Sun Microsystems Inc. has strugged of late to find its focus during the economic downturn, but John Fowler, Sun's CTO for Software, sees opportunity for the company surrounding security, storage, and management issues. Fowler met with Mark Jones to discuss the company's plans with N1, Sun's hopes for influencing the standards process since joining WS-I, and to emphasise the importance of focusing on solving actual customer needs.
How would you characterize Sun's strategy these days?If you ever want to put us in a category, we're a systems company. [We provide] a combination of technologies to enable a cost-effective platform to solve particular customer problems. We're not a software company, we're not Dell, we're not Microsoft. We have an effort called N1 which is really [about] provisioning a datacenter. [The] folks working on clustering and reliability are working on certain key feature sets, and saying, "What you really want to do is figure out a way to automatically provision clustering [to do that]." That's a concrete example of trying to broker changing the strategy to get at the core of what a customer is having a problem with. That's what I'm focused on.
What is N1 exactly?
Java and Sun ONE [Open Net Environment are] really the answer for developers. If you're a developer, here's what you write to, here's what you deploy -- it's a developer vision. N1 is the IT manager vision. You have a set of resources you want to provision, you want to make available, you want to use in some way. This is a set of tools you get to go do that. We just announced iChange, which is a product that lets you take a set of defined operating system images and other content and then flash them to many machines across geographic networks. N1 is [first of all] about efficiently managing your datacenter -- not just monitoring, but changing the content, [so] that doesn't just include the computers, it includes the SAN switches and all those. So, step one, we've made it more efficient. Step two is how you then take that efficiency and make it improve utilization. Today people spend a lot of money on systems that largely sit idle. If you get more efficient at managing it, you can take advantage of the utilization more efficiently. The third thing is reliability. Today a multi-tiered network may be load balancer, a Web server, app server, database server, the local area networks, the storage area network -- even if you [only] have 10 or 15 machines, you have a lot of complexity.
We've heard IBM talk about autonomic computing and grid computing. How do you draw connections between that and what's going on in Web services development?The idea of Web services and grid is you're going to be able to take in one client/server application and map to lots of different Web services systems. If you look at grid, it's about deploying work to systems. It's not about how you bring systems to make them available for work. N1's really about making systems available to do work and to respond to that work. So they're completely complementary in that sense. N1 focuses on the IT administrator [and] the IT administrator is not the Web services developer or the person who's generating new workload. So with grid, bring work to bear; with N1, make machines available to go do work. Those obviously intersect in an interesting way.
Sun recently joined WS-I (Web Services Interoperability Organization). How does that move fit into your strategy?We had wanted to join the WS-I for awhile. We have a lot of partners at Oracle, BEA, IBM that wanted to get us in. So when WS-I agreed to create two more board seats, we said "Great." We're going to get in there and do the same thing with standards that we've done all the time. We want restriction-free standards. We want to figure out a way to heal the rift between WS-I and OASIS, because they're kind of pitted against each other. There's also some weird SOAP stuff going on in W3C that's somewhat in competition with WS-I. It's tremendously confusing. So we're hoping to push an agenda which helps heal that and simplifies that and makes it useful for people. We've got to make sure we're on a track that actually satisfies some customer needs and just isn't about battling standards boards.
VeriSign has said they believe Sun can be an important contributor as far as Web services security is concerned. Are there particular technologies you want to bring to bear?Yes, we're looking at security, we're looking at Liberty and ebXML -- a collection of different standards efforts. We literally just joined, so we're sorting out how to actually do that. But Liberty is a real obvious example of one that we'd like to bring in there and get a good discussion around. Liberty is a particularly interesting organisation because it's a little different than WS-I. WS-I is really [about] vendors. Liberty is dominated by customers, and so they bring a really interesting perspective to standards.
How do you see JCP (Java Community Process) playing into this?People will continue to use the JCP to evolve APIs and standards. My expectation is there'll be Web services standards that get created, like WS-Security. People will want to create Java APIs to express those and get to the JCP, so there'll be a lot of crossover. The people who submit the JCP are a lot of the same guys -- IBM, BEA, Oracle -- [who] are working on the standards in one form and then working on an API to express those standards in another.
What impact do you think the JCP and Apache open-source component announcement will have?The biggest challenge to WS-I is not around JCP. There are two challenges. One is getting a relatively open implementation. If you look at standards like TCP/IP, [they] benefit tons of people. We've got to make sure we get there with WS-I. The second issue is the sheer quantity of standards, especially complicated standards. If you look at things like WS-Orchestration, they're very complicated. We have to make sure that those are clearly solving the problem that needs to be solved. If you look at OMG and other standards organisations over the past, typically they've been most successful when they've expressed standards for relatively low-level things: transport-level protocols, wire protocols, simple APIs. When they get involved in very grand and complex things, you don't have a lot of implementations.
What are your thoughts on the evolution of the pervasive client and what Sun can contribute?If you go back in Sun's history, one of the interesting notions was that in computing most often what you need will be somewhere else. Therefore, we need to always work on the basis that the network is the most important thing. A lot of people look at Java as a language -- and obviously it has the language constricts -- [but] the real point about Java was, in order to network everything you need to have some kind of network run time that lives there. So I don't think of Java as a language, I don't think of Java as a platform. I think of Java as the platform that enables the network to [do] everything. When you look at alternative devices, our activities are around having a basic network run-time that can run anywhere -- small device, big device, whatever. And the second part is really articulating the end-to-end architecture. With J2EE and Jxta and Jini and these other technologies, what we're trying to do is articulate an end-to-end architecture for how you develop applications, how you run these applications, and how these applications locate the resources and interact with each other. Obviously we don't have products in all those spaces, but we believe our articulation is bringing networking to those devices [and] insulating people from the hardware where that's appropriate and useful.
We're seeing increasing complexity, with a variety of end-point devices that are hard to manage and then there's the management in the infrastructure stack that N1 addresses. How are all these pieces going to be tied together?When you look at devices, I think the notion of provisioning and service management and billing is a huge problem. There are a bunch of people working on it, including us, so that you can have these devices interact [in] multiple ways. At the end of the day, what you're going to have is these devices on the network and authenticated in a very secure way. That's [what] all efforts around Liberty [are about]. Really understanding who you are and what your context is, is one of the most important things. If you integrate with a business process it doesn't matter, as long as we know who you are, because once we have that we have your context for doing all those things. Your devices are going to change dramatically over the next five to 10 years, and you've got to be able to insulate people from those changes. We have a whole set of JSRs going out [to] try to make that transparent, so you can run a Web services application, you can interact with a Web services application on a relatively stupid device. The key to this is to make sure we understand who you are. We feel we have a good nail on that with Liberty.
The general feeling is that Sun's business case is not solid, its stock is not performing. What can you say about Sun's momentum?Two years [ago] all people wanted was best of breed, availability, and scale. Cost always factors in, but they weren't concerned about that. Now they all run to the other side of the boat, [where] they don't actually care that much about what it does, as long as it's cheap and free [and] can reuse the stuff [they] have. As much as the bubble was insane, the reality of today is a little bit crazy as well. If you look over the next decade, there's a tremendous amount of innovation that can happen around [helping] create really effective, reliable systems for people to pursue their business processes. Sun will continue to invest in base-level R&D to evolve operating systems and app servers and these technologies. I think security is a great example: There will be people who are trying to circumvent security and to deal with security problems, and security [will be] intrinsic to running a business forever. A company that invests in R&D and develops technologies that enable better security will have a competitive advantage. Right now revenue sucks; the business plan is really difficult. It's a cycle we will go through. Will we go back to the days where anybody will print money and buy anything? No, that's not going to happen.
Is storage going to help Sun climb out of the hole?We have storage resource management software [that's] kind of interesting, because it doesn't actually go out and change things, it helps you understands what you have. That's important. The second thing that's important is with N1, this notion that you can administer storage in a systems context. So there's a couple of things. Understanding what storage you have, and then in the systems context making sure that you can go manage that storage and relate it to applications. That's a huge win we're going to have. Right now, [those things] are distinct: You have SAN management and you have applications management and you have systems management, and they're not connected at all. So I think that's going to be just a huge win. As soon as people see it and use it, they'll say "This makes sense. I can save a bunch of time." And it isn't just about saving time, it's about reliability.
What is on the horizon from Sun?We just made an announcement around the app server. One of the things we did is we sat down and looked at what people actually use in an app server. We believe that most developers are using SOAP over HTTP and not RMI [Remote Methods and Invocation] over IIOP [Inter Orb Internet Protocol]. So one of the things we did was we optimised the HTTP path in the app server and made it use an operating system construct in Solaris that we called NCA. It has huge Web performance metrics, so that if you deploy applications we believe we have really tremendous and scalable performance. We're going to have a succession of technology announcements and product announcements into early 2003 around N1, around Solaris, and some new programs we have around Solaris. We're inventing new things that we think solve some interesting customer problems. When you're struggling a bit financially, you get a lot more focused on exactly what it is you're trying to solve for customers. So you're going to see in six, nine, 12 months, product announcements that are going after reliability, going after app servability, going after performance, going after the platform itself, going after the programming, going after security. There won't be anything dull.