New Strategies Needed to Ensure Simpler, More Efficient Data Protection for Complex Enterprise Environments

Transcript of a BriefingsDirect podcast on new solutions to solve the growing need for more reliable and less cumbersome data backups, despite increasingly data-intensive environments.

Listen to the podcast. Find it on iTunes. Download the transcript. Sponsor: Quest Software.

Dana Gardner: Hi, this is Dana Gardner, Principal Analyst at Interarbor Solutions, and you're listening to BriefingsDirect.

Dana Gardner

Today, we present a sponsored podcast discussion on enterprise backup, why it’s broken, and how to fix it. We'll examine some major areas where the backup of enterprise information and data protection are fragmented, complex, and inefficient. And then, we'll delve into some new approaches that help simplify the data-protection process, keep costs in check, and improve recovery confidence.

Here to share insights on how data protection became such a mess and how new techniques are being adopted to gain comprehensive and standard control over the data lifecycle is John Maxwell, Vice President of Product Management for Data Protection at Quest Software, now part of Dell. [Disclosure: Quest Software is a sponsor of BriefingsDirect podcasts.]

Welcome back to the show, John.

John Maxwell: Hey, Dana. It’s great to be here.

Gardner: We're also here with George Crump, Founder and Lead Analyst at Storage Switzerland, an analyst firm focused on the storage market. Welcome, George.

George Crump: Thanks for having me.

Gardner: John, let’s start with you. How did we get here? Why has something seemingly as straightforward as backup become so fragmented and disorganized?

Maxwell: Dana, I think it’s a perfect storm, to use an overused cliché. If you look back 20 years ago, we had heterogeneous environments, but they were much simpler. There were NetWare and UNIX, and there was this new thing called Windows. Virtualization didn’t even really exist. We backed up data to tape, and a lot of data was in terabytes, not petabytes.

Flash forward to 2012, and there’s more heterogeneity than ever. You have stalwart databases like Microsoft SQL Server and Oracle, but then you have new apps being built on MySQL. You now have virtualization, and, in fact, we're at the point this year where we're surpassing the 50 percent mark on the number of servers worldwide that are virtualized.

John Maxwell

Now we're even starting to see people running multiple hypervisors, so it’s not even just one virtualization platform anymore, either. So the environment has gotten bigger, much bigger than we ever thought it could or would. We have numerous customers today that have data measured in petabytes, and we have a lot more applications to deal with.

And last, but not least, we now have more data that’s deemed mission critical, and by mission critical, I mean data that has to be recovered in less than an hour. Surveys 10 years ago showed that in a typical IT environment, 10 percent of the data was mission critical. Today, surveys show that it’s 50 percent and more.

Gardner: George, did John leave anything out? From your perspective, why is it different now?

Crump: A couple of things. I would dovetail into what he just mentioned about mission criticality. There are definitely more platforms, and that’s a challenge, but the expectation of the user is just higher. The term I use for it is IT is getting "Facebooked."

High expectations

I've had many IT guys say to me, "One of the common responses I get from my users is, 'My Facebook account is never down.'" So there is this really high expectation on availability, returning data, and things of that nature that probably isn’t really fair, but it’s reality.

One of the reasons that more data is getting classified as mission critical is just that the expectation that everything will be around forever is much higher.

George Crump

The other thing that we forget sometimes is that the backup process, especially a network backup, probably unlike any other, stresses every single component in the infrastructure. You're pulling data off of a local storage device on a server, it’s going through that server CPU and memory, it’s going down a network card, down a network cable, to a switch, to another card, into some sort of storage device, be it disk or tape.

So there are 15 things that happen in a backup and all 15 things have to go flawlessly. If one thing is broken, the backup fails, and, of course, it’s the IT guy’s fault. It’s just a complex environment, and I don’t know of another process that pushes on all aspects of the environment in one fell swoop like backup does.

Gardner: So the stakes are higher, the expectations are higher, the scale and volume and heterogeneity are all increased. What does this mean, John, for those that are tasked with managing this, or trying to get a handle on it as a process, rather than a technology-by-technology approach, really looking at this at that life cycle? Has this now gone from being a technical problem to a management or process problem?

Maxwell: It's both, because there are two issues here. One, you expect today's storage administrator, or sysadmin, to be a database administrator (DBA), a VMware administrator, a UNIX sysadmin, and a Windows admin. That’s a lot of responsibility, but that’s the fact.

A lot of people think that they are going to have as deep level of knowledge on how to recover a Windows server as they would an Oracle database. That’s just not the case, and it's the same thing from a product perspective, from a technology perspective.

Is there really such thing as a backup product, the Swiss Army knife, that does the best of everything? Probably not.

Is there really such thing as a backup product, the Swiss Army knife, that does the best of everything? Probably not, because being the best of everything means different things to different accounts. It means one thing for the small to medium-size business (SMB), and it could mean something altogether different for the enterprise.

We've now gotten into a situation where we have the typical IT environment using multiple backup products that, in most cases, have nothing in common. They have a lot of hands in the pot trying to manage data protection and restore data, and it has become a tangled mess.

Gardner: Before we dive a little bit deeper into some of these major areas, I'd like to just visit another issue that’s very top of mind for many organizations, and that’s security, compliance, and business continuity types of issues, risk mitigation issues. George Crump, how important is that to consider, when you look at taking more of a comprehensive or a holistic view of this backup and data-protection issue?

Disclosure laws

Crump: It's a really critical issue, and there are two ramifications. Probably the one that strikes fear in the heart of every CEO on the planet is all the disclosure laws that exist now that say that, when you lose a customer’s data, you have to let him know. Unfortunately, probably the only effective way to do that is to let everybody know.

I'm sure everybody listening to this podcast has gotten more than one letter already this year saying their Social Security number has been exposed, things like that. I can think of three or four I've already gotten this year.

So there is the downside of legally having to admit you made a mistake, and then there is the legal requirements of retaining information in case of a lawsuit. The traditional thing was that if I got a discovery motion filed against me, I needed to be able to pull this information back, and that was one motivator. But the bigger motivator is having to disclose that we did lose data.

And there's a new one coming in. We're hearing about big data, analytics, and things like that. All of that is based on being able to access old information in some form, pull it back from something, and be able to analyze it.

That is leading many, many organizations to not delete anything. If you don't delete anything, how do you store it? A disk-only type of solution forever, as an example, is a pretty expensive solution. I know disk has gotten a lot cheaper, but forever, that’s a really long time to keep the lights on, so to speak.

We need to step back, take inventory of what we've got, and choose the right solution to solve the problem at hand, whether you're an SMB or an enterprise.

Gardner: Let's look at this a bit more from the problem-solution perspective. John, you've gotten a little bit into this notion that we have multiple platforms, we have operating systems, hypervisors, application types, even appliances. What's the problem here and how do we start to develop a solution approach to it?

Maxwell: The problem is we need to step back, take inventory of what we've got, and choose the right solution to solve the problem at hand, whether you're an SMB or an enterprise.

But the biggest thing we have to address is, with the amount and complexity of the data, how can we make sysadmins, storage administrators, and DBAs productive, and how can we get them all on the same page? Why do each one of these roles in IT have to use different products?

George and I were talking earlier. One of the things that he brought up was that in a lot of companies, data is getting backed up over and over by the DBA, the VMware administrator, and the storage administrator, which is really inefficient. We have to look at a holistic approach, and that may not be one-size-fits-all. It may be choosing the right solutions, yet providing a centered means for administration, reporting, monitoring, etc.

Gardner: George, you've been around for a while in this business, as have I, and there is a little bit of a déjà vu here, where we're bringing a system-of-record approach to a set of disparate technologies that were, at one time, best of breed and necessary, but are increasingly part of a more solution or process benefit.

So we understand the maturation process, but is there anything different and specific about backup that makes this even harder to move from that point solution, best of breed mentality, into more of a comprehensive process standardization approach?

Demands and requirements

Crump: It really ties into what John said. Every line of business is going to have its own demands and requirements. To expect not even a backup administrator, but an Oracle administrator that’s managing an Oracle database for a line of business, to understand the nuances of that business and how they want to keep things is a lot to ask.

To tie into what John said, when backup is broken, the default survival mechanism is to throw everything out, buy the latest enterprise solution, put the stake in the ground, and force everybody to centralize on that one item. That works to a degree, but in every project we've been involved with, there are always three or four exceptions. That means it really didn’t work. You didn't really centralize.

Then there are covert operations of backups happening, where people are backing up data and not telling anybody, because they still don't trust the enterprise application. Eventually, something new comes out. The most immediate example is virtualization, which spawned the birth of several different virtualized specific applications. So bringing all that back in again becomes very difficult.

I agree with John. What you need to do is give the users the tools they want. Users are too sophisticated now for you to say, "This is where we are going to back it up and you've got to live with it." They're just not going to put up with that anymore. It won't work.

So give them the tools that they want. Centralize the process, but not the actual software. I think that's really the way to go.

Gardner: So we recognize that one size fits all probably isn’t going to apply here. We're going to have multiple point solutions. That means integration at some level or multiple levels. That brings us to our next major topic. How do we integrate well without compounding the complexity and the problems set? John?

We’re keenly interested in leveraging those technologies for the DBAs and sysadmins in ways that make their lives easier and make sure they are more productive.

Maxwell: We've been working on this now for almost two years here at Quest, and now at Dell, and we are launching in November, something called NetVault XA. “XA” stands for Extended Architecture. We have a portfolio of very rich products that span the SMBs and the enterprise, with focus on virtual backup, heterogeneous backup, instantaneous snapshots and deep application recovery, and we’re keenly interested in leveraging those technologies for the DBAs and sysadmins in ways that make their lives easier and make sure they are more productive.

NetVault XA solves some really big issues. First of all, it unifies the user experience across products, and by user, I mean the sysadmin, the DBA, and the storage administrator, across products. The initial release of NetVault XA will support both our vRanger and NetVault Backup, as well as our NetVault SmartDisk product, and next year, we'll be adding even more of our products under NetVault XA as well.

So now we've provided a common means of administration. We have one UI. You don’t have to learn something different. Everyone can work on the same product, yet based on your login ID, you will have access to different things, whether it's data or capabilities, such as restoring an Oracle or SQL Server database, or restoring a virtual machine (VM).

That's a common UI. A lot of vendors right now have a lot of solutions, but they look like they're from three, four, or five different companies. We want to provide a singular user experience, but that's just really the icing on the cake with NetVault XA.

If we go down a little deeper into NetVault XA, once it’s is installed, learning alongside vRanger, NetVault, or both, it's going to self identify that vRanger or NetVault environment, and it's going to allow you to manage it the way that you have already set about from that ability.

New approach

We're really delivering a new approach here, one we think is going to be unique in the industry. That's the ability to logically group data and applications within lines of business.

You gave an example earlier of Oracle. Oracle is not an application. Oracle is a platform for applications, and sometimes applications span databases, file systems, and multiple servers. You need to be looking at that from a holistic level, meaning what makes up application A, what makes up application B, C, D, etc.?

Then, what are the service levels for those applications? How mission critical are they? Are they in that 50 percent of data that we've seen from surveys, or are they data that we restored from a week ago? It wouldn’t matter, but then, again, it's having one tool that everyone can use. So you now have a whole different user experience and you're taking up a whole different approach to data protection.

Gardner: This is really interesting. I've seen a demo of this and I was very impressed. One of the things that jumped out at me was the fact that you're not just throwing a GUI overlay on a variety of products and calling it integration.

There really seems to be a drilling down into these technologies and surfacing information to such a degree that it strikes me as similar to what IT service management (ITSM) did for managing IT systems at a higher level. We're now bringing that to a discrete portion backup and recovery. Does that sound about right, George, or did I overstate it?

We're really delivering a new approach here, one we think is going to be unique in the industry. That's the ability to logically group data and applications within lines of business.

Crump: No, that's dead-on. The benefits of that type of architecture are going to be substantial. Imagine if you are the vRanger programmer, when all this started. Instead of having to write half of the backend, you could just plug into a framework that already existed and then focus most of your attention on the particular application or environment that you are going to protect.

You can be releasing the equivalent of vRanger 6 on vRanger 1, because you wouldn’t have to go write this backend that already existed. Also, if you think about it, you end up with a much more reliable software product, because now you're building on a library class that will have been well tested and proven.

Say you want to implement deduplication in a new version of the product or a new product. Instead of having to rewrite your own deduplication engine, just leverage the engine that's already there.

Gardner: John, it sounds a little bit like we're getting the best of both worlds, that is to say the ability to support a lot of point solutions, allowing the tools that the particular overseer of that technology wants to use, but bringing this now into the realm of policy.

It's something you can apply rules to, that you can bring into concert with other IT management approaches or tasks, and then gain better visibility into what is actually going on and then tweak. So amplify for me why this is standardization, but not at the cost of losing that Swiss Army knife approach to the right tool for the right problem?

One common means

Maxwell: First of all, by having one common means, whether you're a DBA, a sysadmin, a VMware administrator, or a storage administrator, this way you are all on the same page. You can have people all buying into one way of doing things, so we don't have this data being backed up two or three times.

But the other thing that you get, and this is a big issue now, is protecting multiple sites. When we talk about multiple sites, people sometimes say, "You mean multiple data centers. What about all those remote office branch offices?" That right now is a big issue that we see customers running into.

The beauty of NetVault XA is I can now have various solutions implemented, whether it's vRanger running remotely or NetVault in a branch office, and I can be managing it. I can manage all aspects of it to make sure that those backups are running properly, or make sure replication is working properly. It could be halfway around the country or halfway around the world, and this way we have consistency.

Speaking of reporting, as you said earlier, what about a dashboard for management? One of our early users of NetVault XA is a large multinational company with 18 data centers and 250,000 servers. They have had to dedicate people to write service-level reports for their backups. Now, with NetVault XA, they can literally give their IT management, meaning their CIO and their CTOs, login IDs to NetVault XA, and they can see a dashboard that’s been color coded.

It can say, "Well, everything is green, so everything is protected," whether it's the Linux servers, Oracle databases, Exchange email, whatever the case. So by being able to reduce that level of complexity into a single pane of glass -- I know it's a cliché, but it really is -- it's really very powerful for large organizations and small.

I can manage all aspects of it to make sure that those backups are running properly, or make sure replication is working properly.

Even if you have two or three locations and you're only 500 employees, wouldn’t it be nice to have the ability to look at your backups, your replicas, and your snapshots, whether they're in the data center or in branch offices, and whether you're a sysadmin, DBA, storage administrator, to be using one common interface and one common set of rules to all basically all get on the same plane?

Gardner: Let's revisit the issue that George was talking about, eDiscovery, making sure that nothing falls through the cracks, because with Murphy’s Law rampant, that's going to be the thing that somebody is going to do eDiscovery on. It seems to me you're gaining some confidence, some sense of guarantees, that whatever service-level agreements (SLAs) and compliance regulatory issues are there, you can start to check these off and gain some automated assurance.

Help me better understand John why the NetVault XA has, for lack of a better word, some sort of a confidence benefit to it?

Maxwell: Well, the thing is that not only have we built things into NetVault XA, where it's going to do auto discovery of how you have vRanger and NetVault set up and other products down the road, but it's going to give you some visibility into your environment, like how many VMs are out there? Are all those VMs getting protected?

I was just at VMworld Barcelona a couple of weeks ago, and VMware has made it incredibly simple now to provision VMs and the associated storage. You've got people powering up and powering down VMs at will. How do you know that you're protecting them?

Dispersed operations

Also at an event this week in Europe, I ran into a user in an emerging country in Eastern Europe, and they have over 1,000 servers, most of which are not being protected. It's a very dispersed operation, and people can implement servers here and there, and they don't know what half the stuff is.

So it's having a means to take an inventory and ensure that the servers are being maintained, that everything is being protected, because next to your employees, your data is the most important asset that you have.

Data is everywhere now. It’s in mobile devices. It certainly could be in cloud-based apps. That's one of the things that we didn’t talk about. At Quest we use seven software-as-a-service (SaaS)-based applications, meaning they're big parts, whether it's Salesforce.com or our helpdesk systems, or even Office 365. This is mission-critical corporate data that doesn’t run in our own data center. How am I protecting that? Am I even cognizant of it?

The cloud has made things even more interesting, just as virtualization has made it more interesting over the past couple of years. With NetVault XA, we give you that one single pane of glass with which you can report, analyze, and manage all of your data.

Gardner: Do we have any instances where we have had users, beta customers perhaps, putting this to use, and do we have any metrics of success? What are they getting from it? It's great to have confidence, it's great to have a single view, but are they reducing expenses? Do they have a real measurement of how their complexity has been reduced? What are the tangibles, John?

Now, this person can focus on ensuring that operating systems are maintained, working with end users.

Maxwell: Well, one of the tangibles is the example of the customer that has 18 data centers, because they have a finite-sized group that manage the backups. That team is not going to grow. So if they have to have two or three people in that team just working on writing reports, going out and looking manually at data, and creating their own custom reports, that's not a good use of their time.

Now, those people can do things that they should be doing, which is going out and making sure that data is being protected, going out and testing disaster recovery (DR) plans, and so forth. Some people were tasked with jobs that aren’t very much fun, and that’s now all been automated.

Now they can get down to brass tacks, which is ensuring that, for an enterprise with a quarter million servers, everything is protected and it's protected the way that people think they are going to be protected, meaning the service levels they have in place can be met.

We also have to remember that NetVault XA brings many benefits to our Ranger customer base as well. We have accounts with maybe one home office and maybe two or three remote labs or remote sales offices. We've talked to a couple of vRanger customers who now implement vRanger remotely. In these shops, there is no storage administrator. It's the sysadmin, the VMware administrator, or the Windows administrator. So they didn’t have the luxury like the big accounts to have people do that.

Now, this person can focus on ensuring that operating systems are maintained, working with end users. A lot of the tasks they were previously forced to do took up a lot of their time. Now, with NetVault XA, they can very quickly look at everything, give that health check that everything is okay, and control multiple locations of vRanger from one central console.

Mobile devices

Gardner: Just to be clear John, this console is something you can view as a web interface, and I'm assuming therefore also through mobile devices. I'm going to guess that at some point, there will perhaps be even a more native application for some of the prominent mobile platforms.

Maxwell: It’s funny that you mentioned that. This is an HTML5-based application. So it's very new, very fresh, and very graphical. If you look at the UI, it was designed with tablets and laptops in mind. It's gotten to where you can do controls with your thumbs, assuming you're running this on a tablet.

In-house, and with early support customers, you can log into this remotely via laptops, or tablet computing. We even have some people using them on mobile phones, even though we're not quite there yet. I'm talking about the form factor of how the screens light up, but we will definitely be going that way. So a sysadmin or storage administrator can have at their fingertips the status of what’s going on in the data-protection environment.

What's nice is because this is a thin client, a web UI, you can define user IDs not only for the sysadmins and DBAs and storage administrators, but like I said earlier, IT management.

So if your boss, or your boss’ boss, wants to dial in and see the health of things, how much data you’re protecting, how much data is being replicated, what data is being protected up in the cloud, which is on-prem, all of that sort of stuff, they can now have a dashboard approach to seeing it all. That’s going to make everyone more productive, and it's going to give them a better sense that this data is being protected, and they can sleep at night.

If you don’t have a way to manage and see all of your data protection assets, it's really just a lot of talk.

Gardner: George, we spoke earlier about these natural waves of maturation that have occurred throughout the history of IT. As you look at the landscape for data protection, backup, or storage, how impactful is this in that general maturation process? Is Quest, with its NetVault XA, taking a baby step here, or is this something that gets us a bit more into a fuller, mature outcome, when it comes to the process of data lifecycle?

Crump: Actually, it does two things. Number one, from the process perspective, it allows there to actually be a process. It's nice to talk about backup process and have a process for protection and a process to recover, but if you don’t have a way to manage and see all of your data protection assets, it's really just a lot of talk.

You can't run a process like we are talking about in today’s data center with virtualization and things like that off of an Excel spreadsheet. It's just not going to work. It's nowhere near dynamic enough. So number one, it enables the fact of having a conversation about process.

Number two, it brings flexibility. Because the only other way you could have had that conversation about process, as I said before, would be to throw everything out, pick one application, and suffer the consequences, which would be not ideal support for every single platform.

To sum it up, it's really an enabler to creating a real data-protection process or workflow.

Gardner: Okay. We're going to have to wrap it up pretty soon, but we've mentioned mobile access, and cloud. I wonder if there's anything else coming down the trend pike, if you will, that will make this even more important.

The economy

I come back to our economy. We're still not growing as fast as many people would like, and therefore companies are not just able to grow their top line. They have to look to increase their bottom line through efficiency and deduplication, finding redundancy, cutting down on storage, cutting down energy cost, simplifying, or centralizing data centers into a larger but more efficient and therefore fewer facilities, etc.

Is there anything here, and I will open this up to both John and George, that we can look to in the future that strikes some of these issues around efficiency and productivity, or perhaps there are other trends that will make having a process approach to a data lifecycle and backup and recovery even more important?

Maxwell: Dana, you hit on something that's really near and dear to my heart, which is data deduplication. We have a very broad strategy. We offer our own software-based dedupe. We support every major hardware based dedupe appliance out there, and we're now adding support for Dell’s DR Series, DR4000 dedupe appliances. But we're still very much committed to tape, and we're building initiatives based on storing data in the cloud and backing up, replicating, failover, and so forth.

One of the things that we built into NetVault XA that's separate from the policy management and online monitoring is that we now have historical data. This is going to give you the ability to do some capacity management and capacity planning and see what the utilization is.

How much storage are your backups taking? What's the most optimum number of generations? Where are you keeping that data? Is some data being kept too long? Is some data not being kept long enough?

For every ounce of flexibility, it feels like we have added two ounces of complexity, and it's something we just can't afford to deal with.

By offering a broad strategy that says we support a plethora of backup targets, whether it's tape, special-purpose backup appliances, software-based dedupe, or even the cloud, we're giving customers flexibility, because they have unique needs and they have different needs, based on service levels or budgets. We want to make them flexible, because, going back to our original discussion, one size doesn’t fit all.

Gardner: I think we can sum that up as just being more intelligent, being more empowered, and having the visibility into your data. Anything else, George, that we should consider as we think about the future, when it comes to these issues on backup and recovery and data integrity?

Crump: Just to tie in with what John said, we need flexibility that doesn’t add complexity. Almost everything we've done so far in the environment up to now, has added flexibility, but also, for every ounce of flexibility, it feels like we have added two ounces of complexity, and it's something we just can't afford to deal with. So that's really the key thing.

Looking forward, at least on the horizon, I don't see a big shift, something like virtualization that we need to be overly concerned with. What I do see is the virtual environment becoming more and more challenging, as we stack more and more VMs on it. The amount of I/O and the amount of data protection process that will surround every host is going to continue to increase. So the time is now to really get the bull by the horns and institute a process that will scale with the business long-term.

Gardner: Well, great. We've been enjoying a conversation, and you have been listening to a sponsored BriefingsDirect podcast on new approaches that help simplify the data-protection process and help keep cost in check, while also improving recovery confidence. We've seen how solving data protection complexity and availability can greatly help enterprises gain a comprehensive and standardized control approach to their data and that data’s lifecycle.

So I would like to thank our guests, John Maxwell, Vice President of Product Management for Data Protection at Quest. Thanks, John.

Maxwell: Thank you, Dana.

Gardner: And also George Crump, Lead Analyst at Storage Switzerland. Thank you, George.

Crump: Thanks for having me.

Gardner: This is Dana Gardner, Principal Analyst at Interarbor Solutions. Thanks to you, our audience, for listening, and do come back next time.

Listen to the podcast. Find it on iTunes. Download the transcript. Sponsor: Quest Software.

Transcript of a BriefingsDirect podcast on new solutions to solve the growing need for more reliable and less cumbersome data backups, despite increasingly data-intensive environments. Copyright Interarbor Solutions, LLC, 2005-2012. All rights reserved.

You may also be interested in: 

• For Dell’s Quest Software, BYOD puts users first -- and with IT’s blessing
• New Levels of Automation and Precision Needed to Optimize Backup and Recovery in Virtualized Environments
• Ocean Observatories Initiative: Cloud and Big Data come together to give scientists unprecedented access to essential climate insights
• Case Study: Strategic Approach to Disaster Recovery and Data Lifecycle Management Pays Off for Australia's SAI Global
• Columbia Sportswear extends deep server virtualization to improved ERP operations, disaster recovery efficiencies

For Dell’s Quest Software, BYOD Puts Users First and with IT’s Blessing

Transcript of a BriefingsDirect podcast on how Quest Software, a Dell company, leverages BYOD and VDI interanally to improve user productivity, application support, and security.

Listen to the podcast. Find it on iTunes. Download the transcript. Sponsor: Quest Software.

Dana Gardner: Hi, this is Dana Gardner, Principal Analyst at Interarbor Solutions, and you're listening to BriefingsDirect.

Dana Gardner

Today, we present a sponsored podcast discussion on the growing acceptance of bring your own device (BYOD) at enterprises. We will examine why the users’ personal use, ownership and maintenance of the computing and mobile devices of their choosing is making more sense for more organizations. We'll learn about how and why through the example of a company, Quest Software, that has begun supporting BYOD -- even with the full blessing of IT.

We'll see how this has had benefits far beyond just the users’ sense of empowerment, in terms of meaningful IT advancements in centralized applications, control and support, virtual desktop infrastructure (VDI) use, better disaster recovery (DR) practices, better data protection and more.

Here to share insights into how BYOD can work well at Quest Software, and even into their new corporate owner Dell, we are joined by Carol Fawcett, the CIO of Dell Software and the former long-term CIO of Quest Software. Welcome, Carol. [Disclosure: Quest Software is a sponsor of BriefingsDirect podcasts.]

Carol Fawcett: Thank you, Dana.

Gardner: Good to have you with us. I'm really intrigued with this BYOD thing. Just a year or two ago, people were saying, "What?" and scratching their heads, saying, "Are you kidding? You're going to let your users choose their device?" But as this has been put into place and some of the implications have been thought through, it seems to be an interesting possible benefit set.

So let me start with where you began. What were the challenges, or what were the forces or trends at work, too, that got you all at Dell Software involved with BYOD?

Fawcett: Great question, Dana. I don’t think that we actually started down the path of a BYOD project, because as many listening will know, this started years ago. We started a project where we said we wanted to enable our users to access applications and data on a select set of devices, which for us started with the obvious, the iPad. Then came the Android smartphones, and the list continued on.

Carol Fawcett

This list will continue to grow as time goes on and new devices are brought in. The good news is that there are product offerings now in the marketplace that are helping with that demand and helping IT departments everywhere.

So instead of looking at it as BYOD, it’s now turned into a BYO-x phenomena that the C-level started. And as everyone in an organization saw them bringing different devices into meetings, of course, they all wanted to jump on the bandwagon. Slowly but surely, the wave began, and that's how we got where we are today.

Gardner: This is interesting. There is a sort of direction from the user side, which is to say, they probably like the choice and they had some personal preferences, or they've been able to be more productive in their personal lives using certain technologies.

Then there has also been this direction from the enterprise, which is to say, they like the idea of centralizing, controlling apps and data. And then delivering those out to devices (like with VDI) can be a way of encouraging this control. It’s almost like a confluence of two forces -- VDI and BYOD -- that make a whole greater than the sum of the parts. And we don’t see that very often in IT.

Pull it together

Fawcett: It’s one where you have to pull the needs and the demands of an IT organization together with what the users want to go to, and that’s just what we're seeing out there everywhere in the industry. You definitely have to pull it together, try to satisfy the IT governance and the policies that we set up, and balance that against what the users are saying: "I have to have this in order to get my job done."

Gardner: As we learn more about how you've done this there, let’s also explain to our listeners that Dell recently acquired Quest Software, and you were at Quest before that. So tell me a little bit about how the confluence of these two companies also comes to bear on this issue of BYOD?

Fawcett: Absolutely. Let’s start with Quest Software. Where our sweet spot was, and still is, was that we are the IT management software provider that offers a broad selection of software solutions to simplify and solve the most common -- and most challenging -- IT problems for all areas of an IT environment -- from infrastructure, to applications, front-end to back-end, physical or virtual, or even out in the cloud, for that matter.

Dell was looking for a company whose tools could and would complement and expand their own software product offerings in the four strategic areas that they were focused on, which Quest obviously aligned with. Those were systems management, security, business intelligence (BI) and applications.

So you can really see why the partnership between Quest and Dell is such a great partnership and offers so much to the industry.

It's about individuals that are using different devices accessing a set of applications inside your data center or under your control.

Gardner: Let’s go back to how this came about and learn some lessons from your example, sort of a use case perspective, on BYOD use. If I were a CIO at another firm and I wanted to learn something from your experience about moving to the support of multiple devices, what’s something that you might offer in terms of what to think about early on, or some 20/20 hindsight insights that you have?

Fawcett: As you approach the subject you have to really level-set with the team that this is not about devices that an individual will want to use, but instead it's about individuals that are using different devices accessing a set of applications inside your data center or under your control.

This individual, obviously, should have only one set of access rights across all the environments, based on what that person's role is within the company. The different devices that they use should really be an afterthought. Regardless of the device, their access rights need to remain consistent.

If I'm on a desktop, a laptop, or I bring in a tablet, or if I'm using my phone to get email, it shouldn't matter. I should have that same, consistent UI and the same, consistent security rights to get where I need to go to do my job.

Don't get me wrong -- and we know this; we hear it at every conference we go to -- IT will struggle with the management of the many devices, no doubt. The only thing I can really suggest there is something we did.

Different devices

We took that gigantic list that's out there and we said, "Where are we going to offer different devices?" We're going to pick maybe 10 or 20 different devices, the most common ones that people are bringing in, to support going forward, with the hope that you will be able to satisfy about 80 percent of the employed population.

It does, however, all go to the user experience. You have to keep coming back to that, making sure they have the ability to get to the right data and the right applications, with the correct security rights for their job.

Gardner: It sounds as if some of the basic principles and benefits of VDI come to play here. That is to say, the provisioning, the control, the access management. So there is, I guess, a fortuitous intersection of where VDI was entering into more and more organizations -- particularly those that want to control for security or regulatory purposes or intellectual property (IP) control, that sort of thing -- with this idea of multiple devices, multiple panes of glass, full mobility.

Did that play a role there, too? Were you already going down a VDI track or trajectory and this helped you get to BYOD quicker and better?

Fawcett: We started down the VDI path. In fact, many companies did years ago, when we started to do more with offshore resources. We wanted to have offshore resources, we wanted to give them desktops, but we wanted to make sure they were secure. That was the first introduction of where VDI makes a lot of sense, where you want to secure data, have folks doing coding, but knowing they can’t take code with them. That’s the way it started.

We are a technology company, so some of our policies may be more relaxed than the policies of companies outside our realm.

But then you start to find other use cases for VDI that really start to benefit the rest of the user community. VDI is one of those things that started a while back and now has slowly grown into this BYOD solution.

Gardner: Did you know how much BYOD was going on there? How did you find out and how would it become something you could control?

Fawcett: That’s the question of the hour. I'd love to be able to say that we knew exactly how many people were bringing in what kinds of devices, but the reality is, we are a technology company, so some of our policies may be more relaxed than the policies of companies outside our realm.

For example, in a bank or in the government, you can pretty much lock down an environment, and every employee coming in knows it's going to be locked down because of who they are and who they work for.

Our organization is made up of technologists located around the world. You know some of them are looking for ways around the fences. It’s just built into their nature. It's almost like a competition for them, "Can I figure this out?" Now add in the remote and traveling users and you can see how this expands the challenge as time goes on.

Story of adoption

Gardner: Let’s hear a little bit about the story of adoption. You decided that this Pandora's box was already open, no going back. BYOD is apparently here to stay, and we've had some head start with VDI models and processes. Tell me how this panned out and what were some of the major problems that you found that you needed to solve.

Fawcett: As I mentioned before, for us, it was not about the devices. We tried to turn that around, and it was kind of handy, because the whole consumerization of IT started to come into the industry more and more. So we started to piggyback on that.

Think about it. A device is simply a means of accessing the apps and the data. Our vision instead turned into trying to figure out a way to provide employees with a world-class overall user experience, from beginning to end, encouraging the culture of openness and innovation.

In the end, our goal is to offer our end-users that ability to use a flexible set of tools and toolsets with a familiar interface that allows for secure access anywhere, anytime. We want them to be comfortable with those tools, as this will make them obviously more productive at doing their jobs.

Gardner: Back to that interface issue. There is also this intersection of technology, with HTML5 being prominent. Did you have to make some choices about native support for apps across some of these major platforms and popular devices? Or did you say, "Let’s try to come out with the technological approach that can suit more than going native, try to do write once and deploy anywhere or be consumed anywhere?" How did that kind of pan out?

The good news is that these applications are staying up with the industry and we're serving them up.

Fawcett: We pretty much have a standard set of packaged applications. So it wasn't like we were going to start rewriting any of those applications, or even the front-end. The good news is that these applications are staying up with the industry and we're serving them up, so multiple device types can access the data and still provide that consistent UI to the end-user.

But you still have to go back too and ask what makes sense. What kind of device makes sense, for example, in an AP data entry department? Do you really think you are ever going to see -- and maybe one day, who knows, we will -- but do you ever think you will see a data entry clerk using a tablet to do rapid data entry? Probably not. They're pretty tied to the 10-key. They like the feel of the keyboard itself.

So you kind of sit back. What everyone is beginning to accept is that there are different devices for different types of roles inside an organization. That's pretty much the path that we've continued down as well.

At Quest, we have some wonderful tools that help us understand this environment and help us recognize who is bringing in devices and how they're being used. We're getting a better sense of what's in our environment so that we can start answering these.

Gardner: Let's look at this through the lens of IT. You decided that you're going to support BYOD with the blessing of IT. What does this get for you? Are there some additional benefits other than empowering the end-user or giving them choice? What’s there for you in terms of better support for your centralized operations, applications, data, and then some of those backup and support functions that we all should be doing regularly?

Regular backups

Fawcett: One thing that really helps out IT is the thing you just mentioned, which is making sure that laptops are being backed up on a regular basis. We know today, and I'm sure many of us on this podcast are thinking, "How many of us actually back up our laptops on a regular basis?"

Those who do it are saying, "Well, doesn’t everyone do that?" But you could guess that inside of a large organization, probably the majority are not responsible enough to do it, because it’s just not in the forefront of their minds.

When you talk about VDI and having a desktop in the data center, it's a guaranteed thing, because it's in the data center. Everything in the data center is backed up. That's one real positive -- making sure that the data is secured. Obviously, when it comes to DR, we could quickly recover an environment. So that's a great thing for IT. And I think that, in general, the end-users would love that as well, as they get into this world more often.

Gardner: Looking a little bit to the future, more organizations are adopting software-as-a-service (SaaS) applications for non-core business type applications. We're seeing more interest in cloud, consuming applications from a public cloud environment or the hybrid environment, whether it's public or private. Is there something about your support of applications as centralized to multiple devices that will enable you to exploit SaaS, cloud and hybrid services to a greater extent?

Fawcett: Most definitely. It goes back to the tools that you're using to assess, manage, and govern and then support the end-users. IT has to make sure they have those tools in order to make sure they're supporting the end-users regardless of where their data lives.

It's a given that inside your data center you have virtualized as much as possible.

Certainly, the cloud and the SaaS environments are adding extra buzz in the industry. We're very interested in how to capitalize on that. How do we make sure that we're looking at elastic computing, and where can it benefit us? Everybody is scrambling to understand this new technology trend better and how it can help an IT organization.

But it does go back to the tools that an IT organization has in order to match those three things that we should always be doing, which is assessing what the users and the environment need, managing it, making sure it's secure, and then making sure again that we're able to support those end-users to their fullest and the way they expect to be supported.

Gardner: My thinking just a couple of years ago was that BYOD was going to be the exception, not the rule. You would support some sort of a fringe category or two of your workers with this capability, perhaps those out on the road, more often than not.

But now, as I hear you, it sounds that the direction that most IT is going to go in, hybrid services, delivering and consumption and management, and a more centralized control over data, IP, and management of apps and delivering desktops themselves as services, are all going to be making BYOD, or at least the blocking and tackling that you would need to do anyway, something that comes together in such a way that this might become more the norm than the exception. Do you think that’s what’s happening?

Fawcett: Absolutely. It's like when virtualization was first there. There was a wave of “how much could you virtualize inside your data center?” Fast forward, and now it's a given. It's a given that inside your data center you have virtualized as much as possible, so that you can ensure that your data center is being used the most it can be and the most efficiently.

The way it's going to be

This is the same way this is going to be. Just talk to your kids. Try to find a child walking down the street and isn't texting or who doesn't have a tablet and can probably manage it better than their parents.

I'm not talking about just young children but generations to come. I'm talking about the kids who are coming in now, in their 20s and 30s. it's a given that they want to use whatever device they choose in the corporate world, just like they do at home. It's a right. It's no longer considered a luxury.

From that view, it will be up with the internal IT teams to ensure they have the access to everything they need, with the right security in place to protect them, as well as protect the company. That's why when you think about some of the tools that we've been using here, you really want to make sure you bring in some of those tools, so that you can, in fact, assess, manage and support the end-users to the best of their ability, for not only the end-user, but also for the company.

Gardner: To that point about tools, I assume that you all drink your own champagne.

Fawcett: Absolutely.

Gardner: Was there anything in particular in the Quest Software portfolio that you think gave you an on-ramp, perhaps a better return on investment (ROI), and even overall better control and management, as you move toward this BYOD, support of many panes of glass, centralized IT management direction?

Fawcett: Absolutely. Yes, we are drinking the champagne, and it all goes back to the beginning, where you asked me, how I knew how much BYOD was actually in our environment? That's where we started using one of the first phenomenal tools that we have, which is called MessageStats. This is a great tool that reaches out and helps us track the trending within the organization at a macro and micro level. We know which devices and OS versions are being used, by whom, and at what time.

It provided a critical insight as to which virtual desktop technologies provide the best fit for each user, based on their needs.

In fact, I asked my team just recently, when we first started talking, "Can you pull a list on all the devices that I use, that are registered to me?" So I saw my own list of the devices and I was shocked to see how they actually are tracked, right down to the level of when was the first time I ever connected the device to the network, last successful sync, last policy update, what kind of device was it.

It was so granular, and quite frankly, it was so very Big Brother-like, it kind of scared me. But again, you can't make a solution for what you don't understand. So assessing with MessageStats is the only way to go.

Then once we understood it, we said, "Now that the process is moving, let's figure out what type of device is right for what type of user." And this is where we turned to vWorkspace, which enabled us to determine which of the users and scenarios are best suited for the virtual desktops in the data center.

In addition, it provided a critical insight as to which virtual desktop technologies provide the best fit for each user, based on their needs. So vWorkspace allows us to not only put a desktop in the data center, but it lets us do things like application streaming and publishing. It really enables us to have that broad spectrum of functionality with just that one tool.

Once we were up and running, we stepped into the management and governance aspect of the project. This can probably be one of the most problematic areas, when you think about the pure nature of BYOD. Multiple devices for a given user, each acting very differently, and if not managed, could destroy any governance policy put in place.

Understanding the individual

This is where we truly must raise the issue up from the device to the individual, understanding that role of that person and understanding what security rights, regardless of the device they need to have in place. And this is where Quest’s One Identity Management came into play.

It gave the IT team the ability to rely on one point of control for an individual and all their devices. This is the product we count on to pass the audits, and most importantly, to ensure that our employees have that right level of access needed to get their job done.

The final key point on this is that it takes IT out of the mix and automates that very cumbersome process of provisioning, moving employees amongst departments, and then finally de-provisioning, when that employee leaves.

This is a very powerful product that makes it so that in our environment, once an employee is entered into the HR system, through automation, it automatically provisions them, gives them the rights to applications, sets them up inside of those applications -- all without IT involved in that process. So no more passing help-desk tickets.

One other piece that I wanted to touch on is a product called Webthority that we have been using, not only for our internal users, but also during the M and A process. This is a great product, because it provides a portal for the employees to come into. Once again, it's secured via that same network log-on that they use when they walk in the door in the morning.

This is anywhere, any device. It's simply a portal. They come in, they use their network log on, and bam, they're shown all the applications that they have visibility into and access to. They can go in, without having to log on again, almost like a single sign-on effect, which allows them to access the applications via two-factor authentication as well. It's a great product that helps out in many ways.

Remember, the key to any IT success is through the happiness and satisfaction of the customers.

And then that final aspect of an environment is, of course, the support and monitoring. Remember, the key to any IT success is through the happiness and satisfaction of the customers. We recognize that supporting and monitoring their experience and performance is most important, especially when you talk about VDI, which is what you and I have been talking so much about.

Our job is to ensure that the end-users are getting the same type of performance that they would on a standalone PC or if their desktop was in the data center. Because without that consistently great performance, your end-users will fight giving up their desktops every time.

For this, we turned to monitoring that user experience with Foglight for Virtual Desktops. Being able to quickly determine which users are impacted by performance problems helps us to proactively take action for those users, before the users feel the pain.

Understanding the trends in the virtual environment -- how many people are connecting at any given time, what applications are they using, etc. -- helps us determine when we might need to add additional servers to that server farm, and to meet the load. Or we can even look at a desktop or an end-user and say, "You know what? I don't think these folks should be virtualized at all. Perhaps they should go back to being physical" -- for whatever reason.


Empirical data

You can't correct what you don't know and you need that empirical data to make an educated move. Foglight gives us that data, ensuring we are consistently improving the environment for the end-users. It's a great set of products that touch on all three phases of an environment or a team that's trying to solve this BYOD issue.

Gardner: It really strikes me too that this isn't really about devices, but it's about the data center, the tools, the management, the governance, all of which are probably things that are good IT best practices anyway. It almost sounds as if BYOD is forcing discipline, governance, automation; some of the basics of good, advanced and modern IT. Is that sort of what you are seeing, is BYOD a catalyst to better data-center management?

Fawcett: It can definitely be used that way, because it does all go back to how an individual in a given role gets access to the applications they need to get their job done. It shouldn't matter which device they are using. It's all about which application access they should have to get their job done.

Gardner: Of course when you put in the best practices, when you have the backups and you have the scheduling and the automation, this all will end up being an economic benefit as well, because you won't suffer terrible outages, you won't have issues of discovery for data when you need it and how you need it.

Of course, you can start to look at your total cost for your data center and tweak and manage for energy, facilities, capacity and utilization. It sounds as if not only is BYOD a catalyst for better data center practices, but it could be some significant means of reducing your total cost of operation.

It's all about containing the IT budget through best practices and automation.

Fawcett: Absolutely. We've always looked at containing IT budgets as a means to an end. When you sit back and think about it, the only way to do that is through simplification, standardization and automation.

If you don't have that last piece, that automation piece, and you're simply throwing heads to solve an issue, your IT expenses are going to go through the roof. And you're going to have unhappy customers in the end, because processes are going to be overcomplicated. It's all about containing the IT budget through best practices and automation.

Gardner: Well, great. I'm afraid we are about out of time. You've been listening to a sponsored BriefingsDirect podcast discussion on users’ personal use, ownership and even maintenance of their own computing and mobile devices, and how that's actually making more sense, for more organizations, for more reasons.

We have seen how this has benefits far beyond just the users’ sense of empowerment; we're seeing that there are benefits to IT advancements along the lines of centralized application support, data support, VDI implementations, better DR, data protection and even more.

We've been talking about how BYOD impacts organizations, in particular Quest Software, a Dell company, and we have been learning this from Carol Fawcett, the CIO at Dell Software. Thanks so much.

Fawcett: Thank you.

Gardner: This is Dana Gardner, Principal Analyst at Interarbor Solutions. Thanks also to you, our audience, for joining us. We hope you enjoyed this, and we hope too that you come back next time.

Listen to the podcast. Find it on iTunes. Download the transcript. Sponsor: Quest Software.

Transcript of a BriefingsDirect podcast on how Quest Software, a Dell company, leverages BYOD and VDI interanally to improve user productivity, application support, and security. Copyright Interarbor Solutions, LLC, 2005-2012. All rights reserved.

You may also be interested in:

• New Levels of Automation and Precision Needed to Optimize Backup and Recovery in Virtualized Environments
• Data explosion and big data demand new strategies for data management, backup and recovery, say experts
• Ocean Observatories Initiative: Cloud and Big Data come together to give scientists unprecedented access to essential climate insights
• Case Study: Strategic Approach to Disaster Recovery and Data Lifecycle Management Pays Off for Australia's SAI Global
• Virtualization Simplifies Disaster Recovery for Insurance Broker Myron Steves While Delivering Efficiency and Agility Gains Too

VMware-Powered Cloud Adoption Delivers Bevy of Data and Performance Benefits for Revlon, Says CIO David Giambruno

Transcript of a BriefingsDirect podcast from the VMworld 2012 Conference on how cosmetics giant Revlon has benefited from innovative cloud-based data delivery infrastructure.

Listen to the podcast. Find it on iTunes. Download the transcript. Sponsor: VMware.

Dana Gardner: Hello, and welcome to a special BriefingsDirect podcast series coming to you from the recent 2012 VMworld Conference in San Francisco.

In these conversations we explore the latest in cloud computing and software-defined datacenter infrastructure developments. I'm Dana Gardner, Principal Analyst at Interarbor Solutions and I'll be your host throughout this series of VMware sponsored BriefingsDirect discussions. [Disclosure: VMware is a sponsor of BriefingsDirect podcasts.]

It's been a year since the last VMworld Conference in 2011 when we first spoke to Revlon. We heard then about their world-class private cloud as an early adopter of innovative cloud delivery and we decided to go back and see how things have progressed at Revlon.

We'll learn now, a year on, how Revlon’s global and comprehensive cloud has matured, how the benefits from aggressively embracing the cloud have evolved, and perhaps learn about some unintended positive consequences of their data architecture.

To fill us in, we're joined by David Giambruno, Senior Vice President and CIO of Revlon. Welcome back, David.

David Giambruno: Morning, Dana.

Gardner: Now that you've been doing private cloud as an early adopter and at an advanced state, what it has been doing for you? How has it progressed now that there has been a bit of maturity?

Giambruno: We have a couple of fronts. The biggest, which you alluded to, was the unintended consequences, and we've had a couple of them. When you think of Revlon, we're global and we have a huge application portfolio. As we put everything on our cloud and are using our cloud, we realized that all of our data sits in one place now.

So when you think of big-data management, we've been able to solve the problem by classifying all the unstructured data in Revlon and we did that efficiently. We still joke that it's like chewing glass. You've got to go through this huge process.

But, we have the ability to look at all of our data, a couple of petabytes, in the same place. Because the cloud lets us look at it all, we can bring up all of Revlon in our disaster recovery (DR) test environments and have our developers work with it at no cost. We have disconnected that cost and effort.

Once we realized we had this opportunity to start working on our big data, the other unintended consequences was our master data model. On top of our big data, we were able to able to efficiently and effectively build a global master data model.

Chief directive

At Revlon, one of our chief directives from the executive team is to globalize. So we're collapsing 21 enterprise resource planning (ERP) systems into one. The synergies of having this big-data structure and having this master data model is changing how to deploy a global ERP. Loading that data is now just a few clicks of a button. It's highly automated. We're not ETLing data and facing all the old challenges. We're not copying environments. Everything is available to us and it’s constantly updating.

At Revlon, we replicate all of our cloud activity every 15 minutes. You've seen on VMware, where we had disasters and we were able to recover a country quickly and effectively. That replication process and constantly updating allows us to update all these instances at no cost and with little effort.

You have to build the structure and you have to go through that process, but once it's done, it's now automated and you march that out. It's the ability to quickly and effectively manage all your big data coming in. For us, it's point of sale -- roughly 600 million-plus attributes.

For us to provide information to the business teams, to build good products, to sell good products, is a key differentiator in helping them.

Gardner: Well, it seems that a key aspect of the modern enterprise, the integrated enterprise, is having that data and analysis, having a lifecycle approach from the point of sale, to inventory, to planning, and to supply chain. You say that’s an unintended consequence. Why did you do the data the way you did that’s now led to this best cloud architecture for you?

We live in the information age, and to me, the most important thing is delivering information to the business teams.

Giambruno: We started the cloud architecture, and I always joke it's like having a Ferrari that you can take out for a spin. When we were building it, we didn't realize all the things we can do.

So it's really that je ne sais quoi, the little thing that, as you see it, you realize all these things you can do. You are always planning to do those things for the business, because that’s what we do, but it's how you do them.

I've always said the cloud is what the local area network (LAN) was 15 or 20 years ago. The LAN changed the way people dealt with information and applications, and the cloud is doing the same thing. Actually, it's on a bigger geometry, because it really eliminates geography and provides the ability to move data and information around.

We live in the information age, and to me, the most important thing is delivering information to the business teams. That's what we see as one of the big next evolutions in our cloud -- making information out of all this data and delivering that on whatever device they want to be on, wherever they are, securely and effectively, in a context that they can understand. Not in a way that we can understand, but in a way that they can consume.

Gardner: Understanding a bit about how you did this chronologically, for those that are still in the process of getting there with private cloud, did you focus on the data issues first and then application and workloads? Did you do them simultaneously? Is there some lesson to learn about how you did it in an orderly sense that others could benefit from?

First things first

Giambruno: I live in this simple world of crawl, walk, run. Whenever I say that my team starts cringing, because they think, "Oh, there he goes again." But it was literally fix the infrastructure first and then, from an application and data perspective, the low-hanging fruit, the file servers.

It's this progressive capability of learning how to do things -- low risk to high risk. What you end up doing is figuring out how to effectively do those things, because not only do you manage the technology, but you have to manage the people and the process changes, and all those things that have to happen.

But all ships have to rise at the same time. So it's the ability to run these concurrent streams. From a management perspective, it's how not to get overwhelmed and how to take advantage of the technology, the automation, and the capabilities that come along with that to free up work that you used to do and put it towards making the change.

I'm a big believer in not doing big bang. So it's not like, tomorrow we're going to have a private cloud. Throw the switch. It's the small incremental changes that help organizations adapt. It's a little bit every day. You look back, and at the end of six months or a year, you realize how much we've done.

It's been the same in Revlon. I constantly take my team and sit them down and say, "Look what we've done. You're in the forest. You're in the trees. It's time to look at the forest. Step back and look what you guys have done." Because it's a little bit every day, and you don't realize the magnitude or the mass, when you have a team of people doing something every day and going forward.

From a management perspective, it's how not to get overwhelmed and how to take advantage of the technology.

Gardner: For those of our listeners who may not be that familiar with Revlon, at least your IT operations, give us a sense of the scale -- the number of applications, size of data, just so we better appreciate the task that you've accomplished.

Giambruno: I usually quantify it by our cloud, because those are the simple metrics and we seem to be pretty steady, so the metrics are holding. Our cloud makes about 14,000 transactions a second. Our applications move around Revlon 15,000 times a month with no human intervention. Our change rate of data is between 17 and 30 terabytes a week.

We have roughly, depending on the ups and downs, between 97 and 98 of our total compute on our internal cloud, we have some AS/400s and I think one UNIX box left. But that's really the scale of what we do.

All of our geographies are around the world. We sit in all the continents except for Antarctica. We have a global manufacturing facility in Oxford, North Carolina, that produces 72 percent of everything we sell in the world. We have some other factors around the world. And we are delivering north of six nines uptime.

Gardner: An unintended consequence was a benefit for how data can be accessed and consumed, but a lot of people are hoping for consequences around cost. Is there something going on now a year later vis-à-vis your total cost, or maybe even the cost of data? Maybe you have been able to reduce the footprint of data, even while you have accessed more and more quickly. What's the cost equation?

Cost avoidance and savings

Giambruno: There is a history there, as we talked about. We have given back north of $70 million in cost avoidance and cost savings, and we're continuously figuring out how to use everything. My team is highly technical, so I call it turning screws. We are always turning screws on how to more effectively manage everything.

We're always looking at how to not spend money. It's simple. The more money we don't spend, the more that R&D, marketing, and advertising have to grow our company. That's the key to us.

We leverage capability, so one of the big things this year also was our mobile business intelligence (BI) capability. We've disconnected most of the costs for things in Revlon around IT. We only manage at a top line.

But if someone wants to try a new application, generally by the time the business team gets in a meeting with us, it's no cost. We have servers set up. We have the environment. We have the access control set up for the vendor to come in and set everything up. So that's still ongoing.

We have got this huge mobile BI initiative, which is delivering information to business teams and contacts. That's the new thing where we have disconnected the cost. We're not laying out money for it, and we're just now executing around that.

While data keeps growing, we're still figuring out how to manage things better and better in the background.

For me, the cost equation is more and more around cost avoidance and keeping on extending the capability of that cloud.

Gardner: And it seems as if those costs are more of an operational ongoing nature, predictable, recurring, easy to budget, rather than those big-bang types of cost?

Giambruno: Very, very predictable. For the past three years, we have had the same line items. While data keeps growing, we're still figuring out how to manage things better and better in the background, because  the cloud generates lot of data, which we want it to do. Data, information, and how we use that is the competitive weapon.

This cost avoidance, or cost containment, while extending capability, is the little magical thing that happens, that we do for the business. We're very level in our spend, but we keep delivering more and more and more.

Gardner: Because we are here at VMworld in San Francisco, tell me a little bit about the VMware impact for the cloud. How do you view the VMware suite and portfolio vis-à-vis the impact it has had on your maturation and benefits?

Very advanced

Giambruno: We kind of joke with the VMware team that we have what's called Revlonomolies. Revlonomolies is what one of the guys on the helpdesk called it, because when we're calling, we're very advanced. I want to use technology as a competitive weapon. My team masters it. We own it intellectually.

For us, it's where VMware is going. We're always pushing VMware. "What have you got next? What have you got next?" It's up to us to take capability and extend it. I don't mean to be flip or narcissistic or anything like that, but we've got that piece under control. It's about how do you do it better.

Every time there's an upgrade, what features and functionalities can we then take advantage and translate that into a business use? When I say business use, we tell the business teams, "Here's a new capability. You can do this and keep changing the structure of operating."

The new version of vSphere 5.1 came out, and we're in the process of exposing our internal cloud to our vendors and suppliers. We're eliminating all these virtual private networks (VPNs). It's about how we change and how IT operates, changing the model. For me, that's a competitive advantage, and it's the opportunity to reduce structural cost and take people away from managing firewalls.

We did that. We got that. Now we're going to do this a different way. We're going to expose to our vendors securely the information that they need, that they can interact with as easily and effectively.

Changing the model is really the opportunity, making it easier for the auditors to audit and making it easier for your supply chain.

There's even the idea of taking a portion of our apps and presenting those to our suppliers on their iPads and their iPhones so they can update our data and our systems much more cleanly and effectively. We can get the synergies and effectiveness and have our partners like to work with us and make it easy on them as well. It's always a quid pro quo, "It's Revlon. They're good to deal with. Let’s help them."

It's how you create those partnerships and effectiveness to get business done better. It makes it easier on the business teams, contracts go better, and it's cascading. I call it the spiral up effect, changing the way you operate to spiral up and take advantage of capabilities.

Gardner: Is that something we could classify as another unintended consequence -- a benefit that you have been able to enjoy these efficiencies around cloud internally for your enterprise, but now you are taking it to an extended enterprise benefit?

Giambruno: Absolutely. Look at the security complexity around VPNs and managing that and the audits. That's so much fun. Changing the model is really the opportunity, making it easier for the auditors to audit and making it easier for your supply chain, for all of those people to interact with you in a much more effective manner.

It's about enabling procurement to process their information and work with the vendors, because everything is about change. It's about speed of change. If we get a demand signal that changes and we need to buy more raw materials or whatever for our factories, we have the ability for not only our procurement teams, but our vendors to interact with us easily to make those changes. It ensures that we can deliver the right products, to the right stores, to the right peoples, so at the end the consumers are happy. It's about how do you change the model of delivering that.

Technology enabler

VMware has done that for us, and we keep taking advantage of all the stuff. I joke that I'm like a technology enabler: "What have you got for me? What have you got for me?" So I can give it out to the business and my teams, because it keeps people interested. We can say, "We saw you guys, and it was hard for you. Now, you can do this." And it's done.

"What do you mean it's done?" "It's done. Just use it. It's okay. Let us know what you think, if you want us to change something." But it's always being on the front of the bow, saying, "Here's what we can do. Here's how we can help."

That’s the culture of IT in Revlon. I'm merciless about how we're just here to help. We run the technology and own the technology intellectually, so we can help. That’s my only concern.

VMware has done that for us, and we keep taking advantage of all the stuff.

Gardner: Given that we started our conversation about data and the benefits that the cloud architecture has brought to you, is there anything about the VMware approach? They've been focused on virtualization in their history, moving towards fabric approaches to development and deployment in the cloud model. How about data?

Is there something that you'd like to see now that you're going down that path in the nature of the relationship between a cloud and data services, anything that you would like to see change or shift?

Giambruno: My team thinks that there needs to be a cellular approach to applications. What I mean by that is we have had what we call dribs out there. In the press lately, everybody has been talking about POD data centers. In 2009, we were written up in one of the magazines for our Mini Me data centers, essentially our little PODs, and that’s our cloud capacity that we manage around the world.

But when you think about an application architecture, let's take an ERP instance. We want to take a vertical slice of our warehouse management and push that out from a central location into our warehouses. Right now, that’s really hard. You end up with multiple instances or a single global instance, and then you have to deal with network latency and all those fun things.

Internal cloud

But in the future, in my internal cloud, I should be able to take a vertical instance of functionality and push that. To me, that's next. If the vendors can figure out how to do that and have my internal cloud manage those transactions back, but push the pieces of functionality wherever it needs to be, so it sits in those Mini Me data centers and let it be close to people, so I don’t have to deal with latency and then manage those transactions back, that's the next big evolution.

The one other one is mobile computing. What I mean by mobile computing is viewing applications, so data never leaves my data center.

I know a device. I know the person. When they hit the edge of my network, essentially hit my data center, we know their device. We know who they are, and they only get access to information they are supposed to have and they only view it.

I could encrypt my entire data center, and at a hypervisor level, encrypt everything, because if you encrypt the VBK file, the job is done. The compliance and security impact is huge. No more data leakage, audits become easier, all of those things.

We need to slice applications up, move them out, and then view the applications.

Again, it's a completely different way to operate and think about things, but we need to slice applications up, move them out, and then view the applications. That’s a whole new geometry of operating IT in a much more efficient manner.

Gardner: I'm afraid we'll have to leave it there. We've been talking about Revlon’s global and comprehensive cloud and how it has matured, and about the benefits, both intended and unintended, from aggressively embracing the cloud model.

I'd like to thank our guest. We've been here with David Giambruno, Senior Vice President and CIO at Revlon. Thanks so much, David.

Giambruno: Have a nice day.

Gardner: And thanks to our audience for joining this special podcast coming to you from the 2012 VMworld Conference in San Francisco.

I'm Dana Gardner, Principal Analyst at Interarbor Solutions, your host throughout this series of podcast discussions. Thank again for listening, and come back next time.

Listen to the podcast. Find it on iTunes. Download the transcript. Sponsor: VMware.

Transcript of a BriefingsDirect podcast from the VMworld 2012 Conference on how cosmetics giant Revlon has benefited from innovative cloud-based data delivery infrastructure. Copyright Interarbor Solutions, LLC, 2005-2012. All rights reserved.

You may also be interested in:

• Services Provider BancVue Leverages VMware Server Virtualization to Generate Private-Cloud Benefits and Increased Business Agility
• Roundtable: Revlon and SAP executives describe accretive benefits from aggressive cloud adoption
• From VMworld, cosmetics giant Revlon harnesses the power of private cloud to produce impressive savings and cost avoidance
• VMware CTO Steve Herrod on How the Software-Defined Datacenter Benefits Enterprises
• Case Study: Strategic Approach to Disaster Recovery and Data Lifecycle Management Pays Off for Australia's SAI Global
• Virtualization Simplifies Disaster Recovery for Insurance Broker Myron Steves While Delivering Efficiency and Agility Gains Too