Standards: Too Many Acronyms, Too Little Cooperation

Businesses need interoperability to automate more functions, but that requires standards that are still very much in flux.
"The trouble with standards is there are too many of them," says Tim Grieser, an analyst with market-research firm IDC.

There's a feeling among many in the tech industry that breakthrough data-center automation won't be realized until IT management systems and processes can interoperate across vendors and platforms much better than they do today. That, however, will take solid standards, which can happen only if vendors cooperate. "The user doesn't care how it's done," Grieser says. "What they want is the proper service level."

A variety of industry organizations--the Distributed Management Task Force, the Organization for the Advancement of Structured Information Standards, and the Open Grid Services Architecture--are trying to develop standards for communication and implementation of automated IT operations.

In May, the Data Center Markup Language organization published a framework specification intended to improve interoperability among various components by establishing a way to describe the data-center environment, the relationships between the components, and policies governing management. The XML-based framework defines a conceptual data model in which elements of the data center can be described, with process rules for interpretation, including the grammar and structure to build networks, servers, applications, and services.

The effort is being led by Computer Associates, EDS, Opsware, and Tibco Software. Proponents believe using it can improve data-center operations in the same way the TCP/IP and HTML standards helped enable the Internet community.

"We're not manufacturing widgets, we're manufacturing services," says Louis Blatt, senior VP of product management and strategy at CA and DCML president. "As we create those services, we need to map them to the IT resources that support them so if there are defects in performance, you can isolate the root cause and quickly correct the problem."

But Jeff Smith, VP of demand automation for IBM Tivoli, calls the DCML spec "a proprietary approach that fundamentally is Opsware's." He notes that major hardware vendors, including Hewlett-Packard, IBM, and Sun Microsystems--as well as Microsoft--aren't part of the DCML effort. "We're working with the DMTF to create a real standard that will remain closely related to" the Information Technology Infrastructure Library, a framework for defining the business process.

Blatt says DCML has submitted its specification to a number of standards bodies. DMTF and Oasis have shown interest in taking over the process, and both organizations count HP, IBM, and Sun as members, he says. "We launched the process to force the participation of the larger vendors and make them understand the criticality of a unifying platform," Blatt says. "We are well on our way to forcing the inclusion of the major hardware vendors into this vision."

There are similar efforts on the information-security front, since patch-management systems, firewalls, vulnerability scanning, and intrusion-detection systems generally don't communicate well.

To help simplify and integrate security functions, security vendors are developing standards such as the Application Vulnerability Definition Language. With AVDL, for example, when a new software vulnerability surfaces, a company's vulnerability scanner could spot the flaw. The scanner would send information to firewalls and patch-management systems, whose applications would use that data to adjust to better protect against attacks.

Return to main story, Automating The IT Factory

Editor's Choice
Brian T. Horowitz, Contributing Reporter
Samuel Greengard, Contributing Reporter
Nathan Eddy, Freelance Writer
Brandon Taylor, Digital Editorial Program Manager
Jessica Davis, Senior Editor
Cynthia Harvey, Freelance Journalist, InformationWeek
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing