Archive for the ‘DashO’ Category

How do I love thee? Let me count the ways.

Thursday, August 20th, 2009 by Sebastian Holst

“How do I love thee? Let me count the ways. I love thee to the depth and breadth and height” - Sonnet 43, Elizabeth Barrett Browning

So “what’s love got to do with it?” (Private Dancer, Tina Turner) Hint: if people live for love, then businesses live for money

On July 14th, Microsoft announced Azure pricing and a “grace period” through PDC 2009. A primary rationale here is to enable development organizations to optimize deployment and monetization models to maximize Azure commercial opportunities.

So, whether you are a romantic (like Ms Browning above) or perhaps more hardened like Tina Turner’s Private Dancer (or Stanley Kubrick a la Full Metal Jacket), one thing is for sure - Microsoft wants Azure to “love you long time.” How deep, wide, high or long is the question.

Check out a this article in SD Times - PreEmptive’s Dotfuscator instruments Azure applications By David Worthington – where Dave Worthington makes many of the very same points.

Of course, we announced Runtime Intelligence Service (RIS) Azure support to help developers answer these very questions. While perhaps not as soaring as a sonnet – Runtime Intelligence allows for any .NET component deployed into Azure to be injected (post-build) with session, feature and method level monitoring. The runtime intelligence is streamed out of Azure for analysis. Other than writing a custom solution, this is perhaps the only means to measure adoption, usage patterns and performance inside Azure in near real-time.

Now, my posts are all intended to help you (blog followers) find more ways to make more money (we want to spread the love). So, you will note that I very specifically said the RIS helps to answer these questions. What the Azure development community really needs is an ROI calculator that will combine real usage data (from both legacy and piloted Azure applications) with Microsoft pricing and the offset IT expenses to come up with an Azure ROI calculator. I know there are lots of calculators being written – but how many of them can incorporate actual usage data before and after deployment to the cloud? That’s not our business – but could it be yours?

If yes, let me know and I will make sure you have what you need to call our RI Service via our RESTful API – making your calculator uniquely able to reliably predict cloud ROI.

As always, i have a more philosophical take on this issue on my personal blog at http://apps-are-people-too.blogspot.com/2009/08/how-do-i-love-thee-let-me-count-ways.html

Tags: , , , , , ,
Posted in Application Lifecycle Management, DashO, Dotfuscator, Dotfuscator CE, IT Operations Management, Microsoft, Opportunity (swOt), Runtime Intelligence, Software Development Lifecycle Management, Threat (swoT) | No Comments »

Notes from the RSA Conference

Wednesday, April 29th, 2009 by Sebastian Holst

I have just returned from the RSA Conference where I stumbled on a business opportunity that I think is out there for anyone addressing log and event management requirements.

On Thursday, April 23, there was a session entitled “Common Event and Log Standards: Leveling IT’s Tower of Babel.”
The abstract stated, in part, that:

“The IT industry suffers from a lack of standards for event, log, and audit information. Regulatory requirements to retain, protect, and destroy log data continue to increase. Organizations also need better situation awareness and cost control across complex IT security event horizons. The good news is that standards efforts are underway,…”

XDAS (for more info visit http://www.opengroup.org/security/das/xdas_int.htm) is one standard being developed/promoted to address these issues and the Common Event Expression (CEE) language, being developed by Mitre is an even broader effort that will, ultimately, subsume the former (for more information visit http://cee.mitre.org/). …but these efforts are, as a direct consequence of their ambition and generality, complex and solutions/implementations live somewhere in our future.

There is, of course, an established market for log and event management solutions that address the current heterogeneous and, often, incompatible log and event data streams and sources – do a search on “log and event management” as a case in point. Many of the vendors that will pop-up were also exhibiting at the RSA Conference – both promoting the value of Security Event Information Management (SEIM) and capitalizing on the confusion that stems from the lack of standards in this important field.

Well check this out…

In 2008, Microsoft announced that Visual Studio 2010 would include an extended version of Dotfuscator CE that would include, for the first time, the ability to inject tamper detection, application expiry behavior, session monitoring, and feature tracking – all post-build, without programming, on virtually every flavor of the .NET framework.

This move essentially enables the 6 million+ Visual Studio programmers to retroactively add streaming logs to virtually every .NET application ever written – and guess what? They will not only stream to any endpoint specified (dealing with distributed and cloud-based components) – they will ALL SHARE THE SAME SCHEMA!

– PROBLEM SOLVED????

Of course not – but here are some obvious implications

Given the historical adoption precedent of obfuscation, it is highly probable that 30%-40% of .NET developers will experiment with and incorporate these new capabilities into their development efforts. That’s millions of developers and many many thousands of software components.

As post-build injection becomes more widely accepted as a standard practice, the Java community’s adoption of similar capabilities is likely to increase as well (we support injecting the very same “streaming logs” into Java).

OPPORTUNITY

SEIM and Control Vendors – build-in support for the SOAP signals that will soon be a de facto standard on the .NET platform – differentiate your solutions by getting ahead of the .NET 4.0 curve and establishing yourself as a leader in application security event information management (aSEIM).

Application and Information Management Service Providers – expand your practices to address both the opportunities that this kind of application monitoring offers as well as any potential for abuse.

When 6 million of your closest developer friends have a technology in their arsenal – will it be too late for you to claim to be an expert?

For a more chatty discussion also inspired by the RSA Conference on why Cloud Conferences will never replace live events (and therefore, why Cloud Computing will never replace installed software) - visit my personal blog - Applications Are People Too

Posted in DashO, Dotfuscator, IT Operations Management, Runtime Intelligence, Software Development Lifecycle Management | No Comments »