a dotcom heritage. For example, Orbitz’s infrastructure was built from scratch on Linux. To Lutz, Linux has achieved its goal: To become a viable alternative to proprietary operating systems. He professes no interest in, nor understanding of, the mechanics of the open-source movement. “The Linux community is still a black box to me,” he says. The community is irrelevant to him, because the software can run his infrastructure, and he can buy enough support for it from vendors. “When I look at the constant reengineering we have to do within the travel agency business [to become more efficient], to me, there’s no other solution besides open source, given our volumes, our transaction rates and the problems we have to solve.” The ‘black box’ of open source has transformed into something any CIO can appreciate: Reliable performance and consistent uptime. The penguin can fly now. CIO

Send feedback on this column to editor@cio.in

REAL CIO WORLD | M A R C H 1 5 , 2 0 0 6

3/11/2006 4:56:45 PM

Reader ROI:

Predicting the vagaries of the monsoon with modern technology How forecasting accuracy can be enhanced Why weather forecasting is not just about supercomputers 50

M A R C H 1 5 , 2 0 0 6 | REAL CIO WORLD

Vol/1 | ISSUE/9

e-go vernance

Weather Wizards New forecasting methods and technologies are helping predict weather. But with the bewildering number of variables, the future of analyzing monsoon trends is likely to remain sometimes sunny and occasionally cloudy. By Balaji NarasimhaN

IMAGING JINAN K VIJAYAN

A Technological Drought Statisticians have a macabre way of rattling off figures to describe human tragedy. Tell them that poor rainfall forced farmers in Andhra Pradesh to commit suicide at the rate of 40 per week in 2004, and they will tell you that 70 percent of India’s population depends on agriculture, which accounts for over 21 percent of national GDP. Eighty percent of the rain occurs between June and September, mainly in July. It is suddenly understandable where doomsayers in the street come from every time monsoon predictions go wrong.

Vol/1 | ISSUE/9

And that is only one part of the problem. India’s growing population means that by 2013 every citizen will to have to make do with 1,700 cubic meters of freshwater, down from 5,000 cubic meters in 1955, according to the UNICEF. The only way this disaster-in-the-making can be deflected is by proper planning. With India heavily dependent on the rain, there can be no plan without an accurate prediction of the monsoons. The India Meteorological Department (IMD) takes accuracy very seriously. But while the IMD and other bodies are trying their best to read the clouds (see ‘Leveraging Big Iron’), predicting the weather is always going to be fraught with uncertainties, no matter how many supercomputers are thrown at the problem. REAL CIO WORLD | M A R C H 1 5 , 2 0 0 6

e-governance

This is because technology is just one of the factors that plays a part in forecasting. Sure, you can use computers to crunch numbers and extrapolate future trends, but what do you do when global warming and El Nino change weather patterns so much that track record is no longer a reliable gauge? Failure is expected; it’s a handicap and some people work better with one.

The Sun Shines Down on IMD IMD refuses to be beaten back by the weather and does its homework carefully. Pune-based IITM (Indian institute of Tropical Meteorology), which was established under the IMD, analyses rainfall studiously. They have a monthly-breakup of rain from 1871 to 2003, covering 2,880,324 sq. km. They are also making technology an ally to collate and disseminate data. Weather has no borders. Observations need to be shared, not just within India but also abroad. To facilitate this, the IMD is fully wired, and its office in New Delhi is connected with all its other centers. In addition, to manage global sharing of information, IMD Delhi also has a 13 point-to-point global telecommunication system. It also has two circuits that connect Delhi to Melbourne and Muscat. Once observations are collated, it is up to the computers. Talking about IMD’s computer legacy, Dr. H.R. Hatwar, Deputy Director General, IMD, New Delhi, says, “IMD used IBM 360/44 and VAX 11/730 computer systems prior to 1994. It acquired CYBER-2000U computer system in 1995. These computers were used till mid-2004.” Not really big-league computing, which makes their work almost seem like wizardry. Now, the IMD uses

ALTIX–350 and ORIGIN–200 high-end servers. The IMD has already submitted a proposal to the department of science and technology for an upgrade of its computing power. According to Dr. Hatwar, the IMD will need a system capable of two-to-four teraflops, and hopes to get it within a year. Traditionally, institutions like the IMD have been known to be great users of technology. They used the telegraph system extensively back in the day when it was hi-tech communications. But still the department is faced with the accusation, only somewhat veiled as a question: Why do forecasts fail? Typically, e-government initiatives fail due to a lack of user buy-in. Unfortunately, that explanation doesn’t get the cigar in this case. IMD has other problems more specific to organizations with high-computing needs: Scalability. Add more nodes and the system’s performance comes down. The flip side is that performance doesn’t reflect a proportionate spurt even when more CPUs are added. Bottlenecks merely shift from the CPUs’ ability to process information to their ability to communicate with each other effectively because they aren’t designed for such speeds. Another problem is with the software communication libraries and I/O systems, which don’t always keep pace with hardware growth. In effect, it is always the weakest link in the chain that holds down computing capabilities—and no sooner is a holdup identified and fixed, before it moves elsewhere. But this game of catch-up is not the only reason why predictions get stuck in the mud. In 2002, monsoon forecasts went horribly wrong as drought overtook parts of the country. The incident made the IMD look like crystal ball gazers at a local fair and forced them to look at the parameters that they were working with. In 2003, stung by failure, they replaced the old 16-parameter model with 8 and 10 parameter power regression and probabilistic models. The revamped system managed to forecast the south-west monsoons accurately in 2003 but led to another black day for IMD in 2004, when

Leveraging

Big iron While the IMD (India Meteorological Department) is one of the premier bodies involved in weather forecasting in India, it’s not the only one. The department of science and technology and other associated bodies are heavily involved in providing inputs and making independent predictions. The relationship between the IMD and these agencies is comparable to the 52

Govern Main_2 Jayan.indd 52

M A R C H 1 5 , 2 0 0 6 | REAL CIO WORLD

relationship between the army and the border security force. One of the active players is the NCMRWF (National Center for Medium Range Weather Forecasting), which has developed global atmospheric models like the T80/L18, with a resolution of 150 km. The NCMRWF, which has also developed mesoscale atmospheric models and ocean wave models, uses a 24 processor Cray SV1 vector system

capable of providing a performance of three-to-four gigaflops. This entity also uses the BARC-developed Anupam Alpha, two 600 MHz DEC-Alphas with one GB each, and other systems. Another body, the IITM (Indian Institute of Tropical Metrology), has developed numerical models like atmospheric global spectral and POP ocean general circulation models. IITM uses 18 highend servers and 150 Pentium PCs. CAS (Center for Atmospheric Sciences), IIT-Delhi, is also working on areas like regional climate prediction and air-sea interaction boundary layer study. While

Vol/1 | ISSUE/9

“IMD cannot do anything to over come natural factors. We have to work within the constraints of natural predictability” —Dr M. Rajeevan, Director, National Climate Centre, Pune

their rainfall prediction fell short. But the model overhaul now permits the IMD to make the first monsoon forecast in April—a good two months ahead of the rains.

Clearing the Fog However, the IMD isn’t satisfied. To reduce errors further, it has worked out a power regression model for rainfall solely in the month of July, normally the wettest month of the year. Predictions are complicated because parameters include the Eurasian snow cover, sea surface temperatures of the Arabian Sea and the North Atlantic Sea, El Nino, etc. According to experts, in the last 120 years, drought has been caused predominantly by two factors: El Nino and the Eurasian snow cover. According to Dr. M. Rajeevan, Director in charge of the National Climate Centre, IMD, Pune, “Snow cover is monitored using satellites, especially US satellites. El Nino is monitored using a combination of observational platforms of sea surface temperature data buoys, ships and satellites.” Simplistically speaking, it’s easy to assume that the careful monitoring of the eight or ten parameters will increase accuracy. But this isn’t true beyond a point. To deliver greater accuracy, the IMD and its associated departments need to narrow their focus—and this will require an increase of computing power.

they have some systems in the megahertz range, the big iron gigahertz capable system at their command appears to be the IBM P570, with four processors and a speed of 1.9 GHz. This system boasts eight GB memory and a 876 GB hard disk. SAC (Space Applications Centre), Ahmedabad, has also developed numerical models for extended range monsoon prediction and mesoscale models. The systems include two Linux-based Itanium-II 4 CPU machines with 8 GB memory. India’s premier supercomputing entity, C-DAC (Centre for Development of Advanced Computing), is also one of the forerunners in

Vol/1 | ISSUE/9

Govern Main_2 Jayan.indd 53

According to the Report on the Brain Storming Seminar on the High Performance Computing for Weather and Climate Modeling presented by S. K. Dash, Centre for Atmospheric Sciences, IITDelhi, in March 2005, there is a requirement for computing power of one teraflop in the next two years, 100 teraflops by 2010, and one petaflop by 2020. This is required is because model resolution needs to be reduced for enhancing accuracy. Right now, resolution is around 40 km, but by 2010 it will come down to 25 km, a figure that will diminish to 10 km by 2020. Once we get to petaflop computing, will weather be easier to predict? It is hard to say because the model plays a greater role than the computing setup. For instance, while the IMD failed completely to predict the 2002 drought, the NCEP (National Centers of Environmental Prediction) in the USA used its global circulation model to predict it. The NCEP model is now being used by both IISc, Bangalore and IMD, Pune, says Dr. Rajeevan. At the end of the day, IMD’s best bet is to use the fastest computers with the most robust models, and then hope that the prediction works. If that doesn’t, the model has to be improved. The element of failure, like it or not, will remain high, no matter what. But then again, if we knew exactly what would happen, would it be called it prediction? CIO Special Correspondent Balaji Narasimhan can be reached at balaji_n@cio.in

this field. C-DAC has been associated with weather, ocean, and climate forecast models, and one of its powerful computing tools is the Terascale Supercomputing System, which can provide a peak performance of one teraflop. This system, which has 248 Power4 RISC processors, runs on AIX/Linux and interconnects using the PARAMNet-II System Area Network, which is capable of full duplex throughputs of 2.5 Gbps. While much of the work in this area in India is done by government-associated players, the NAL (National Aerospace Laboratories) has worked with Ncore Technologies and iWave, two Bangalore-based companies, under

the Government of India’s NMITLI (New Millennium Indian Technology Leadership Initiative) to revamp the FloSolver series. One of the special features is that the FloSwitch, which handles communications between the various CPUs in the supercomputer, is actually an intelligent device capable of cutting down on processing time by doing its own processing before passing on data to the CPUs. While this is useful under several circumstances, it gains special relevance with reference to forecasting because the FloSwitch has been specifically custom-built for meteorological applications. —B.N. REAL CIO WORLD | M A R C H 1 5 , 2 0 0 6

S. Ramakrishnan, Director General, C-DAC is using opensource software to enable a nation-wide grid to achieve superior technological prowess.

Interview - 01.indd 54

M A R C H 1 5 , 2 0 0 6 | REAL CIO WORLD

Vol/1 | ISSUE/9

3/11/2006 5:03:59 PM

OPEN SOURCE

SPECIAL Interview | S. Ramakrishnan

Developing

Superpower S. Ramakrishnan, Director General, C-DAC (Centre for Development of Advanced Computing), stands by his belief that a team of technologies will bring about best results both technologically and economically. open pen source is core to that belief. Riding on linux inux and other open-source software, Ramakrishnan is opening up C-DAC’s applications and its supercomputing resources, empowering the organization to play a catalytic role in IT-enabling the country. By Gunjan Trivedi

CIO: Why has C-DAC chosen to make open source an important research area?

PhoTo by FoToCoRP

S. RamakRIShnan: We strongly believe in open source. Though I have nothing against proprietary software, its days are numbered. On the other hand, open source has matured and now addresses scalability, support and licensing issues. The days when open-source’s prime USP was its free or near-free status are long gone. Our conviction is to encourage software that helps users and also helps us help them. Open source is a vendor-agnostic development platform that frees us from our dependence on applications and architecture, avoids vendor lock-in and makes customizations easier. I firmly believe the extended use of open source will work to the advantage of agencies that promote e-governance.

Vol/1 | ISSUE/9

Interview - 01.indd 55

How specifically has open source benefited e-governance initiatives?

Since open source offers the lowest entry barrier, competition has moved to the technology space and this eventually benefits users. With open source, we’ve also been able to maximize on a rich user-experience by offering users different platforms. Open source also enables us to address unique requirements and incorporate them seamlessly. C-DAC will represent India at the EU-funded, global open source research project, FLOSSWorld. How will C-DAC gain from this?

The philosophy that drives open source is similar to the one that’s behind the Internet. Open source has created a platform-agnostic, borderless world. FLOSSWorld REAL CIO WORLD | M A R C H 1 5 , 2 0 0 6

3/11/2006 5:04:02 PM

OPEN Why theSOURCE model matters SPECIAL

Interview | S. Ramakrishnan (Free / Libre / Open Source Software) is a global project to share experiences and knowledge and by associating with it, C-DAC will be able to further its philosophy of ‘Thinking global, acting local.’ Collaborating with global partners and developers will enable us to come up with better solutions to local problems.

based application-development model has proved immensely useful in creating unique solutions and customizing existing open-source applications. It has shrunk our development cycle with already-developed applications. We can now invest that time in developing more users of supercomputing technologies across various verticals in the country.

Where is C-DAC’s high-performance parallel computing initiative leading to?

What is the aim of C-DAC’s language processing and local language projects? Where are they headed?

C-DAC’s high performance computing, or supercomputing, initiatives address diverse applications in science, technology, engineering and business at various institutes. Quite recently, we set up a Proof of Concept phase network to further our National Grid Computing initiative. It’s called Garuda and is funded by the department of IT. The grid phase is built on a 100 Mbps nation-wide network and provides access to distributed heterogeneous computing and storage resources. Our tera-scale supercomputing facility in Bangalore houses India’s fastest, indigenously-developed supercomputer, Param Padma, and high-performance clusters that can run at one teraflop. We plan to scale up its computing power to ten teraflops by next year. We play an important role in evangelizing supercomputing. I see a supercomputing roadmap in which more resources will be aggregated to a grid and increased collaboration with premier institutes and agencies will enrich the demand-side of supercomputing. We aim to increase our computing power to a petaflop by 2012. Increasingly, Linux and open source are becoming our operating system and development platform of choice for high-performance cluster computing. The open, collaboration-

C-DAC has been a pioneer in developing multilingual processing applications and projects. We have been the country’s premier language R&D organization and have developed applications that cater to diverse needs—from machine translation to high-end speech processing, and from optical character recognition to speech-to-text requirements. India’s PC shipments reached four to five million last year and there is huge scope to introduce applications that use Indian languages. We want to tap this. We’re employing open source to develop the core components of our language-processing kits. Last year, we rolled out applications that used three Indian languages. We’re adding five to seven more languages this year and plan to offer applications in 22 Indian languages by the next financial year. e-governance is fast becoming a reality in India. How is C-DAC maintaining its momentum?

e-governance initiatives have been materializing at a phenomenal pace over last three years. And the department of IT and state governments are planning more initiatives under the NEAP (National e-governance Action Plan) and are outlining frameworks to form a strategic blueprint. This

With open-source offering the lowest entry barrier, competition has moved to the technology space and this eventually benefits users.

M A R C H 1 5 , 2 0 0 6 | REAL CIO WORLD

Vol/1 | ISSUE/9

Interview | S. Ramakrishnan is enabling various agencies to come up with programs with an overall architecture rather than piecemeal applications. C-DAC itself, since 1988, has been instrumental in developing such structured programs to enable large, successful e-governance initiatives. Many of our endeavors win awards such as KAVERI (Karnataka Valuation & ERegistration), which won a gold medal at the Eighth National e-governance Conference. We have leveraged our model of ‘productization’ and customization to play a pivotal role in many e-governance initiatives. We are also a core member of the department of IT’s standard committee, which defines the architecture and looks into language-related issues of e-governance projects. This interaction reinforces our partnership with various agencies, is an aid in developing projects for a number of verticals, and also helps us set best-practice examples. How do you rate the success of various e-governance projects?

SNAPSHOT

C-DAC

TURNOvER (2004-2005):

Rs 180 crore (approximate) EmPLOyEES:

2,100

NUmbER OF LAbORATORIES:

NUmbER OF LIvE E-GOvERNANCE PROjECTS:

ExPERTISE AREAS:

Financial and capital market simulation and modeling

example of how working styles change as competition is introduced. Until there were signs of the sector’s privatization, PSU banks had a lethargic style of working. As talks of competition got stronger, the banks geared up to adopt IT and brought about phenomenal changes in the way they operated. With similar drivers in the government, maybe five years down the line we can expect changes. But, until then, we will have to depend on patience and perseverance to ensure the success of egovernance projects. This said, information technology is becoming increasingly derivative. This helps attract investment and helps generate more revenue which is leading state governments to adopt IT. States that have adopted IT quickly and are deploying G2G, G2B and G2C initiatives, are progressively growing their business confidence. India, as a whole, is doing better as states embrace IT, and I think setting up IT departments state-wise was a very important step.

Network and What is C-DAC’s roadmap for e-governance Internet software Our gauge of a project’s success is the projects? Artificial intelligence scale of its user satisfaction. Higher the We have both a top-down and bottomNatural language satisfaction, the more successful we are. We up approach to e-governance projects. processing have undertaken a number of e-governance Our language processing initiatives, projects which have been immensely supercomputing projects and best practice successful. Project SARITA, which automates activities are driven by the Government of the stamp & registration activities for Maharashtra, is an India and are examples of a top-down approach. example. The Inspector General of Registration, Maharashtra Our bottom-up approach feeds on user requirements almost doubled its turnover from 1,300 crore to 2,500 crore or market demands. We develop solution prototypes after SARITA was implemented. based on our extensive interactions with users of Interestingly, the investment from both the government e-governance initiatives. We track where various sectors are and private industry was only one percent of that figure, Rs headed and enable government agencies to tackle ensuing 25 crore. User feedback we’ve received indicates enormous demand and supply. We’ve won awards for our work. satisfaction. Developers and stakeholders have taken the Going forward, with our expertise in different technologies, ownership of the project and there’s been a very large we would like to play a catalytic role in IT-enabling India. Cimpact on users. More than a million document pages are DAC is a highly entrepreneurial organization, although we registered a day in the state. don’t have an agenda to gobble up the technology solution space including supercomputing and e-governance. We would like to enable a nation-wide resource-sh aring and How challenging is it to develop projects in the partnership platform to encourage various institutions and government sector? Change management is the biggest challenge we face agencies to best leverage the superior technological prowess while deploying and executing e-governance projects. The India has to offer. CIO conservative mindset of users and the scale of a project’s impact become critical. Many projects have failed because of their inability to tackle change management. Sometimes, government users and agencies also lack the motivation to bring about an effective change in the way they work. This is due mainly to a lack of competition Senior Correspondent Gunjan Trivedi can be reached at within the government sector. The banking sector is a good gunjan_t@cio.in

Vol/1 | ISSUE/9

REAL CIO WORLD | M A R C H 1 5 , 2 0 0 6

OPEN Why theSOURCE Model Matters SPECIAL

EssEntial

technology IllustrAtIOn By unnIKrIsHn An AV

From InceptIon to ImplementatIon — It that matters

Ajax looks like its going to stay. But, like every new Web technology, CIOs must look how not to drop the ball on their companies.

AjaxArrivesfor theEnterprise BY CHRISTOPHER LINDQUIST WEB 2.0 | Like vintage bowling shirts, asynchronous JavaScript with XML, a.k.a. Ajax, seems

to have begun as a fad. But it’s quickly gaining acceptance worldwide as developers look to design Web interfaces that hook users with their speed and ease of use. But while clothing trends come and go, Ajax looks like it may stick around, offering Web developers a means to create rich client-like applications on webpages without resorting to huge amounts of code or forcing users to download plug-ins. However, like every hot new Web technology, CIOs must hold firm against the regular barrage of ‘if Google is doing it, why can’t we?’ and find the underlying value in Ajax for their particular companies.

Where Ajax Came from Freely draggable satellite images on Google maps. Instant spellchecking in Gmail. They’re cool features. Admit it. The launch of tools such as those revitalized interest in both the online mapping and Web-mail markets. With a flourish, Google demonstrated that browser-based applications could support rich client-like capabilities and performance—without the rich client. 58

M a R C H 1 5 , 2 0 0 6 | REAL CIO WORLD

VOl/1 | I ssuE/9

essential technology

The secret sauce was a clever combination of JavaScript and XML. XML-based data could be pre-downloaded into the user’s browser where JavaScript code could quickly perform operations on it— sorting a list of products or e-mail on the fly—without the tedious back and forth between browser and server. The idea was not new: Developers have been using JavaScript and locally cached data to offer rich interfaces since the ‘90s. But most users still connected to the Internet via dial-up connections, making background data downloads tricky. Browser compatibility with JavaScript was hit and miss. And limited processing power on client PCs could throttle the performance of all but the most simple JavaScript applications. Over time, JavaScript began to fall out of vogue in favor of server-side scripting— which guaranteed compatibility across browsers—and client-side development tools such as Macromedia’s Flash.

Vol/1 | I SSUE/9

Essentisl Tec.indd 59

But in the past 18 months, JavaScript has seen a resurgence, driven by the likes of Google, Yahoo and even Microsoft. Just as important was the coining of a short, memorable and highly marketable term for the collection of technologies currently behind many of the most well-known applications. In a Feb. 18, 2005, blog entry by Jesse James Garrett, co-founder of user-experience consultancy AdaptivePath, asynchronous JavaScript and XML got a name: Ajax.

How Ajax Got so Smokin’ Once named, the hype followed. Ajax applications were hot, and the benefits they provided were easy to see, even for non-techies. Stories about Ajax and apps developed with the tools appeared everywhere, including publications such as The New York Times and BusinessWeek. Want to get some attention for your startup? Announce that you are developing your product in Ajax.

Googlemaps mania.blogspot. com lists dozens—if not hundreds—of sites creating or ‘mashups’or online applications merged with Google Maps, including municipal transit trackers and real estate sites.

REAL CIO WORLD | M A R C H 1 5 , 2 0 0 6

3/11/2006 4:58:44 PM

OPEN Why theSOURCE Model Matters SPECIAL

EssEntIAl E ssE ss Ent ntIA IAl l technology

Looking to warm up your résumé? Add Ajax to your skills list. Ajax’s new branding also coincided conveniently with the dawning of Web 2.0, a vaguely defined movement that promotes the idea of the Web as a platform for easily remixable, highly flexible services—and Ajax looked promising as the glue that could hold those services together.

How Not to Get Burned People deeply engaged in Ajax development suggest going slowly. Take a deep breath and learn what the technologies can and can’t do and what skills you need on staff to take best advantage of the tools. Ajax, at least for now, is best suited to making user interfaces more intuitive and useful. Pop-up, context-sensitive information balloons, data lists that

On the positive side, the flurry of interest in Ajax has resulted in a mini-boom of commercial tools and open-source kits designed to ease Ajax development. Andy McCown, a lead developer at international advertising firm Chiat Day (which is currently testing Zimbra, an open-source, Ajax-based e-mail/collaboration tool), says the company first began looking at Ajax in 2004, but at the time there were few libraries available to help developers create their trial applications, forcing everyone to roll their own toolsets. And at the time, Ajax’s value proposition wasn’t there. But, he says, “Ajax has come on very strong in the past six months. It’s changing what people expect out of Web applications. We have to consider those expectations now.” He points to the Script. aculo.us JavaScript libraries and the

Even people deeply engaged in Ajax development suggest going slowly. take a deep breath and learn what the technologies can and can’t do.

Ajax Online resources A collection of resources for budding Ajax developers. Ajax is a collection of technology aimed squarely at the Web, so it’s no surprise that most of the best information about Ajax development is available at the click of a mouse button. Here are some choice examples: The blog entry by Jesse James Garrett that started all the Ajax talk. http://blog.

jjg.net/weblog/2005/02/ajax.html The Script.aculo.us JavaScript resource sharing site. look here for free Javascript libraries and demos of Ajax applications built using those libraries. http://script.aculo.us/ The Prototype JavaScript Framework. A required component for working with the script.aculo.us libraries. http://prototype.

conio.net/

regularly update without reloading a page: These are the types of things that Ajax can offer right now to help you spruce up your browser-based tools. Dave Jenkins, CTO at online outdoor equipment retailer Backcountry, used Ajax to add a feature to a browser-based ERP application: When a customer-support representative closes out a support ticket, the line on the screen blinks yellow twice and then fades away—a simple but effective visual cue that something has happened to the data. Jenkins argues that this is far better than the screen simply refreshing and the user noticing that the data has disappeared. But even the simplest-seeming features can be daunting. Creating solid Ajaxbased applications requires an in-depth knowledge of JavaScript plus sufficient back-end database mojo to make sure everything works. 60

Essentisl Tec.indd 60

M a R C H 1 5 , 2 0 0 6 | REAL CIO WORLD

Prototype JavaScript framework as good examples of tools now available to help developers get up to speed with Ajax. But even while they need to pay attention to the opportunities Ajax offers, enterprises should realize that browser-based JavaScript support is still fraught with potholes, particularly if you want to work across platforms such as Windows, Unix and the Macintosh as well as across browsers such as Internet Explorer, Safari and Firefox. Sachin Shah, senior product manager at online job-listing site SimplyHired, says companies must make sure their Ajax features can downgrade gracefully if they’re going to expose their sites to the general public. Users, for instance, might be running an incompatible browser or may even have JavaScript turned off as a security precaution. But providing the downgrade capability—so a clever Ajax animation can

The Simple Ajax Toolkit. It is what it says it is. It’s also open source and, therefore, free.

http://absinth.modernmethod.com/sajax/ Microsoft’s Atlas Ajax tools prototype. the final version won’t ship until next year, but this provides a taste. Go to www.asp.net, then

click on the Atlas tab. Backbase: Ajax development toolset. Available in free and commercial versions.

http://www.backbase.com/ Ajax without JavaScript is merely AAX. Check here for a blog entry about best practices for Javascript. http://www.

thinkingandmaking.com/entries/63v — C. l.. VOl/1 | I ssuE/9 E/9

3/11/2006 4:58:49 PM

essential technology

also appear as plain text, for instance—makes the development process more complicated. Even Ajax enthusiasts say caution is necessary, at least for now. “Long term, I’ll probably be using Ajax everywhere I can,” Backcountry’s Jenkins says. But for now he plans to keep most of his experiments in-house, where he can control the user environment closely, for instance, making sure users are all on the same browser versions and all have JavaScript turned on. Jenkins also says developers need to keep in mind that Ajax isn’t an all-or-nothing proposition. For instance, he points to a browser-based ERP client that Backcountry developers built in part using asynchronous JavaScript, but without the XML. The application uses the Postgres open-source database on the back-end, Jenkins says. “I know where all the data fields are,” he adds. “I don’t need all the XML fields,”—a situation that simplifies development.

Essentisl Tec.indd 61

Security is another issue. While the foundational pieces of Ajax aren’t new, their widespread use in combination is, and the security ramifications of that are not completely understood. Suffice it to say that Ajax is vulnerable to the same things as are the base components: JavaScript and XML. Then add a few other vulnerabilities. For instance, according to the vendor, Scalix’s Web Access e-mail client is careful to clear traces of itself from the browser’s cache once a session ends, preventing thieves from rummaging through your e-mail messages once you leave. Use of a JavaScript obfuscator can also help protect the intent of your code from prying eyes.

working to release a set of integrated tools called Atlas next year that will combine Ajax with elements of the Visual Studio and ASP.Net toolset. (And the company is promising that it will maintain cross-platform compatibility on the browser side.) Whether all the new development options create a scenario where users revolt against overused Ajax widgets—much as they did with the ‘blink’ tag—remains to be seen. For now, however, commercial applications such as the Zimbra and Scalix e-mail systems are showing Ajax to good effect—and helping pave the way for enterprise-class development frameworks. CIO

Where Ajax is Going The exact direction Ajax will take is anyone’s guess, although it’s a safe bet that frameworks and tools will rapidly mature and diversify. Microsoft, for instance, is

Send feedback on this feature to editor@cio.in

3/11/2006 4:58:51 PM

OPEN Why theSOURCE Model Matters SPECIAL

Pundit

ESSEntIAl ESSEnt ESSE ntIA IAl l technology

Can Vendors Control Open Source? An emerging business model that provides open and proprietary versions could hold an answer. By Christopher KoCh open source | I was struck recently by a statement MySQL’s CEO Marten Mickos made, about open-source firms selling to large, proprietary software companies and risk being dubbed sellouts by the opensource community. Mickols said, “You cannot buy a community. ”

grow. The open source version becomes a cheap way to market the proprietary stuff: Potential customers download it and then seek out support and more powerful functions offered in the proprietary version. Venture capitalists are funding this model at a dizzying pace. And formerly open-source

the code open lowers the barrier to entry for potential new competitors. Some CIOs are skeptical that open-source communities will ever emerge for some of the software they really need. “There are things I need, but people in the community think it’s too boring to work on them,” says

Some CIOs are skeptical of the model. But venture capitalists are funding it at a dizzying pace. There’s evidence that Mikos’s statement is increasingly out of touch with reality. First, as those with deep experience working with open-source projects say, there is no such thing as an open-source ‘community’—in the sense that it is monolithic and united in a common purpose. Many open-source projects are staffed entirely by people who are paid to support the software. Indeed, the software is seen as a route to riches by the developers, who figure if they give away the software using the Internet, they can make money by offering support for the code they write. The real customers of the software won’t complain as long as they keep getting it for free. Free in this case means free beer, not freedom. It’s the core of the emerging business model I call ‘mixed source,’ whereby entrepreneurs offer two versions of their software: One open and the other proprietary. The proprietary version attracts venture capital money that allows the company to 62

ET-Pundit.indd 62

M A r C h 1 5 , 2 0 0 6 | REAL CIO WORLD

companies are going proprietary. A software package called Nessus was initially released under an open-source license in 1998, but the latest version (3.0) has been released under a commercial license (earlier versions remain available as open source)—though it is still free to users. Nessus’s developer, Renaud Deraison, says his commercial customers pressured him to close the source. Though Nessus’s shift has brought criticism from some opensource advocates, Nessus usage seems not to be affected. CIOs prefer the open-source business model that open source developers have the most trouble selling to potential investors: A services model in which the company sells support for a single, open-source code base. CIOs love the idea of their money going directly to the support and maintenance of the software. But venture capitalists don’t see as much value in it. Margins are lower for services than for software and leaving

Barry Strasnick, CIO, CitiStreet, a benefits management company. CIOs could become the venture capitalists. It would work this way: CIOs hire consultants to write code for patchy areas but the software isn’t part of their core competence and is broadly applicable enough for other companies to benefit from it. They have the consultants release the software as open source. The consultants are happy because they get to sell services to other companies. CIOs potentially benefit because other customers may pay consultants to write useful additions to the software that the original CIO gets to use for free. Maintenance and support are handled by the consultants and perhaps a community of users that emerges around the new product. If the community and the consultants disappear, CIOs simply take the code base to another outfit for support. What do you think? CIO send feedback about this column to editor@cio.in

VOl/1 | ISSUE/9