Wednesday, September 26, 2018

Better management of multicloud IaaS proves accelerant to developer productivity for European gaming leader Magellan Robotech

The next BriefingsDirect Voice of the Customer use case discussion explores how a European gaming company adopted new cloud management and governance capabilities with developer productivity as the prime motivator.

We’ll now learn how Magellan Robotech puts an emphasis on cloud management and control as a means to best exploit hybrid cloud services to rapidly bring desired tools and app building resources to its developers.

Listen to the podcast. Find it on iTunes. Read a full transcript or download a copy.

Here to reveal the journey to responsible cloud adoption with impressive payoffs is Graham Banner, Head of IT Operations at Magellan Robotech in Liverpool, England, and Raj Mistry, Go-to-Market Lead for OneSphere at Hewlett Packard Enterprise (HPE), based in Manchester, England. The discussion is moderated by Dana Gardner, principal analyst at Interarbor Solutions.

Here are some excerpts:

Gardner: What are the drivers in your organization for attaining faster cloud adoption, and how do you keep that from spinning out of control, Graham?

Banner: That’s a great question. It’s been a challenge for us. One of the main problems we have as a business is the aggressive marketplace in Europe. It’s essential that we deliver services rapidly. Now some of our competitors might be able to deliver something in a month. We need to undercut them because the competition is so fierce.

Going from on premises into virtualization and on-premises cloud was our first step, but it wasn’t enough. We needed to do more.

Gardner: Speed is essential, but if you move too fast there can be risks. What are some of the risks that you try to avoid?

Banner: We want to avoid shadow IT. We’ve adopted capabilities before where the infrastructure team wasn’t able to provision services that supported our developers fast enough. We learned that the developers were then doing their own thing: There was no governance, there was no control over what they were doing, and that was a risk for us.

Gardner: Given that speed is essential, how do you bring quality control issues to bear when faced with hybrid cloud activities?

Banner: That’s been a challenge for us as well. There hasn’t traditionally been central payment management from across multiple cloud interfaces so that we could ensure that the correct policies are being applied to those services.

We needed a product that ensures that we deliver quality services to all of our customs across Europe.

Gardner: Raj, is this developer focus for cloud adoption maturity a main driver as HPE OneSphere is being evaluated?

Mistry: Yes, absolutely. The reason OneSphere is so good for the developers is we enable them to use the tools and frameworks they are accustomed to -- but under the safety and governance of IT operations. They can deploy with speed and have safe, secure access to the resources they need when they need them.

Gardner: Developers probably want self-service more than anyone. Is it possible to give them self-service but using tools that keep them under a governance model?

Mistry: Some developers like the self-service element, and some developers might use APIs. That’s the beauty of HPE OneSphere, it addresses both of those requirements for the developers. So they can use native tools or the self-service capabilities.

Gardner: We also have to consider the IT operators. When we think about where those new applications end up -- it could be on-premises or in some number of clouds, even multiple clouds.
Learn More About
Simplified Hybrid Cloud Management
Mistry: HPE OneSphere is very much application-centric, with the capability to manage the right workload, in the right cloud, at the right cost. Through the ability to understand what the workload is doing -- and based on the data and insights we collect -- we can then make informed decisions on what best to do next.

Gardner: Graham, you are on the operations’ side and you have to keep your developers happy. What is it about HPE OneSphere that’s been beneficial for both?

Effective feedback

Banner: It provides great insights and reporting features into our state. When we deployed it, the feedback was almost instantaneous. We could see where our environments were, we could see the workloads, we could see the costs, and this is something that we did not have before. We didn’t have this visibility function.

And this was a very simple install procedure. Once it was up and running, everything rolled out smoothly in a matter of hours. We have never seen a product do this before.

Gardner: Has having this management and monitoring capability given you the confidence to adopt multicloud in ways that you may not have been willing to before?

Banner: Yes, absolutely. One of the challenges we faced before was we were traditionally on-premises for the entire state. The developers had wanted to use and leverage functions that were available only in public clouds.

One of the challenges we faced before was we were traditionally on-premises for the entire state. But the developers wanted to use and leverage functions only available in the public clouds.
But we have a small operations team. We were wary about spending too much training our staff across the multiple public cloud platforms. HPE OneSphere enabled us to onboard multiple clouds in a very smooth way. And people could use it with very little training. The user interface (UI) was fantastic to use, it was very intuitive. Line of business, stack managers, compliance and directors, they all could go on and run reports straight away. It ticked off all the boxes that we needed for it to do.

Gardner: Getting the trains to run on time is important, but the cost of the trip is also important. Have you been able to gain better control over your own destiny when it comes to the comparative costs across these different cloud providers?
Banner: One of the great features that OneSphere has is the capability to input values about how much your on-premise resources cost. Now, we have had OPEX and CAPEX models for our spend, but we didn’t have real-time feedback on what the different environments we are using cost across our shared infrastructures.

Getting this information back from HPE OneSphere was essential for us. We can now look at some products and say, “You know what? This is actually costing x amount of money. If we move it onto another platform, or to another service provider, we’d actually save costs.” These are the kind of insights that are generated now that we did not have before.

Gardner: I think that economics trumps technology, because ultimately, it’s the people paying the bills who have the final say. If economics trumps technology, are you demonstrating a return on investment (ROI) with HPE OneSphere?

Mistry: One of the aims for OneSphere is the “what-if” analysis. If I have a cloud workload, what are its characteristics, its requirements, and where should I best place it? What’s best for that actual thing? And then having the capability to determine which hyperscale cloud provider -- or even the private cloud -- has the correct set of features for that application. So that will come in the not too distant future.

Gardner: Tell us more about Magellan Robotech and why application quality, speed, and operational integrity are so important.

Game On

Banner: We operate across Europe. We offer virtual gaming, sports, terminals, and casino products, and we have integration to other providers, which is unique for a bookmaking company. A lot of gaming providers operate just retail platforms, or maybe have an online presence. We do everything.

Because we compete with so many others, it’s essential that our applications are stable, scalable, and have zero downtime. If we don’t meet these requirements, we’re not going to be able to compete and our customers are going to move elsewhere.

As a service provider we sell all of these products to other vendors. We have to make sure that our customers are pleasing their own customers. We want to make sure that our customers have these value-adds as well. And this is where HPE OneSphere comes into play for us.
Learn More About
Simplified Hybrid Cloud Management
Gardner: As the third largest gaming enterprise in Europe, you’re in multiple markets, but that means multiple jurisdictions, with multiple laws about privacy. Tell us about your security and compliance needs and how HPE OneSphere helps manage complexity across these different jurisdictions?

Banner: We deal with several regulatory bodies across Europe. Nearly all of them have different compliance standards that have to be applied to products. It’s unreasonable for us to expect the developers to know which standards have to be applied.

The current process is manual. We have to submit applications and spin-up machines on-premises. They have to be audited by a third-party, and by a government body from each country. This process can take months. It’s a long, arduous process for us to just release a product.

We needed a tool that provides us an overview of what is available out there, and what policies need to be applied to all of our services. We need to know how long it’s going to take to solve the problems before we can release services.

With HPE OneSphere, we are gaining great insights into what’s coming with regards to better managing compliance and policies. There will be governance panes, and the capability for line-of-business staff members to come in and assign policies to various different cloud providers.

And we can take this information to the developers and they can decide, “You know what? For us to go live in this particular country, we have to assign these various policies, and so we are going to need to change our code.” And this means that our time-to-market and time-to-value are going to be much higher.

Gardner: Raj, how important is this capability to go into different jurisdictions? I know there is another part of HPE called Cloud28+ and they are getting into different discrete markets and working with an ecosystem of providers. How much of a requirement is it to deal with multiple jurisdictions?

Guided compliance, vigilance

Mistry: It’s very complex. One of the evolving challenges that customers face as they adopt a hybrid or a multicloud strategy is how do I maintain my risk posture and compliance. So the intellectual property (IP) that we have built into OneSphere, which has been available from August 2018 onward, allows customers to look at the typical frameworks: FIPS, HIPAA, GDPR, FCA, etc.

They will be able to understand, not just from a process perspective, but from a coding perspective, what needs to occur. Guidelines are provided to the developers. Applications can be deployed based on those, and then we will continually monitor the application.

If there is a change in the framework that they need to comply with, the line-of-business teams and the IT operations teams will get a note from the system saying, “Something has happened here, and if you are okay, please continue.” Or, “There is a risk, you have been made aware of it and now you need to take some action to resolve it.” And that’s really key. I don’t think anybody else in the market can do that.

Gardner: Graham, it sounds like you are going to be moving to wider adoption for HPE OneSphere. Is it too soon to get a sense of some of the paybacks, some of the metrics of success?

Guidelines are provided to the developers. Applications can only be deployed based on those, and we will continuously monitor the applications in production. 
Banner: Fortunately, during the proof of concept we managed to get some metrics back. We had set some guidelines, and some aims for us to achieve during this process. I can give you an example. Traditionally we had a very old-fashioned ticket system for developers and our other customers.

They turned in a ticket, and they could wait for up to five days for that service to become available, so the developer or the customer could begin using that particular service.

With HPE OneSphere, and the self-service function which we provided, we found out that the time was no longer measured in days, it was no longer hours -- it was minutes. This enabled the developers to quickly spin up machines. They can do iterative testing and get their products live, functioning, and bug-free faster. It frees up operational time so that we can concentrate on upgrading our platform and focus on various other projects.

We have already seen massive value in this product. When we spoke to the line of business about this, they have been pleased. They have already seen the benefits.

Gardner: Raj, what gets the most traction in the market? What is it that people perk up to when it comes to what OneSphere can do?

The data-insight advantage

Mistry: It’s the cost analytics and governance element. Deployment is a thing of the past. But once you have deployed it, how do you know what’s going on? How do you know what to do next? That’s the challenge we are trying to resolve. And that’s what's resonating well with customers. It’s about, “Let me give you insights. Let’s get you the data so you can do something about it and take action.” That's the biggest thing about it.
Learn More About
Simplified Hybrid Cloud Management
Gardner: What is it about the combination of product and support services and methodologies that are also helping to bring this to market?

Mistry: It’s about the guidance on application transformation. As people go digital, writing the new cloud-native stuff is easy. But like with Graham’s organization, and many organizations we talk to, they have a cloud-hosted, cloud-aware application that they need to be able to transform to make it more digitally friendly.

From a services perspective, we can guide customers in terms of what they should do and how they should introduce microservices and more cloud-native ways of working. Beyond that, it's helping with cultural stuff. So, the beginnings of Agile development, leading to DevOps in the not too distant future.

The other side of it is the capability to build minimum viable clouds, both in the private and the public clouds with the IP that we have. So, the cloud thing can be had, but our effort is really to make it very easy.

Gardner: That strikes me as a huge next chapter, the minimum viable cloud. Is that attractive to you at Magellan Robotech?

Banner: Absolutely, yes. From an on-premise perspective, we want to go forward into the public cloud. We know we can leverage its services. But one thing we are very wary of is the cost. Traditionally, it has been expensive. Things have changed. We want to make sure we are not provisioning services that aren’t being used. Having these metrics is going to allow us to make the right choices in the future.

Gardner: Let's look into the crystal ball. Going to the future, Graham, as a consumer, what would you like to see in HPE OneSphere next?

Public core and private cloud together

Banner: We already have the single pane of glass with OneSphere, so we can look at all our different clouds at once. We don't have to go in multiple consoles and spend time learning and training on how to get to these reports from three or four different providers. So, we have the core, the core is there. We know that the public cloud and private cloud have different functionalities.

On-premises can do certain things extremely well; it can handle all our current workloads. Public cloud can do this, too, and there are loads of additional features available. What we would like to see is a transition where some of these core functionalities of the public cloud are taken, managed, and applied to our private cloud as well.

There are compliance reasons why we can't move all of our products into the public cloud. But by merging them together, you get a much more agnostic point of view of where are you going to best deploy your services and what features you should have.

Gardner: Ultimately, it may even be invisible to you as to whether it's in a public or private cloud architecture. You want your requirements met, you want your compliance and security issues met, and let the automation of the underlying tool to take over.
Learn More About
Simplified Hybrid Cloud Management
Banner: Absolutely, yes. We would like to abstract away the location completely from our developers and our application guys. So, when they deploy, it gets put in the right place automatically, it has the right policies assigned to it. It's in the right location. It can provide the services needed. It can scale. It can auto-bounce -- all of this stuff. The end-user, our applications team, they won't need to know which cloud it's in. They just want to be able to use it and use the best available services.

Gardner: Raj, you just heard what the market is asking for. What do you see next for providers of cloud monitoring and management capabilities?

Mistry: Our focus will be around customizable cloud reporting, so the capability to report back on specific things from across all of the providers. Moving forward, we will have trending capabilities, the what-if forecasting capability from an analytics and insights perspective. Then we will build more on the compliance and governance. That's where we are heading in the not-too-distant future. If our own developers do well, we will have that by the end of the year.

Friday, September 21, 2018

How Norway’s Fatland beat back ransomware thanks to a rapid backup and recovery data protection stack

The next BriefingsDirect strategic storage and business continuity case study discussion explores how Norway’s venerable meat processing business, Fatland, relied on rapid backup and recovery solutions to successfully defended against a nasty ransomware attack.

The comprehensive backup and recovery stack allowed Fatland’s production processing systems to snap back to use after only a few hours, but the value of intelligent and increasingly hybrid storage approaches go much further to assure the ongoing integrity of both systems -- and business outcomes.

Listen to the podcast. Find it on iTunes. Get the mobile app. Read a full transcript or  download a copy.

Here to explain how vertically integrated IT infrastructure and mirrored data strategies can prevent data loss and business downtime are Terje Wester, the CEO at Fatland, based in Norway, and Patrick Osborne, Vice President and General Manager of Big Data and Secondary Storage at Hewlett Packard Enterprise (HPE). The discussion is moderated by Dana Gardner, Principal Analyst at Interarbor Solutions.

Here are some excerpts:

Gardner: Terje, getting all of your systems back up in a few hours after an aggressive ransomware attack in 2017 probably wasn’t what first drove you to have a comprehensive backup and recovery capability. What were the early drivers that led you to put in a more modern approach to data lifecycle management?

Wester: First of all, we have HPE end-to-end at Fatland. We have four production sites. At one production site we have our servers. We are running a meat business, doing everything from slaughtering to processing and packing. We deal with the farmers; we deal with the end customers. It’s really important to have good IT systems, also safe systems.

When we last invested in these HPE systems, we wanted something that was in front of the line, which was safe, because the uptime in the company is so important. Our IT people had the freedom to choose what they thought was the best solution for us. And HPE was the answer. We tested that really hard on this ransomware episode we had in September.

Gardner: Patrick, are you finding in the marketplace that people have primary reasons for getting into a comprehensive data protection mode? It can become a gift that keeps giving.

Osborne: A lot of our customers are now focusing on security. It’s definitely top of mind. What we are trying to provide is more of an integrated approach, so it’s not a secondary or an afterthought that you bolt on.

Whether it’s our server products, with silicon root of trust, or our storage products, with things like we have done for Fatland such as Recovery Manager Central (RMC), or with our integrated offerings such as our hyper-converged infrastructure (HCI) product line -- the theme is the same. What we are trying to weave through this is that data protection and availability are an endemic piece of the architecture. You get it on day one when you move to a modernized architecture, as opposed to running into a ransomware or an availability issue and then having to re-architect after-the-fact.

What we are trying to do with a number of customers is, from day one, when you renew your infrastructure, it has all of this availability and security built in. That’s one of the biggest things that we see, that’s helpful for customers these days.
Learn How HPE BladeSystem
Speeds Delivery of Business Outcomes
Gardner: Data and security integration are, in fact, part of the architecture. Security is not a separate category or a chunk that you bolt on later.

Osborne: Exactly.

Gardner: Terje, tell us a about the .NM4 crypto virus. In 2017, this hit a lot of people. Some were out for days. What happened when this hit your organization?

Rapid response, recovery

Wester: These people were trying to attack us. They started to visit our servers and got in on a Thursday. They worked until that Friday night and found an opening. This was something that happened in the middle of the night and they closed down the servers. They put in this ransomware, so that closed down everything.

On Saturday, we had no production. So, Saturday and Sunday for us were the days to work on and solve the problem. We contacted HPE for consultants, to determine what to do. They came over from Oslo on Sunday, and from Sunday afternoon to early Monday morning we recovered everything.

On Monday morning we started up, I think, only about 30 minutes behind schedule and the business was running. That was extremely important for us. We have live animals coming in on Sunday to be slaughtered on Monday. We have rapid processing. Christmas was around the corner and everything that we produce is important every day. The quick recovery was really important for us.

Gardner: You are an older, family-run organization, dating back to 1892. So, you have a very strong brand to protect.

On Monday morning we started up only 30 minutes behind schedule and the business was running. That was extremely important to us. The quick recovery was really important.
Wester: That’s right, yes.

Gardner: You don’t want to erode that brand. People want to continue to hold the trust they have had in you for 125 years.

Wester: They do. The farmers have been calling us for slaughtering of their cattle for generations. We have the typical supermarket chains in Norway as our main customers. We have a big daily turnover, especially in September through October, when all the lambs are coming in. It’s just a busy period and everybody trusts that we should work for them every day, and that’s our goal, too.

Gardner: Patrick, what was it about the HPE approach, the Recovery Manager Central and StoreOnce, that prevented the ransomware attack, in this case, from causing the significant downtime that we saw in other organizations?

Osborne: One of the important things to focus on is that in the case of Fatland it’s not so much the money that you would have had to pay for the ransomware, it’s the downtime. That is key.

Using our architecture, you can take application or data-specific point-in-time copies of the data that’s critical -- either mission-critical or business-critical -- at a very granular level. You can orchestrate that, and then send that all off to a secondary system. That way you have an additional layer of security.

What we announced in November 2017 at Discover in Madrid is the ability to go even further beyond that and send an additional copy to the cloud. At all layers of the infrastructure, you will be able to encrypt that data. We designed the system around not so much backup -- but to be able to restore quickly.

The goal is to provide a very aggressive recovery time objective (RTO) in a very granular recovery point objective. So, when a team like Terje’s at Fatland recognizes that they have a breach, you can mitigate that, essentially staunch the issue, and be able to rapidly recover from a well-known set of data that wasn’t compromised.

For us it’s all about architecting to rapidly recover, of making that RTO as quickly as possible. And we see a lot of older architectures where you have a primary storage solution that has all of your data on it and then not a really good backup infrastructure.

What turned into two days of disruption for Fatland could have been many more days, if not weeks, in older infrastructure. We really just are focused on mitigation of RTO.
Learn How HPE BladeSystem
Speeds Delivery of Business Outcomes
Gardner: In the case of the cryptovirus, did the virus not encrypt the data at all, or was it encrypted but you were able to snap back to the encryption-free copies of the data fast?

Osborne: When we do this at the storage layer, we are able to take copies of that data and then move it off to a secondary system, or even a tertiary system. You then have a well-known copy of that data before it’s been encrypted. You are able to roll back to a point in time in your infrastructure before that data has been compromised, and then we can actually go a step further.

Some of the techniques allow you to have encryption on your primary storage. That usually helps if you are changing disk drives and whatnot. It’s from a security perspective. Then we are actually able to encrypt again at the data level on secondary storage. In that case, you have a secure piece of the infrastructure with data that's already been encrypted at a well-known point in time, and you are able to recover. That really helps out a lot.

Gardner: So, their encryption couldn't get past your encryption?

Osborne: Yes.

Gardner: The other nice thing about this rapid recovery approach is that it doesn't have to be a ransomware or a virus or even a security issue. It could be a natural disaster; it could be some human error. What's important is the business continuity.

Now that you have been through the ransomware attack, how is your confidence in always being up and running and staying in business in general, Terje?

Business continuity bonus

Wester: We had been discussing this quite a lot before this ransomware issue. We established better backup systems, but now we are looking into extending them even more, to have another system that can run from the minute the main servers are down. We have a robotized system picking out meat for the supermarket chains 24x7, and when their main server stops, something should be able to take over and run the business. So, within a very short time we will also have that solution in place, with good help from HPE.

Gardner: Patrick, not that long ago the technology to do this may have been there, but the costs were prohibitive. The network and latency and issues were prohibitive. What's happened in the past several years that allows you to go to a company such as Fatland and basically get them close to 99.9999 percent availability across the board?

Osborne: In the past, you had customers with a preferred vendor for servers, a preferred vendor for networking, and another preferred vendor for storage. That azimuth is changing to a vertically oriented stack. So, when Terje has a set of applications or business needs, we are able to, as a portfolio company, bring together that whole stack.

In the past, the customer was the integrator, and the cost was in bringing many, many different disparate solutions together. They would act as the integrator. That was probably the largest cost back in the day.

We're now bringing together something that's vertically oriented and has security and data protection availability throughout the stack. At the end of the day it's a business enabler for a business of any size.
Now, we’re bringing together something that's more vertically oriented and that has security and data protection availability throughout the stack. We’re making these techniques and levels of availability for customers of any size, where IT is not really their core competency. At the end of day, it's a business enabler, right?

Wester: Right, absolutely.

Osborne: The second piece from a networking perspective is that very large and low-cost bandwidth has definitely changed the game in terms of being able to move data, replicate data from on-premise, even off-premise to the cloud, that's certainly been an enabler as well.

Gardner: We are seeing mirroring of entire data centers in amazing amounts of time.

Also, you have an integrated stack approach, with HPE focused on security engineered in, across the board, from the silicon up. What are some of the newer technologies that we can expect to see that further increases higher availability, lower risk and lower cost?

Shared signature knowledge

Osborne: Terje's team had cryptovirus on-premise, a breach with a number of different signatures. We are now focusing on artificial intelligence (AI) for the data center. So, taking the human factor out of it to help recognize the problems faster.

So, if they have a breach, and that has certain signatures found in the infrastructure, we can take that and apply that knowledge to other customers. And likewise, they may have some things that happened to them that can benefit Fatland as well.

Using machine learning techniques, we have a number of things that we have brought to the table for what we call predictive analytics in the data center. So HPE Aruba on the networking side has a number of capabilities, too.

We are bringing InfoSight, which is our predictive analytics for storage, and extending that to other parts of the infrastructure. So, servers, networking, and storage. You can start to see signatures in more places.

The General Data Protection Regulation (GDPR) has been implemented, and there are some high fines. You have to report within 72 hours. So, anything you can do to take the human factor out of this, from a technology perspective is a win for everyone, and we have a big investment in that.
Learn How HPE BladeSystem
Speeds Delivery of Business Outcomes
Gardner: And that gets back to the idea that strategic data protection is the gift that keeps giving. As more systems are integrated, the more data analysis can be done, signatures patterns shared with other organizations, and you can ultimately become predictive rather than reactive.

Terje, the level of confidence that you have seems to be high, it's perhaps going to get higher. What other recommendations might you have for other organizations that are thinking about this? Did it turn out to be a good investment, and what sort of precautions might you have for others if they haven't done this already?

Communication is key

Wester: Data itself is not part of our core business. But communication is. It is extremely important for us to communicate internally and externally all the time.

In every organization, IT people need to talk to the management and the board about these safety issues. I think that should be brought to the table before these problems come up.

We have good systems, HPE end-to-end. Of course, one thing that is important is to have modern technology in place, so we could have a quick recovery, and that was a good thing.

Most important for us was that the IT management had the trust from us -- the management and the board -- to invest in what they thought was the best solution. We still saw some operational breaches and we need to do better. This is a big focus with us. Every organization should invest time to look into the infrastructure to see what to do to make it safer for quick recovery, which is important for any company. Bring it on to the table for the board, for the management, for a really good discussion -- it’s worth that.

Listen to the podcast. Find it on iTunes. Get the mobile app. Read a full transcript or  download a copy. Sponsor: Hewlett Packard Enterprise.

You may also be interested in: