The big news in the Identity & Access Management (IAM) world today is Oracle's acquisition of Passlogix. In fact, I made the observation 2.5 years ago (when talking about IBM's acquisition of Encentuate) that the most logical suitor for Passlogix was indeed Oracle.
It was only a matter of time, but I'm surprised it's taken Oracle this long to officially add enterprise single sign-on (ESSO) to their suite. I use the word "officially" because Oracle's long-standing OEM agreement with Passlogix means customers are unlikely to see much change in the short term. It simply means Oracle will officially own the technology powering their ESSO product instead of having to "repaint" it red & white. You might also see quicker turnaround times in getting your queries answered and your support calls resolved, so I suppose that's a plus.
Congratulations to all the Passlogix gals and guys.
Showing posts with label passlogix. Show all posts
Showing posts with label passlogix. Show all posts
Wednesday, October 06, 2010
Saturday, March 29, 2008
Passlogix responds to the IBM situation
There's been many a discussion around the IBM acquisition of Encentuate and what it means. I wrote about it here, here, here and here. I've also received a few emails discussing the issue (mostly with my IBM mates). I've presented the IBM view and an unofficial (albeit tongue in cheek) Oracle view (thanks to Nishant Kaushik). The obvious missing link here is Passlogix's view.
Earlier this week, I received an email from a senior member of Passlogix's management team to open up a discussion and also to clarify their position. One of the topics of conversation centred around one of my posts and specifically my statement:
The next few paragraphs in orange summarise my understanding (not a direct quote, so it includes some of my commentary) of Passlogix's position.
Passlogix's response is that they are working with every customer running IBM Tivoli Access Manager for Enterprise Single Sign-On (ITAM ESSO) 6.0 (the current version and OEM of Passlogix v-GO) to give them options moving forward and to help give them a choice. They will also honour the existing maintenance contracts that IBM has in place, and if the customer chooses to have Passlogix support them directly, there will be no additional charges to do so.
Passlogix also completely agree with my point that upgrading from ITAM ESSO 6.0 (Passlogix v-GO OEM) to ITAM ESSO 7.0 ("blue rinsed" Encentuate) will be a real pain in the behind because it's a "rip and replace". They make mention of the fact that v-Go is an "infrastructure free/event driven technology" and Encentuate is "server based/script driven". I can't confirm that Encentuate is indeed server based and script driven because I have never seen it in action. If it is, then it will be very painful migrating between the 2 approaches. As an aside, I should point out that it's not surprising that they agree! It helps them keep existing customers. I'm sure every single Passlogix employee is being told to say this. Unfortunately for IBM, I'm right. So IBM, you're going to need to work VERY hard to make it worthwhile for a customer to move to ITAM ESSO 7.0.
One last thing that Passlogix would like to remind us is that if you're the type of organisation that MUST evaluate technology before you can implement it, you'll also have to put up with that pain (as will IBM) before you can migrate to ITAM ESSO 7.0.
IBM will obviously tell you that you do not need to evaluate anything and that it should be treated as an upgrade. How you choose to view it is completely your call. Just be aware that these are the 2 differing views and whichever you pick will have implications for your migration or upgrade plan.
At this point in time, here are your choices:
Earlier this week, I received an email from a senior member of Passlogix's management team to open up a discussion and also to clarify their position. One of the topics of conversation centred around one of my posts and specifically my statement:
If you "upgrade" from ITAM ESSO to Passlogix v-GO or Oracle's OEM version of v-GO, you will have to buy the product again. Your IBM licenses will not carry over, unless Passlogix and/or Oracle get very aggressive and agree to "upgrade" your deployment and waive the software costs
The next few paragraphs in orange summarise my understanding (not a direct quote, so it includes some of my commentary) of Passlogix's position.
Passlogix's response is that they are working with every customer running IBM Tivoli Access Manager for Enterprise Single Sign-On (ITAM ESSO) 6.0 (the current version and OEM of Passlogix v-GO) to give them options moving forward and to help give them a choice. They will also honour the existing maintenance contracts that IBM has in place, and if the customer chooses to have Passlogix support them directly, there will be no additional charges to do so.
Passlogix also completely agree with my point that upgrading from ITAM ESSO 6.0 (Passlogix v-GO OEM) to ITAM ESSO 7.0 ("blue rinsed" Encentuate) will be a real pain in the behind because it's a "rip and replace". They make mention of the fact that v-Go is an "infrastructure free/event driven technology" and Encentuate is "server based/script driven". I can't confirm that Encentuate is indeed server based and script driven because I have never seen it in action. If it is, then it will be very painful migrating between the 2 approaches. As an aside, I should point out that it's not surprising that they agree! It helps them keep existing customers. I'm sure every single Passlogix employee is being told to say this. Unfortunately for IBM, I'm right. So IBM, you're going to need to work VERY hard to make it worthwhile for a customer to move to ITAM ESSO 7.0.
One last thing that Passlogix would like to remind us is that if you're the type of organisation that MUST evaluate technology before you can implement it, you'll also have to put up with that pain (as will IBM) before you can migrate to ITAM ESSO 7.0.
IBM will obviously tell you that you do not need to evaluate anything and that it should be treated as an upgrade. How you choose to view it is completely your call. Just be aware that these are the 2 differing views and whichever you pick will have implications for your migration or upgrade plan.
At this point in time, here are your choices:
- Upgrade to ITAM ESSO 7.0 when it comes out - No additional software license, maintenance or support costs (unless your maintenance contract is expiring). Lots of services pain. Who pays for the services? If IBM doesn't wear most of it, they aren't trying hard enough.
- Move to Passlogix - No additional software license, maintenance or support costs (unless your maintenance contract is expiring). Services pain will probably be minimal if any. If you have other IBM Tivoli Security products deployed however, keep in mind that future integration points will probably be released for ITAM ESSO 7.0 ("blue rinsed" Encentuate) before Passlogix get a chance to write their integration pieces by virtue of the fact IBM will generally build their integration pieces between internal products first (not always, but this is almost always true within the same IBM product suite). I'm pretty sure Passlogix will continue to support integration between v-GO and the IBM Tivoli products, but they will just be slower in getting them released. There's not a lot Passlogix can do about it of course because they will only be able to build integration pieces into IBM products by working with IBM (unless they wait for APIs to be published, which will make it even slower).
- Move to Oracle - They'll charge you for the software, maintenance and support (does someone from Oracle want to email me to tell me that you won't?). Services pain will probably be minimal if any. If you have other IBM Tivoli Security products deployed however, this is not a smart choice unless you are ready to throw IBM out and replace your whole Identity and Access Management infrastructure with Oracle.
Saturday, March 15, 2008
I wonder if my ex-IBM colleagues will still speak to me
My thoughts regarding the IBM acquisition of Encentuate have been drawing quite a bit of traffic, so I guess it's a topic of interest this week.
Nishant Kaushik, Oracle's Architect for Identity Management Products gives his views on the whole thing including cheekily quoting me. I know it's all in good fun, so I'll respond in the same spirit...although I should ask if they've given him a new role as a member of the sales team? :-) Yes yes I know, the people in the product management/architecture team are evangelists by default, so they have a responsibility to help sell/evangelise their products.
He pinpoints my comments that the upgrade from IBM Tivoli Access Manager for Enterprise Single Sign-On (ITAM ESSO) 6.0 (the current version and OEM of Passlogix v-GO) to version 7.0 (the "blue-rinsed" version of Encentuate) is a "rip and replace". He suggests (tongue in cheek) that instead of going through the pain of upgrading to ITAM ESSO 7.0, customers should "upgrade" to Oracle's OEM version of Passlogix v-GO, the Oracle Enterprise Single Sign-On suite, because it'll be much easier moving forward and...
While that's true in theory, customers could also go the direct route to Passlogix and just upgrade to the next version of v-GO. It's the same product with a different skin. I'm not saying I have a preference for Passlogix over Oracle. I'm just saying you have a choice.
Before you go rushing off and telling IBM where to shove their Encentuate product, the first question you need to ask yourself is, "do I have any other IBM Tivoli security products deployed?" In most cases, the answer will be "yes". If you do, the smart thing to do is to stay calm. Because if you have already invested in other IBM Tivoli security products, it's going to cost you a heck of a lot more to "upgrade" them to Oracle's versions. A "rip and replace" of your core Identity and/or Access Management infrastructure is going to be 1,000,000 times more painful than a "rip and replace" of your ESSO solution. If you only have ITAM ESSO, then maybe you can consider the "upgrade" to Oracle or Passlogix because you aren't as heavily invested in the IBM Tivoli technology. But I know IBM, and I know they will do their utmost to ensure they don't lose their valued customer base...especially over something like a strategic acquisition. I just hope IBM understands the position they have put their existing ITAM ESSO customers in by acquiring Encentuate and do everything possible to minimise the pain (IBM, please don't say "eliminate the pain" because that would just be lying, aka marketing).
Here's more food for thought, especially if ITAM ESSO is the only thing you have implemented from IBM Tivoli. If you "upgrade" from ITAM ESSO toPasslogix v-GO or Oracle's OEM version of v-GO, you will have to buy the product again. Your IBM licenses will not carry over, unless Passlogix and/or Oracle get very aggressive and agree to "upgrade" your deployment and waive the software costs (there's a thought for the sales management team in Oracle and Passlogix, assuming the latter feels like testing their already tenuous relationship with IBM)(UPDATE: Passlogix have responded to me via email in relation to their position. I have written a new blog entry addressing this). IBM will not charge you to upgrade to ITAM ESSO 7.0 if you already have 6.0 and your yearly support and maintenance haven't lapsed. That's just business as usual (assuming IBM haven't changed the policy since I left). The only cost you will likely have to incur as I said before, are the services costs (and any internal, intangible costs to business productivity because of the need to upgrade). If IBM want to keep customers happy, they'll need to somehow subsidise these additional costs. Charging customers the usual fees will not go down well. Remember, Oracle and Passlogix are just waiting in the wings and would like nothing better than to "upgrade" your customer.
So there's the choices as I see them. As a customer, you are actually sitting in a position of power at the moment. You just have to wear the pain of the potential "rip and replace" from ITAM ESSO 6.0 to whatever you choose as the "upgrade". IBM will be nice to you because they want you to upgrade to version 7.0. Oracle and Passlogix (I shouldn't count Sun, BMC, RSA or any other company Passlogix has "gotten under the sheets with" out of the equation here) will want to displace IBM from your environment. Just work out what's best for your organisation in the longer term after careful consideration.
As for my ex-IBM colleagues, the last I checked they were still talking to me, taking my calls and answering my emails. In fact, I know some of them subscribe to this blog (hi guys!). But if any of their existing customers read my previous post (or even this one), they may be getting some irate phone calls asking what IBM is going to do to help them upgrade painlessly and possibly getting yelled at for selling them a product that is essentially about to be "decommissioned" by IBM.
Sorry guys. I'm just telling it like it is ;-)
Nishant Kaushik, Oracle's Architect for Identity Management Products gives his views on the whole thing including cheekily quoting me. I know it's all in good fun, so I'll respond in the same spirit...although I should ask if they've given him a new role as a member of the sales team? :-) Yes yes I know, the people in the product management/architecture team are evangelists by default, so they have a responsibility to help sell/evangelise their products.
He pinpoints my comments that the upgrade from IBM Tivoli Access Manager for Enterprise Single Sign-On (ITAM ESSO) 6.0 (the current version and OEM of Passlogix v-GO) to version 7.0 (the "blue-rinsed" version of Encentuate) is a "rip and replace". He suggests (tongue in cheek) that instead of going through the pain of upgrading to ITAM ESSO 7.0, customers should "upgrade" to Oracle's OEM version of Passlogix v-GO, the Oracle Enterprise Single Sign-On suite, because it'll be much easier moving forward and...
"could save many an enterprise many a headache."
While that's true in theory, customers could also go the direct route to Passlogix and just upgrade to the next version of v-GO. It's the same product with a different skin. I'm not saying I have a preference for Passlogix over Oracle. I'm just saying you have a choice.
Before you go rushing off and telling IBM where to shove their Encentuate product, the first question you need to ask yourself is, "do I have any other IBM Tivoli security products deployed?" In most cases, the answer will be "yes". If you do, the smart thing to do is to stay calm. Because if you have already invested in other IBM Tivoli security products, it's going to cost you a heck of a lot more to "upgrade" them to Oracle's versions. A "rip and replace" of your core Identity and/or Access Management infrastructure is going to be 1,000,000 times more painful than a "rip and replace" of your ESSO solution. If you only have ITAM ESSO, then maybe you can consider the "upgrade" to Oracle or Passlogix because you aren't as heavily invested in the IBM Tivoli technology. But I know IBM, and I know they will do their utmost to ensure they don't lose their valued customer base...especially over something like a strategic acquisition. I just hope IBM understands the position they have put their existing ITAM ESSO customers in by acquiring Encentuate and do everything possible to minimise the pain (IBM, please don't say "eliminate the pain" because that would just be lying, aka marketing).
Here's more food for thought, especially if ITAM ESSO is the only thing you have implemented from IBM Tivoli. If you "upgrade" from ITAM ESSO to
So there's the choices as I see them. As a customer, you are actually sitting in a position of power at the moment. You just have to wear the pain of the potential "rip and replace" from ITAM ESSO 6.0 to whatever you choose as the "upgrade". IBM will be nice to you because they want you to upgrade to version 7.0. Oracle and Passlogix (I shouldn't count Sun, BMC, RSA or any other company Passlogix has "gotten under the sheets with" out of the equation here) will want to displace IBM from your environment. Just work out what's best for your organisation in the longer term after careful consideration.
As for my ex-IBM colleagues, the last I checked they were still talking to me, taking my calls and answering my emails. In fact, I know some of them subscribe to this blog (hi guys!). But if any of their existing customers read my previous post (or even this one), they may be getting some irate phone calls asking what IBM is going to do to help them upgrade painlessly and possibly getting yelled at for selling them a product that is essentially about to be "decommissioned" by IBM.
Sorry guys. I'm just telling it like it is ;-)
Friday, March 14, 2008
A bit more on the IBM acquisition of Encentuate
My previous post talked about the IBM acquisition of Encentuate. After writing it, I realised that I hadn't come across Encentuate's technology in the past apart from reading about them in news stories and being given awards. At least nothing I would call "quantifiable experience". So I did some digging and read some data sheets and whitepapers. I also had a look around the web to see what else was out there. Most of the things I found were people and news publications re-publishing the press release word for word or paraphrasing slightly with a couple of exceptions.
Information week has a nice article written by Charles Babcock that says a little bit more and makes a very good point. It points out that a large number of Encentuate's customers include organisations from the health care industry, an area where IBM Tivoli security has not had a good track record. I know this to be a fact. I rarely ever saw customers in the heath care industry during my IBM tenure and IBM Tivoli security worldwide has very few customer references in this area. Traditionally, IBM Tivoli's customers have been financial institutions and government organisations. Bringing Encentuate into the Tivoli family gives them a foot in the door to quite a number of heath care organisations that would otherwise have gone and bought an IBM competitive product.
John Fontana over at Network World also chimed in and mentioned that "IBM said Version 7.0 of its Tivoli Access Manager Enterprise Single Sign-On, which is expected to ship this fall, will be the first IBM-branded incarnation of Encentuate Single Sign-on." I alluded to this in my previous post, so it's nice to see IBM confirming it.
I also came across Gartner's good old Magic Quadrant for Enterprise Single Sign-On, 2007 which I believe is the most recent one (I didn't know they made their more recent reports freely available, but that's not the main point here). After looking at where both Passlogix and Encentuate were in the Magic Quadrant, I went straight to the section where Gartner addresses the strengths and weaknesses (they call this "Cautions") of each Vendor.
Here's what they say about Passlogix:
Here's what they say about Encentuate:
The first thing I noticed was that I had forgotten about Passlogix's OEM relationship with RSA. This, in addition to the agreements with Citrix, IBM and Oracle further solidify the view that it's part of Passlogix's strategy to find as many channels as possible without worrying about the other partners they might annoy along the way, no matter how large they may be (Citrix, RSA, IBM and Oracle are certainly not lightweights).
The second thing was that Gartner seems to think Encentuate is a good product, their drawbacks being the number (or lack) of deployed customer references (which Passlogix has a lot of) and sales challenges. Assuming you believe Gartner (and sometimes people can be a little skeptical of the analysts, even Gartner), then I dare say the acquisition by IBM solves the "cautions" presented by Gartner about Encentuate. Gartner will now have to find other "cautions", but it looks like they will have to put IBM in the leaders quadrant for Enterprise Single Sign-On pretty soon.
UPDATE: I just found what Gartner has to say about the acquisition. They released it 2 days after I wrote about it, but for those that like to know what Gartner thinks you can read it here.
Information week has a nice article written by Charles Babcock that says a little bit more and makes a very good point. It points out that a large number of Encentuate's customers include organisations from the health care industry, an area where IBM Tivoli security has not had a good track record. I know this to be a fact. I rarely ever saw customers in the heath care industry during my IBM tenure and IBM Tivoli security worldwide has very few customer references in this area. Traditionally, IBM Tivoli's customers have been financial institutions and government organisations. Bringing Encentuate into the Tivoli family gives them a foot in the door to quite a number of heath care organisations that would otherwise have gone and bought an IBM competitive product.
John Fontana over at Network World also chimed in and mentioned that "IBM said Version 7.0 of its Tivoli Access Manager Enterprise Single Sign-On, which is expected to ship this fall, will be the first IBM-branded incarnation of Encentuate Single Sign-on." I alluded to this in my previous post, so it's nice to see IBM confirming it.
I also came across Gartner's good old Magic Quadrant for Enterprise Single Sign-On, 2007 which I believe is the most recent one (I didn't know they made their more recent reports freely available, but that's not the main point here). After looking at where both Passlogix and Encentuate were in the Magic Quadrant, I went straight to the section where Gartner addresses the strengths and weaknesses (they call this "Cautions") of each Vendor.
Here's what they say about Passlogix:
StrengthsCautions
- Passlogix greatly leveraged its reseller relationships with IBM and Oracle this past year. It also made a deal with RSA to gain RSA Sign-On Manager customers. (Sign-On Manager was a modified OEM version of Passlogix v-GO.) Through this deal, Passlogix also obtained a tighter, more-streamlined integration of RSA SecurID to v-GO implementations.
- Passlogix has a number of very large implementations, some with more than 100,000 users, and this year it added HSBC, one of the world's largest banking and financial services organizations.
- v-GO's architecture is two-tiered, with credentials capable of being stored in a variety of back-end directories. Redundancy is predicated on the customer's directory implementation. Passlogix's sign-on automation is wizard- and parameter-based, so no scripts are used. Clients report that most applications can be integrated easily out of the box.
- Stronger authentication support is good and is implemented using Passlogix's add-on Authentication Manager product.
- Good, shared-workstation support comes with the add-on Session Manager product. Passlogix supports integration with various provisioning products using its add-on Provisioning Manager. It also provides an SSPR tool focused on the network password used for primary authentication for ESSO.
- Passlogix's internal support staff is relatively small, as compared with other larger vendors and given its growing customer base. Passlogix must leverage its resellers to provide support while still providing responsive code patch/fix support as problems are uncovered.
- Reporting and auditing capabilities are provided through third-party tools.
- Passlogix's standard pricing is one of the highest in this arena, when adding SSPR, stronger authentication support, and shared-workstation and provisioning support to the base-product purchase.
- Some target systems can be difficult to integrate and will require additional time.
Here's what they say about Encentuate:
StrengthsCautions
- Encentuate was founded in 2001 and is currently an ESSO pure-play vendor. Overall, Encentuate has a very good product set that customers like and a high rate of out-of-the-box integration with target systems.
- Encentuate is the only vendor to provide access to all types of applications through a Web browser and without requiring the SSO client to be implemented on the workstation. The use of a virtual private network client is recommended for remote access from outside the network.
- The Encentuate product set integrates with a good set of stronger authentication options and includes a unique product called iTag. This is a passive proximity/radio frequency ID reader with a tag that can be affixed to anything the user carries (often a physical ID or physical access control badge) and can be used as a form of authentication for the ESSO tool.
- Encentuate's ESSO product set has excellent shared-workstation support and the ability to provide each user with a private desktop — not just the sharing of applications with a common desktop — as other vendors do.
- Encentuate's price-for-value proposition is very good, providing shared-workstation support, SSPR and stronger authentication integration for a lower price than most competitors.
- Encentuate's main challenge is to gain market share more aggressively. Management changes in 2006 left Encentuate to trail similarly staffed competitors in sales growth.
- Encentuate must establish broader sales and integration partner channels to gain market share.
The first thing I noticed was that I had forgotten about Passlogix's OEM relationship with RSA. This, in addition to the agreements with Citrix, IBM and Oracle further solidify the view that it's part of Passlogix's strategy to find as many channels as possible without worrying about the other partners they might annoy along the way, no matter how large they may be (Citrix, RSA, IBM and Oracle are certainly not lightweights).
The second thing was that Gartner seems to think Encentuate is a good product, their drawbacks being the number (or lack) of deployed customer references (which Passlogix has a lot of) and sales challenges. Assuming you believe Gartner (and sometimes people can be a little skeptical of the analysts, even Gartner), then I dare say the acquisition by IBM solves the "cautions" presented by Gartner about Encentuate. Gartner will now have to find other "cautions", but it looks like they will have to put IBM in the leaders quadrant for Enterprise Single Sign-On pretty soon.
UPDATE: I just found what Gartner has to say about the acquisition. They released it 2 days after I wrote about it, but for those that like to know what Gartner thinks you can read it here.
Thursday, March 13, 2008
IBM acquires Encentuate - did they just dump Passlogix?
My former employer (IBM) is at it again. They've made another acquisition to add to their IBM Tivoli Security suite. This time they've acquired Encentuate, which provides an Enterprise Single Sign On (ESSO) solution in conjunction with strong (and multi-factor) authentication capabilities. They also added to the whole story by announcing the "forming of the IBM Security Software Laboratory in Singapore", which to the innocent bystander sounds like IBM are investing in Singapore and also expanding its "research" operations. In reality, it's "IBM speak" for "we just bought a company that had a bunch of developers based in Singapore and we are turning those offices into another 'lab' that we can add to our list of software labs around the world". The whole lab thing is not the point here. I just thought I'd decode that part of the press release for the non-IBM alumni out there.
So who are the ones most affected by this acquisition?
Halfway through 2006 (not long after the agreement with IBM), Passlogix announced the same thing with Oracle, one of IBM's major competitors in the Enterprise Identity and Access Management space. You don't need to be a genius to work out that IBM Tivoli's management team were not amused.
Passlogix actually also have an OEM agreement with Citrix for use in their solution, although I should point out that this preceded the IBM agreement and only uses sub-components of the v-GO product suite (so I've been told by some of the Passlogix guys). Consequently, the real thorn in IBM's side was the agreement with Oracle.
In other words, Passlogix shot themselves in the foot by hedging their bets with both IBM and Oracle. Sooner or later, one of these 2 giants of the software industry was going to toss Passlogix out the door like a rag doll...although still with a thin thread attached. I don't know why Passlogix didn't see it coming. Let me explain the thin thread analogy.
IBM now finds themselves with an ITAM ESSO product that is essentially a competitor to Encentuate, which they have just bought. They have also sold ITAM ESSO to many customers in the world (if I was involved in selling you this thing, I apologise profusely - I had no idea). Being IBM and with a reputation to uphold, they will still have to support it for customers that have bought it. In parallel, they are going to have to "blue rinse" Encentuate and out of the colouring process will emerge ITAM ESSO! In other words, the next version of ITAM ESSO will be the "blue rinsed" version of Encentuate. What will marketing do with this? Here's my guess:
Apart from existing ITAM ESSO customers, Passlogix is the other obvious loser. IBM will need to keep its relationship with Passlogix because they still need to support version 6.0 and Passlogix are ultimately the "development team" in this instance. This arrangement will only last as long as customers are on version 6.0 or when IBM decide to stop supporting version 6.0. From memory, upon release of a new version, IBM will officially support the n-1 version for 2 years starting from the date of release of the new version. I don't know if the policy has changed, but if it hasn't this means that the IBM and Passlogix relationship will only last for a further 2 years starting from the release date of ITAM ESSO 7.0.
I can only imagine that Passlogix is suddenly being extra nice to Oracle because it looks like they have just lost IBM as a potential suitor to sell to. It also means they cannot rely on pushing the acquisition price up by hoping that IBM and Oracle start a bidding war. At this point in time, Passlogix have 1 suitor. Oracle. IBM has found something "better" and as a bonus, they just added strong authentication to their kit bag!
UPDATE 1: I just read the Burton Group's reaction to the acquisition and it reminded me that Sun also has a partnership with Passlogix. It's not an OEM one to the best of my knowledge, but Sun could perhaps be a suitor for Passlogix. I still think Oracle's the more likely option however, as Sun has hedged their bets as well because of their partnership with ActivIdentity (one of Passlogix's major competitors).
UPDATE 2: Chris (I don't know his full name because he doesn't publish it) just left me a comment in response to this post to point out that BMC are also a Passlogix v-GO reseller. I actually went back to take a look at Passlogix's list of non-OEM partners and true enough, BMC is on there. If you look down the list, you might also notice that Novell is listed. I don't know if it's a reseller agreement or just a technology integration certification/partnership, but Passlogix are sure hedging their bets even more than I initially thought. I still believe that Oracle are the number 1 suitor and the vendor most likely to acquire Passlogix, but at least having all these partnerships gives Passlogix options if things don't go well with Oracle.
So who are the ones most affected by this acquisition?
- Any customer who has bought and implemented IBM Tivoli Access Manager for Enterprise Single Sign-On (ITAM ESSO).
- Passlogix.
Halfway through 2006 (not long after the agreement with IBM), Passlogix announced the same thing with Oracle, one of IBM's major competitors in the Enterprise Identity and Access Management space. You don't need to be a genius to work out that IBM Tivoli's management team were not amused.
Passlogix actually also have an OEM agreement with Citrix for use in their solution, although I should point out that this preceded the IBM agreement and only uses sub-components of the v-GO product suite (so I've been told by some of the Passlogix guys). Consequently, the real thorn in IBM's side was the agreement with Oracle.
In other words, Passlogix shot themselves in the foot by hedging their bets with both IBM and Oracle. Sooner or later, one of these 2 giants of the software industry was going to toss Passlogix out the door like a rag doll...although still with a thin thread attached. I don't know why Passlogix didn't see it coming. Let me explain the thin thread analogy.
IBM now finds themselves with an ITAM ESSO product that is essentially a competitor to Encentuate, which they have just bought. They have also sold ITAM ESSO to many customers in the world (if I was involved in selling you this thing, I apologise profusely - I had no idea). Being IBM and with a reputation to uphold, they will still have to support it for customers that have bought it. In parallel, they are going to have to "blue rinse" Encentuate and out of the colouring process will emerge ITAM ESSO! In other words, the next version of ITAM ESSO will be the "blue rinsed" version of Encentuate. What will marketing do with this? Here's my guess:
- Announce (probably informally - essentially just "socialising" the news to existing customers through the sales teams) an impending upgrade to ITAM ESSO 6.0 (Passlogix v-GO).
- "Blue rinse" Encentuate.
- Announce the release of ITAM ESSO 7.0 with new, major functionality including strong and multi-factor authentication, remote single sign on and additional logging and auditing which is integrated with IBM Tivoli Compliance Insight Manager (actually, this last bit will probably be released in version 7.1 because IBM product management will just want to get core 7.0 out the door ASAP).
Apart from existing ITAM ESSO customers, Passlogix is the other obvious loser. IBM will need to keep its relationship with Passlogix because they still need to support version 6.0 and Passlogix are ultimately the "development team" in this instance. This arrangement will only last as long as customers are on version 6.0 or when IBM decide to stop supporting version 6.0. From memory, upon release of a new version, IBM will officially support the n-1 version for 2 years starting from the date of release of the new version. I don't know if the policy has changed, but if it hasn't this means that the IBM and Passlogix relationship will only last for a further 2 years starting from the release date of ITAM ESSO 7.0.
I can only imagine that Passlogix is suddenly being extra nice to Oracle because it looks like they have just lost IBM as a potential suitor to sell to. It also means they cannot rely on pushing the acquisition price up by hoping that IBM and Oracle start a bidding war. At this point in time, Passlogix have 1 suitor. Oracle. IBM has found something "better" and as a bonus, they just added strong authentication to their kit bag!
UPDATE 1: I just read the Burton Group's reaction to the acquisition and it reminded me that Sun also has a partnership with Passlogix. It's not an OEM one to the best of my knowledge, but Sun could perhaps be a suitor for Passlogix. I still think Oracle's the more likely option however, as Sun has hedged their bets as well because of their partnership with ActivIdentity (one of Passlogix's major competitors).
UPDATE 2: Chris (I don't know his full name because he doesn't publish it) just left me a comment in response to this post to point out that BMC are also a Passlogix v-GO reseller. I actually went back to take a look at Passlogix's list of non-OEM partners and true enough, BMC is on there. If you look down the list, you might also notice that Novell is listed. I don't know if it's a reseller agreement or just a technology integration certification/partnership, but Passlogix are sure hedging their bets even more than I initially thought. I still believe that Oracle are the number 1 suitor and the vendor most likely to acquire Passlogix, but at least having all these partnerships gives Passlogix options if things don't go well with Oracle.
Subscribe to:
Posts (Atom)