… Solved by a Layer of Indirection.

I just caught up with an old friend and walked through what I’ve been up to in the (many) years since I departed Texas. This friend isn’t a real techy, so I had to take a higher-level look at the various companies and projects I’ve worked on over the last [number redacted] years.

Half-way through the list I realized that almost every project revolved around some form of virtualization. And not just the ”virtual machine” version of this term, but the more general english definition of “separating out a logical view from its physical implementation”. The list runs something like:

  • MPEG hardware: My undergraduate research thesis focused on building hardware to accelerate the decode of video streams (yes, the early MPEG-1 days!). The data stream had to always stay the same, it was just up to the hardware to more efficiently convert it to useful video.
  • Ada compiler: I also spent a summer at Convex Computers (now part of HP) working on a compiler that could unroll loops and optimize unmodified Ada code to utilize the company’s vector hardware. It sure would have been simpler if we were able to add hints to the source code, but that wasn’t allowed. The challenger (against Cray in this case) often doesn’t have the luxury of asking for changes specifically on their behalf.
  • SimOS: My dissertation focused on a complete machine simulator capable of running unmodified IRIX and IRIX binaries. This was a major pain to get right (and fast), but allowed us to study real life applications and get previously unseen visibility into system performance.
  • MIPS R10000: While at the tail end of graduate school, I worked at SGI for the MIPS architecture group to help design their newest processor. While MIPs has one of the simplest instruction set, backward compatibility still was a pain that restricted several possible optimizations.
  • VMware: Don’t need to say much more here. Whether for servers, storage, networking, or desktops, the engineering obsession was always about allowing completely unmodified applications to work seamlessly in a more agile, portable, and efficient environment. Early attempts to simplify this challenge (paravirtualization, for example) sure sounded nice, but we knew that they created a barrier to adoption that would be hard to swallow early on.
  • Recent Investments: And my early investments at General Catalyst have all focused upon this as well. The two that most exemplify this passion are still in stealth mode, so stay tuned for a proper unveiling. Both of them work with existing workloads and user behavior, surreptitiously doing things behind the scenes for dramatic improvements.

I meet so many startups that offer IT Nirvana if you just ignore existing hardware and software. At the end of the day, the requirement of working with existing applications, code, or environments is a pain. It’s always easier to have a completely “greenfield” and no compatibility requirements… which reminds me of this quotation of unknown origin:

“God created the world in seven days — because he had no legacy infrastructure”

But today’s businesses do have legacy infrastructure and a slew of existing applications, processes, and user behaviors. While always keeping an eye out for great clean-slate solutions, I suspect I’ll continually come back to those that also try to fit in!

Just a little retrospective navel-gazing for a sunny Tuesday…

“BuiltWith”: what powers that site?

I was talking with some startup folks last week and heard one of them ask “why doesn’t someone track and publish how all of the other web companies build their sites?”. I assumed this site was pretty well-known, but in case it isn’t, check it out:  http://trends.builtwith.com/

Pretty nice way to track all sorts of interesting tool usage including:

Weekly trends


Market share


They also break them down by different cohorts… such as YCombinator classes:


The above sort of data is free. They have a pro version with more reporting, lead generation, etc.

I have no ties to the site… I’ve just used it a lot and the past and hope it’s helpful to others.



Mobile-First Infrastructure: Investing in Runscope


Today I’m happy to announce our investment in Runscope, a developer-centric API-focused company based in San Francisco. Co-founded by CEO John Shehan (Twilio, IFTTT) and Frank Stratton (Twilio), Runscope creates tools that help app developers test, debug, support, and maintain their integrations with public and private APIs.

As first discussed in the “Time for Mobile First Infrastructure” blog, formal APIs are sprouting up everywhere. They are already the backbone of the cloud economy, and are increasingly marching into inter- and intra-enterprise use. In many enterprises that I speak with, formal APIs are often first launched to enable a company’s own mobile applications. From there they evolve to be the core plumbing for the web or thick client versions of these apps. And the next step is often publishing the APIs for external uses enabling new sources of revenue, better customer support, or a previously non-existent partner ecosystem.

However, they also can be a challenge to work with, maintain, and support. That’s where Runscope comes in! This team knows developers as well as any team that I’ve met, and they’ve spent much of their lives helping companies deal with the challenges of APIs. As a result, the early feedback on their Runscope Radar, API Traffic Inspector, and Passageway tools often looks like this:

tweet 2

They are also supporters of several popular community projects (including hurl.it, which I personally love to kick around).  And you can certainly imagine why I’m excited about their announcement today of Runscope Enterprise, extending these great capabilities behind the firewall.

To learn even more about Runscope and why I’m so excited about them, please read John’s post. So here’s to Runscope and their efforts to help developers in this brave new world of APIs. Or as Runscope proudly proclaims on their famous T-shirts:

runscope_t-shirt 2


Mobile-First Infrastructure: Staying Synchronized!

Really nice interview of Bret Taylor by Robert Scoble. It has reminded me to add the following to the core “mobile-first infrastructure” characteristics:

Staying in Sync: The majority of enterprise mobile applications are required to keep data consistent across multiple instances. This includes synchronization between users collaborating on some project,  between a user’s online- and offline- document stores, and between a company’s master data sources and the version available on a users mobile device.   We see this capability in several in SaaS/Mobile offerings (Box, Dropbox, Google Docs, Quip) and it’s a core offering in many Mobile Backend-as-a-Service (MBaaS) offerings (e.g. Parse, StackMob,  FeedHenry, and many others). I’d claim that mobile alerting and notification systems are a very specific instance of this general synchronization trend. And while these synchronization services are widely deployed in the consumer world, they must evolve to support the needs of the enterprise. This includes:

  • integration with enterprise identity management solutions (individual- and group-based policies)
  • fine-grained data control policies (what data can and can’t move to the mobile device, who can share with whom)
  • auditing reports (tell me what data was accessed in certain places and by certain people)
  • other data security offerings (data leakage prevention, encryption policies)

Lots of work to do, but it’s clear that enterprise-class synchronization capabilities will be a core capability of the mobile-first infrastructure headed our way.

P.S. Kudos to Bret for calling out how we are having to return to many of the lessons taught in computer science departments. To summarize his argument, we have had 5-10 web-centric years  where so many developers treated the always-on, high speed internet as the norm. Mobile devices have required today’s developers to dust off those lessons about coping with highly variable network speeds as well as times when the app is completely offline (gasp!).


Mobile-First Infrastructure: My Thoughts on BoxDev 2014

[As first posted at: http://developers.blog.box.com/?p=14972]

Today I had the pleasure of participating in the BoxDev 2014 event in San Francisco along with ~1600 registrants – very impressive numbers. I’ve long been a fan and user of Box and have several friends and former colleagues working there. I’ve certainly enjoyed getting to know Aaron Levie as well and am pleased to have him as a co-investor in stealth start-up Illumio.


I was on the VC panel with Christine Herron, Mamoon Hamid, Jerry Chen, and moderator Sam Schillace (above courtesy of Oxygen PR). There were lots of attendees looking to create the next big enterprise startup and with plenty of questions – what should the salesforce look like, what metrics are key for fundraising, what are the opportunities in healthcare/retail/oil&gas/etc. Quite an engaged audience!


This was part of the one day event held at Fort Mason and with two tracks:

  1. Build Track: These talks focused on the APIs for Box’s platform and how startups can integrate with and build upon Box. The APIs are pretty straightforward and you can learn more about them here.

  2. Innovate Track: These talks focused on insights and lessons learned from various folks in the enterprise software space – VCs, big company CIOs, and CEOs of promising startups (including GC-backed CEOs Andrew Rubin of Illumio and Josh Reeves of ZenPayroll).

Box fits squarely into the mobile-first infrastructure theme that I’m focusing on (think I can make an ex post facto A-round investment?). In fact, it fits many of the categories core to satisfying this next stage of IT.

  • APIs before apps: This whole event has been about offering API access to users’ files and content stored in Box. These APIs allow a rich set of tools and collaboration services to be built around the core content (with the mandatory marketplace), but also allows Box to more easily integrate into the existing enterprise infrastructure – key to adoption by bigger companies.

  • Porous perimeters: This is a core value of enterprise-ready cloud services such as Box. In a world where employees access their apps and files from inside and outside of their own firewall, you need to put protection around the most important asset (content) and this is most easily done by centralizing said content. This is the modern equivalent of enterprises pushing all data off of PCs and laptops and onto NFS and CIFS shares so more easily enable proper permissions, backup, and reporting. The big difference is that now the content needs to be ubiquitously accessible from any device and any location.

  • Identity crises: And of course core to all of this is ensuring that the right person is accessing the content under the right policy. As with all mobile-first infrastructure, single sign-on, AD/LDAP integration, group policies, and audit trails are requirements and a core part of the Box offering (and surely an area they are quizzed on regularly).

Congrats on the great event, Box!



The Modern Icebreaker – Show me your… Home screen!

If you’re ever at some kind of social event and in desperate need of a conversation starter, ask a bystander to show you their phone’s home screen and tell you all about it. This seemingly shallow question often turns into a fairly deep conversation! And what’s nice is that it works across almost every age group, nationality, and personality type. Sound goofy? Probably so, but I’ll walk you through my own home screen and suspect you’ll know me a little bit better as a result. First, the obligatory picture:

Let’s walk through the choices I’ve made and, using some pop psychology, what those choices may mean about me.

  • Android vs. iPhone (vs. Blackberry vs. Windows Phone): Obviously this is the top-level insight – and the first opportunity to get to know someone. This is a well-covered area with plenty of articles, geographical studies, and even cartoons. Each person you meet will certainly have an opinion on why they’ve chosen their way-of-life! I’m personally an iPhone guy and my 14-year old is an Android-er.

  • Wallpaper: This often gives you the most obvious insight into someone. Is it an island scene, an abstract pattern, some special event, or maybe someone they care about? I personally choose to rotate it every week or so. This week’s wallpaper happens to be of my two pets – Milo the Labradoodle and Soaker the Bearded Dragon. Each of them have plenty of their own stories, but I’ll save those for a future blog! When I’m on a longer business trip, pictures of the kids replace those of the pets.

  • Bottom Row Icons: Ahh yes… the goto spot for most frequently-accessed apps. You can learn a surprising amount about someone by what’s in the pole position. Most of my phone time is for work, so that drives placement of my goto communications and scheduling apps. I’m currently experimenting with Tempo as my calendar and find I can’t get a great feel for how good a calendar will be unless I fully immerse myself in it – thus the pole position. And you may find that less technical acquaintences didn’t know they can change the bottom icons, so check whether they still have the default icons and wow them with your customization skills.

  • Top Row Icons: Don’t know about you, but I actually find this top line to be even more of a pole position than the bottom row and keep my other most frequently-accessed apps right there on top. In my case, it’s Google Search, Chrome (I like my history and bookmarks to be sync’ed across all my devices), Evernote (my goto note-taker), and Reminders (I’m a big todo-lister and have rotated between the default and Wunderlist). I’m quite sure this all says something about me… not sure what though.

  • Mail: Whether in the pole position or elsewhere, ask them to show you their inbox and tell you about their policy. How many unread mails do they have? As someone who strives for Inbox Zero, I get very suspicious when I meet people with more than 50! In fact, the 5 I have on my screenshot is making me a bit antsy. Ask if them how often they send mail to themselves and whether they use their email for TODO lists. Here’s where you quickly learn about the organizational level (or current chaos level) in a person’s life.

  • Folder Strategy: Beyond the goto-apps, are you someone who likes their applications strewn out for one touch access or carefully folder-ized for more of a Feng Shui feel? Clearly I’m the latter. And you can definitely learn about people by their top-level folder names. You can see the way I categorize my life here… and that I love Lake Tahoe. You can also see that I’m not much of a gamer, too. While I have just one folder for all games, my son has 15 different game folders (like eskimos having so many words for snow?). I like a sandbox folder for those recently downloaded-apps that are in limbo, hoping to make the cut for permanent phone residency. And I don’t know about you, but I can’t fathom having nested folders… those people always seem a bit suspicious to me.

  • To Swipe or not to Swipe: This question always reminds me of Dora. Yikes. This question is directly tied into folder strategy. Do you like your world of apps to fit on one screen or can you think multi-dimensionally at this level. I’m clearly a uni-homescreen kind of person and think it’s rooted into the chaos of raising kids and wanting more simplicity in my phone life. Others I’ve met really like to partition their own life via different homescreens – work is the default, but swipe right to get to their wilder side and apps used strictly for their personal life! This often becomes a surprisingly deep discussion topic.

And the list goes on… Ask people about the oldest app on their device and you’ll often get some nostalgic tales. Ask them how often they delete apps to get a sense as to whether they are modern day hoarders. Query which other family members use their device and you’ll often hear horror stories of in-app purchases gone wild.

So there you have it. The modern icebreaker and a chance to learn more about a person from their device than you’ll get through the go-to weather and politics discussions. Any other great questions to add to the list? And I’d love to hear more about your own device-driven psychological profile in the comments.

Time for Mobile-First Infrastructure

[As first posted on GigaOm]

In a recent “Silly Things in IT” blog, I cheekily proposed the mission statement for IT Infrastructure:

I exist to run applications. I shall run them quickly, efficiently, and safely. I should minimize the time it takes humans to use me.

I continue to meet many IT department heads and infrastructure startups that get so wrapped up in the feeds-and-speeds of their domain, that they lose track of the fact that infrastructure is just a means to an end. Yet if you look at our fields relatively brief history, you find that it is indeed the rise of new application categories and new user expectations that has driven the big disruptions in infrastructure. We’ve seen examples of this over and over. Batch and CICS applications and expectations of heavy security and expert-only users drove the mainframe era. The relational database-backed transactional applications and a broader business analyst user base led to the popularity of department-level mini-computers (along with Unix+Oracle). And personal productivity tools and empowered office workers drove the PC and the client-server adoption wave.

So where does that put us today? How will bloggers 20 years from now refer to the current era of infrastructure and the applications that spurred dramatic change? On the user-expectation front, I’d categorize today’s world under the umbrellas of “impatience” and “ubiquity”.  Trained by our home experiences with Netflix, app stores, wikipedia, and Amazon, we now expect near-instant access to massive compute and data capabilities on-demand and from any device and any location. What about the new app types?

There are several dramatic application forces causing architectural agita:

  1. Mobile-ification – apps moving from mobile-hindered to mobile-enabled to mobile-first
  2. SaaS-ification – on-prem license software moving to subscription pricing and cloud delivery
  3. Data-ification – data coming from everywhere offering opportunity for new insights

While all three are interesting and profound (and not mutually exclusive), I find myself continuously coming back to the real implications of “mobile-ification”. We often think about the implications of building these new mobile apps all the time – new user-experiences, app store-based delivery, new development and testing needs, etc. However, I see less thought going into the implications the mobile-first world will have on the back-end infrastructure needed to deliver, support, and manage them. What are the traits of the truly mobile-first infrastructure that will permeate private datacenters and public clouds alike? We’re still in the early days, but several new and impactful trends have already emerged to shape the landscape:

  • APIs Before Apps: When creating new mobile applications, companies and vendors quickly realize that more formal APIs are essential – I really enjoyed this recent Re:code article highlighting APIs as “the fossil fuel of business growth”. Whether part of a Platform-as-a-Service (PaaS), fronting Backend-as-a-Service offerings,  enabling common back-ends for thick, web, and mobile apps, or exporting data sources for programmatic access, APIs are the future, and new tools, services, and platforms will help pave their way to ubiquity.

  • Porous Perimeters: The days of the network perimeter being the clear delimiter of what can come in and out of a datacenter are numbered. Ubiquitous mobile access creates a world where the good guys are often outside of the network (and the bad guys are often within!). I first wrote about this trend last year when discussing security for the software-defined datacenter. Furthermore, mobile apps are often handling data coming from both private and public data sources, further compounding the challenge. A new class of security will emerge that morphs today’s VPN, firewall, VLAN, and MPLS technologies into more secure and convenient access for the mobile-first era.
  • Morphing Mobile Networks: Beyond the porous perimeter, even more dramatic changes are coming to the networks tethering mobile devices to their apps and data. From the broadband wireless antennas to the backhaul infrastructure connecting  them to their destinations, we’re in a time of much flux with tough tradeoffs between latency, density, cost, speed, and power usage. Furthermore, the above-mentioned API model is further increasing the amount of “east-west” traffic within a datacenter (a shift that server virtualization helped initiate/exacerbate and that SDN efforts are targeting). There are countless opportunities for optimization across this space, especially as public broadband increasingly folds directly into the higher security, QoS, and auditing needs of the enterprise.

  • Managing Mobile Scale: The rapid increase in mobile devices, data, and users in the enterprise brings substantial stresses of scale to supporting infrastructure as well – a stress that cloud computing models initiated. Furthermore, we now expect access to resources at all times and from anyplace, with substantial implications on availability requirements as well as cost-to-serve models. The result will be an even larger renaissance in horizontal architectures and tiered storage models than we’ve seen in the current public and private cloud era. Associated with this architectural shift will be a new set of tools to monitor, manage, and optimize the cost/performance/availability tradeoffs that must be made. Lastly, the need and opportunity to make sense out of (and take advantage of!) this rich data will continue to drive the already fast-moving wave of new data and analytic platforms ala Hadoop.

  • Identity Crises: One last trait we’re hearing more and more about is how to handle authentication and authorization in this brave new world. On the challenges front, we now expect ubiquitous access to sensitive data and applications, and we also expect to handle substantial commerce to and from mobile devices and users. The risk of data leakage, fraud, and other threats is unprecedented. On an optimistic note, we have access to all sorts of new information (e.g. biometric, location) to aid us in threat analysis and policy creation. These capabilities will be augmented by new enforcement mechanisms (e.g. new mobile “containers” and MAM tools) to tackle this challenge!

These are just some of the initial disruptions that I’m exploring and getting excited about, and I know there are several others. When we look back on this period several years from now, I’m confident we’ll recognize the impact that an increasingly mobile-first world has played in shaping modern infrastructure!