Who’s On Phirst

I am pleased to inform our customers, partners and suppliers that Phurnace Software has been acquired by BMC Software. This is great news for everyone: Especially our customers. We will accelerate our innovation and product expansion and we now have the global reach through BMC for sales, support and services. All of the things that you liked about Phurnace, you will love about BMC. The product will continue to be offered as a standalone solution, as well as part of a larger more robust enterprise suite, as part of the BMC BladeLogic family. The product will continue to integrate into a wide range of third party systems; and that capability will not be lost – it will be enhanced. The pace of new feature additions and new platforms supported will also accelerate. BMC shares the vision that Phurnace was formed on – automation of application deployments and configurations that save time, money and eliminate costly errors.

The entire Phurnace team is staying in place and you will work with the same team that you have come to know. In fact, we will be growing. BMC has become the leader in data center automation and adding Phurnace furthers that lead. BMC is the ONLY provider of a full suite of automation tools that include the auto-deploy of Java enterprise applications. BMC recognizes that the real business value is in the application layer and the complete line of BladeLogic products are being enhanced and extended to handle the all important application layer – and unlike other vendors – BMC views the data center as a integrated and interchangeable set of physical, virtual and cloud environments.

It has been a great ride at Phurnace Software as an independent, venture capital backed company, and it will be an even more exciting ride as we move into the future with the backing, resources and market reach of BMC. Join us for the ride.

For more information, visit http://www.bmc.com/home/2010/bmc-acquires-phurnace-software.html

In Untagged 
Comment (3) Read More...

Every recent issue of every IT publication has discussed ways to reduce spending.  Especially in this tough economy, but quite frankly, this should be a constant priority for IT management.  We are hosting a webinar on this very topic.  Forrester analyst, Evelyn Hubbert, will be our guest speaker.  Please join us.  She has experience from across a wide range of industries and talks each week with some of the most innovative IT leaders around.  Evelyn will share her latest findings on how People, Process and Technology can make a difference.   

She will point out some of the new skills that are needed in IT as well as the need for automation across all functions of the data center as a key cost savings area.  We see large companies using automation tools to quickly improve operational efficiency while reducing costs.  It is worth taking a look.  Please join our webinar on July 30^th or view the on-demand replay afterwards for some thoughtful insights from Forrester Research and Phurnace.  It will only cost you 40 minutes of time, but could save you hundreds of thousands of dollars in IT.  

In phurnace, Data Center Automation
Comment (0) Read More...

We occasionally get the question, “Does HP, BMC, CA or IBM offer what Phurnace does?” The answer is simply – NO. We have a unique patent-pending approach (a software system and methodology patent) to deployment automation and there is no other vendor that addresses the problem the way that we do. This is not to say that there aren’t other ways to deploy J2EE applications and to configure web application servers. There are other ways, but they rely on hand-crafted, custom-written scripts or manual processes involving the app server console or configuration file editing. We think there is a much better way. The Phurnace way. It is a way that A.) reduces errors, B.) saves time, and C.) saves money. With the introduction of Phurnace, an entirely new way of managing web application deployment has emerged. It is quite frankly, a breakthrough.

Many of our customers have already spent a significant amount of money on I.T. operations platforms such as HP Server Automation, IBM Rational, IBM Tivoli or BMC BladeLogic, to name a few. They want to make sure that those systems don’t provide the functionality that Phurnace does. It is totally understandable and we welcome the question. What they have all found is that we provide a value-add to these systems and are not an overlap. Granted, you will find the terms “deployment automation” in each of their respective product brochures, but without exception, this means “auto launching of the custom-scripts that someone writes for your unique environment.” Phurnace replaces the mechanism of deployment, not the process. Remove the script mechanism, place Phurnace in its place. Boom -- Big cost savings immediately. No more writing of scripts, updating of scripts, maintenance of all of that “scaffolding”. And, Phurnace has integrations available directly to just about every build, source code, release and IT operation system out on the market (even open source tools).

So, feel free to ask the question – “Does Phurnace overlap with my current system?” We will answer with a confident NO and then install our software in your existing environment and prove it. Please give us a chance to put that question to bed.

In Untagged 
Comment (0) Read More...

Cloud computing. You have heard the term and are most likely following the hype. And hype is a good term to describe the frenzied attention. However, be careful. Don’t write this hype off as a fad or overblown. In this case, I think it is wise to investigate and ask yourself some difficult questions about your current business. Regardless of what industry you are in.

When I first heard “cloud computing” I brushed it off as the latest marketing term for something that has been around for decades – I thought back to the days of time sharing on the mainframe, then to the Application Service Providers (ASPs), then to the trend of “hosting” and all of the vendors that have emerged in that arena, from ISPs to actual hosted service providers. So, at first glance, I reasoned -- same thing, new name. I was wrong. What makes cloud computing different in my opinion, are two fundamental things. 1) virtualization, and 2) the pricing model of the cloud. Granted, over time we will see the emergence of deviations from one model -- private clouds, public clouds, internal clouds, hosted clouds, sourced clouds, big clouds, tiny clouds… But regardless, they will turn the current model of computing and I.T. buying on its head. When? I am not sure. Not in 2009 or early 2010, but before 2015 for sure. Hey, if Gartner and Forrester get 6 years of wiggle room on forecasting, I should too.

Cloud computing, through virtualization technology, promises to change the economics of how we all buy “computing”. I didn’t say computers, I said computing. And that is at the heart of the discussion. Over time, individuals and companies will buy more and more “computing” (as it is used, pay by drink so to speak) and less and less “computers”. In the early 1900’s individuals and companies purchased electricity generating systems (which in turn delivered electricity on site). Over time, the model turned to the purchase of electricity and not the machines themselves. The Electric Utility was born. That similar model will emerge with computing and we have already seen it with such examples as FaceBook, SalesForce.com, Amazon Web Services, Google App Engine, Google Docs, OpenTable, etc. The computing on all of these is not done on your computer; they are delivered as a service utility. Some you pay for as you use, some are even free (the advertisers foot the bill).

So, it is time to now point you in the direction of the book that pushed me over the edge and convinced me that the cloud would be game changing. After research from countless articles, conferences, webinars, and discussions I was teetering on the edge, and then I read The Big Switch by Nicholas Carr. My conversion was complete. I believe. The Financial Times calls this book “the best read so far about the significance of the shift to cloud computing".

Let me insert a paragraph directly for Mr. Carr’s website describing the book’s topic:
“The shift is already remaking the computer industry, bringing new competitors like Google and Salesforce.com to the fore and threatening stalwarts like Microsoft and Dell. But the effects will reach much further. Cheap, utility-supplied computing will ultimately change society as profoundly as cheap electricity did. We can already see the early effects — in the shift of control over media from institutions to individuals, in debates over the value of privacy, in the export of the jobs of knowledge workers, even in the growing concentration of wealth. As information utilities expand, the changes will only broaden, and their pace will only accelerate.”

Finally, do not fear the cloud. Find a way to embrace it. Find a way to prepare your business for this coming change. Whether you sell computer hardware, enterprise software, are a bank, are a retailer, whatever. Talk about it, plan for it. If you have a long term vision and plan of how to take advantage of the cloud, it can benefit you. If you ignore it and wait, it could potentially topple you. Be prepared. The clouds are building. The subsequent storm will destroy some in its path, but give life-giving rain to others.

In Cloud Computing
Comment (0) Read More...

You may have already heard the news that Oracle has made a bid for Sun. The IBM acquisition deal fell through two weeks ago. In my opinion, it looks like the market is making a slow move back to the one-stop-shop “system house” approach. IBM, HP, Oracle/Sun and maybe soon Cisco, will all offer systems with hardware, software and services. Is this a trend toward a conservative IT approach? “I want one vendor responsible for my environment?” “I don’t care if all the pieces are best of breed, I just want it to work together and lower my TCO.” We shall see.

The pendulum swings again. This has happened throughout my long career in the computer and software industry. The current buzz around cloud computing fits this mind set as well. “I don’t care what it is or who it is from, just make it work and charge me just for what I use.”

The challenges of system and data center management will not go away, however. This latest consolidation move will just bring them in to the limelight again. The future is bright for data center automation tools. Customers are demanding that complexity be reduced and big systems vendors are making promises that they will answer the call. Phurnace Software is in a good place. Our customers know that we can make their deployment process much, much more simple and for sure – pull out real costs.

It will be intriguing to see what else happens in this “system house” building era. SAP? Cisco? BMC? CA? Dell? Microsoft? Are they next? And don’t think that Amazon and Google don’t have a grand plan up their sleeves. Should be interesting.

In Untagged 
Comment (0) Read More...

We had a discussion the other day with a very large bank and learned that they spend a huge amount of time and money on setting up test servers and fail-over servers, yet they have major problems assuring that the configurations match. In fact, they gave us an example of how their customer facing application dropped recently because their main site dropped and the fail over was not configured correctly. BAD. To keep this from happening again, they were planning to throw people at the problem. There is a better way.

It is now clear that Phurnace Deliver can also provide an “Agile Test Infrastructure” for higher test server utilization and dramatically lower costs.

The way it works is that large customers keep many different test environments to be responsive to test scenarios because it takes too long to configure a different environment required for a given test scenario that arises.

At the above mentioned bank, test server utilization is only 10%. To eliminate half of their test servers and the associated “hard dollar” hardware and software costs, Phurnace only needs to drive their utilization to 20%. The way Phurnace accomplishes this is by eliminating lesser used test servers and configuration environments and then by reconfiguring available servers to the required configuration on an as-needed basis.

Bottom line, Phurnace enables an “Agile Test Infrastructure” as well as enabling Agile Development.

In Agile Software Development
Comment (0) Read More...

There’s a lot of politically-motivated talk these days about creating green jobs, green-collar jobs, green industries, even a green economy. Sounds great, but many people wonder if we can do it, how will we do it, and what is the answer. The answer is, we’re already doing it. The US is currently a global powerhouse in the greenest of green industries, and it is not some short term “feel good” category like pouring concrete to make windmills. It is SOFTWARE. Computer software is as green as it gets. Programs that do amazing things that are created from thoughts and good processes. No by-products, no carbon (except maybe the exhalation of engineers), no pollution, not even plastic discs or cardboard boxes anymore (think downloads). This is the greenest industry the planet has ever seen and may be the greenest ever. Yet, where is the software targeted stimulus, the special treatment for immigrants that are programmers, the incentive for college kids to study computer science, the “earmarks” and the special programs? It seems ridiculous that as the world’s leading technology innovator, we don’t prioritize investing heavily in our nation’s software programming assets – and help grow the industry to three times its current size. Or 300 times, for that matter.

Software is currently, or soon will be, as pervasive as plastic and steel -- embedded in every product and service offered the world over. Consider the iPhone -- a great product and ground-breaking invention. Sure, it’s got a sleek and sexy interface and feels great in your hand, but its bigger value lies in the software that downloads and plays your music, maps locations via GPS, and even allows you to do online banking. What was once just a mobile phone has now become a sophisticated software platform for next-generation application development, opening new doors of revenue opportunity and convenience for people around the world.

The list goes on. From automobiles, airplanes and power plants, to farming, banking and health care, software permeates every aspect of our lives.

Are we so shortsighted and beholden to the special interests of “old industry” that we would rather create a generation of ditch diggers and concrete pourers, than a generation of knowledge workers and software specialists? Hold on, I know what you’re saying, “We can’t all excel in math and programming to be in the software industry.” That’s ridiculous. I have never written a line of code in my life and I have been in the software industry since 1983. Yes, we need programmers, but there are hundreds of other job roles that support the software industry. That’s like saying that only aeronautical engineers work in the airplane and airline industries. Every industry now relies on software. I am not talking about just Microsoft, Oracle and Google. There are thousands of software jobs in banking, in transportation, in construction, in shipping, in (place any industry name here). Most of the world’s software actually ISN’T from the likes of Microsoft. As I said earlier, it is pervasive.

So write your Senator, send an email, comment on a blog. Whatever you do, spread the word. The answer to the green job problem is right in front of us -- and it’s SOFTWARE.

In Green
Comment (0) Read More...

An interesting development today in the world of automated application deployment -- Oracle plans to acquire mValent, a configuration management vendor located in Boston. mValent, the cat of the configuration management market (as in 9 lives), was originally a CMDB vendor, then positioned themselves differently, then again, then again, and finally, as application configuration automation. They have been a long time partner with Oracle as well as with OpsWare (acquired by HP). The acquisition announcement shows that automated configuration is becoming a hot topic. This validates that there are real challenges in the current processes around application configuration and that the challenges are now serious enough to get the attention of Oracle. We see it every day. Our customers and prospects tell us they feel the pain each time a new app, a new patch, or a new release requires deployment from dev to test to production. Too often, custom scripting or some hacked together scripting-framework is the norm.

My bet is that Oracle will evolve the mValent Integrity product to be surrounded by and dependent on Oracle-only products. Where does that leave the huge customer base that relies on other middleware offerings like IBM WebSphere, RedHat JBoss, BMC Bladelogic, HP Server Automation, IBM Build Forge, etc.? Oracle has this habit of forcing you to go back to their well (and making it tough if you don’t like the water). Phurnace is now the only vendor-neutral automated deployment vendor. And, we still plan to support all of the releases of WebLogic (Oracle’s web app server).

The discomfort of application deployment and configuration is real and most companies are just now realizing that there is a way to ease that pain. Oracle, with this acquisition, has said it is OK to admit the problem. So now I ask you, please go do something about it. Act. Look at both Oracle/mValent and at Phurnace Deliver™. Either choice is better than what you are probably doing today. Although I think Phurnace is the better choice.

In Untagged 
Comment (2) Read More...

Data center automation and transformation are in the news again as CIOs look for ways to cut spending in their companies. A survey recently published reveals that 84% of technology organizations have this on their list to control costs and reduce business risks. From the report: “Today’s CIOs are challenged more than ever to control costs and quickly achieve returns on technology investments. According to the study, respondents named reducing operational costs (31%) as their top driver for 2009 DCT spending. Enhancing security (29%) followed as a close second.”

The survey reports the type of projects companies would implement independently to achieve specific technology goals are:

• Automation – 64%
• Green IT – 60%
• Operations management – 59%
• Virtualization – 59%
• Business continuity – 58%

An important point on automation that I need to make: Automation of tasks or individual projects can be addressed without embarking on a major IT re-architecture campaign. This is why, I believe, that automation is ranked so high. Small and manageable steps may be taken in this area even while IT staffs are stretched or even reduced.

Deployment automation is the most likely place to start. Customer facing applications are even more important during these tough economic times and they must be maintained and updated. Automating this process and getting customer-applications moved out into production quicker and with fewer errors makes so much sense, and it will be a driver for reduced costs.

Please read the survey results, your peers have identified the cost savings opportunities. Consider it friendly advice; advice worth taking.

In Data Center Automation
Comment (0) Read More...

I am including a copy of a recent InformationWeek article in my blog this time. The article talks about errors in programming that can lead to security breaches in applications. Apparently a government-sponsored software assurance initiative has been formed. This is positive news in our fight for cyber security. I personally believe that the threat of a coordinated cyber attack is as likely as another 9-11 type physical attack. A large scale cyber attack could cause serious disruption of business and worsen this already stagnant economy. I urge all IT organizations to look into their development practices and at their applications to assure that they are secure. The IW article points out common areas that are vulnerable. This must be a priority for IT executives today.

Although it may not be politically correct in some circles to openly declare that our civilization is under attack, I will say that it is. There are organized and often state-sponsored enemies of western civilization that have made it their mission to disrupt or destroy our way of life. The battlefront is varied and it is dynamic. Cyber security should be of concern to all of us. Think of it as a vulnerable and exposed “supply line” that is analogous to the supply lines that stretched far behind battlefields of old. Those supply lines could be attacked and cut off, therefore limiting a force’s ability to function. The analogy holds true for cyber lines today. We are exposed.

It is not just about firewalls and filters, but it is about HOW code is written and HOW it is deployed. Errors can be dangerous. Not just frustrating, but downright dangerous. You should remove as many errors from your processes as possible. My advice to IT managers is to spend time and resources eliminating errors. Not only will it save your company money, but it could be an active defense for ALL of us.

InformationWeek Article:
By Thomas Claburn
Jan. 12, 2009
URL: http://www.informationweek.com/story/showArticle.jhtml?articleID=212701491

25 Most Dangerous Programming Errors Exposed

By publicizing these common programming errors, the participating organizations hope to make software code, and by extension the nation's cyberinfrastructure, more secure.

Experts from more than 30 U.S. and international cybersecurity organizations plan to disclose the 25 most dangerous programming errors on Monday, at a media event in Washington, D.C.

The CWE/SANS Top 25 List was compiled with help from organizations and individuals including Apple, CERT, Microsoft, Oracle, Red Hat, and Symantec, to name a few. It is managed by The SANS Institute and Mitre, and funded by U.S. Department of Homeland Security's National Cyber Security Division and the U.S. National Security Agency, both of which also contributed to the development of the list.

CWE stands for Common Weakness Enumeration, a government-sponsored software assurance initiative.

By publicizing these common programming errors, the participating organizations hope to make software code, and by extension the nation's cyberinfrastructure, more secure. Just two of these errors led to more than 1.5 million security breaches in 2008, according to the groups.

"This activity is an important first step in managing the vulnerability of our networks and technology," said Tony Sager, director of the Vulnerability Analysis Office at the National Security Agency, in a statement. "We need to move away from reacting to thousands of individual vulnerabilities, and focus instead on a relatively small number of software flaws that allow vulnerabilities to occur, each with a general root cause. This allows us to then target improvements in software development practices, tools, and requirements to manage these problems earlier in the life cycle, where we can solve them at large scale and cost-effectively."

The hope is that the errors list will serve four major purposes: To make software more secure for buyers by requiring that vendors certify their software is free of these top 25 errors; to incorporate awareness of these errors into software testing tools; to provide information necessary for educators to teach more secure programming techniques; and to provide a guide for employers to determine the abilities of programmers to write code free of these errors.

"The first two errors on the Top 25 are improper input validation and improper output encoding, and they earned the top rating for good reason," said project editor Steven Christey of Mitre in a statement.

"In 2008, hundreds of thousands of innocent, and generally trusted, Web pages were modified to serve malware by automated programs that burrowed into databases using SQL injection," he said. "The attack worked because countless programmers made the exact same mistake in their software. In a 2005 incident exploiting these same two errors, a teenager used a cross-site scripting attack to create a worm that hit the profiles of over 1 million MySpace users in less than a day, causing a temporary outage for the entire site."

The Top 25 List consists of three categories of programming errors: Insecure Interaction Between Components (nine errors), Risky Resource Management (nine errors), and Porous Defenses (seven errors). Examples of errors in the respective categories include: CWE-20: Improper Input Validation; CWE-119: Failure to Constrain Operations within the Bounds of a Memory Buffer; and CWE-285: Improper Access Control.

For the complete list and explanatory information, visit sans.org/top25 or cwe.mitre.org/top25.

In Untagged 
Comment (0) Read More...