CIPS CONNECTIONSINTERVIEWS by STEPHEN IBARAKI, FCIPS, I.S.P., ITCP, MVP, DF/NPA, CNPRoss Chevalier - CTO/CIO Novell Canada, Top-Ranking IT Authority This week, Stephen Ibaraki has an exclusive interview with Ross Chevalier. As Chief Technology Officer and Chief Information Officer, Ross is responsible for managing Novell Canada's technology and solutions architecture team and participating in the strategic directions for the corporation. He especially values his role serving as technical liaison in helping customers and partners across Canada leverage Novell technology. Ross has over 20 years of industry experience and has been involved in all aspects of networking, including systems integration and IS management. Prior to joining Novell Canada, Ross held a variety of senior leadership positions. Moreover, Ross continues to share his considerable experience and expertise by speaking at conferences such as LinuxWorld Conference & Expo / Network World Conference & Expo (Toronto April 18-20). An avid writer, Ross is the editor of the one Net news for Technology Professionals, a monthly electronic publication targeting IT personnel, systems engineers and architects across Canada. Discussion: Q: Ross, with your considerable knowledge and experiences from a long career of successes, thank you for coming in to share your deep insights with our audience. A: Thank you for the invitation to be with you for this. Q: Why do you choose LinuxWorld / Network World Conference & Expo as a forum for your message? A: LinuxWorld and Network World possess great industry credibility, and directly address the key markets that Novell is focused upon. This year, we have a keynote by David Patrick (http://www.novell.com/company/bios/dpatrick.html), a panel and a couple of sessions. If you want to hear more about Linux in the enterprise, alternatives to Microsoft Exchange, and much more, come by on April 19 and 20. Q: You have some interesting views on the attempt to replicate the Windows experience using Linux. Can you talk more about this and the alternatives to a fat client Desktop using an ASP-type model and web services? A: In fact, I’m not all that enamored of the idea of trying to replicate Windows. I am far more focused on offering an alternative to Windows on both the server and on the client. Linux on a server provides greater scalability and security from the kernel on out. Linux on the desktop provides similar functionality to the majority of desktop users, albeit with different applications, although there are typically common file formats. In an ASP world the services are hosted externally to the backend owner and the front-end user. Linux provides a great platform for ASPs to build on. Web services changes the game substantially, or more correctly, “good” web services does. Good web services have no preferred frame of reference, no particular OS required, no particular browser required and strong security. A web application that only works with Internet Explorer isn’t much of a web service example. The idea of web services is that the components built in a WS framework are reusable. Hence, a web application is not really a web service, nor is a terminal server driven app that comes through the web. Terminal services can sometimes be an effective way of driving applications through a browser, but good architecture is needed to ensure sufficient back end horsepower, and a good understanding of latency across the wire is needed to avoid the user experience from being horrible. There are Terminal Server clients available for Linux to reach MS Terminal Servers, Citrix servers and of course there is the Open Source Linux Terminal Services Project. Novell Canada staff are contributors to the LTSP initiative. Q: You have written about three things customers want: increased profitability, reduced expenses and risk. How will these areas be addressed with Novell Linux Desktop for Enterprises? What competitive advantage will it bring to businesses? A: There is clear, evidentiary support that Linux on the desktop affords business the one-two punch of dramatic cost savings and improved security. Linux on the desktop also provides freedom of choice in deployment and the ability to avoid vendor lock-in. I believe that well over 85% of knowledge workers could be using Linux on the desktop today with no loss of capability. Certainly the apps will have different names and there will be some differences in usage methods from time to time, but overall, the experience is already very easy. The only real challenge is that the majority of the general distros are built with the Linux enthusiast in mind. That’s not a bad thing at all, but it may not be what’s right for the business desktop. Novell Linux Desktop was created specifically for the business knowledge worker. The tools and applications that real people need every day without the complexity or the potential support challenge of “too much choice.” Moreover, there’s the one phone call support structure. When you implement Novell Linux Desktop in conjunction with a Novell support agreement, you call one number for all your issues. That mitigates risk and increases peace of mind. Combine reduced expense, significantly better security and reduced risk and it’s a winner. Q: Some analysts say that to take full advantage of Open Enterprise Server (OES) requires new skills and learning new tools. Can you detail these new skills and tools and provide the business value for loyal customers [to embrace OES] who still want the Netware feel? A: It really doesn’t require new knowledge. OES gives the customer freedom of choice of the kernel, either the NetWare kernel or the SUSE LINUX Enterprise Server kernel. From an operational perspective, the management remains very consistent. Customers wishing to deploy on the Linux kernel will gain exposure to working with YaST (Yet another Setup Tool), but it’s all graphical and very easy to use. Specific Linux command line skills are not required to install and operate OES. Of course, building skills enhances your marketable resume, so we’re already seeing a lot of enthusiasm from existing customers to build new skills. The only area of skills development is for customers who are deploying on the Linux kernel and also want to run Linux apps. Fortunately, Novell Training Services has programs to help these people build skills quickly and efficiently. Using new services always benefits from skill enhancements. If customers only want to use older style NetWare services on a NetWare kernel, no new skills are required at all, although in this situation the customer will not be leveraging the amazing capability of OES. There is also traction happening in the Linux community to be able to deliver NetWare’s services on Linux. Because of the tight integration with SLES and YaST, deploying OES on the Linux kernel is very easy for people with a Linux background. Check out some of the more commonly asked questions about OES: http://www.novell.com/products/openenterpriseserver/oes_faq.html Q: In a recent conversation with the CIO of the largest company in their sector, he mentioned his interest in changing completely to Linux-based servers and has already started this initiative. He is currently trying out a variety of Linux Desktops and he is not concerned about having exactly the same feature set as Windows. However, his overriding concern was portability of existing MS Office documents [one example: Excel spreadsheets] to the Open Source environment [such as OpenOffice] without requiring any changes. Can you comment on this case study and his concerns? When do you forecast the “critical mass” for corporate and consumer acceptance to Open Source? A: There is excellent file format level support in OpenOffice already. With OpenOffice as it stands in release (1.1.3) only a small percentage of documents will require rework; these being those documents with a focus on complex macros. In OpenOffice 2.0, now in Beta, this percentage drops as more powerful macro tools become available. In the case of Novell where we terminated our Microsoft Select Agreement, the number of document format issues has been extremely small, and in many cases was related to poor macro design. Q: Can you provide three case studies from your own experiences that demonstrate the value provided to businesses of Novell products and services? A: We have a public site http://www.novell.com/success that documents success stories from customers who use the technology and services every day. Customers can search by industry, business issue (such as identity management, etc.). I strongly urge readers to visit here to find the ones that are most relevant to their business/industry. Q: You have a column in “one Net news for Technology Professionals” where you express your personal viewpoints. What prompted you to take this on and what can we expect from you in future columns? A: I read a number of industry observance columns, blogs and the like and while some are very good, there are others who spend all their time sucking up to some other entity. Clearly I’m going to favour Novell offerings where appropriate but my goals are to create awareness of what’s happening in Open Source and at Novell, plus share some of my own experiences and discoveries (even if Novell is not directly involved in some of the things I write about). I hope that readers will find it useful and that they may try something that they may not have done prior to reading, examine their own perspectives, or simply get energized. Having been in the industry longer than some of the pundits, it’s been considered that my observations would be valuable to folks. As we go forward, I’ll discuss new apps and tools, in addition to whatever is annoying me or exciting me at the time. In the next issue, there’s a piece on desktop security targeted to the Windows desktop user. I’m appalled at how easily penetrated it is and troubled by the lack of attention paid to these vulnerabilities by end users. Computer literacy takes time to build, but the learning doesn’t end, and yet in some cases it looks like it has. That’s really very dangerous. Q: What are the essential building blocks, processes for design and deployment, and best practices around Identity Management? A: It’s very critical to recognize that proper IdM architectures are built to leverage an organization’s processes, not to force massive changes in process implementation, although rationalization is a benefit of an assessment. In the best case scenario, a Discovery Workshop is completed to find “what is”, followed by a roadmapping session that defines “what’s possible”, along with potential timelines and investment summaries. Then the customer organization can look at the overall opportunity and determine a prioritization sequencing and plan. Once this is complete, the mapping process begins to map the organizational processes into the IdM architecture. As the mapping progresses, the meta-directory and virtual directory implementations are defined and created and the implementation timelines are struck. Workflows and provisioning methods get documented and encoded. IdM when well-designed does not require every process to be attacked at the same time, in fact, a good architecture provides great flexibility in what gets done when, allowing the technology to fit the business and not the other way around. Key to the success of any IdM program is the early involvement of people who have “seen the elephant”, and who can bring to bear multiple experiences without the internal focus that is natural to employees of an organization engaging in an IdM implementation. We often hear that something cannot be done, not because it’s true but because of existing perception and biases. External resources from Novell or our IdM partners can reduce the implementation cycle because they can facilitate getting past these barriers. Q: What Linux solutions are available for business messaging and collaboration? Discuss the challenges and recommended processes. A: This is a very important question because I believe it is about much more than software or hardware. Collaboration is a social element as much as a business tool, and good architecture facilitates both. At the core of any collaboration effort must be security. Security is really about confidence and trust. In the Linux world, the security is built at the kernel level, so leveraging that is simple. The collaboration architecture is then built to leverage the security that is inherent in the platform and then makes specific additions particular to the collaborative process. By this I mean, for example, make it easy to leverage digital signatures, or provide message encryption. Organizations also need to look at how people really work. I talk about this often in regard to Instant Messaging. I often ask attendees at sessions if they have a policy regarding IM. Typically over 80% do, and the policy is no IM on the corporate network. Then I ask how that’s working out and invariably someone is honest enough to say it isn’t. The issue here isn’t that IM is bad or that the users are troublemakers but that the architecture is built in a way that impedes work. When we do storage assessments we constantly find email archives full of old messages that have no reason to be kept because their usable life is less than a minute. Novell brings a number of offerings to bear in collaboration on Linux, including secure high performance server side components such as GroupWise, flexible choices for workstations on Windows, Linux and Macintosh as well as calendaring, and secure instant messaging. We also work closely with partners who deliver integration with PDAs and RIM devices and our backend services. Partners also deliver excellent offerings in the realms of central antivirus, antispam and document management. We don’t see the need for everything to come from a single vendor, as long as standards are used, freedom of choice is very powerful. Q: What are your five favorite Tips, Tricks, and Traps? A: 1) Don’t use Internet Explorer unless you absolutely have to. Get Firefox. 2) Invest in a good antivirus program and update it at least weekly. 3) Buy a license for a personal firewall, and for spyware detection / prevention software, and use them. Same deal for anti-spam software. 4) Protect your kids online. Limit their time on the computer and encourage them to go outside and play. 5) Install a Linux desktop, like Novell Linux Desktop, and use it for 30 days. Then objectively look at what, if anything, you cannot do with NLD that you could do with Windows. Once you decide to stay on Linux, rejoice in the fact that you will get more life out of your PC and not be a giant target for every black hat hacker out there. Q: You choose the area. Can you share your top ten “best practices” for businesses? A: Be happy to, and as you might expect, Novell can help you with every one of these. 1) Consolidate hardware as part of the next buying cycle to more efficient structures such as blade architecture. It reduces operating expenses significantly and frees up space. Tie this to virtualization and with good architecture you’ll save even more. 2) 99.999% uptime isn’t good enough. Explore clustering and distance failover and get some help if the skills to do this are not present in the organization today. 3) Get a tight grip on your IT hardware and software assets. Know what is deployed where, and what you are paying for. If you have old hardware lying around unused, make sure it is fully depreciated, then get it off your books and then hire a decommissioning firm who can provide you certification of destruction. There’s a hidden property tax attached to hardware, even fully depreciated hardware. Your corporate finance professionals will understand this clearly. 4) Use a concentric ring security model, and maximize the security at the perimeter but reducing the number of entry points. Avoid being dependant on technologies that must be installed on a client workstation and do as much as possible centrally. 5) Compress your security perimeter by avoiding network extensions and leverage standards in security alternatively to proprietary frameworks. 6) Create a centralized identity management framework that is platform and operating system agnostic. Leverage metadirectory and virtual directory capabilities to link line of business systems and data storage via identity based computing. Identity management can also positively impact the security framework. The identity framework must include an audit component for legislative compliance and proof work. 7) Focus on all new application development being done where the only client side requirement is a browser. Leverage the identity framework as conveyed above as the authentication and authorization engine, and then use web services technologies to build reusable objects and screens for the delivery of the final application. Integrating identity with web services provides for work being an activity, not a place, and because of the identity component, the user only sees what he or she needs to see to get the job done. 8) Be extremely careful with the use of wireless networks. Wireless networks remain for the most part, open with no encryption. This is bad. Unfortunately the WEP model supported on Windows workstations is also not secure. Consider instead WPA architectures that have more capability with more frequent key rotation. 9) As part of the identity architecture, look to get to a single username and password for the edge. Use IDM architectures to reduce the number of IDs that end users have to deal with. Statistically, after two unique sets, people start to write these things down and that is potentially very dangerous. To test this situation, walk around your company after 7 p.m. and without using an administrative identity, see how long it is before you can be inside your corporate network by using one that you can easily discover. Once your single sign-on architecture is in place, make it more robust by using strong passwords that expire regularly and cannot be reused. If your organization is particularly security conscious, consider adding multi-factor authentication elements such as smartcards, tokens or biometrics. 10) Wherever possible, avoid using systems that are big targets for black hat hackers. While this sounds very logical, it’s an unfortunate fact that the number one messaging infrastructure in use in corporate North America is also the single largest target for virus/worm/malware/scumware creators. The black hats have the luxury of knowing what they will do before you do. Having the company messaging architecture out of commission due to infection or destruction is definitely a career-limiting move. Q: You have many milestones in your life, share some of the lessons you have learned. A: Ok, here are a few. If they seem flippant, they aren’t. Make a life / work balance. The adage about commentary on your tombstone about working more applies here. Don’t ride without a helmet. You may be great but the idiot yattering on the cell phone and eating while driving will kill you. For that matter, don’t ride in shorts and sandals either, but hey, it’s your life. Just remember that roadrash hurts. Worry only about the stuff you can impact. The rest of it you have no control over so all you’ll get from worrying is high blood pressure. If you can impact it, then do so, or move on. For every 10 things you try, you may only achieve three of them, and that’s pretty darn good. In the war of optimism versus pessimism, there are many camps of advocacy, but it’s easier to get out of bed if you’re optimistic. Read books. Listen to great music, play if you can. Never stop challenging yourself to learn. Q: Ross, you are in an ideal position to make predictions. So make your top predictions in any areas of your choosing and provide specific time frames? Justify your predictions. A: I’d rather not. I’d hate for people four centuries from now to be beating on my reputation like they do to Nostradamus. But here are three simple but relevant thoughts. 1) What: Everything that is today will change. When: Every day. Justification: Chaos Theory. 2) What: The scale of Moore’s Law will change. When: Already started. Justification: The existence of Moore’s Law prophesies the change itself. 3) What: If this country doesn’t get behind developing skills and encouraging business growth and encouraging smart people to stay here, it will be a third world country. When: By 2050 if things don’t change soon. Justification: Economists in the Federal government believe this too, but nothing is happening to address it. We still lose smart folks to other parts of the world. I don’t do political rants, although I could. Call Dennis Miller. Q: What are your favourite information links, tools, and other resources? Why? A: People are the best sources. Different perspectives see different things and that’s often interesting and useful. I enjoy conversation with other technologists, not specifically for a particular subject but to try to learn to see what they see. 1) Sourceforge, Freshmeat – because they are great places to look at what interesting people in IT are doing. 2) Technology Review – MIT’s magazine is truly awesome. Every technologist should subscribe and discover what smart folks in other fields are doing. The interrelationship opportunities are fascinating and compelling. 3) I subscribe to a number of RSS feeds that show up nicely in Firefox. In addition to the Linux and Macintosh feeds, I like The Register and Slashdot as examples. 4) I use web searches a lot but I’m cautious about the citations and understand the way the relevance scores are calculated. Everyone knows Google and that company is quite forthcoming about how their rankings are done. An excellent search tool that is less well-known is Teoma. Try it out at www.teoma.com. Q: Ross you are a dedicated guitar collector and you spend your leisure time restoring and working on classic cars and motorcycles. Comment on these passions? A: I very much enjoy the hunting part of collecting. There’s a great deal of enjoyment in tracking down a specific piece. The big auction that happened in Toronto recently had some truly awesome instruments although well outside my price range. I’ve slowed down on the collecting a bit due to space considerations, but every now and again the mood strikes. I recently spent some time looking for a Gretsch White Falcon, but didn’t find one that struck me. As we keep growing the business, the stock will reach the point where I can go get one of Paul Reed Smith’s original Dragons. I don’t do much in the way of restoration any more, time being the challenge, but we still enjoy keeping the old cars on the road and driving when the weather is good. A few of us from Novell attended the BMW Driver School last year and I’d like to do the next section this summer. Q: Ross, thank you for taking the time to do this interview and sharing your depth of experiences with our audience. A: You’re welcome. |