In this Season Finale of Engineers Unplugged, Joe Onisick (@jonisick) and Michael Ducy (@mfdii) discuss GoatOps. Yes, you read that right. What is GoatOps? What does this have to do with DevOps? This is all about process and the necessary changes to make Enterprise workflow flow in modern IT. This is a can’t-miss episode!
Unicorn Challenge, Goat Edition, with Joe Onisick and Michael Ducy
This is Engineers Unplugged, where technologists talk to each other the way they know best, with a whiteboard. The rules are simple:
Episodes will publish weekly (or as close to it as we can manage)
In my previous blog, I highlighted the need in ISV’s business transformation due to various changes in the market. Although ISVs are bound to face challenges as they shift their approach to application development, they must also be weary of the challenges that can come with other technological avenues, including cloud, analytics, mobile and social networks. The following are the top 10 challenges that I have seen ISVs struggling with in today’s market:
Domain 1 -- Infrastructure & Environment
In today’s cost-sensitive market with tight budgets, ISVs have to decide if there is a business case to build a Cloud to run their production software or host SaaS solution in a public Cloud or hosted Cloud. There are many qualitative and quantitative factors to consider. Qualitative analysis can include new or existing software solution, security, compliance, availability, global reach requirements, IP protection, existing IT resources in-house or lack there-of, etc. Quantitative analysis can include cost per user considering cost of compute, network, storage, support, training, software license, third party integration, human resource cost for development and support, etc.
It is easier to do the above analysis for Test environments, where you would need a large number of resources for a short period of testing time. Hence, public IaaS providers can be cost effective if there are no major concerns on Security, Compliance or IP-Protection. In such situations, ISVs can develop software using in-house environments and use public Cloud (or hybrid Cloud) for test environments.
ISVs should consider Cattle and Pet strategy (just like a cow in a cattle where if one cow dies, it gets replaced without any big impact to cattle, a server or a VM instance in cloud should be treated the same where if one server goes down, there should not be any impact on the functionalities of the cloud solution. This is unlike a pet -- or a traditional server in legacy environment -- where a pet requires care and create impact if something happens to it) in architecting the software for Cloud to reach higher availability. One should not have a Pet instance that cannot go down. Instead software solution should have failover capabilities and also load balancing capabilities so any server should be replaceable just like a cow in a Cattle. Following are some generic statistics of reliability in Cloud compare to Legacy environments:
Legacy has 99.9% reliability for Applications and 99.999% reliability for Infrastructure
Cloud has 99.0% reliability for Infrastructure and 99.999% reliability for Application
Domain 2 -- Virtualization & Abstraction
Evaluating if your software can live on a virtualized server or if it requires bare-metal server, can be the starting point in the Cloud journey. Not every software solution is designed to be on a virtualized server. In this case, it is a critical decision if one should redesign the software or develop it from the scratch or use container technology.
Questions, such as: “can (and should) your software do multi-tenancy?”are also very important. This decision can lead to overall impact on how you architect your software solution and evaluate price. Ability to do multi-tenancy can lead to reduced infrastructure to run your solution and hence, possibly reduced price to end customer. One should also evaluate impact of multi-tenancy on security that is required for ISV’s vertical industry. When a SaaS application handles sensitive data, ISVs must know and document how enterprise’s sensitive data is isolated from other tenants’ data. This analysis includes data at rest and data in-transit within the ISV’s SaaS environment, as well as in-transit across other untrusted networks.
Domain 3 -- Automation and Orchestration
Selecting the right tools for automation of policy-based orchestration, deployment and provisioning can lead to less manual steps, reduced time to setup new customers and enhanced speed to market.
Utilizing automation for release management can lead to less errors and smaller numbers of business interruption.
As high availability and less time between interruptions for disaster recovery are critical to keep customers in Cloud space, ISVs should have automation tools to do regular testing with simulated disaster situations to verify high availability.
Domain 4 -- Customer Interface
Since late 1990s, with introduction of Web, ISVs are forced to decide if software should have thick client or thin client or both. Now, with ubiquitous smart phones, popularity of mobile applications and with speedier releases of upgrades on popular mobile platforms such as Google Android, Apple IOS, etc., maintaining and upgrading mobile client can be substantial additional investment.
ISVs also need to make decisions on what should be the scope of the mobile client –
Should it be an independent software with full feature functionality of software solution, or
Should it be a hybrid solution where some feature functionalities are available on Mobile client while the rest is accessed remotely via web and executed in Cloud, or
Should Mobile client just be an additional device with remote web client?
In addition, with market trends towards integrating third party APIs to expand the feature functionalities of the software, role based identity management is critically important. Additional challenge is that ISVs have to develop flexible solution so they can adjust to different interpretation of different roles by different API providers.
Domain 5 -- Service Catalog
With SaaS, ISVs have to plan on how to price their software solution per user but also think about how to package the software solution and make it available using web based catalog. This catalog needs to have clear use cases that are easy to understand, aligned to vertical industry needs and price competitive to match customer’s willingness to pay. Moreover, though, any inclusion of third party software solution needs to be transparent to the user; it needs to be clearly defined in the legal language to reduce liability.
Development of such price & package is not a simple task. It is an art as one should create unique value perception for all use cases, be competitive, as well as make it easy for the user to decide and differentiate from competition to avoid price discussion instead of value. Moreover, this catalog may need to change regularly based on competitive forces and customer needs.
In addition to developing their own catalog, ISVs must also consider how their software solution can be integrated in Partner’s catalog so they can reach broader audience. This requires considerations, such as how to price it to the value given by partner solution. This may require rethinking on the price as partner based use of ISV’s software solution may not include full feature functionalities.
Domain 6 -- Financial
Pricing software solution using Pay-per-use model is a challenge that is different from pricing for perpetual license. Pricing needs to be based on the market’s willingness to pay, as competition is just a click away. It also requires considerations and clear understanding that ISVs may not have many months to recover R&D cost due to competitive threats. Hence, it requires clear planning on how fast ISV can get enough customers to reach a breakeven point to cover R&D, customer acquisition & operation cost.
Compared to one-time billing for perpetual license, monthly or quarterly ongoing billing for pay-per use is a challenge and it has larger number of collection issues.
With the popularity of social media, even clarity and simplicity of regular bill-to-customer is important. Otherwise, ISV runs the risk of having a critical blogger targeting ISV billing practices and impacting reputation and moving customer’s opinion away from ISV. Such customer opinion also provides additional ammunition to competition. Hence, a bill should have enough details that are easy to understand, yet forces customers to see the value and possibly avoid easy comparison with competition.
In pay-per-use licensing, ISVs have to develop new strategy for revenue recognition and that can lead to impact on how sales compensations are designed.
If software solution includes third party vendors, ISVs need to do appropriate ongoing reporting to the vendor and also understand appropriate impact for tax purposes.
How long should ISVs let customer try software solution for free or have a promotional package is based on software solution maturity, market trends and direct competition. This decision alone can lead to high cost of customer acquisition and promotion.
Maximizing social networks such as Facebook and Twitter to understand market trends and develop appropriate reports for business impact is critical for today’s success and require additional skills and resources.
ISVs needs to develop intelligent reporting for customers, partners and its own management using analytics tools based on software solution. Moreover, making sense out of structured and non-structured data with variety, volume and velocity of data requires different reporting solutions such as use of Big Data Analytics. Each customer click that can span across ISV’s multiple systems and possibly multiple Cloud provider partners that are part of the solution can execute multiple transactions and produce multiple logs. Some of the key analysis that companies could consider based on business maturity to develop correlations and to make future business decisions are: log analysis (web, applications, transactions, database, IT Infrastructure, System Tracking, Errors, Intrusion detection logs), process analysis, user interaction analysis, real time alert & action analysis and historical event analysis. These solutions are not free and require appropriate in house resources such as Data scientists & Business analysts, infrastructure & software planning and investment.
Domain 7 -- Platform
With growth of Cloud, Linux has become a very popular OS to develop solutions on. One can find many IaaS and PaaS providers offering Linux offers on cost effective bases. That said, though Linux is popular, Windows is not too far away with support from Microsoft’s Azure and few other Cloud Providers. But other Unix flavors are becoming less and less popular day by day. Hence, ISVs have to consider if their software should be migrated to Linux or Windows if they are not developed on them.
Based on OS, one also needs to consider existing resource’s familiarity with popular application development platforms, frameworks and libraries. For example, ISVs may be able to find many resources that are familiar with Eclipse compared to other alternatives.
Similar to OS, database plays an important role in the stability, performance and cost of the software solution. Per CPU core pricing of Oracle may require additional look when open source database like MySQL has become very stable and popular for many use cases. Many ISVs have found it to be an acceptable alternative. By the way, such consideration may lead to redesign of the software and may not be appropriate for all conditions.
Domain 8 -- Application
ISVs have to develop a clear strategy that customers get hooked on by providing customers free or cost-effective training, or easy API based integration points for logging, reporting, identity integration, such that customers would not easily consider competition that is just a click away.
Decide if ISV should consider languages such as C#, C++, VB, Java or consider light weight scripting language such as Perl, Java Script, PHP, Ruby or Python or both is based on familiarity of existing development team, current code, modularity of the solution and available resources.
Large amount of source code is available via open source, and ISVs have to evaluate if it is appropriate for their development team to use it for faster time to market and also consider copy-right issues related to using such open source code.
ISVs have to revisit their software solution to understand that it has modular design to take advantage of heterogeneous components offered by the Cloud and also leads to appropriate planning for high availability.
Domain 9 -- Security and Compliance
As mentioned by Cloud Security Alliance for Application Security, there are four key metrics that apply for Cloud applications -- Compliance and Governance, Identity and Access, Vulnerabilities and Patching, and Data Security. ISVs must ensure that needed metrics are available for Enterprise customers for their SaaS platform.
A good hacker can take advantage of the weakness in the development language for the software. Therefore, ISV needs to establish good coding practices such as input validation, authentication, authorization, configuration management, session management, cryptography, parameter manipulation, exceptional management, appropriate protection of in-memory data, and audit & logging.
ISV should also document following key things for their Enterprise customers:
What Web application security standards (input validation, encoding output, preventing request forgery and information disclosure) are being followed by the ISV?
What application and infrastructure controls are in place to isolate the enterprise’s data from that of other tenants?
How many denial of service attacks were attempted and how were they handled?
How do they manage identity?
How do they encrypt data (logs, between multiple application modules, between application and database and between application and third party API based use, etc)?
Domain 10 -- Organization, Governance and Process
Historically, software vendors are responsible for application development, feature and functionalities while customers are responsible for managing them in their own environment. With SaaS, operating and supporting is also part of ISV’s responsibilities. ISVs capability for continuous software development and with upfront considerations for operations and delivery of that software can allow capture of market opportunity faster and reduce time to get customer feedback. This DevOps software development methodology and considerations for operations is an important evolution compared to historically popular Waterfall or Agile methodologies. It is stated that DevOps methodology of software development reduces approximately 50% time as well as cost for long term operations support.
Impact of social network is tremendous and questions such as how are ISVs reaching out to potential target customers with social networking, how to support software online, how to maintain reputation online in the face of a crisis.
Many established ISVs have a sales force with tendency to hunt for the customers, transact the deal and leave. SaaS solution with pay-per-use licensing requires farming of the customers. In many ISV’s environment, this ongoing relationship building takes much more effort than sales is trained for, and would want to spend time per customer based on their quota size. Hence, ISVs have to plan appropriate sales strategy to keep sales force motivated.
For many ISVs, changing Sales compensations and training sales teams to sell pay-per-use license with minimal upfront revenue have been the most difficult part of this transformation. Established ISVs have to juggle to make sure that bottom line is not impacted too much and they can achieve good growth in subscription revenue for top line growth.
In this fast moving market with no permanent friends or foes, relationships for cooperation or competition, ISV has to continuously think who to partner with and how to structure partnership that is based on Customer value and aligned with ISV’s short & long term business strategy.
The need to move fast to improve software and remain a step ahead of the competition has lead established ISVs to develop hybrid solutions while others SaaS based ISVs have become core business services in Cloud(i.e. Workday, Salesforce.com, google app engine etc.), and they are replacing traditional on-premises software vendors. Some ISVs have expanded their reach and capabilities using third party SaaS vendors echo systems, such as Salesforce.com.
Existing System Integration
Once ISV develops SaaS based solution, system integration with other ISV’s solutions, reporting needs requires modularized thinking and possibly different developer resources as not all integrations are based on simple solution such as REST API. Some still require custom API integrations that may be based on Java or C++. Moreover, such integration should also consider higher availability and scale needs for SaaS solutions. Hence, ISV builds versus what ISV integrates into using third party API has become an important question of business decisions.
Success of ISVs does not only rely on the direct customers but also equality important are echo system partners. So ISVs also need to consider organic approach of today’s fast moving market environment and develop APIs for their key feature functionalities for partner’s to take advantage of. This is one of the very important considerations for DevOps methodology to address needs of development, operations and integration. This ability to allow someone to integrate to your software using your API (possibly REST based) as part of echo system can offer immense opportunities for ISVs, as it automatically enables you to reach a wider customer base.
In short, it the pressure to continuously adding value when competition is one click away leads to a challenge of existence for ISV and a –poses the question: should ISV continue to be an ISV, or not? Small, agile and nimble ISVs can turn fast with the market trend but that can lead to not having sufficient time to develop efficient processes and procedures. Large and established ISVs have advantage of existing customers and well-oiled operations but changing faster with the time is always a challenge. This Ying and Yang of agility to meet market demand and efficiency to run the business is core to many ISV challenges.
After saying all of the above, not everything is bad for ISV business, as more and more ISVs are coming to market with their unique flavor of SaaS solution. There are many ways to make money in today’s market, such as faster customer reach due to internet, analytics, mobile and social networks as well as , enthusiastic responses from venture capitalists to invest in “good” SaaS based solutions. ISVs that understand the challenges explained and are weary of them will surely experience a positive change in their results.
Visit Cisco Servicesto learn more about how converging technology trends are shaping the way IT operates and delivers services. Be sure to join the conversation, #CiscoServices.
In today’s era of SMAC – Social, Mobile, Analytics and Cloud based solution, Pay-Per-Use licensing and Dev Ops software development methodology, Independent Software Vendors (ISV) are facing major challenges on many fronts. ISVs strive to differentiate from their competitors and gain new customers, as well as retain existing customers and generate additional revenue from them. This shift is happening throughout the software developer market and has surfaced technological and business changes for ISVs.
When was the last time you won the lottery? If you are like me, it’s a pretty rare occasion indeed. The same probability can be applied to increasing the budget allocation for any business and especially for service providers. What can service providers do to save money now, enabling them to invest in new services and boost revenues? Network functions virtualization (NFV) comes to the rescue, with help of course, from software defined networking (SDN), and open source innovations.
SDN and NFV represent a significant change in networking as we currently know it. Together and separately, both target cost savings, operational complexity, and network optimization – and both hold much promise for the operator. As with all things offering great potential rewards, one must balance these benefits and address the associated risks accordingly when deploying them.
For service providers, the data center is leading target for SDN and NFV deployments. Given all the activity focused on cloud computing, content delivery, and anything-as-a-service (XaaS) offerings, the service provider data centers must advance across many fronts (security, automation, mobility, reliability analytics, and provisioning) to be successful.
Service provider customers expect more. The pace of change around us is not just constant but continuing to accelerate. To stay competitive with the nimble new players in the market, service providers need to change how they engage all of their end customers. Not exactly an easy challenge to overcome, but rapid and successful business transformation will put operators right in the middle of a world of new opportunities to capture customer mindshare. Exciting times are ahead!
So, what will it take for service providers to save money on their current service offerings, enabling them to invest and expand their businesses? Positive outcomes are made possible by an open, agile, and application centric approach, combining emerging Software-Defined Network (SDN), Network Functions Virtualization (NFV), and Open API technologies … not just to the network… but to all of their business processes.