Content Copyright © 2023 Bloor. All Rights Reserved.
Also posted on: Bloor blogs
One of the most obvious, but often overlooked, characteristics of IT is the “long tail”. New technology almost never entirely replaces the old technology but coexists with it. So, the organisation is faced not with a complete technology refresh, but with an environment in which it has to support both the old, “tired” technology and the bright new technology (with its own innovative and unanticipated bugs), at least for some time. And, to be fair, the old technology often isn’t all that tired anyway. It often does the job needed, any defects are well-known and mitigated, and replacing it will use resources (design and execution of an update process, training, validation of the update and of any software/hardware affected). You will want to make a business case for the upgrade, and this case may differ for different departments. You really don’t want your vendor just pulling the plug on your old technology before the upgrade makes business sense for you.
This all means that managing older technologies alongside newer ones, managing the long tail, matters. Two things coming across my virtual desk reminded me of this recently. The first was Azul’s initial State of Java Survey (2023). Azul’s headline for this is “82% of Businesses Using Java Today are Concerned with Oracle’s Fourth Major Change to their Licensing/Pricing Policies and 72% are Exploring Java Alternative”. Aside from the obvious (that Oracle pricing policies and audits make people nervous) this highlights why people might want to upgrade on their own schedule rather than on that of someone else. Emiliano Fisanotti, vendor management specialist and University Software Licensing Community executive member, The University of Sydney, says: “We are always looking for efficiency from our IT vendor relationships, not just by lowering costs, but also by eliminating uncertainty and distractions… I can’t afford to worry about unexpected headaches such as price increases and audits”.
Java has a particularly long tail, with lots of older versions (many of which Azul supports and Oracle doesn’t) that are still working – “if it ain’t broke, don’t fix it”. Nevertheless, supporting older versions of Java does make for a more complex environment, which must be managed. For a start, you will need good configuration and asset management (but you need that anyway), so that you know what you have and where it is. The State of Java Survey & Report 2023 also highlights other issues to consider: around 98% of organisations surveyed by Azul use Java in their software applications or infrastructure, and 57% of these organisations say that Java is the backbone of most of their applications. This may be a somewhat biased sample but Java is obviously mission-critical for many organisations and so Java vulnerabilities matter – and Azul was quite surprised to discover that nearly a third of Java users had actually experienced at least one attempt to exploit vulnerabilities in Log4Shell as well as over 80% of its respondents being impacted, largely by the mitigation effort. The US Department of Homeland Security called Log4Shell, “one of the most serious software vulnerabilities in history”. Does this mean that you should patch this vulnerability? Yes, of course, which implies that you know where all your Java is (configuration and asset management again). Does this mean that you should immediately upgrade everywhere to the latest version of Java, presumably without this vulnerability? Well, that’s a judgement call, based on your risk/threat analysis, but it might have unanticipated consequences – upgrading an Oracle JDK, for example might trigger a renegotiation of your licensing and 82% of survey respondents are concerned about the new Oracle pricing model (and 72% of them are considering switching to a different JDK as a result).
The second illustration of the “long tail” (I’m sure I could find many more) was a session at Technology Live London on the current state of SCSI (Small Computer System Interface) interfaces, now that everybody only talks about NVMe (Non-Volatile Memory Express). NVME is a new protocol optimised to use the PCI Express (PCIe) bus to connect SSD (solid-state drive) storage to servers or CPUs. I was rather surprised to learn that SCSI protocols and technology were still a thing, having got rid of my last parallel SCSI drives years ago.
Well, it is now serial SAS – Serial Attached SCSI (which supports both SATA and SCSI interfaces) – and iSCSI, which logically supports the basic SCSI model, command set etc, over a physical TCP/IP infrastructure. NVME may be new, but it still doesn’t do everything that SCSI-based protocols can do with “spinning rust” disks – and SAS is still being maintained and improved, now under the aegis of the SNIA SCSI Trade Association (STA) – SNIA is just a meaningless string these days, not an acronym. At Technology Live, Cameron T. Brett, STA Forum Chair, explained just why SAS is not dead – it “represents the majority of storage for the near future and will have a long tail”, because it is dependable and well-tested; flexible (both SAS and SATA, both SSDs and HDDs, and backwards compatible); scalable (for “fabric solutions”); and economically effective (both for performance and capacity – and it has a large established ecosystem).
At Flash Memory Summit 2023, STA Forum Director, Pankaj Kalra, discussed how STA is continuing to guide the SAS technology roadmap into the future. The latest 24G SAS is used in hyperscale environments in the (20222) Grand Canyon storage server and spinning hard disks (which it is optimised for) will continue in use for a long time (in part, because they can be more energy efficient).
OK, so what does the “long tail” mean, in general? Well, aside from the fact that the newest technology perhaps doesn’t do everything you need in today’s environment, it does have consequences:
- It increases systems complexity and makes support more expensive.
- It has human implications, since you still need people who can support the old technology and can’t afford for them to become disaffected, because they are only working on old and unfashionable stuff.
- It delays the delivery of the ROI you expect from the introduction of new technology. In the worst case, the “tail” can be costing as much as the new tech.
- It encourages one to overlook possible defects, threats and inefficiencies, because, while the old tech is still in use, everyone is concentrating on the new stuff.
Nevertheless, the “long tail” also means that you can continue to work with known and well understood technology and upgrade at a pace that makes business sense to you. Just don’t overlook the need for effective configuration and asset management – which you should be doing anyway.