The Mule iON integration platform as a service (iPaaS) connects across cloud-based applications and also connects SaaS to on-premise applications. MuleSoft’s Anypoint technology for on-demand API connectivity eliminates the need for copious custom point-to-point code, said MuleSoft. [Disclosure: MuleSoft is a sponsor of BriefingsDirect podcasts.]

In recent commentary, Ross Mason, founder and CTO of Mulesoft, said, “The world today is moving at lightning speed to SaaS and cloud applications, and the idea of gaining competitive advantage through legacy enterprise applications is no longer relevant.”

I agree. Key differentiators less involve building applications now than in the effective composition of services. Cloud and SaaS providers need to give their clients better means to leverage APIs and craft business processes across both enterprise and multiple Saas provider boundaries. This rationalization of cloud services stew is the new integration nut to crack.

The problem is, what type of platform and organizations can fulfill the role of cloud services orchestration hub? The role may not fit well for any one SaaS provider, nor any single or cadre of enterprises. For the time being, a best of breed platform and supporting ecosystem must evolve, and then the market will decide on who or what will be the acceptable hub mechanisms.

And the market for cloud integration technologies is clearly heating up. Also this week, FuseSource unveilved at CamelOne in Boston the Fuse ESB Enterprise 7.0 and Fuse MQ Enterprise 7.0 products to general availability. These platforms enable “Integration Everywhere,” says FuseSource, with modular, open source products based on Apache Software Foundation projects. [Disclosure: FuseSource is a sponsor of BriefingsDirect podcasts.]

QuickStart Plan

Integration platform provider MuleSoft also unveiled on Monday a new QuickStart Plan for fast growth SaaS vendors and systems integrators (SIs) that enables them to build their own revenue-generating integration apps on the Mule iON cloud platform in just a few days. Pricing for Mule iON SaaS Edition is based on a per month, volume of use basis, not based on connectivity, encouraging more connections over time.

On other integration news, SAP today said it plans to offer its own cloud-based integration technology, and also plans to enable its ecosystem of partners, including solutions from Mulesoft.

New features available with Mule iON SaaS Edition, which is available now, include:

• Graphical data mapping and transformation capabilities enable SaaS vendors and SIs to build and deploy integration apps without writing custom code by using the Mule Studio drag-and-drop interface.

  The dark side of SaaS and Cloud is that while they are relatively easy to procure and deploy, it is difficult to integrate them with existing enterprise applications and other SaaS offerings.

• Cloud Connector ToolKit creates new cloud connectors in Mule Studio for any public or private Web API.
• Customer self-service portals allow customers to independently manage integrations, minimizing dependency on developers and reducing support calls.
• SaaS Operations Center provides complete visibility into end user environments with a multi-tenant portal to monitor, manage and maintain integration apps, including:
  • Operational dashboards: deliver better customer support with live integration status and performance metrics.
  • Real-time notifications: meet availability requirements and improve service level agreements (SLAs) with immediate notifications for events or performance issues as they occur.
  • Proactive alerts: reduce support calls by proactively monitoring and addressing issues before they impact customers.

In addition, Mule iON SaaS Edition introduces a gallery of over 20 packaged integration apps and more than 100 Cloud Connectors for the most common integration use cases.

Opportunities for everyone

Ovum’s Carter Lusher sees opportunities for everyone involved:

The dark side of SaaS and Cloud is that while they are relatively easy to procure and deploy, it is difficult to integrate them with existing enterprise applications and other SaaS offerings. What makes integration even more challenging is the proliferation of SaaS deployed within an organisation as line-of-business managers procure point solutions to their specific needs that really should be integrated with other systems in order to maximize value and manageability.

This becomes a challenge for IT and the vendors who are faced with a plethora of public and private APIs that require brute force to integrate. Integration is expensive, with estimates of $8 of integration work for every $1 of SaaS subscription or software license.

For systems integrators, Mule iON SaaS Edition offers the ability to create reusable connectors for a variety of horizontal and industry-specific applications and SaaS.

For SaaS and traditional enterprise applications, MuleSoft’s Mule iON SaaS Edition offers the ability to create pre-packaged integration modules that will give them a compelling story during the sales cycle without dramatically increasing costs or long-term maintenance. For example, HR talent management SaaS vendor PeopleMatter used Mule iON to create a new hire onboard module that connects with ADP payroll processing through ADP’s private APIs.

For systems integrators, Mule iON SaaS Edition offers the ability to create reusable connectors for a variety of horizontal and industry-specific applications and SaaS. This not only reduces the cost of integrations, which can be a competitive advantage in a sales cycle, but also gives the SI the opportunity to sell more value-added consulting as the focus of sales discussion moves away from brute force integration to maximizing the business value of enterprise applications or SaaS.

In other news, MuleSoft announced a record quarter in Q1 2012, achieving a 109 percent increase in bookings year over year, the privately held San Francisco company said. This was driven by new customer wins among major companies and key SaaS vendor partnerships added in Q1 include Avalara and Zuora. Additionally, the company reported a strong customer renewal rate of 95 percent.

• Top 10 pitfalls of P2P integration to avoid in the cloud
• MuleSoft takes full-service integration to the cloud with ION iPaaS ESB platform
• Don’t use an ESB unless you absolutely, positively needs one, Mule CTO warns
• MuleSoft announces availability of enterprise-class ESB management console
• Cloud and SaaS force a rethinking of integration and middleware as services for services

The latest BriefingsDirect enterprise IT trends discussion surfaces some fascinating new findings from a recent survey on chief information officer (CIO)-level priorities. We uncover what distinguishes leaders from laggards among businesses, and identify which IT approaches and solutions are driving the most powerful business results these days.

To help dig into the HP-sponsored, blind survey, explain what it means, and learn how these results can lead to establishing winning new IT strategies we’re joined by Joel Dobbs, President and CEO of Compass Talent Management Group. He’s also an Executive in Residence at the School of Business at the University of Alabama at Birmingham (UAB), and a lead blogger and member of the Enterprise CIO Forum. What’s more, Joel is a retired CIO himself, coming from such organizations as GlaxoWellcome, Schering-Plough, and Eisai.

We’re also joined by Daniel Dorr, a Worldwide Solutions Manager for HP Enterprise Marketing. The discussion is moderated by Dana Gardner, Principal Analyst at Interarbor Solutions. [Disclosure: HP is a sponsor of BriefingsDirect podcasts].

Here are some excerpts:

Gardner: What was the idea behind doing this survey at this time?

Dorr: Dana, a lot of companies talk about how important technology is, and we all represent our technology as the right answer to the problem. But if our job is to help our CIO clients better use technology to solve business results — and if our job is to help our CIOs work more effectively with their executive committees and CEOs — the best way for us to help them is to determine which technologies actually change or correlate with in-market results.

In other words, if we look at revenue leaders in-market, which technology seems to be most closely associated with those who lead in-market performance? It’s not technology for technology’s sake, or because it’s exciting or new — but technology that actually seems to represent business results.

So our goal here was to help our clients do a better job of assessing which technologies lead to in-market business results and which technologies might not.

We wanted to understand the difference between market leaders, from a revenue perspective, and market laggards or followers, and see what their IT environments looked like. We surveyed 688 organizations. We spoke to IT decision makers, so we would call that “CIO minus one.” We didn’t speak to the CIO directly. We spoke to the people that reported to him or her.

Everyone that we spoke to had to have significant knowledge about applications, information, data center operation, security, and cloud. The survey was conducted over nine different geographies: the US, Brazil, Mexico, UK, Germany, France, Japan, China, Australia, and covered a number of different industry groups.

This was not a public survey. In other words, the people responding didn’t know the survey was coming from HP. It was a blind survey. We asked over 55 different questions around areas of application, security, information, cloud, etc. to understand which attributes were most strongly correlated with in-market or revenue performance, and those that weren’t.

The questions we were trying to answer were what do market leaders do versus followers? How do industry leaders differ from followers? Is there a difference depending on the region or the market or the industry? And where do IT decision makers focus on a day-to-day level, versus the more CIO strategic forward two-year thinking level?

The results came into us in December 2011. So this is pretty accurate and up-to-date data.

Gardner: How about some of the top findings?

In search of priorities

Dorr: We asked more than 50 questions to understand from organizations where their priorities were and what they were doing today and then we compared that to their in-market performance. And I would say the answers fell into three buckets: They were around infrastructure issues, information and information management, and people and processes.

On the infrastructure side of the equation, we asked a number of questions, but the ones that rose to the top in terms of driving in-market or correlation between revenue performance were probably three or four. A lot of it had to do with application modernization and security, when it came to the infrastructure side of the equation.

For example, market leaders tended to have fewer custom applications and fewer legacy applications. They tended to use their server capacity more efficiently than their peers. Those were some of the big ones around the infrastructure side of equation.

With security, the market leaders tended to build security, not only into the boundary, but also into the applications themselves, versus the market followers who tended to focus on an us-versus-them mentality, or just boundary security.

… Companies that manage risk more effectively and more automated definitely outperformed their peers. As a technology company, we’re always looking at the infrastructure. We’re always talking about how infrastructure can lead to competitive advantage, and we saw that. But a lot of times we forget the people and process side of the equation.

Companies that manage risk more effectively and more automated definitely outperformed their peers.

One of the other areas that jumped out at me was the need for clarity and agreement of key performance indicators (KPIs). Market-leading companies who outperform in revenue over their peers had more clarity within IT about which KPIs were important and had agreement on those KPIs. Everyone is marching and working toward the same goals. That had a huge impact on me as well.

It’s not just about infrastructure. It’s not just about managing risk. It’s also the people/process side of the equation that is critical in market-leading companies.

Gardner: Joel, when you hear that those who are doing well seem to have fewer custom apps, fewer legacy apps, higher utilization rates on their servers, what does that tell you about these types of organizations?

Dobbs: It tells me a couple of things. We’ll start with the second one, server utilization. What I think you’re seeing there is the affected people who have really done a good job with virtualization. You’re not having is a lot of equipment sitting around idle or used at under-capacity. So I suspect virtualization probably plays into that difference significantly for a number of people.

Custom and legacy applications was something I hadn’t really thought about until I read this material. I suspect that what you’re seeing is probably a result of modernization of the applications that I call commodity applications, things like human resources, some of the financial applications, a lot of things that are generic across businesses. You’re probably seeing some of the leaders move to more software-as-a-service (SaaS)-type applications in order to free up their staff to work on things that are much more strategic to their business.

Unique value

So the things that they’re working on are probably things that are adding unique value to their business, and they’re not spending a lot of cycles doing things with generic applications that they can buy and let somebody else manage.

If you’re just doing security on the boundaries, that’s a cheap way to do security, if you think about it. You put a firewall in place, you configure the thing, and you do the boundary security stuff. But when you’re building another layer of security into your applications, that tells me that there’s a lot more focus on the realization of the value of what’s in there, in terms of the data and the way that it’s used.

There’s very much an intentional focus on protecting not only the perimeter of the institution, but making sure that there’s added security and protection within the perimeter. I would expect that folks who are really serious about understanding the value of the information within those systems, and [understanding] the risk to their corporate reputation, should those be compromised, are being very intentional about mitigating those risks.

Gardner: So it’s a strategic, comprehensive approach to security across the assets — including the applications.

Daniel, before we move on, a question on the infrastructure. When I saw this, I said that sounds like services orientation (SOA) — modernized apps, fewer monolithic stacks, higher utilization vis-à-vis virtualization. Was there anything else that would back up my hunch that services orientation or SOA was also prominent in the way they are doing infrastructure?

Virtualization, in and of itself, did not rise to the surface of market leaders versus followers.

Dorr: You’re absolutely right, but the key component here is actually using it for the right purposes. Virtualization was one of the questions, but you’ll notice virtualization, in and of itself, did not rise to the surface of market leaders versus followers.

It wasn’t just that you’re moving to a service-oriented view, but you’re actually implementing it in a way that means something to the business. You’re actually seeing a change in capacity usage. You’re actually seeing a change in custom and legacy applications.

Again, not following that shiny object, but it’s implementing it in a way that’s strategic to the business, is what we are seeing here that leads to success. It’s not just virtualization, but it’s using virtualization to its full capacity.

Dobbs: I agree completely.

Gardner: So we have talked a little bit about infrastructure. What were some of the other major areas, Daniel?

Dorr: The second big area was around information. There was a huge difference around the area of audit and compliance. For example, we saw that more than half of the market leaders had automated their audit and compliance, about 52 percent. Market followers tended to be much less. Around 39 percent had automated their audit and compliance.

Information strategy

There was an information strategy in place in both market leaders and market followers. However, market leaders tended to have automated their information-management strategy, versus followers, who just had it documented.

Also, we see a big difference in the use of business intelligence (BI) to automate decision making. About 18 percent of market leaders are automating their decision making using BI tools, while only 7 percent, so less than half of them, less than half of them as leaders, are doing that.

Now, there is still a huge amount of room for growth on both leaders and followers there, but to see only 18 percent rise to the surface already tells you the importance of automating BI decision making as a clear difference for market leadership.

Gardner: Let’s go back to Joel on those two items. This gets to a point that I’m really interested in, a movement in business nowadays to much more of a data-driven and analysis-driven decision process. Perhaps the older way might be summed up by the highest paid person’s opinion (HPPO) being the way that ultimately decisions were made.

But Joel, how do you react to some of these findings around information management and BI?

Dobbs: There are a couple of things here. One is that there’s been an interesting evolution over the last 20 years in this field. We started out in IT automating various business processes. The focus was on making those processes faster or more efficient or something of that sort. As a result of that, we were generating information that had valuable use, but really wasn’t being used that much.

What you’re seeing with the leaders is that they not only understand it, but they’re doing it.

It was during the reengineering revolution in the early ’90s that people began to look at that. Along with the uptake of Six Sigma and Lean Sigma, people began looking at harvesting that data that was collected almost as a byproduct of automation and using it for continuous improvement and various other things.

This whole field has matured. Take the example of just the retail industry and all the information that’s collected as a result of point-of-sale processing and things like that. What we’ve learned is that that’s a rich trove of information that can be mined and used for all kind of things.

What you’re seeing with the leaders is that they not only understand it, but they’re doing it. That’s a big differentiator between those who understand it and have the insight and the capabilities to take this information and look at it in different ways. I suspect some of the automating of business, the BI automation, as we were talking about, is really a way of going back and using technology to create options for decision making, based on automated looks at data.

Let’s talk about the automation of, I think the term you used, Daniel, was the automation of their information strategy, versus documentation. What that tells me is one group is doing it and the other group is just writing it down, and that’s a big difference. It’s like the difference between what most people do with strategy. Most people develop a strategy and there comes nice a book that sits on a shelf somewhere, and very little gets done about it.

The ones who are really leaders are the people who develop a strategy and then part of that strategy is a strategy to implement the strategy. That’s what this automation that you saw among the leaders really reflects — not just talking about it, but actually doing it.

Single view

Dorr: I agree completely with Joel’s points. If you think about it, there were seven key attributes that rose to the surface for market leaders, revenue leaders, and revenue followers.

Three of those were around information. Automating your audit and compliance, having an automated information strategy. In other words, as Joel said, doing it, versus just writing it down, and really using BI for decision making. Three out of seven are around information. So clearly this is a key theme for in-market performance.

One of the things we do at HP is workshops for CIOs to help align business and IT and identify the impact that IT can have on the business. This comes up every single workshop we do.

I don’t think we can understate the importance of helping the business see what’s happening and understand what’s happening through automating audit and compliance.

We did it with a retailer recently. It took them days to process in-store information, in order to know what SKUs were selling and how well marketing programs were doing. By the time they had that information, it was too late for them to do anything.

They couldn’t change the SKUs on shelf. They couldn’t update, migrate, manage, or move the marketing program into new regions or what have you. As a result, their performance in-market clearly showed the difference. They were at a 20 percent disadvantage to the revenue leader in their category.

So I don’t think we can understate the importance of helping the business see what’s happening and understand what’s happening through automating audit and compliance, through actually implementing the information management strategy and trying to automate as much as possible decision making using BI.

Dobbs: I would add one thing. Daniel pointed out that there is increasingly a competitive advantage. The competitive advantage becomes not just doing it, but doing it faster than your competitors and being able to understand the meaning and the application of the data ahead of your competitor.

The retail example is a great one, where you’re lagging days behind in your ability to harvest and use the information. Increasingly, the competitive advantage becomes being able to make adjustments and move much more quickly, whether it’s deciding where to place inventory or how much inventory you need to keep on hand, and all those kind of things. Time is money, and being able to move quickly can be a huge advantage.

What about cloud?

Gardner: We haven’t talked too much about cloud computing, and this did come up as one item that distinguishes leaders over laggards. Perhaps we could address that. Daniel, what is it about cloud that popped out in this survey?

Dorr: The focus of the survey was what capabilities clients have today and how that correlates to their revenue performance. We didn’t see a lot of cloud attributes rising to the service in people’s current capabilities. We did, however, see it rising to the surface in the focus area, where we asked IT decision makers, the CIO minus one, what was important to them. We did see a pretty significant difference between what market leaders, revenue leaders, thought was important about cloud versus market followers.

In fact, almost half of revenue leaders see cloud as incredibly important to them versus their peers, almost half of that number in the market followers. So, we’re seeing a lot more priority focus on cloud computing going forward.

We didn’t see it driving current revenue performance, which makes sense. Cloud is somewhat of a new technology. We haven’t seen it fully deployed in many cases in driving today’s revenue.

Gardner: For the benefit of our listeners and readers, Daniel, maybe we could just go through the list at a prioritized basis, with descending priority, on what distinguished the leaders over the laggards. I think the top one is security as we mentioned, but let’s just go through it on a list basis, so they can get a sense of the importance.

Cloud is somewhat of a new technology. We haven’t seen it fully deployed in many cases in driving today’s revenue.

Dorr: Sure. Of the 50 attributes that we asked our CIO minus one IT decision makers and directors, what was happening within their IT environment, seven of those attributes rose to the surface, and they fell into three buckets, as we talked about briefly before. One was around the infrastructure side of the equation or the core computing environment, one was around information, and then the final one was around people and processes.

… With the survey, once we identified which specific attributes differentiated market leaders and market laggards or market followers from a revenue perspective, we then put it on a maturity score and we would score them based on those key attributes. You can see a clear difference between those with obviously a higher score, a higher maturity in their IT environment, around those key specific areas and their in-market performance.

Specific areas

So from the infrastructure side, it was custom applications and legacy applications. Leaders had fewer custom applications — 38 percent versus the followers at 45 percent.

Leaders had fewer legacy applications — 25 percent versus followers at 32 percent.

Leaders used their server capacity more efficiently. They used about 80 percent of their server capacity at peak usage, versus followers using only 71 percent.

Leaders had security built into the applications as well as at the boundary, versus only a boundary-level security, inside/outside view of the world.

In the information area, leaders automated audit and compliance at an average of about 52 percent versus followers at 39 percent.

Leaders had automated their information strategy, versus followers only documenting their information strategy.

Leaders tended to use more BI and automated decision making versus followers. So 18 percent of leaders had automated business decision making using BI, versus followers at only 7 percent.

Then there is the people and processes side — and this is an area where CIOs can actually start working on right now without spending a cent — which was clarity and agreement of KPIs. We saw a big difference in market leaders. There was a high degree of clarity within their organizations about what the KPIs were and agreement on those KPIs, versus only a moderate level of agreement within market followers.

That’s an area where CIOs can take action today. They don’t even have to talk to a vendor or an analyst at all. They can walk right into the CEO’s office and start working on that problem today.

Gardner: Let’s move to a separate lens to view this through. One of the things you asked was a series of questions that led to some conclusions about what distinguishes those who do best, and what leaders were focused more on. You broke it out into five different areas and you got some indicators of why it’s important, leaders versus laggards. Perhaps you could run through those as well.

Leaders had security built into the applications as well as at the boundary, versus only a boundary-level security, inside/outside view of the world.

Dorr: At the end of the survey, we asked them areas of importance, and we gave them security, information and insight, infrastructure convergence, application transformation, and cloud computing. We asked them to rank which were the most important to them. And we asked them to rank their current capabilities.

This was different from the attributes. For example, most of our IT decision makers ranked security, defined as keeping the lights on, as the number one priority. When they ranked their current capability, again, they ranked their current capabilities quite high, doing that well today. Although leaders tended to feel they were doing a better job of keeping the lights on, versus revenue followers.

Number two on the list was information and insight, in terms of driving what is important today from an IT organization. Again, the average of how important it is was not significantly different between leaders and followers. What was significantly different was how well they rated themselves.

We saw this in the individual attributes, but also when they ranked it at the end as well. Leaders tended to outperform, or believe they were doing a better job managing information and insight, than their followers by almost twice as much.

No huge difference

There were no huge differences on converged infrastructure or applications between leaders and followers, but the area where we saw a big difference was in cloud computing. Leaders ranked it much higher in importance and believed their current capabilities are much higher than their industry peers.

Gardner: So we’ve got some interesting takeaways here about the role of modernizing, gaining visibility, measuring along the way, being comprehensive in how IT approaches these problems, being responsive to the business on the business terms rather than the technology terms, with an emphasis on culture as well and the people and the process.

Daniel, for those folks who are intrigued and would like to get some of these statistics and findings themselves, do you have a place they can go to learn more to either perhaps see a slide deck, a white paper? What’s available for them?

Dorr: A couple of places. First of all, you can join us at the HP Discover 2012 event in Las Vegas in June. We’ll be presenting these results there and sharing it with attendees there. In addition, they will be posted on hp.com.

Gardner: Great. Joel, what takeaways do you have from this in terms of whether people should readjust their thinking or perhaps take a pause and ask what they can be doing different when they sort of tease out some of the findings here?

Impact of investments

Dobbs: There was an interesting study published by MIT just a month or so ago that looked at a number of companies. What they found is that some of these companies that were investing heavily in IT, the IT investments actually had a greater impact on profitability than the same amount of money invested in research and development or in advertising. That’s a shocking finding.

I think what happens, when you delve underneath these companies who get such great returns on IT, you find two or three different things that are embodied in what we saw in some of the leaders here.

One of them is really good governance around decision making. The second thing is probably ownership of IT by the entire executive team. And I think the third thing is that they’re probably measuring their return using business metrics on the investments that they make.

That’s what differentiates the leaders from the laggards — they’re approaching IT holistically as a core part of their business strategy, instead of seeing it as a support function or a back-office function.

That’s what differentiates the leaders from the laggards — they’re approaching IT holistically as a core part of their business strategy.

And things like this study that we’ve just been talking about today, as well as the MIT study, help add credence to the idea that money is well invested in IT, and I emphasize well-invested. It can have a tremendous payback, but only if you use it wisely.

Gardner: And that sort of runs counter to the perception of IT as a cost center, rather than as an enabler for growth and opportunity.

Dobbs: Precisely.

Gardner: Okay. Daniel, last word to you, are there takeaways or areas that we may not have covered that you think we should also uncover here?

Dorr: Joel said it very eloquently. There is a large body of research. Now, we have HP’s own research. We have the MIT study, showing that there is a clear correlation between technology and in-market revenue results. As CIOs, we should feel confident to walk into the CEO’s office and talk to them about the strategic benefits that we can offer the organization.

The two biggest areas that we should be having conversations with our business counterparts today are clearly around information and KPIs. If we have agreement on those, we’ve covered more than half of the key attributes that we see between market leaders and market followers.

So there’s a lot of opportunity for us in IT to start playing an even bigger leadership role in helping our companies innovate and drive in-market results. I look forward to seeing what the results look like two years from now, once we see cloud and other things deployed and driving even bigger benefits.

Listen to the podcast. Find it on iTunes/iPod. Read a full transcript or download a copy. Sponsor: HP.

You may also be interested in:

• HP Discover 2012 conference promises insights, information and user networking as businesses face a crossroads in IT delivery
• Expert Chat with HP on How Better Understanding Security Makes it an Enabler, Rather than Inhibitor, of Cloud Adoption
• Expert Chat with HP on How IT Can Enable Cloud While Maintaining Control and Governance
• Expert Chat on How HP Ecosystem Provides Holistic Support for VMware Virtualized IT Environments
• Continuous Improvement and Flexibility Are Keys to Successful Data Center Transformation, Say HP Experts
• HP’s Liz Roche on Why Enterprise Technology Strategy Must Move Beyond the ‘Professional’ and ‘Consumer’ Split
• Well-Planned Data Center Transformation Effort Delivers IT Efficiency Paybacks, Green IT Boost for Valero Energy

The latest BriefingsDirect podcast previews the upcoming HP Discover 2012 conference and explores why this June event in Las Vegas is both an exclamation point on the current enterprise IT climate of change, as well as a neon signpost for HP’s strategy and direction.

Look at why IT is at a crossroads, and how the very nature of IT is being redefined as a result of such large and global trends as the accelerating speed of business, cloud computing, security needs, mobile, energy-conservation demands, and especially the new role of IT as a service.

Such trends are pushing those tasked with supporting their businesses, as never before, to meet and collaborate with their peers and colleagues, and really re-evaluate how IT and business come together.

HP Discover 2012 provides an unparalleled opportunity for HP users to absorb the insights of the HP ecosystem and to learn more about their fields and technologies from their peers and associates. [Disclosure: HP is a sponsor of BriefingsDirect podcasts.]

The event marks an important time for HP, as it solidifies its responses to these trends, provides new levels of education and more insight into its new product services, vision, and leadership.

To help better understand HP Discover and its benefits noted blogger, author, and a longtime observer of all things HP Nina Buik, Chief Marketing Officer at Connect Worldwide, is interviewed by Dana Gardner, Principal Analyst at Interarbor Solutions. Connect is the largest user community of HP Business Technology customers, with more than 55,000 members worldwide.

Here are some excerpts from their chat:

Buik: I think we’re at a crossroads right now, going into a new era of computing with cloud computing, bring your own device (BYOD), the challenges with security, and a laser focus on gaining better business outcomes through technology. This is why it’s so important this year to come to events like HP Discover to get answers.

You’ve got fewer and fewer people supporting IT. IT has become very sophisticated, requiring fewer hands to touch the system. Therefore folks need to get out and hear messaging from their partners, HP, and HP’s partners to see how they can achieve these goals.

Gardner: Those who are managing and implementing IT are being asked to be both specialists and generalists. You need to be very deep technically, but you also need to understand the business implications.

Folks who were in more of a management or a systems management role are being asked to be strategic as well.

Buik: You’re absolutely right. You bring up an important point, because I think that the trend also is that folks who were in more of a management or a systems management role are being asked to be strategic as well.

They’re having to expand their knowledge of systems, instead of just focusing on the network and the integration of how storage fits into this … [but] how do we achieve these goals by integrating all of these aspects?

Gardner: HP Discover at the Venetian Hotel and Sands Convention Center is in Las Vegas the week of June 4 and goes for 4-5 days. For those folks who might not be familiar, Discover is really the culmination and the integration of a number of other conferences. Isn’t that right, Nina?

Buik: Yes, Software Universe merged with HP Technology Forum & Expo to become HP Discover. That was really an important addition to this event, because you really can’t have one without the other. They need to be together, and it’s very exciting to see the results of that. Last year was incredible with 10,000 people together, and really, it helps the attendees get the most out of their investments.

Gardner: One of the things about HP is that there are really just a very few organizations that can be brought to bear at that strategic level.

There are so many opportunities where you can sit down side by side with engineers and get questions answered.

Buik: You hit on something key. Partnerships and alliances are so critical right now. A lot of companies in the small-to-medium size business (SMB) space typically don’t have that opportunity to sit down with a company like HP to discuss all of these concerns and how to tie them all in together. At HP Discover they can do that.

There are so many opportunities where you can sit down side by side with engineers and get questions answered. So you have that expertise at your fingertips. You’re able to bring that back to your organization, make those plans, and achieve the goals that you’re looking for.

But in terms of partnership, relationships are built on trust. When you have that trust relationship, there’s accountability on both sides to communicate well, to focus on the goals, and look at HP as a trusted partner.

Gardner: Tell me a little bit about the history of Connect and why this is such a big deal for you too?

Buik: I’ve been involved with the HP user communities going back almost 20 years, as a former member of the community and a member of the board of directors. The communities decided to come together in 2008. You had the NonStop community, the traditional HP-Interex community, as well as Encompass come together to form one large HP enterprise user community, and we became Connect.

The things that we’ve accomplished together and the way that we focus on help the users become successful with the technologies they use. Our goal is to help a member get the most out of their business technology investments. We do that through providing opportunities to influence HP and HP’s partners, or advocacy, and education and awareness. We’re making the members aware of not only what’s going on within HP, but educating them on products and solutions that HP has available for them.

Most importantly, we provide opportunities for like-minded users to get together and share best practices. They can learn from each other, and it’s magical when it comes together. It truly is. So we look forward to having a record number of members attend HP Discover this year.

They bring these two together and they’re able to make some strategic decisions that they can bring back to their organizations.

We’re introducing new special-interest group meetings at HP Discover this year. We’re launching a cloud special interest group (SIG). We have a Superdome SIG and a variety of other SIGs. But aside from community, I think this is the right time.

We’re at crossroads in technology, and people within the community know that, at community events, they’re going to be able to discuss with other folks how they’re using a particular technology. For example, if they’re interested in cloud computing, what’s a better place to come together to learn how other companies are using these technologies as well as understand what HP is offering? So they bring these two together and they’re able to make some strategic decisions that they can bring back to their organizations.

Gardner: I should point out as full disclosure that I’m a blogger on the Connect site and really appreciate the opportunity to participate. Have you’ve been doing any polling recently? What have you been able to tell us about what the zeitgeist, the mentality, is among your users?

Peer networking

Buik: Just before the registration for Discover launched, we wanted to understand why our members wanted to attend Discover. The number one reason was peer networking, followed closely by education.

That ties right back into what we were just talking about, being able to talk to other members and just other attendees about their experiences working with HP and using various HP technologies. What is the saying, “Self praise is no recommendation?” You really learn more from others.

Then again, tie that right into speaking with the HP engineers and other professionals about what HP has to offer, and between the two, you can make great decisions. In terms of education, there are over 700 sessions in the session catalog. There’s everything from cloud to security. There is just so much being offered.

Another interesting poll that we did on the top technology trends for 2012, a lot of folks are looking at platform migration, the Oracle announcement. So we know there are members who are looking at platform migration, and that could be a huge endeavor, depending on the company size, the size of the systems, or the number of systems involved.

So what better place to go to, to learn from others who perhaps have experienced that, than at an event like HP Discover?

There are members who are looking at platform migration, and that could be a huge endeavor, depending on the company size, the size of the systems, or the number of systems involved.

Gardner: Certification is also a big deal now. Getting back to that issue about career and how to position yourself at these crossroads for your personal future, isn’t there sort of a big opportunity around certification here at these events?

Buik: The ExpertONE community is offering five free certifications with your registration. Each one of those certifications cost anywhere between $150 and $200. So that’s a huge deal. But more than that, through the years, the importance and significance of certifications has changed.

Now, more than ever, IT professionals are looking at certification as a means to separate themselves from the competition for particular job opportunities, or even within an organization, to show that they can kind of move up within an organization.

Flooded market

There are just so many people now looking for work. It’s a very flooded market. I recently spoke with the CIO who said, I post one opportunity and my human resource manager brings me 1,500 résumés. The only way I can differentiate, to weed out the first round, is through certification. So it’s really important.

Gardner: Discover, of course, provides an unprecedented opportunity for HP itself. They have the opportunity of getting 10,000 people under “one tent.” They have their main stage presentations. It’s really the premiere coming-out party for HP, when it has new vision, when it has strategies that it wants to solidify, and when it comes to introducing and affirming leadership.

We’re going to hear from Meg Whitman, HP’s President and CEO. I think it’s her first big appearance in North America. She did, of course, present in Vienna at the fall Discover. Is this a big deal for Meg, in particular, do you think, Nina?

Buik: I think so. I did hear her speak in Vienna, as her first opportunity to address HP customers. She did absolutely what she should do, as explained in her vision for the company. Now it’s time to turn the corner and talk about technology, where we’re going with technology, and how HP has committed to supporting the customer through these changes.

There are just so many people now looking for work. It’s a very flooded market

This is even more important than that first opportunity to say, “Here’s who I am. Here’s a little bit about me.” She has established herself, and now it’s time to focus on the technology and on how HP is committed and dedicated to helping HP business technology customers achieve success in this new environment.

Gardner: And she is going to be joined on stage by such HP leaders as Dave Donatelli, the Executive Vice President and General Manager of the Enterprise Group; Todd Bradley, the Executive Vice President of Printing and Personal Systems Group; Bill Veghte, the Chief Strategy Officer and Executive Vice President of HP Software; Mike Lynch, the Executive Vice President for Information Management; and John Visentin, Executive Vice President for Enterprise Services.

I also understand that Jeffrey Katzenberg, the CEO of Dreamworks Animation, is going to be on stage. Of course, Dreamworks has been in tight collaboration with HP in the production of its animation and 3D products. So that should be very interesting.

You mentioned earlier that we’ve got something like 700-800 business and technical sessions. There is the Discover Zone of the exhibits area, where more than 350,000 square feet space will be devoted to IT solutions from the ecosystem, where you can find the partners and the folks that are part and parcel of the total-solution approach.

There is the one-day Partner Summit on Monday, June 4, and an invitation-only CIO Summit as well. Now, tell me about Connect. You’ve got some of your own events at Discover, I think there is a community night?

Opportunity to network

Buik: Absolutely. Connect will be part of the Community Lounge in the Discover Zone. It’s right next to the bloggers’ lounge. So it’s an opportunity for Connect members and folks who don’t know about Connect to come to learn more, as well as take a load off their feet. No one is trying to sell anything. We’re just trying to make sure everybody is comfortable, happy, and has an opportunity to meet and network with others.

Typically, a lot of folks come to the Community Lounge and use it somewhat as an informational area. Where can they learn more about x, y, z, or where might there be a particular topic? The great thing is that so many people are attending, we can actually make those connections right there. So it’s really a neat place to be.

Also, on Wednesday evening, we’re hosting a community appreciation night with Vivit which is the HP software community. That’s going to be at Gilley’s, across the street from the Venetian at Treasure Island. Wednesday evening, we’re going to host a tweet up from 7:00 to 8:00 followed by a Going for the Gold community appreciation night. So there’s going to be a lot of fun, as we kind of celebrate the ancient Greek games, but western style with a twist. So we’ve got a lot of fun things coming.

We’re really tying in social media as part of this event to extend the buzz around the world.

My advice to folks who are attending an event as big as HP Discover is to define what your goals are for the event: “I want to learn more about XYZ,”or “My goal is to come back with a plan for how we’re going to implement a hybrid cloud or a private cloud.” Or my goal could be that I find myself in between jobs. I know folks who are doing this. They’ve bought their registration and they’re going there to network, because they’ve worked in the HP space for so many years.

But have a plan. Then, go look at the session scheduler and find the sessions that match your plan. You can do a keyword search. You can do a search by track. Identify the sessions that will meet your needs or help you meet those objectives.

Look for SIG meetings, if you want to hear from peers. Connect has 12 SIG meetings. So keyword search SIG. That’s a great opportunity for you to interact not only with other like-minded professionals, but also with HP folks who are subject matter experts on that particular topic or SIG.

You can learn more about Connect by visiting connect-community.org, but also if you register for HP Discover you can get a $300 discount and be affiliated with the community, so that you can get your fast pass into the community party on Wednesday evening. The code is UG2012.

Gardner: That’s worth $300?

Buik: $300. Easy money.

Listen to the podcast. Find it on iTunes/iPod. Read a full transcript or download a copy. Sponsor: HP.

You may also be interested in:

• Expert Chat with HP on How Better Understanding Security Makes it an Enabler, Rather than Inhibitor, of Cloud Adoption
• Expert Chat with HP on How IT Can Enable Cloud While Maintaining Control and Governance
• Expert Chat on How HP Ecosystem Provides Holistic Support for VMware Virtualized IT Environments
• Continuous Improvement and Flexibility Are Keys to Successful Data Center Transformation, Say HP Experts
• HP’s Liz Roche on Why Enterprise Technology Strategy Must Move Beyond the ‘Professional’ and ‘Consumer’ Split
• Well-Planned Data Center Transformation Effort Delivers IT Efficiency Paybacks, Green IT Boost for Valero Energy

The speed of business has never been faster, and leaders will continue to need to be ever-more responsive, ever-more able to react to customers before and better than the competition.

Data centers — the information engines behind modern businesses — must do whatever it takes to make businesses lean, agile and intelligent as they innovate and excel in their fast-changing markets.

Modern support services therefore need to be able to empower the workers and IT personnel alike to maintain peak control over data centers, and to keep the systems and processes performing reliably at lowest cost.

Live discussion

On May 15 in a free, online, live multimedia “Expert Chat,” I’ll be interviewing Tommaso Esmanech, Director of Automation Strategies at HP Technology Services. We’ll also be taking live questions from the online audience. [Disclosure: HP is a sponsor of BriefingsDirect podcasts.]

The stakes have never been higher for keeping applications and businesses up and running.

Register now as seats are limited for this free HP Expert Chat.

In this free discussion (registration required), hear recommendations from Esmanech on improving support, the new spectrum of support options and details on how HP is revolutionizing support to offer new innovations in support automation.

View a video on what to expect during the event.

Moreover, throughout the presentation, the live audience will pose questions on IT support services, automated support and remote support for an on-hand live panel to respond to.

Register now as seats are limited for this free HP Expert Chat.

You may also be interested in:

• Proper security and protection measures enable rapid cloud adoption, say HP experts on discussion panel
• HP Creates Security Reference Model to Better Manage Enterprise Information Risk
• Expert Chat on how HP ecosystem provides holistic support for VMware virtualized IT environments
• Continuous Improvement and Flexibility Are Keys to Successful Data Center Transformation, Say HP Experts
• HP’s Liz Roche on Why Enterprise Technology Strategy Must Move Beyond the ‘Professional’ and ‘Consumer’ Split
• Master IT support providers Chris and Greg Tinker’s take on how integrated technical support is essential in a complex, cloudy world
• Hastening Trends Around Cloud, Mobile Push Application Transformation as Priority, Says Research

The latest BriefingsDirect podcast, from the 2012 Ariba LIVE Conference in Las Vegas, explores the latest in cloud-based collaborative commerce with Mediafly, a startup company that delivers cloud-based applications for content management and distribution on mobile devices for Fortune 500 companies.

We’ll learn how Chicago-based Mediafly, through the Ariba Network, gained insight and control over its cash flow and found new means of managing capital and in aiding its ability to support ongoing operations, as well as to drive future growth.

To hear more about how they did it, Interarbor Solutuons Principal Analyst Dana Gardner interviews two executives from Mediafly, Carson Conant, CEO, and John Evarts, Chief Financial Officer and Chief Operating Officer. [Disclosure: Ariba is a sponsor of BriefingsDirect podcasts.]

Here are some excerpts:

Gardner: Tell me about your startup company and why managing cash flow is so important.

Conant: Mediafly is the leader in the presentation platform market. What that means is that we’re the company that helps bridge the gap between large Fortune 1000 companies, their internal systems, and primarily mobile applications, but also things like Internet-connected televisions, and so forth.

Large companies create lots of video. It could be live broadcast, sales presentations, training videos, and TV and movie industry content. When they’re trying to distribute that content to make it available on all of these emerging devices, particularly at that large scale, they need a provider like Mediafly.

Think of all the TV and movie productions that are going on the studios. Those companies have thousands of video files that they’re housing inside of their four walls. They’re trying to expose that content to all of their executives and staff, everybody from the makeup artist that needs to watch the last three dailies to the CEO and the president.

Perfect platform

Now, they want to be able to do that on iPads, iPhone, Android, and on televisions connected to the web. We’re the perfect platform, because there is so much that has to go on that so many gears are turning to make all that happen.

That’s a perfect solution for the cloud, and those companies now integrate with us so that that material is available to all the different stakeholders on all of these different devices. So we’ve dropped ourselves in and filled the gap between their in-house systems and all of these mobile devices.

Gardner: As a small company, what are you facing, when it comes to the financial pressures?

Evarts: As a small company, we often don’t have a balance sheet that’s attractive to banks, among other things. As we seek things like angel investment or equity investment, we need to do things that are extremely capital efficient with those funds.

When we have an opportunity for revenue, especially revenue at large corporations, Fortune 100 companies, these are large contracts. As a small organization, contracting with larger organizations, it’s absolutely critical for us to manage that cash flow well and have visibility into the cash flow.

As we said, we’ve been growing very quickly. So our recurring revenue has grown by 3x over the last two years. As we grow quickly, we need to have that visibility into cash management, because it’s absolutely critical that we staff at the right time relative to taking advantage of opportunities that are out there in the market.

Gardner: So looking at this from an elasticity point of view, larger companies have a bit more wiggle room. As a smaller company you don’t, but you need to grow fast. Help me understand what led you to do things differently in order to make this elasticity work in your favor.

Conant: We’re very fortunate. One of our largest customers is in the media entertainment space and we did a large seven-figure deal with them over a series of years. But the way that they do invoicing and transactions is through the Ariba Network. They said, “For you to get paid, join the Ariba Network.”

So that was the first thing that got us onto the network. What was amazing is that once we got on there, as John said, it was unlike a lot of our other transactions with similarly large companies. In those companies it’s just like a black box. You’ve got a several hundred thousand-dollar invoice that goes out, and you may not know if that’s going to come in in two weeks or six weeks.

What was amazing to us with Ariba was the ability to know exactly where we were in that payment process. Ultimately we took advantage of this program they call “dynamic discounting,” which allowed us to accelerate cash for a couple of basis points.

Huge ramifications

So for a fairly inconsequential amount of money to us, we were able to get paid in about 14 days instead of 60 days. It had huge ramifications on our business. What that did for us is allowed us to interact with them in a way that they preferred, but still have the nimbleness that we need from it as being a small company.

Gardner: So visibility and predictability are really important. In the past, people would generally go to a bank to get a line of credit and pay a high interest rate in order to have that accordion to manage their cash flows. You’ve found a way to do this, not through a bank, but through working directly with your customers and perhaps even incentivizing them to help you with your cash flow and visibility and your saving on the interest. It sounds like a win-win all around.

Evarts: It’s an excellent opportunity for us to work with a partner and deepen that partnership with our vendors. We’ve found that, as Carson said, for a few basis points of a concession on the contract, we’re able to factor 100 percent of the contract value of the invoice.

When that occurs, the advantage to us is that we’re able to immediately take advantage of it, as soon as it hits the system, to take 100 percent of those otherwise unknown collection periods. When we can reduce the collection periods from 60 days all the way to 14 days. We’re in a much stronger financial position, because we can take advantage of those dollars.

Conant: The first time we took advantage of dynamic discounting, it was relatively early in a development cycle for a security package that we were in the process of building. What that did allowed us to get access to cash to bring in additional resources to accelerate those featured enhancements.

It sparked additional Fortune 100 contracts. It was fundamentally game changing for us.

Literally, two weeks after signing this deal with one of the largest entertainment companies in the world, we were in the board room with one of the largest global banks in the world touting these new security features we had, which we otherwise wouldn’t have had for maybe 60 days.

It sparked additional Fortune 100 contracts. It was fundamentally game changing for us. We joke that it would be interesting if all of our customers leveraged something like dynamic discounting. It would be transformative for our business. It would drastically accelerate how we can deploy cash. Then you think about it in terms of what could it do for the economy.

If all these companies were taking advantage of this, it would boost the stability and the growth of their partners and their vendors. It would be something. That’s why we’re so vocal about it.

Evarts: As a small organization that is very nimble and trying to innovate, it speeds up and accelerates the pace of innovation that we’re able to generate. The new features that we offered to this first client, we were immediately able to turn and sell to one of the leading investment banks as the same security capability.

So when we’re able to quickly accelerate and bring new innovations to market, obviously everybody benefits. Mediafly benefits, and ultimately, our customers are going to benefit as well.

Level playing field

Gardner: And what strikes me is that this seems to be a level playing field between you, a small company, and as you point out, some of the largest media companies in the world. You’re playing with the same rules with Ariba being the trusted arbiter.

Conant: Absolutely. There are probably two or three technologies that we’ve taken advantage of that have just come into play in the last three to five years. One of them is cloud-based infrastructure. We don’t have to buy servers anymore. That’s allowed a company of our size to outpace and out-compete companies that have been around for a long time and provide enterprise services to Fortune 100 global companies.

Then, you look at Ariba, and it’s very similar. It allows us to interact with them the same way that they would interact with another large company. Doing business with us doesn’t feel different than doing business with another large company.

They get what they want, we get some additional visibility and some things that are valuable to us. But, these technologies have just come into play in the last three to five years, and it’s really allowed a company like Mediafly to exist.

Gardner: A lot of times, analysts like myself focus on the technology behind the cloud, but it’s really a game changer, when it comes to business processes and allows for the compression of what used to be latency in terms of business functions, monetization, and cash flow. Now, when everybody has visibility, when the level field is there for all participants, it’s much more efficient and direct, and we’re just starting to pick some of the fruit of that.

These technologies have just come into play in the last three to five years, and it’s really allowed a company like Mediafly to exist.

Evarts: And you touched on it. Creating scalable solutions is absolutely critical and it allows a small organization with relatively limited initial capital, first to be able to scale to a level, and participate in the Ariba Network, and basically have the same credentials as some of the largest companies in the world.

Folks who are transacting with Mediafly are doing it in the exact same way that they do with other Fortune 100 peers. To some degree, to us, it’s a competitive advantage, and we feel that way. We feel that if we’re on the system, we’ve been vetted, and other folks are using us on the system. It’s an excellent credential for us to have and a nice reference for us.

We feel that this Ariba Discovery concept is extremely valuable to us as a small organization, as we look to scale as a lead generation opportunity and ultimately, as we’re transacting business.

Gardner: We’ve touched briefly on how this could be a go-to market benefit for you. Let’s expand on that. How in providing a discount incentive to cash flow, and using the Ariba Network, does that end up getting you more customers?

Evarts: One of the tools that we’re just trying to tap into is this concept called Ariba Discovery. Discovery allows you to self select a series of industries, what they call commodities. That allows you to say, “These are the services that we offer.” Then, large companies are able to go on that system and say, “These are the services that we’re looking for.” So it’s really kind of a matchmaking function.

While we’ve only scratched the surface — we feel we’re relatively new to this system — we feel that this Ariba Discovery concept is extremely valuable to us as a small organization, as we look to scale as a lead generation opportunity and ultimately, as we’re transacting business.

We feel that as a small vendor, if there are a number of individual companies that are looking to leverage this system, we’re happy to make a light concession, obviously, for the right amount of basis points and just for the right timing. We’re able to then take advantage of that, accelerate cash in. When non-financial companies, at the end of third quarter last year, had $3 trillion sitting on their balance sheets, you know that there’s a ton of liquidity out there that will be invested, and is going to be invested in different ways.

One way that folks can take advantage of it is using a system like Ariba in order to support the supply chain, investing in their current partners.

Of, for, by the cloud

Gardner: So you’re sort of of, for, and by the cloud. When it came to moving toward Ariba and using some of their services, did that work as an off-the-cloud service, where there wasn’t anything on premise or you didn’t have to have your IT people involved in? How friendly a cloud player did Ariba turn out to be?

Conant: Extremely friendly, relative to some other more manual processes that some of our other customers leverage. The best example that is our ultimate discovery of the dynamic discounting program. Our controller noticed a checkbox in our interface. It’s a web-based interface and he asked John, “This looks interesting. Should we take advantage of it?” We said, “Yeah, let’s try it on our first invoice.”

This was not some training that had to happen before we understood how to use this system. It was a couple of checkboxes, and now we are getting paid earlier.

To me, that’s really what the cloud is. A company like Ariba, in my opinion, has done a really good job of abstracting, so you’re left with just an elegant functionality and it’s in the cloud. It’s all web-based. There’s nothing we had to deploy on premises.

We’re a cloud company. So it feels natural. I can’t even imagine how simple it must seem to somebody who’s used to using things on premises.

Not only can we now take full advantage of their entire cloud-based infrastructure, but it was very easy for us as a small vendor to get onto this system.

Evarts: One of the key elements for us was the ease to get on the system. When a customer whose that large asks you to join, and you’re as small as you are, you say absolutely, how quickly and when. Ariba was absolutely fantastic in helping us to get onto this system and then ultimately helping us navigate, within the course of a couple of hours max, to have been fully integrated into the system. Not only can we now take full advantage of their entire cloud-based infrastructure, but it was very easy for us as a small vendor to get onto this system.

Gardner: On the other side, the flip side of the coin, these global Fortune 500 companies were familiar with Ariba. You didn’t have to drag them along and convince them. There was already the established trust and credibility.

Conant: We’re still scratching the surface, as more and more companies are moving this way. It seems like a lot of the people that we’re talking to are moving into cloud-based procurement solutions, things like Ariba. As more time goes on, more and more of our customers will be on Ariba and leveraging dynamic discounting and so forth.

What’s great is that each one that is using Ariba is already set up. It’s just a matter of them attaching our profile or however it happens behind the scene. But there are not a whole lot of additional process. That’s what’s neat about the network effect. Once multiple parties are on a network, it’s just a matter of connecting the two lines together.

Listen to the podcast. Find it on iTunes/iPod. Read a full transcript or download a copy. Sponsor: Ariba.

You may also be interested in:

• Ariba Network Helps Cox Enterprises Manage Procurement Across Six Different ERP Systems
• Ariba CMO Tim Minahan on how networked economy benefits spring from improved business commerce and cloud processes
• Ariba Dynamic Discounting Gives Companies New Visibility into Cash Flow to Improve the Buying Process
• Ariba, IBM Deal Shows Emerging Prominence of Cloud Ecosystem-Based Collaboration and Commerce
• Ariba Steps Up Cloud Efforts with StartContracts, On-Demand Contract Management for SMBs
• Ariba Live Discussion: How Cloud Alters Landscape for eCommerce, Procurement, and Supply Chain Management
• Cloud-Based Commerce Network Helps Florida Manufacturer MarkMaster Reach New Markets, Streamline Transactions

See how Acorda Therapeutics’ use of advanced backup and DR best practices and products has helped it to manage rapid growth, cut energy costs, and gain the means to recover and manage applications and data faster. Also learn how these advanced DR benefits have led to other data center flexibly and even migration benefits.

Sharing more detail on how modernizing DR has helped improve many aspects of Acorda Therapeutics’ responsiveness is Josh Bauer, Senior Manager of Network Operations at Acorda Therapeutics in Hawthorne, NY. The discussion was moderated by Dana Gardner, Principal Analyst at Interarbor Solutions. [Disclosure: VMware is a sponsor of BriefingsDirect podcasts.]

Here are some excerpts:

Gardner: What do you perceive as being different today about DR than just a few years ago? Is this really a fast-moving area?

Bauer: One of the most prominent changes is recovery time. You no longer need to restore from physical tape and see recovery times of upwards of 24 hours, something that we hadn’t seen until recently. We implemented Site Recovery Manager (SRM) from VMware and we can now do that same recovery in about four hours.

We’re constantly replicating using RecoverPoint and we can get data up to the minute, versus tape, where you are at the whim of whether the backup completed on time — did everything go to tape, and when was it done? It could have been two days ago, versus now, when it’s data that’s 100 percent synced up to a minute ago.

When we had about 80 employees, we probably barely had a terabyte, and now with 350 employees we easily have over 14 terabytes.

Gardner: I am also wondering, because you are in the healthcare and biotechnology field, are there aspects of the new DR that appeal to you from a compliance or regulatory perspective as well?

Bauer: Definitely. Four times per year we have to prove that we can recover all of our software and data by doing a DR test. Until we had SRM, we had to do it all from tape, from a cold facility, and it would take us a day, sometimes a day-and-a-half. That’s just not the best way to do things. But now, with SRM, we can always do these tests on the fly, even from our office, from home, or from wherever.

Gardner: Tell me a little bit more about Acorda Therapeutics. You were founded in 1995. Tell us what you do, so our audience can understand the type of company you are and type of products and services you provide.

Recent growth

Bauer: We create treatments for people with multiple sclerosis, spinal cord injuries, or other neurological disorders. We have two marketed drugs in the market right now, the most recent of which, Ampyra, helps people with multiple sclerosis walk better, and it has been a huge success. And that’s the main reason we’ve been growing so much lately.

Prior to virtualization, we were spending a lot of time managing our infrastructure, with all those physical servers. Once we virtualized everything, we spent way less time managing the infrastructure and could spend more time helping the business.

In fact, the IT department itself has become less like a computer repair shop and more like a strategy center. I’m constantly being brought into projects to help the business make the right decisions when it comes to any type of technology.

The next logical step would be to have my team spend less time doing these four-times-a-year DR drills the way I described before. With SRM it’s a few clicks. We’re saving so much time and we are able to do other things.

The IT department itself has become less like a computer repair shop and more like a strategy center.

Gardner: Tell me how you got to the point today, where you can deal with something like 14 terabytes and moment-by-moment backup capability?

Strategic partner

Bauer: It all really started at VMworld. That’s been a fantastic way for me to learn what’s out there, what’s coming up, and just staying in the know. That’s actually where I met International Computerware, Inc. (ICI), who is one of our strategic partners for storage and virtualization.

I had approached them with the growth issue. We had already started doing virtualization on our own. I had used it at a previous company, but I wasn’t familiar with SRM, and it looked like it might be a nice fit for improving our DR. So ICI came in and they sort of held our hands and helped us with that project.

Specific to storage, they have also helped us make sure that we do better management of growth, anticipate our growth, and show that we have more than what we’re going to need, before the growth happens, and they’ve done some analysis on like what we have. We brought them in before things got too bad.

Since using VMware, we’ve noticed uptime upwards of three nines monthly. Before that, when we were mostly a physical environment, it was nowhere near that much. We had physical servers going down all the time.

VMware immediately gained our trust, seeing that they came out with this product for DR. It was a name that we trusted. Then, we played with it for a while, and it worked out fantastically.

It’s all about trusting VMware and then, again, ICI, working with them. They just know their stuff. We have a lot of different partners we work with, but we prefer to use ICI, because they really focus on doing things properly. It’s more about working with someone that really knows what they are doing. They understand that we have some skills, as well. They’re not trying to sell us something we don’t need.

95 percent virtualized

We are 95 percent virtualized here. The only thing that’s not virtual is our fax server, which requires a physical fax board and that’s about it. Everything else is virtual.

Gardner: So this is across all tiered apps, tier one, three, four?

Bauer: That’s correct, our SQL apps, our Exchange, everything you can think of is virtualized.

Gardner: I understand you’re using vSphere 5. You’re on vCenter SRM 5. That only came out towards the end of last year. So you just jumped right on that.

Bauer: Oh, I didn’t waste any time. We were very excited about it, especially this new option of using a failback, which wasn’t really part of SRM Version 4.

They’ve certainly fixed some of the bugs, and the interface is much better. The whole testing process seems to be a lot more smooth.

If you ever have the very unlikely event of a a disaster, when you do a recovery, you’re now operating off of the disaster equipment or recovery equipment. While that’s happening, people are still saving files and generating new data. If you were to just simply turn on the original equipment again, all that data would be lost. So you need to fail back to re-sync everything.

With SRM Version 4, you had to configure two one-way recovery systems. So it would take a lot more time. But now with failback, it’s a lot more smooth, kind of built-in.

Gardner: Do you actually have separate data centers that you are backing up to? What’s the topology or architecture that you’re using?

Bauer: We have two separate data centers, recovery and production. At the moment they’re only a few towns apart, but we are shopping around for a data center much further away. We hope to do that in the next six months or so.

Gardner: Looking to the future, one other area I wanted to hit on, which is important to a lot of folks, especially in some overseas markets, is this issue about energy. Did you have any impact on energy and/or storage costs associated with the total life cycle of the data?

Bauer: We reduced the footprint by easily 75 percent by not needing so many physical servers. That’s a pretty huge shout-out to VMware there. Also, we’re not using that much power. We don’t need as big a data center. Not as much cooling is needed. There’s a whole assortment of things, when you take out all the physical servers.

Gardner: Now, looking to the future, other areas that people have described as a segue from going to high virtualization, exploiting the latest technologies in DR, is to start thinking about desktop virtualization infrastructure (VDI) and desktop-as-a-service. They’re even looking at cloud and hybrid-cloud models for hosting apps, then backing them up and recovering them in different data centers, which you’ve alluded to. Do you have any thoughts about where this could possibly lead?

Bauer: In fact, if you were going to ask me what my next initiative was going to be, and you didn’t mention desktops, that’s the first thing that would have come to mind. We’re starting to explore replacing our laptops with virtual desktops. I’m hoping this is something that we could implement next year.

Right way to go

This seems like the right way to go, because our helpdesk team spends too much time swapping out laptops or replacing laptops that are dropped on the ground. You’re looking at a small thin client, which is the fraction of the cost of a laptop. Plus, the data is no longer kept in a laptop. There are no security or compliance issues. You can l just give them a thin client, and they are back in business.

It makes everybody in this company, especially at the top-level, nervous to know that some sensitive data still does make it out to the laptops. We tell people to save everything to their network drives, but without using thin clients and virtual desktops, there’s no other way to force that.

Gardner: How about advice for those folks that might be moving towards a more modern DR journey, as you described it? What would you advise to them as they begin, and what lessons might you have learned that you could share?

Bauer: First off, do it. You’re going to be glad that you did. The good thing about this is that you can do it in parallel with your current DR plans. You don’t have to change your existing recovery plans. You can take as much time as you want to set it up right. And the key is to set up a demonstration for the key business owners and players that are going to make the decision on the change.

Set it up right with a handful of important apps, important VMs, and then just show it to people. Once they see how great it works, you’re definitely going to want to change.

It’s always helpful to have some outside help. No matter how skilled you are, it’s always good to have a second pair of eyes look at the work that you did, if for nothing more than to confirm that you’ve done everything you could and your plans are solid. It’s helpful to have a partner like ICI.

Listen to the podcast. Find it on iTunes/iPod. Read a full transcript or download a copy. Sponsor: VMware.

You may also be interested in:

• Case Study: Strategic Approach to Disaster Recovery and Data Lifecycle Management Pays Off for Australia’s SAI Global
• Virtualization Simplifies Disaster Recovery for Insurance Broker Myron Steves While Delivering Efficiency and Agility Gains Too
• SAP Runs VMware to Provision Virtual Machines to Support Complex Training Courses
• Case Study: How SEGA Europe Uses VMware to Standardize Cloud Environment for Globally Distributed Game Development
• Germany’s Largest Travel Agency Starts a Virtual Journey to Get Branch Office IT Under Control
• Virtualized Desktops Spur Use of ‘Bring You Own Device’ in Schools, Allowing Always-On Access to Education Resources

Join the next Expert Chat presentation on May 15 on support automation best practices.

It now falls to CIOs to not only rapidly adapt to cloud computing, but to find the ways to protect their employees and customers as they adopt cloud models – even as security threats grow.

This is a serious — but not insurmountable challenge.

Cloud computing has clearly sparked the imagination of business leaders, who see it as a powerful new way to be innovative and gain first-mover advantages — with or without traditional IT’s consent.

This simply now means that the center of gravity for IT services is shifting toward the enterprise’s boundaries – moving increasingly outside their firewalls. And so how can companies have it both ways — exploit cloud’s promise but also provide enough security to make the risks acceptable? How can organizations retain rigor and control while pursuing cloud benefits?

In a special BriefingsDirect sponsored HP Expert Chat discussion on how to define and obtain improved security, I recently moderated an in-depth session with Tari Schreider, HP Chief Architect of HP Technology Consulting and IT Assurance Practice. Tari is a Distinguished Technologist with 30 years of IT and cyber security experience, and he has designed, built, and managed some of the world’s largest information protection programs.

In our discussion, you’ll see the latest recommendations for how to enable and protect the many cloud models being considered by companies the world over.

If you understand the security risk, gain a detailed understanding of your own infrastructure, security can move from an inhibitor of cloud adoption to an enabler.

As part of our chat, we’re also joined by three other HP experts, Lois Boliek, World Wide Manager in the HP IT Assurance Program; Jan De Clercq, World Wide IT Solution Architect in the HP IT Assurance Program; and Luis Buezo, HP IT Assurance Program Lead for EMEA. [Disclosure: HP is a sponsor of BriefingsDirect podcasts.]

If you understand the security risk, gain a detailed understanding of your own infrastructure, and follow proven reference architectures and methods, security can move from an inhibitor of cloud adoption to an enabler.

Here are some excerpts from our discussion on how to make the move:

Schreider: It’s always a pleasure to be able to chat about some of the technology issues of the day, and certainly cloud computing protection is the topic that’s top of mind for many of our customers.

I want to begin talking about the four immutable laws of cloud security. For those of you who have been involved in information security over time, you understand that there is a certain level of immutability that is incumbent within security. These are things that will always be, things that will never change, and it is a state of being.

When we started working on building clouds at HP a few years ago, we were also required to apply data protection and security controls around those platforms we built. We understood that the same immutable laws that apply to security, business continuity, and disaster recovery extended into the cloud world.

First is an understanding that if your data is hosted in the cloud, you no longer directly control its privacy and protection. You’re going to have to give up a bit of control, in order to achieve the agility, performance, and cost savings that a cloud ecosystem provides you.

The next immutable law is that when your data is burst into the cloud, you no longer directly control where the data resides or is processed.

One of the benefits of cloud-based computing is that you don’t have to have all of the resources at any one particular time. In order to control your costs, you want to have an infrastructure that supports you for daily business operations, but there are ebbs and flows to that. This is the whole purpose of cloud bursting. For those of you who are familiar with grid-based computing, the models are principally the same.

Different locations

Rather than your data being in one or maybe a secondary location, it could actually be in 5, 10, or maybe 30 different locations, because of bursting, and also be under the jurisdiction of many different rules and regulations, something that we’re going to talk about in just a little bit.

The next immutable law is that if your security controls are not contractually committed to, then you may not have any legal standing in terms of the control over your data or your assets. You may feel that you have the most comprehensive security policy that is rigorously reviewed by your legal department, but if that is not ensconced in the terminology of the agreement with a service provider, then you don’t have the standing that you may have thought you had.

The last immutable law is that if you don’t extend your current security policies and controls in the cloud computing platform, you’re more than likely going to be compromised.

You want to resist trying to create two entirely separate, disparate security programs and policy manuals. Cloud-based computing is an attribute on the Internet. Your data and your assets are the same. It’s where they reside and how they’re being accessed where there is a big change. We strongly recommend that you build that into your existing information security program.

Gardner: Tari, these are clearly some significant building blocks in moving towards cloud activities, but as we think about that, what are the top security threats from your perspective? What should we be most concerned about?

The reason to move to cloud is for making data and assets available anywhere, anytime.

Schreider: Dana, we have the opportunity to work with many of our customers who, from time to time, experience breaches of security. As you might imagine, HP, a very large organization, has literally hundreds of thousands of customers around the world. This provides us with a unique vantage point to be able to study the morphology of cloud computing platform, security, outages, and security events.

One of the things that we also do is take the pulse of our customer base. We want to know what’s keeping them up at night. What are the things that they’re most concerned with? Generally, we find that there is a gap between what actually happens and what people believe could happen.

I want to share with you something that we feel is particularly poignant, because it is a direct interlock between what we’re seeing actually happening in the industry and also what keeps our clients up late at night.
First and foremost, there’s the ensured continuity of the cloud-computing platform. The reason to move to cloud is for making data and assets available anywhere, anytime, and also being able to have people from around the world accept that data and be able to solve business needs.

If the cloud computing platform is not continuously available, then the business justification as to why you went there in the first place is significantly mooted.

Loss of GRC control

Next is the loss of span of governance, risk management, and compliance (GRC) control. In today’s environment, we can build an imperfect program and we can have a GRC management program with dominion over our assets and our information within our own environment.

Unfortunately, when we start extending this out into a cloud ecosystem, whether private, public, or hybrid, we don’t necessarily have the same span of control that we have had before. This requires some delicate orchestration between multiple parties to ensure that you have the right governance controls in place.

The next is data privacy. Much has been written on data privacy and protection across the cloud ecosystem. Today, you may have a data privacy program that’s designed to address the security and privacy laws of your specific country or your particular state that you might reside in.

However, when you’re moving into a cloud environment, that data can now be moved or burst anywhere in the world, which means that you could be violating data-privacy laws in another country unwittingly. This is something that clients want to make sure that they address, so it does not come back in terms of fines or regulatory penalties.

Mobility access is the key to the enablement of the power of the cloud. It could be a bring-your-own-device (BYOD) scenario, or it could be devices that are corporately managed. Basically you want to provide the data and put it in the hands of the people.

You have to make sure that you have an incident-response plan that recognizes the roles and responsibilities between owner and custodian.

Whether they’re out on an oil platform and they need access to data, or whether it’s the sales force that need access to Salesforce.com data on BlackBerrys, the fact remains that the data in the cloud has to land on those mobile devices, and security is an integral part.

You may be the owner of the data, but there are many custodians of the data in a cloud ecosystem. You have to make sure that you have an incident-response plan that recognizes the roles and responsibilities between owner and custodian.

Gardner: Tari, the notion of getting control over your cloud activities is important, but a lot of people get caught up in the devil in the details. We know that cloud regulations and laws change from region to region, country to country, and in many cases, even within companies themselves. What is your advice, when we start to look at these detailed issues and all of the variables in the cloud?

Schreider: Dana, that is a central preoccupation of law firms, courts, and regulatory bodies today. What tenets of law apply to data that resides in the cloud? I want to talk about a couple of areas that we think are the most crucial, when putting together a program to secure data from a privacy perspective.

Just as you have to have order in the courts, you have to have order in the clouds. First and foremost, and I alluded to this earlier, is that the terms and conditions of the cloud computing services are really what adjudicates the rights, roles, and responsibilities between a data owner and a data custodian.

Choice of law

However, within that is the concept of choice of law. This means that, wherever the breach of security occurs, the courts can actually go to the choice of the law, which means whatever is the law of the land where the data resides, in order to determine who is at fault and at breach of security.

This is also true for data privacy. If your data resides in your home location, is that the choice of law by which you follow the data privacy standards? Or if your data is burst, how long does this have to be in that other jurisdiction before it is covered by that choice of law? In either case, it is a particularly tricky situation to ensure that you understand what rules and regulations apply to you.

The next one is transporter data flow triggers. This is an interesting concept, because when your data moves, if you do a data-flow analysis for a cloud ecosystem, you’ll find that the data can actually go across various borders, going from jurisdiction to jurisdiction.

The data may be created in one jurisdiction. It may be sent to another jurisdiction for processing and analysis, and then may be sent to another location for storage, for intermediate use, and yet a fourth location for backup, and then possibly a fifth location for a recovery site.

This is not an atypical example. You could have five triggering events across five different borders. So you have to understand the legal obligations in multiple jurisdictions.

The onus is predominantly placed on the owner of the data for the integrity of the data. The CSP basically wants no direct responsibility for maintaining the integrity of that data.

The next one is reasonable security, which is, under the law, what would a prudent person do? What is reasonable under the choice of law for that particular country? When you’re putting together your own private cloud, in which you may have a federated client base, this ostensibly makes you a cloud service provider (CSP).

Or, in an environment where you are using several CSPs, what are the data integrity disclaimers? The onus is predominantly placed on the owner of the data for the integrity of the data, and after careful crafting of terms and conditions, the CSP basically wants no direct responsibility for maintaining the integrity of that data.

When we talk about who owns the data, there is an interesting concept, and there are a few test cases that are coursing their way through various courts. It’s called the Berne Convention.

In the late 1990s, there were a number of countries that got together and said, “Information is flowing all over the place. We understand copyright protection for works of art and for songs and those types of things, but let’s take it a step further.”

In the context of a cloud, could not the employees of an organization be considered authors, and could not the data they produce be considered work? Therefore wouldn’t it be covered by the Berne Convention, and therefore be covered under standard international copyright laws. This is also something that’s interesting.

Modify policies

The reason that I bring this to your attention is that it is this kind of analysis that you should do with your own legal counsel to make sure that you understand the full scope of what’s required and modify your existing security policies.

The last point is around electronic evidence and eDiscovery. This is interesting. In some cases it can be a dual-edged sword. If I have custody of the data, then it is open under the rules of discovery. They can actually request that I produce that information.

However, if I don’t directly have control of that data, then I don’t have the right, or I don’t have the obligation, to turn it over under eDiscovery. So you have to understand what rules and regulations apply where the data is, and that, in some cases, it could actually work to your advantage.

Join the next Expert Chat presentation on May 15 on support automation best practices.

Different risk profiles

Your risk profile may be different, if you are the custodian, versus the risk profile if you’re the owner of the data. This is something that you can very easily put together and present to your executives. It allows you to model the safeguards and controls to protect the cloud ecosystem.

Gardner: We certainly know that there is a great deal of opportunity for cloud models, but unfortunately, there is also significant down side, when things don’t go well. You’re exposed. You’re branded in front of people. Social media allows people to share issues when they arise. What can we learn from the unfortunate public issues that have cropped up in the past few years that allows us to take steps to prevent that from happening to us?

Schreider: These are all public events. We’ve all read about these events over the last 16-18 months, and some of them have occurred within just the last 30 days or so. This is not to admonish anybody, but basically to applaud these companies that have come forward in the interest of security. They’ve shared their postmortem of what worked and what didn’t work.

What goes up can certainly come down. Regardless of the amount of investment that one can put into protecting their cloud computing environment, nobody is immune, whether it’s a significant and pervasive hacking attempt against an organization, where sensitive data is exfiltrated, or whether it is a service-oriented cloud platform that has an outage that prevents people from being able to board a plane.

When an outage happens in your cloud computing environment, it definitely has a reverberation effect. It’s almost a digital quake, because it can affect people from around the world.

You want to make sure that you have a secure system development lifecycle methodology to ensure that the application is secure and has been tested for all conventional threats and vulnerabilities.

One of the things that I mentioned before is that we’re very fortunate that we have that opportunity to look at disaster events and breaches of security and study what worked and what didn’t.

I’ve put together a little model that would reanalyze the storm damage. if you look at the types of major events that have occurred. I’ve looked at the control construct that would exist, or should exist, in a private cloud and the control construct that should exist in a public cloud, and of course in a hybrid cloud. It’s the convergence of the two, and we would be able to mix and match those.

If you have a situation where you have an external threat that infiltrates an application, hacks into it, compromises an application, in a private cloud environment, you want to make sure that you have a secure system development lifecycle methodology to ensure that the application is secure and has been tested for all conventional threats and vulnerabilities.

In a public cloud environment, you normally don’t have that same avenue available to you. So you want to make sure that you either have presented to you, or on behalf of the service provider, have a web-application security review, external threat and vulnerability test.

In a cloud environment, where you are dealing in the situation of grouping many different customers and users together, you have to have a basis to be able to segregate data and operation, so that one of that doesn’t affect everybody.

The level of investment that you make in protecting your cloud environment should be commensurate with the value of the assets that are being burst or hosted in that cloud environment.

Protection through layers

We’re a big believer in, whether it’s cloud or just in security, having an information technology architecture that’s defined by layers. What is the business rationale for the cloud and what are we trying to protect? How should it work together functionally? Technically, what types of products and services will we use, and then how will it all be implemented?

We also have a suite of products that we can bring to our cloud computing environment to ensure that we’re securing and providing governance, securing applications, and then also trying to detect breaches of security. I’ve talked about our reference architecture.

Something that’s also unique is our P5 Model, where basically we look at the cloud computing controls and we have an abstraction of five characteristics that should be true to ensure that they are deployed correctly.

As I mentioned before, we’re either a principal member, contributing member, or founding member of virtually every cloud security standards organization that’s out there. Once again, we can’t do it by ourselves, and that’s why we have strategic partners with VMwares and the Symantecs of the world.

Gardner: There’s a question here about key challenges regarding data lifecycle specifically. How do you view that? What are some of the issues about secure data, even across the data lifecycle?

Key challenges

Luis Buezo: Based on CSA recommendations, we’re not only talking about data security related to confidentiality, integrity, and availability, but there are other key challenges in the cloud like location of the data to guarantee that the geographical locations are permitted by regulations.

There’s data permanence, in order to guarantee that data is effectively removed, for example, when moving from one CSP to a new one, or data backup and recovery schemes. Don’t assume that cloud-based data is backed up by default.

There are also data discovery capabilities to ensure that all data requested by authorities can be retrieved.

Another example is data aggregation on inference issues. This will be implemented to prevent revealing protected information. So there are many issues with having data lifecycle management.

Gardner: Our next question is about being cloud ready for dealing with confidential company data, how do you come down on that?

Jan De Clercq: HP’s vision on that is that we think that many cloud service today are not always ready for letting organizations store their confidential or important data. That’s why we recommend to organizations, before they consider moving data into the cloud, to always do a very good risk assessment.

They should make sure that they clearly understand the value of their data, but also understand the risks that can occur to that data in the cloud provider’s environment. Then, based on those three things, they can determine whether they should move their data into the cloud.

We also recommend that consumers get clear insights from the CSP on exactly where their organization’s data is stored and processed, and where travels inside the network environment of the job provider.

As a consumer you need to get a complete view on what’s done with your data and how the CSP is protecting them.

Gardner: Okay, Jan, what are essential data protection security controls that they should look for from their provider?

Clercq: It’s important that you have security controls in place that protect the entire data lifecycle. By data lifecycle we mean from the moment that the data is created to the moment that the data is destroyed.

Data creation

When data is created it’s important that you have a data classification solution in place and that you apply proper access controls to the data. When the data is stored, you need confidentiality, integrity, and availability protection mechanisms in place. Then, you need to look at things like encryption tools, and information rights management tools.

When the data is in use, it’s important that you have proper access control in place,so that you can make sure that only authorized people can access the data. When the data is shared, or when it’s sent to another environment, it’s important that you have things like information rights management or data loss prevention solutions in place.

When the data is archived, it’s important that it is archived in a secured way, meaning that you have proper confidentiality, integrity, and availability protection.

When the data is destroyed, it’s important, as a consumer, that you make sure that the data is really destroyed on the storage systems of your CSP. That’s why you need to look at things like crypto-shredding and other data destruction tools.

Gardner: Tari, how does cloud computing change my risk profile? It’s a general subject, but do you really reduce or lose risk control when you start doing cloud?

When the data is destroyed, it’s important, as a consumer, that you make sure that the data is really destroyed on the storage systems of your CSP.

Schreider: An interesting question to be sure, because in some cases, your risk profile could be vastly improved. In other cases, it could be significantly diminished. If you find yourself no longer in a position to be able to invest in a hardened data center, it may be more prudent for you to move your data to a CSP that is already classified as a data-carrier grade, Tier 1 infrastructure, where they have the ability to invest the tens of millions of dollars for a hardened facility that you wouldn’t normally be able to invest yourself.

On the other hand, you may have a scenario where you’re using smaller CSPs that don’t necessarily have that same level of rigor. We always recommend, from a strategic perspective when you are looking at application deployment, you consider its risk profile and where best to place that application and how it affects your overall threat posture.

Gardner: Lois, how can HP help clients get started, as they determine how and when to implement cloud?

Lois Boliek: We offer a full lifecycle of cloud-related services and we can help clients get started on their transition to the cloud, no matter where they are in that process.

We have the Cloud Discovery Workshop. That’s where we can help customers in a very interactive work session on all aspects of considerations of the cloud, and it will result in a high-level strategy and a roadmap for helping to move forward.

Business/IT alignment

We also offer the Hybrid Delivery Strategy Services. That’s where we drill down into all the necessary components that you need to gain business and IT alignment, and it also results in a well-defined cloud service delivery model.

We also have some fast-start services. One of those is the CloudStart service, where we come in with a pre-integrated architecture to help speed up the deployment of the production-ready private cloud, and we can do that in less than 30 days.

We also offer a Cloud System Enablement service, and in this we can help fast track setting up the initial cloud service catalog development, metering, and reporting.

Gardner: Does HP have the services to implement protection in the cloud?

Boliek: We believe in building security into the cloud environment from the beginning through our architectures and our services. We offer something called HP Cloud Protection Program, and what we have done is extended the cloud service offerings that I’ve just mentioned by addressing the cloud security threats and vulnerabilities.

We always recommend that you consider its risk profile and where best to place that application and how it affects your overall threat posture.

We’ve also integrated a defense in depth approach to cloud infrastructure. We address the people, process, policies, products improved, and the P5 Model that Tari covered, and this is just to help to address confidently and securely build out the hybrid cloud environment.

We have service modules that are available, such as the Cloud Protection Workshop. This is for deep-dive discussions on all the security aspects of cloud, and it results in a high-level cloud security strategy and next steps.

We offer the Cloud Protection Roadmap Service, where we can define the specific control recommendations, also based on our P5 Model, and a roadmap that is very customized and specific to our clients’ risk and compliance requirements.

We have a Foundation Service that is also like a fast start, specific to implementing the pre-integrated, hardened cloud infrastructure, and we mitigate the most common cloud security threats and vulnerabilities.

Then, for customers who require very specific custom security, we can do custom design and implementation. All these services are based on the Cloud Reference Architecture that Jan and Tari mentioned earlier, as well as extensive research that we do ahead of time, before coming out with customers with our Cloud Protection Research & Development Center.

Gardner: Tari, what should users do to determine how good their service provider is when it comes to these security issues?

Incumbent on us

Schreider: I wish we did have a rating system, but unfortunately, it’s still incumbent upon us to determine the veracity of the claims of security and continuity of the CSPs.

However, there are actually a number of accepted methods to gauge whether one’s CSP is secure. Many organizations have had what’s referred to as an attestation. Formally, most people are familiar with SAS 70, which is now SSAE 16, or you can have an ISO 27000.

Basically, you have an independent attestation body, typically an auditing firm, that will come in and test the operational efficiency and design of your security program to ensure that whatever you have declared as your control schema, maybe ISO, NIST, CSA, is properly deployed.

However, there is a fairly significant caveat here. These attestations can also be very narrowly scoped, and many of the CSPs will only attach it to a very narrow portion of their infrastructure, maybe not their entire facility, and maybe not even the application that you’re a customer of.

Also, we found that CSPs many application-as-service providers don’t even own their own data centers. They’re actually provided elsewhere, and there also may be some support mechanisms in place. In some cases, you may have to evaluate three attestations just to have a sense of security that you have the right controls in place, or the CSP does.

Join the next Expert Chat presentation on May 15 on support automation best practices.

Listen to the podcast. Find it on iTunes/iPod. Read a full transcript or download a copy. Sponsor: HP.

You may also be interested in:

• Expert Chat with HP on How IT Can Enable Cloud While Maintaining Control and Governance
• Expert Chat on How HP Ecosystem Provides Holistic Support for VMware Virtualized IT Environments
• Continuous Improvement and Flexibility Are Keys to Successful Data Center Transformation, Say HP Experts
• HP’s Liz Roche on Why Enterprise Technology Strategy Must Move Beyond the ‘Professional’ and ‘Consumer’ Split
• Well-Planned Data Center Transformation Effort Delivers IT Efficiency Paybacks, Green IT Boost for Valero Energy
• Hastening Trends Around Cloud, Mobile Push Application Transformation as Priority, Says Research

We’ll learn how Cox, through the Ariba Network, manages multiple ERP systems for an improved eProcurement strategy, and has moved toward more efficient indirect spend efforts to improve ongoing operations and drive future growth across more than 50,000 employees.

To hear more about how they have done this, Interarbor Solutuons Principal Analyst Dana Gardner interviews Brooke Krenn, the Senior Manager of Procurement Systems for Cox Enterprises, based in Atlanta. [Disclosure: Ariba is a sponsor of BriefingsDirect podcasts.]

Here are some excerpts:

Gardner: A lot of organizations either have organically developed multiple systems for different groups or, for merger and acquisition reasons, have different ERPs. How has that been a challenge, when it comes to procurement?

Krenn: We have six separate ERP systems spanning major subsidiaries, including Cox Communications, Manheim, Cox Media Group, and AutoTrader.com. Cox is a very interesting company in that our business units are very diverse and very unique. Across four divisions and our holding company we have those six ERP systems.

So with that, obviously, there are a lot of challenges. There’s not a lot of common ground, when it comes to purchasing. Across those six ERP systems we needed some way to drive consistency, as we focused on really capitalizing on our indirect spend across all the business units.

Procurement systems team

My team is the Procurement Systems Team. We fall under supply chain in Cox Enterprises. I have a team of three, and we manage our eProcurement platform, with which we do about $50 million year-end POs, and average about 1,500 POs a month. We also manage our P-Card program, which is about $130 million a year in spend, and also our fuel card program, which is about $50 million a year.

Historically, our spend, specifically the indirect spend, has been all over the place. We haven’t had a lot of visibility into that spend and haven’t had a consistent manner in which we purchased.

Ariba was one of the top contenders, simply because of the user experience was most important to us, and also how quickly we could implement it.

We had an eProcurement solution for about 10 years. We were on that software for a decade, and it was just very dated. It wasn’t supported very well. We knew it was time to make that change. Where we were in the economy, everyone was looking at the most logical places to save time and money and to become more efficient. Obviously, procurement was one of those areas where we could do very quickly.

We knew the first step was replacing the software that we did have. Immediately, Ariba was one of the top contenders, as we looked for a new solution, simply because of the user experience was most important to us, and also how quickly we could implement it.

Gardner: So you’re going from an on-premises software installed affair to now more of a software-as-a-service (SaaS) and cloud affair. Was that something that was difficult or something you were looking forward to?

Krenn: Moving to the cloud in an on-demand solution was great for us. Having the on-premises software in the past, any time there was an upgrade or an update, we had to be sure IT knew about it and we scheduled the time on a night or a weekend. We had to call on resources internally within the company. So it was very exciting for us to move to an on-demand solution and all of the technology that was available with that.

A great change

For the users, it’s been a great change, because now they consistently know there’s one place to go. When they need to order office supplies, when they need to order something for their break room, when they need to order business cards, they know where to go. In all of our divisions and all of our locations, employees want to do the right thing. They want to purchase the right way. A lot of times they’re just not sure of what to do.

So with this implementation of a new tool, we were able to really drive them in the right direction, and it was an easy solution for them. It was easy for us to implement, and it’s been very easy for our end users and our employees to adopt.

Gardner: Has that, in fact, translated into other metrics of success that you could describe for us?

With this implementation of a new tool, we were able to really drive them in the right direction, and it was an easy solution for them.

Krenn: Probably one of the biggest wins for us has been just driving compliance against our contracts. We’re able to see very easily now when a location or a business unit within one of the divisions is purchasing off-contract or when they’re not utilizing one of our preferred or negotiated suppliers. That’s probably been the biggest win for us.

We have the visibility now to see very quickly within our P2P tool and also within our spend management tool to see where this spend is taking place and able to reach out directly to those locations or to those employees that are purchasing off-contract. Obviously, the more purchasing power we have, the more spend we are driving to these contracts, the better our pricing is going to be going forward.

Unconventional

We went about implementing our new P2P solution a bit unconventionally, you could say. About 98 percent of our transactions are actually on a supplier card — a P-Card model, which has just been tremendously successful for us. With that, we didn’t have to integrate directly into our six separate ERPs because our payment method is with that supplier card.

Ease of implementation was one of the biggest wins. Also with that is the ease of use for the end user. There’s no reconciliation for them at the end of the month. We’re taking care of all of that GL coding information, all of the approvals, upfront. The supplier card model, again, has been great on the end user side as well as on the AP reconciliation side.

Listen to the podcast. Find it on iTunes/iPod. Read a full transcript or download a copy. Sponsor: Ariba.

You may also be interested in:

• Ariba CMO Tim Minahan on how networked economy benefits spring from improved business commerce and cloud processes
• Ariba Dynamic Discounting Gives Companies New Visibility into Cash Flow to Improve the Buying Process
• Ariba, IBM Deal Shows Emerging Prominence of Cloud Ecosystem-Based Collaboration and Commerce
• Ariba Steps Up Cloud Efforts with StartContracts, On-Demand Contract Management for SMBs
• Ariba Live Discussion: How Cloud Alters Landscape for eCommerce, Procurement, and Supply Chain Management
• Cloud-Based Commerce Network Helps Florida Manufacturer MarkMaster Reach New Markets, Streamline Transactions
• Ariba’s Jason Kurtz on How IT Financial Trends are Maturing Technology Procurement and Management Needs

The latest BriefingsDirect case study discussion focuses on how business standards and compliance services provider SAI Global is benefiting from a strategic view of IT enabled disaster recovery (DR).

Learn here how SAI Global has brought advanced backup and DR best practices into play for its users and customers. Examine too how this has not only provided business continuity assurance, but it has also provided beneficial data lifecycle management and virtualization efficiency improvement.

Mark Iveli, IT System Engineer at SAI Global, based in Sydney, Australia, details on how standardizing DR has helped improve many aspects of SAI Global’s business reliability. The discussion is moderated by Dana Gardner, Principal Analyst at Interarbor Solutions. [Disclosure: VMware is a sponsor of BriefingsDirect podcasts.]

Here are some excerpts:

Iveli: When we started to get into DR, we handled it from an IT point of view and it was very much like an iceberg. We looked at the technology and said, “This is what we need from a technology point of view.” As we started to get further into the journey, we realized that there was so much more that we were overlooking.

We were working with the businesses to go through what they had, what they didn’t have, what we needed from them to make sure that we could deliver what they needed. Then we started to realize it was a bigger project.

The initiative for DR started about 18 months ago with our board, and it was a directive to improve the way we had been doing things. That meant a complete review of our processes and documentation.

We had a number of business units that all had different strategies for their disaster recovery, and different timings and mechanisms to report on it.

Through the use of VMware Site Recovery Manager (SRM) in the DR project, we’ve been able to centralize all of the DR processes, provide consistent reporting, and be able to schedule these business units to do all of their testing in parallel with each other.

So we can make a DR session, so to speak, within the business and just run through the process for them and give them their reports at the end of it.

We’ve installed SRM 4.1 and our installation was handled by an outsource company, VCPro. They were engaged with us to do the installation and help us get the design right from a technical point of view.

Trying to make it a daily operational activity is where the biggest challenge is, because the implementation was done in a project methodology.

Trying to make it a daily operational activity is where the biggest challenge is, because the implementation was done in a project methodology. Handing it across to the operational teams to make it a daily operation, or a daily task, is where we’re seeing some challenges.

I’m a systems engineer with SAI Global, and I’ve been with the company for three years. When the DR project started to gather some momentum, I asked to be a significant part of the project. I got the nod and was seconded to the DR project team because of my knowledge of VMware.

That’s what my role is now — keeping the SRM environment tuned and in line with what the business needs. That’s where we’re at with SRM.

Complete review

The first 12 months of this journey so far has been all around cleaning up, getting our documentation up to spec, making sure that every business unit understood and was able to articulate their environments well. Then, we brought all that together so that we could say what’s the technology that’s going to encapsulate all of these processes and documentation to deliver what the business needs, which is our recovery point objective (RPO) and for our recovery time objective (RTO).

SAI Global is an umbrella company. We have three to four main areas of interest. The first one, which we’re probably most well-known for, is our Five Ticks brand, and that’s the ASIS standards. The publication, the collection, the customization to your business is all done through our publishing section of the business.

That then flows into an assurance side of the business, which goes out and does auditing, training, and certification against the standards that we sell.

We continue to buy new companies, and part of the acquisition trail that we have been on has been to buy some compliance businesses. That’s where we provide governance risk and compliance services through the use of Board Manager, GRC Manager, Cintellate, and in the U.S., Integrity 360.

Finally, last year, we acquired a company that deals solely in property settlement, and they’re quite a significant section of the business that deals a lot with banks and convincing firms in handling property settlements.

So we’re a little bit diverse. All three of those business sections have their own IT requirements.

Gardner: Like many businesses, your brand is super important. The trust associated with your performance is something you will take seriously. So DR, backup and recovery, business continuity, are top-line issues for you.

Because of what we do, especially around the property settlement and interactions with the banks, DR is critical for us.

Is there anything about what you’ve been doing as a company that you think makes DR specifically important for you?

Iveli: From SAI Global’s point of view, because of what we do, especially around the property settlement and interactions with the banks, DR is critical for us.

Our publishing business feels that their website needs to be available five nines. When we showed them what DR is capable of doing, they really jumped on board and supported it. They put DR as high importance for them.

As far as businesses go, everyone needs to be planning for this. I read an article recently where something like 85 percent of businesses in the Asia-Pacific region don’t have a proper DR strategy in place. With the events that have happened here in Australia recently with the floods, and when you look at the New Zealand earthquakes and that sort of stuff, you wonder where the businesses are putting DR and how much importance they’ve got on it. It’s probably only going to take a significant event before they change their minds.

Gardner: I was intrigued, Mark, when you said what DR is capable of doing. Do you feel that there is a misperception, perhaps an under-appreciation of what DR is?

Process in place

Iveli: The larger DR whole was just that these business units had a process in place, but it was an older process and a lot of the process was designed around a physical environment.

With SAI Global being almost 100 percent virtual, moving them into a virtual space opened their minds up to what was possible. So when we can sit down with the business units and say, “We’re going to do this DR test,” they ask if it will impact production. No, it won’t. How is it happening? “Well, we are going to do this, this, and this in the background. And you will actually have access to your application the way it is today, it’s just going to be isolated and fenced off.”

They say, “This is what we’ve been waiting for.” We can actually do this sort of stuff. They’re starting to see and ask, “Can we use this to test the next version of the applications and can we test this to kind of map out our upgrade path?”

We’re starting to move now into a slightly different world, but it has been the catalyst of DR that’s enabled them to start thinking in these new ways, which they weren’t able to do before.

Gardner: So being able to completely switch over and recover with very little interruption in terms of the testing, with very little downtime or loss, the opportunity then is to say, “What else can we do with this capability?”

It has been the catalyst of DR that’s enabled them to start thinking in these new ways, which they weren’t able to do before.

Iveli: Absolutely. With this new process, we’ve taken the approach of baby steps, and we’re just looking to get some operational maturity into the environment first, before we start to push the boundaries and do things like disaster avoidance.

Having the ability to just bring these environments across in a state that’s identical to production is eye-opening for them. Where the business wants to take it is the next challenge, and that’s probably how do we take our DR plan to version 2.0.

We need to start to work with the likes of VMware and ask what our options are now. We have this in place, people are liking it, but they want to take it into a more highly available solution. What do we do next? Use vCloud Director? Do we need to get our sites in an active/active pairing?

However, whatever the next technology step is for us, that’s where the business are now starting to think ahead. That’s nice from an alignment point of view.

Gardner: Those DR maturation approaches put you in a position to further leverage virtualization. Is there sort of a virtuous adoption pattern, when you combine modern DR with widespread virtualization?

Iveli: Because all of a sudden, your machines are just a file on a data store somewhere, now you can move these things around. As the physical technologies continue to advance — the speed of our networks, the speed of the storage environments, metro clustering, long haul replication — these technologies are allowing businesses to think outside of the box and look at ways in which they can provide faster recovery, higher availability, more elastic environments.

You’re not pinned down to just one data center in Sydney. You could have a data center in Sydney and a data center in New Zealand, for instance, and we can keep both of those sites online and in sync. That’s couple of years down the track for our business, but that’s a possibility somehow through the use of more virtualization technology.

Gardner: Any advice for those listening in who are beginning their journey? For those folks that are recognizing the risks and seeing these larger benefits, these more strategic benefits, how would you encourage them to begin their journey, what advice might you offer?

Iveli: The advice would be to get hired guns in. With DR, you’re not going to be able to do everything yourself. So spend a little bit more money and make sure that you get some consultants in like VCPro. Without these guys, we probably would have struggled a little bit just making sure that our design was right. These guys ensured that we had best practice in our designs.

Before you get into DR, do your homework. Make sure that your production environment is pristine. Clean it up. Make sure that you don’t have anything in there that’s wasting your resources.

Come around with a strong business case for DR. Make sure that you’ve got everybody on board and you have the support of the business.

Make sure that your production environment is pristine. Clean it up. Make sure that you don’t have anything in there that’s wasting your resources.

When you get into DR, make sure that you secure dedicated resources for it. Don’t just rely on people coming in and out of the project. Make sure that you can lead people to the resource and you make sure that they are fully engaged in the design aspects and the implementation aspects.

And as you progress with DR, incorporate it as early as you can into your everyday IT operation. We’re seeing that, because we held it back from our operations, just handing it over and having them manage the hardware and the ESX and the logical layers, the environment, they were struggling just to get their head around it and what was what, where should this go, where should that go.

And once it’s in place, celebrate. It can be a long haul. It can be quite a trying time. So when you finally get it done, make sure that you celebrate it.

Gardner: And perhaps a higher degree of peace of mind that goes with that.

Iveli: Well, you’ll find out when you get through it, how much easier this is making your life, how much better you can sleep at night.

Listen to the podcast. Find it on iTunes/iPod. Read a full transcript or download a copy. Sponsor: VMware.

You may also be interested in:

• Learn Why Ducati Races Ahead with Private Cloud and a Virtualization Rate approaching 100 Percent
• SAP Runs VMware to Provision Virtual Machines to Support Complex Training Courses
• Case Study: How SEGA Europe Uses VMware to Standardize Cloud Environment for Globally Distributed Game Development
• Germany’s Largest Travel Agency Starts a Virtual Journey to Get Branch Office IT Under Control
• Virtualized Desktops Spur Use of ‘Bring You Own Device’ in Schools, Allowing Always-On Access to Education Resources
• From VMworld, Cosmetics Giant Revlon Harnesses the Power of Private Cloud to Produce Impressive Savings and Cost Avoidance

When Hurricane Ike struck Texas in 2008, it became the second costliest hurricane ever to make landfall in the U.S. It was also a wake-up call for Houston-based insurance wholesaler Myron Steves & Co., which was not struck directly but nonetheless realized its IT disaster recovery (DR) approach was woefully inadequate.

Supporting some 3,000 independent insurance agencies in the Gulf Coast region, with many insured properties in that active hurricane zone, Myron Steves must have all it resources up and available, if and when severe storms strike.

The next BriefingsDirect discussion then centers on how Myron Steves, a small- to medium-sized business (SMB), developed and implemented a modern disaster recovery and business continuity strategy based on a high-degree of server and clients virtualization.

Learn how Tim Moudry, Associate Director of IT, and William Chambers, IT Operations Manager, both at Myron Steves, made a bold choice to go essentially 100 percent server virtualized in 90 days. That then set the stage for a faster, cheaper, and more robust DR capability. It also helped them improve their desktop-virtualization delivery, another important aspect of maintaining constant availability no mater what.

The discussion is moderated by Dana Gardner, Principal Analyst at Interarbor Solutions. [Disclosure: VMware is a sponsor of BriefingsDirect podcasts.]

Here are some excerpts:

Moudry: When Hurricane Ike came, we were using another DR support company, and they gave us facilities to recover our data. They were also doing our backups.

We went to that site to recover systems, and we had a hard time recovering anything. We were testing it, and it was really cumbersome. We tried to get servers up and running. We stayed there to recover one whole day and never got even a data center recovered.

So William and I were chatting and thinking that there’s got to be a better way. That’s when we started testing a lot of the other virtualization software. We came to VMware, and it was just so easy to deploy.

We made a proposal to our executive committee, and it was an easy sell. We did the whole project for the price of one year of our old DR system.

Gardner: William, what were your top concerns about change?

Chambers: Our top concerns were just avoiding what happened during Ike. In the building we’re in in Houston, we were without power for about a week. So that was the number one cause for virtualization.

Number two was just the amount of hardware. Somebody actually called us and said, “Can you take these servers somewhere else and plug them in and make them run?” Our response was no.

That was the lead into virtualization. If we wanted everything to be mobile like that, we had to go with a different route.

Then, once you get into virtualization, you think, “Well, okay, this is going to make us mobile, and we’ll be able to recover somewhere else quicker,” but then you start seeing other features that you can use that would benefit what you are doing at smaller physical size. It’s just the mobility of the data itself, if you’ve got storage in place that will do it for you. Recovery times were cut down to nothing.

Simpler to manage

There was ease of backups, everything that you have to do on a daily maintenance schedule. It just made everything simpler to manage, faster to manage, and so on.

Gardner: And so for you as an SMB with 200 employees, what requirements were involved? You obviously don’t have unlimited resources and you don’t have a huge IT staff.

Chambers: It’s probably what any other IT shop wants. They want stability, up-time, manageability, and flexibility. That’s what any IT shop would want, but we’re a small shop. So we had to do that with fewer resources than some of the bigger Exxons and stuff like that.

Moudry: And it can’t cost an arm and leg either. We’re an insurance broker. We’re not a carrier. We are between the carriers and agents. With our people being on the phone, up-time is essential, because they’re on the phone quoting all the time. That means if we can’t answer our phones, the insurance agent down the street is going to go pick up the phone, and they’re going to get the business somewhere else.

Now, we’re trying to get more green in the industry, and we are trying to print less paper

Also, we do have claims. We don’t process all claims, but we do some claims, mainly for our stuff that’s on the coast. After a hurricane, that’s when people are going to want that.

We have to be up all the time. When a disaster strikes, they are going to say, “I need to get my policy,” and then they are going to want to go to our website to download that policy, and we have to be up.

Gardner: Why did you go 100 percent virtualized in such a short time?

SAN storage

Chambers: We did that because we’ve got applications running on our servers, things like rating applications, emails, our core applications. A while back, we separated the data volumes from the physical server itself. So the data volume is stored on a storage area network (SAN) that we get through an iSCSI.

That made it so easy for us to do a physical-to-virtual (P2V) conversion on the physical server. Then in the evenings, during our maintenance period, we shut that physical server down and brought up the virtual connected to the SAN one, and we were good. That’s how we got through it so quickly.

Moudry: William moved us to VMware first, and then after we saw how VMware worked so well, we tried out VMware View and it was just a no-brainer, because of the issues that we had before with Citrix and because of the way Citrix works. One session affects all the others. That’s where VMware shines, because everybody is on their independent session.

Gardner: Where are your data centers?

Moving to colos

Moudry: Right now it’s Houston and San Antonio, but we are moving all of our equipment to colos, and we are going to be in Phoenix and Houston.

Gardner: So that’s even another layer of protection, wider geographic spread, and just reducing your risk in general. Let’s take a moment and look at what you’ve done and see in a bit more detail what it’s gotten for you. Return on investment (ROI), do you have any sense, having gone through this, what you are doing now that perhaps covered the cost of doing it in the first place?

Moudry: We spent about $350,000 a year in our past DR solution. We didn’t renew that, and the VMware DR paid for itself in the year.

We’re working with automation. We’re getting less of a footprint for our employees. You just don’t hire as many.

And we are not buying equipment like we used to. We had 70 servers and four racks. It compressed down to one rack. How many blades are we running, William?

Chambers: We’re running 12 blades, and the per year maintenance cost on every server that we had compared to what we have now is 10 percent now of what it was.

Gardner: I notice that you’re also a Microsoft shop. Did you look at their virtualization or DR? How come you didn’t go with Microsoft?

Then he downloaded the free version of VMware and tried the same thing on that. We got it up in two or three days.

Chambers: We looked at one of their products first. We’ve used the Virtual PC and Virtual Server products. Once you start looking at and evaluating theirs, it’s a little more difficult setup. It runs well, but at that time, I believe it was 2008, they didn’t have anything like the vCenter Site Recovery Manager (SRM) that I could find. It was a bit slower. All around, the product just wasn’t as good as the VMware product was.

Moudry: I remember when William was loading it. I think he spent probably about 30 days loading Microsoft and he got a couple of machines running on it. It was probably about two or three machines on each host. I thought, “Man, this is pretty cool.” But then he downloaded the free version of VMware and tried the same thing on that. We got it up in two or three days?

Chambers: I think it was three days to get the host loaded and then re-center all the products, and then it was great.

Moudry: Then he said that it was a little bit more expensive, but then we weighed out all the cost of all the hardware that we were going to have to spend with Microsoft. He loaded the VMware and he put about 10 VMs on one host.

Increased performance

It was running great. It was awesome. I couldn’t believe that that we could get that much performance from one machine. You’d think that running 10 servers, you would get the most performance. I couldn’t believe that those 10 servers were running just as fast on one server that they did on 10.

Chambers: That was another key benefit. The footprint of ESXi was somewhat smaller than a Microsoft.

Moudry: It used the memory so much more efficiently.

Gardner: You mentioned vSphere, vCenter Site Recovery Manager, and View. Is that it? Are you up to the latest versions of those? What do you actually have in place and running?

Chambers: We have both in production right now, vCenter 4.1, and vCenter 5.0. We’re migrating from 4.1 to 5.0. Instead of doing the traditional in-place upgrade, we’ve got it set up to take a couple of hosts out of the production environment, build them new from scratch, and then just migrate VMs to it in the server environment.

It went by so fast that it just happened that way. We were ahead of schedule on our time-frames and ahead on all of our budget numbers.

It’s the same thing with the View environment. We’ve got enough hosts so we can take a couple out, build the new environment, and then just start migrating users to it.

It all happened much quicker than we thought. Once we did a few of the conversions, of the physical servers that we had, and it went by so fast that it just happened that way. We were ahead of schedule on our time-frames and ahead on all of our budget numbers. Once we got everything in our physical production environment virtualized, then we could start building new virtual servers to replace the ones that we had converted, just for better performance.

Without disruption

We were able to do it without disruption, and that was one of the better things that happened. We could convert a physical server during the day, while people were still using it, or create that VM for it. Then, at night, we took the physical down and brought the virtual up, and they never knew it.

Gardner: How about some other metrics of success?

Copying the template

Moudry: Making new servers is nothing. William has a template. He just copies it and renames it.

Chambers: The deployment of new ones is 20 minutes. Then, we’ve got our development people who come down and say, “I need a server just like the production server to do some testing on before we move that into production.” That takes 10 minutes. All I have to do is clone that production server and set it up for them to use for development. It’s so fast and easy that they can get their work done much quicker.

Moudry: Rather than loading the Windows disk and having to load a server and get it all patched up.

Chambers: It gives you a like environment. In the past, where they tested on a test server you built, that’s not exactly the same as the production server. They could have bugs that they didn’t even know about yet, and that just cuts down on the development time just a lot.

Gardner: Any advice for folks who are looking at the same type of direction, higher virtualization, gaining the benefits of DR’s result and then perhaps having more of that agility and flexibility? What might you have learned in hindsight that you could share with some other folks?

We’ve got a lot of people working at home now, just because of the View environment and things like that.

Chambers: If you are going to use virtualization, then get in and start using it on a small basis. Just to do a proof of concept, check performance, do all the due diligence that you need, and get into it. It will really pay off in the end.

Moudry: Have a change control system that monitors what you change. When we first went over there, William was testing out the VMs, and I couldn’t believe, as I was saying earlier, how fast it is. We have people who are on the phones. They’re quoting insurance. They have to have the speed. If it hesitates, and that customer on the phone takes longer to give our people the information and our people has hard time quoting it, we’re going to lose the business.

When William put some of these packages over to the VM software, and it was not only running as fast, but it was running faster on the VM than it was on a hard box. I couldn’t believe it. I couldn’t believe how fast it was.

Chambers: And there was another thing that we saw. We’ve got a lot of people working at home now, just because of the View environment and things like that. I think we’ve kind of neglected our inside people, because they’d rather work in a View environment, because it’s so much faster than sitting on a local desktop.

Backbone speed

Moudry: When somebody works at home, they’re at lightning speeds. Upstairs is a ghost town now, because everybody wants to work from home. That’s part of our DR also. The model is, “We have a disaster here. You go work from home.” That means we don’t have to put people into offices anywhere, and with the Voice over IP, it’s like their call-center. They just call from home.

Chambers: They can work from different devices now, too. I know we’ve got laptops out there, iPads, different type of mobile devices, and it’s all secure.

Listen to the podcast. Find it on iTunes. Read a full transcript or download a copy. Sponsor: VMware.

You may also be interested in:

• SAP Runs VMware to Provision Virtual Machines to Support Complex Training Courses
• Case Study: How SEGA Europe Uses VMware to Standardize Cloud Environment for Globally Distributed Game Development
• Germany’s Largest Travel Agency Starts a Virtual Journey to Get Branch Office IT Under Control
• Virtualized Desktops Spur Use of ‘Bring You Own Device’ in Schools, Allowing Always-On Access to Education Resources
• From VMworld, Cosmetics Giant Revlon Harnesses the Power of Private Cloud to Produce Impressive Savings and Cost Avoidance
• From VMworld, NYSE Euronext on Hybrid Cloud Vision and Strategy Behind the Capital Markets Community Platform Vertical Cloud