When, 10 years hence, we look back on 2003 and 2004, what will have emerged that will have changed how we view our critical software infrastructure? What will have changed the competitive landscape and the "business as usual" mentalities that so many CIOs have been forced to adopt? For this research, we looked at predictions from a subset of software infrastructure, including:
We also looked at a closely related challenge - real-time infrastructure.
The following are Gartner's predictions representing the most- interesting challenges and opportunities for IT:
Prediction -- Security protection will get closer and closer to individual applications. In 2013, on-demand firewall security mechanisms will be wrapped around all access requests for remote user applications.
Security and intrusion defense keep "moving down the food chain." Five years ago, firewalls were only needed at the boundary between a LAN and the Internet. Today, firewalls are needed on every workstation. Next year, they will be needed on personal digital assistants and smartphones. Users are exposed to attacks that cannot be avoided with traditional signature-based antivirus tools. In a world where employees might use any device, there is no way to ensure that devices are properly managed and secured. Security checks for adherence to appropriate security policies must be made before remote access is granted. However, what if the remote system is not in compliance? It will be unreasonable to expect to perform instant and major upgrades to the remote device; thus, security mechanisms such as personal firewalls must be supplied when remote access is granted. On-demand "firewalling" solutions will be installed on user platforms at the first attempt to access a secure portal.
Strategic Planning Assumptions: By 2006, legacy personal firewalls will be cannibalized by Microsoft's Internet Connection Firewall (0.8 probability). Device-based personal firewalls will be obsolete for remote access by 2009 (0.7 probability).
Action Recommendations for 2004
Enterprises must adopt a multiyear protection time frame. For 2004, Gartner urges enterprises to install personal firewalls on all devices that go outside the enterprise network perimeter and all devices equipped with wireless LAN access. The need is immediate, and the payback is immediate. However, by 2006, the traditional personal firewall market will be facing a downturn because Microsoft's Internet Connection Firewall (ICF) in Windows XP will eat the bottom out of the desktop/laptop entry market for personal firewalls. Surviving personal firewall vendors will transform their products to add value to ICF on Windows platforms and will be forced to become more clever at on-demand solutions based on Java and ActiveX, including on-demand changes to ICF.
By 2009, firewalling products that attempt to persist on portable devices will be suffering growth pains. Independently developed on-demand security systems that attempt to modify device behavior will have been adopted independently and will clutter devices and clash, each creating interference by applying redundant and overlapping rules and filters to the user's system configuration. In 2013, firewalling policies will be tightly wrapped and bound to remotely accessed applications, so they will execute specific protection rules for the application requested. Security policy will still be enterprise-driven, because the choice of firewalling rules to be applied will be made when a user requests an application from an enterprise portal. These policies will be assembled on demand according to enterprise portal policies. They will be propagated from enterprise security or portal servers with each remote access request for a specific application, whether the application executes on a server or at the remote user's device. Each access request to a portal will enforce security policies relevant to the specific application. Remote applications that are allowed to execute offline will be wrapped with virtual-machine environments in which they will encrypt their memory and storage data.
Prediction -- The support foundation for software infrastructure is changing. Real-time infrastructure will reshape IT operations and infrastructure.
An IT infrastructure is a collection of client devices, servers, storage, networks, databases and middleware that supports the delivery of business applications and IT-enabled business processes. A real-time infrastructure (RTI) is an IT infrastructure shared across customers, business units or applications where business policies and service-level agreements drive dynamic and automatic optimization of the IT infrastructure, thus reducing costs while increasing agility and quality of service. RTI represents a 10-year vision and evolution for the distributed computing architecture and management environments, which will reduce capital and labor costs while increasing IT agility, responsiveness and quality of service.
Strategic Planning Assumptions: The RTI will be inevitable, rolling out in phases through 2010 (0.8 probability). Through 2006, corporate politics will prevent widespread adoption of production server infrastructure sharing (0.8 probability). Enterprises that do not leverage virtualization technologies will spend 25 percent more annually for hardware, software, labor and space for Intel servers, and 15 percent more on the same for reduced instruction set computer (RISC) servers, by 2008 (0.7 probability).
Action Recommendations for 2004
The principles of RTI -- standardization, virtualization, automation and maturing toward IT service management -- can and should be deployed for benefit today, in preparation for RTI. RTI will have a huge impact on the IT operations/infrastructure cost structure, quality of service and adaptability -- or the speed with which to respond to changing business requirements. Enterprises that do not evolve to RTI during the next 10 years will be uncompetitive (in price and service), will lose credibility with their customers and, thus, will risk survival. One impediment to RTI is resistance to resource sharing across business units. Even more problematic are corporate politics, which keep business units from sharing excess capacity with each other. Enterprises should prove resource sharing within business units or departments where less corporate politics are at play, prior to widespread deployment.
Prediction -- Service-oriented approaches will push application providers to crack open their monoliths and allow Web-services-based access to internal business processes. Service-oriented business applications will power competitive advantage by allowing new combinations of application functionality at new levels of granularity.
In 2004, broad enterprise deployment of service-oriented business applications (SOBAs) will begin. SOBAs will demonstrate the real-world benefits of service-oriented architectures (SOAs) and related services-oriented development of applications by vendors and end users developing their own composite applications. Business application vendors, including SAP, Siebel Systems, PeopleSoft, Oracle and Microsoft, will support SOBAs through the transformation of established applications in SOA-oriented formats, including incorporation of Web services standards, such as Simple Object Access Protocol (SOAP) and Business Process Execution Language for Web Services (BPEL), and the introduction of new applications that make use of new dynamic business modeling techniques. SOBAs will include, but not be limited to, customer relationship management, supply chain management, enterprise resource planning and workplace applications, including emerging smart enterprise suites. SOBAs will power competitive advantage by breaking down walls separating dissimilar applications and information stores. The first benefits of composite SOBAs will be noticeable within six months of implementation by Type A enterprises (aggressive adopters of technology), yielding rapid return on investment within the first 12 months of investment. SOBAs will also allow enterprises to outsource and "partner source" business processes to other organizations using collaborative application formats formed through business process fusion.
Strategic Planning Assumption: Enterprises that deploy SOBAs through 2008 will realize average process productivity gains of more than 20 percent, and cost savings of more than 15 percent, by fusing dissimilar applications and breaking down structured and nonstructured information silos (0.6 probability).
Action Recommendations for 2004
Security considerations must be addressed by taking advantage of technologies such as Secure Sockets Layer (SSL) and Kerberos, because Web services may expose up to 70 percent of organizational firewalls to malicious-code attacks before WS- Security specifications reach deployment status beginning in 2005. End users should transform select applications to first- generation SOBA-based formats through integration with emerging Web services specifications, such as SOAP and Web Services Description Language (WSDL), and begin investigating more-advanced Web services standards, such as BPEL and Web Services Composite Application Framework (WS-CAF), for future composite formation. Push key application software providers -- especially those that provide niche or industry- specific applications -- to state if they plan to offer SOBAs and what migration path they propose. Providers that can't or won't give this information by the end of 2004 should be downgraded on your list of preferred vendors.
Prediction -- Event management technology will reshape the way businesses run by making applications expose the business events that they touch.
Enterprises will achieve new levels of flexibility and a deeper understanding of their business processes by applying the techniques of complex-event processing (CEP) to their daily work. Application systems and office productivity tools will emit a steady stream of event messages that report on hundreds of activities of business significance. CEP agents will analyze, correlate and summarize these low-level events into higher-level events suitable for notifying people in human terms or for triggering automated processes. Businesses will operate more efficiently, with early warning of potential opportunities and problems, and with better understanding of the root causes that change conditions.
We consider message-oriented middleware (MOM) to be an enabler of the simplest of four levels of event management. Simple events are widely used (although still underutilized). MOM has only the most basic "rules" -- it will do publish and subscribe (pub-sub) on message headers, but that's all. The turning point is not simple events, however. The next big wave of event exploitation will be CEP. CEP is rare in business applications today, but it won't be in five years. The computer science for CEP is not entirely new -- some aspects have been used in IT operations management software for a decade, and most operating systems are bastions of CEP. Although some CEP technology is still in the research labs, little CEP has been embedded in tools that are aimed at business applications. That's the big paradigm shift -- applying CEP to a domain where it was hardly ever used before, which requires new development and middleware tools. For most people, "events" still mean IT operations management software and application management issues. The lack of standards is a serious limitation. The Web services movement has started to work on this, starting with guaranteed delivery and soon to address pub-sub. Official standards for CEP, however, will take several more years. However, CEP is emerging, with or without standards.
Strategic Planning Assumptions: More than two-thirds of new applications will emit business events by 2008 (0.6 probability). More than 40 percent of all knowledge worker jobs in Western economies will be assisted by business activity monitoring (BAM) based on CEP by 2008 (0.6 probability).
Action Recommendations for 2004
All large enterprises (with revenue of more than $1 billion) should add CEP and BAM to their IT strategy plans and their IT architecture processes by year-end 2004. They should have detailed standards for event schemas and approved standards for event management middleware infrastructure products by the second half of 2005. Advanced architecture groups in mainstream enterprises should experiment with BAM and CEP during 2004 and 2005, and pilots should be in production by 2006 in selected, critical parts of the application portfolio.
Bottom Line: Significant changes to infrastructure are certain in the next five to 10 years. Service-oriented business application and security challenges both change the way we view applications and their roles. Real-time infrastructure changes the way we view computing infrastructure -- which is critical to the software changing at the same time. Complex-event processing changes the granularity of "what we know" about business transactions, and both SOBA and CEP change how we embrace and communicate with applications. There are other trends that are compelling, but an enterprise addressing the four trends addressed in this research will be better-prepared for those trends that are dependent on agility and dynamism -- the key common theme in these four predictions.
Für weitere Informationen wenden Sie sich bitte an Gartner .