Monday, June 13, 2011

HP Discover Interview: Security Evangelist Rafal Los on Balancing Risk and Reward Amid Consumerization of IT

Transcript of a BriefingsDirect podcast from HP's Discover 2011 that focuses on new security challenges to IT security and the new approaches needed to address them.

Listen to the podcast. Find it on iTunes/iPod and Podcast.com. Download the transcript. Sponsor: HP.

Dana Gardner: Hello, and welcome to a special BriefingsDirect podcast series coming to you from the HP Discover 2011 conference in Las Vegas. We're here on the Discover show floor this week, the week of June 6, to explore some major enterprise IT solution trends and innovations making news across HP’s ecosystem of customers, partners, and developers.

We're here to talk about security, and the interesting intersection of security with the consumerization of IT, whereby enterprise IT directors and managers are being asked to do things that people are accustomed to with their home media and/or messaging and other fun gaming and entertainment activities.

I'm Dana Gardner, Principal Analyst at Interarbor Solutions, and I'll be your host throughout this series of HP-sponsored Discover live discussions. [Disclosure: HP is a sponsor of BriefingsDirect podcasts.]

It’s an interesting time. We have more threats. We hear about breaches in large organizations like Sony and Google, but at the same time, IT organizations are being asked to make themselves more like Google or Amazon.

So, let’s talk about that. We're here with Rafal Los, Enterprise Security Evangelist for HP Software. Welcome to BriefingsDirect.

Rafal Los: Thank you for having me.

Gardner: Rafal, what comes in your mind when we say "consumerization of IT?"

Los: I think of the onslaught of consumer devices, from your tablets to your mobile handsets, that start to flood our corporate environments with their ever-popular music, photo-sharing, data-gobbling, and wireless-gobbling capabilities that just catch many enterprises completely unaware.

Gardner: Is this a good thing? The consumers seem to like it. The user thinks it’s good productivity. I want to do things at the speed that I can do at home or in the office, but this comes with some risk, doesn’t it?

Los: Absolutely. Risk is everywhere. But, you asked if it’s a good thing. It’s a good thing, depending on which platform you're standing on. From the consumer perspective, absolutely, it’s a great thing. I can take my mobile device with me and have one phone for example, on which I get my corporate email, my personal email on, and not have four phones in my pocket. I can have a laptop from my favorite manufacturer, whatever I want to use, bring into my corporate environment, take it home with me at night, and modify it however I want.

That’s cool for the consumer, but that creates some very serious complexities for the enterprise security folks. Often, you get devices that aren't meant to be consumed in an enterprise. They're just not built for an enterprise. There's no enterprise control. There's no notion of security on somebody’s consumer devices.

Now, many of the manufacturers are catching up, because enterprises are crying out that these devices are showing up. People are coming after these big vendors and saying, "Hey, you guys are producing devices that everybody is using. Now they are coming up into my company, and it’s chaos" But, it’s definitely a risk, yes.

Gardner: What would a traditional security approach need to do to adjust to this? What do IT people need to think about differently about security, given this IT consumerization trend?

Need to evolve

Los: We need to evolve. Over the last decade and a half or so, we’ve looked at information security as securing a castle. We've got the moat, the drawbridge, the outer walls, the center or keep, and we’ve got our various stages of weaponry, an armory and such. Those notions have been blown to pieces over the last couple of years as, arguably, the castle walls have virtually evaporated, and anybody can bring in anything, and it’s been difficult.

Companies are now finding themselves struggling with how to deal with that. We're having to evolve from simply the ostrich approach where we are saying, "Oh, it’s not going to happen. We're simply not going to allow it," and it happens anyway and you get breached. We have to evolve to grow with it and figure out how we can accommodate certain things and then keep control.

In the end, we're realizing that it’s not about what you let in or what you don’t. It’s how you control the intellectual property in the data that’s on your network inside your organization.

Gardner: So, do IT professionals in enterprises need to start thinking about the organizations differently? Maybe they're more like a service provider or a web applications provider than a typical bricks and mortar environment.

Los: That’s an interesting concept. There are a number of possible ways of thinking about that. The one that you brought up is interesting. I like the idea of an organization that focuses less on the invasive technology, or what’s coming in, and more on what it is that we're protecting.

I like the idea of an organization that focuses less on the invasive technology, or what’s coming in, and more on what it is that we're protecting.



From an enterprise security perspective, we've been flying blind for many years as to where our data is, where our critical information is, and hoping that people just don’t have the capacity to plug into our critical infrastructure, because we don’t have the capacity to secure it.

Now, that notion has simply evaporated. We can safely assume that we now have to actually go in and look at what the threat is. Where is our property? Where is our data? Where are the things that we care about? Things like enterprise threat intelligence and data storage and identifying critical assets become absolutely paramount. That’s why you see many of the vendors, including ourselves, going in that direction and thinking about that in the intelligent enterprise.

Gardner: This is interesting. To use your analogy about the castle, if I had a high wall, I didn’t need to worry about where all my stuff was. I perhaps didn’t even have an inventory or a list. Now, when the wall is gone, I need to look at specific assets and apply specific types of security with varying levels, even at a dynamic policy basis, to those assets. Maybe the first step is to actually know what you’ve got in your organization. Is that important?

Los: Absolutely. There’s often been this notion that if we simply build a impenetrable hard outer shell, the inner chewy center is irrelevant. And, that worked for many years. These devices grew legs and started walking around these companies, before we started acknowledging it. Now, we’ve gotten past that denial phase and we're in the acknowledgment phase. We’ve got devices and we’ve got capacity for things to walk in and out of our organization that are going to be beyond my control. Now what?

Don't be reactionary

Well, the logical thing to do is not to be reactionary about it and try to push back and say that can’t be allowed, but it should be to basically attempt to classify and quantify where the data is? What do we care about as an organization? What do we need to protect? Many times, we have these archaic security policies and we have disparate systems throughout an organization.

We've shelled out millions of dollars in our corporate hard-earned capital and we don’t really know what we're protecting. We’ve got servers. The mandate is to have every server have anti-virus and an intrusion prevention system (IPS) and all this stuff, but where is the data? What are you protecting? If you can’t answer that question, then identifying your data asset inventory is step one. That’s not a traditional security function, but it is now, or at least it has to be.

Gardner: I suppose that when we also think about cloud computing, many organizations might not now be doing public cloud or hybrid cloud, but I don’t think it’s a stretch to say that they probably will be some day. They're definitely going to be doing more with mobile. They're going to be doing more with cloud. So wouldn’t it make sense to get involved with these new paradigms of security sooner rather than later? I think the question is really about being proactive rather than reactive.

Los: The whole idea of cloud, and I've been saying this for a while, is that it's not really that dramatic of a shift for security. What I said earlier about acknowledging the fact that our preconceived notions of defending the castle wall has to be blown apart extrapolates beautifully into the cloud concept, because not only is it that data is not properly identified within our "castle wall," but now we're handing it off to some place else.

What are you handing off to some place else? What does that some place else look like? What are the policies? What are the procedures? What’s their incident response? Who else are you sharing with? Are you co-tenanting with somebody? Can you afford downtime? Can you afford an intrusion? What does an intrusion mean?

What are you handing off to some place else? What does that some place else look like? What are the policies? What are the procedures?



This all goes back to identifying where your data lives, identifying and creating intelligent strategies for protecting it, but it boils down to what my assets are. What makes our business run? What drives us? And, how are we going to protect this going forward?

Gardner: Now thinking about data for security, I suppose we're now also thinking about data for the lifecycle for a lot of reasons about storage efficiency and cutting cost. We're also thinking about being able to do business intelligence (BI) and analytics more as a regular course of action rather than as a patch or add-on to some existing application or dataset.

Is there a synergy or at least a parallel track of some sort between what you should be doing with security, and what you are going to probably want to be doing with data lifecycle and in analytics as well?

Los: It's part and parcel of the same thing. If you don’t know what information your business relies on, you can’t secure it and you can’t figure out how to use it to your competitive advantage.

I can’t tell you how many organizations I know that have mountains and mountains and mountains of storage all across the organization and they protect it well. Unfortunately, they seem to ignore the fact that every desktop, every mobile device, iPhone, BlackBerry, WebOS tablet has a piece of their company that walks around with it. It's not until one of these devices disappears that we all panic and ask what was on that. It’s like when we lost tape. Losing tapes was the big thing, as was encrypting tapes. Now, we encrypt mobile devices. To what degree are we going to go and how much are we going to get into how we can protect this stuff?

Enabling the cause

BI is not that much different. It’s just looking at the accumulated set of data and trying to squeeze every bit of information out of it, trying to figure out trends, trying to find out what can you do, how do you make your business smarter, get to your customers faster, and deliver better. That’s what security is as well. Security needs to be furthering and enabling that cause, and if we're not, then we're doing it wrong.

Gardner: Now, I guess this is bit of a leap. It might even be considered hype. But, based on what you’ve just said, if you do security better and you have more comprehensive integrated security methodology, perhaps you could also save money, because you will be reducing redundancy. You might be transforming and converging your enterprise, network, and data structure. Do you ever go out on a limb and say that if you do security better, you'll save money?

Los: I don’t think it’s hype at all. Coming from the application security world, I can cite the actual cases where security done right has saved the company money. I can cite you one from an application security perspective. A company that acquires other companies all of a sudden takes application security seriously. They're acquiring another organization.

They look at some code they are acquiring and say, "This is now going to cost us X millions of dollars to remediate to our standards." Now, you can use that as a bargaining chip. You can either decrease the acquisition price, or you can do something else with that. What they started doing is leveraging that type of value, that kind of security intelligence they get, to further their business costs, to make smarter acquisitions. We talk about application development and lifecycle.

That’s what security is as well. Security needs to be furthering and enabling that cause, and if we're not, then we're doing it wrong.



There is nothing better than a well-oiled machine on the quality front. Quality has three pillars: does it perform, does it function, and is it secure? Nobody wants to get on that hamster wheel of pain, where you get all the way through requirements, development, QA testing, and the security guys look at it Friday, before it goes live on Saturday, and say, "By the way, this has critical security issues. You can’t let this go live or you will be the next . . ." --whatever company you want to fill in there in your particular business sector. You can’t let this go live. What do you do? You're at an absolutely impossible decision point.

So, then you spend time and effort, whether it’s penalties, whether it’s service level agreements (SLAs), or whether it’s cost of rework. What does that mean to you? That’s real money. You could recoup it by doing it right on the front end, but the front end costs money. So, it costs money to save money.

Gardner: Okay, by doing security better, you can cut your risks, so you don’t look bad to your customers or, heaven forbid, lose performance altogether. You can perhaps rationalize your data lifecycle. You can perhaps track your assets better and you can save money at the same time. So, why would anybody not be doing better security immediately? Where should they start in terms of products and services to do that?

Los: Why would they not be doing it? Simply because maybe they don’t know or they haven't quite haven't gotten that level of education yet, or they're simply unaware. A lot of folks haven't started yet because they think there are tremendously high barriers to entry. I’d like to refute that by saying, from a perspective of an organization, we have both products and services.

We attack the application security problem and enterprise security problem holistically because, as we talked about earlier, it’s about identifying what your problems are, coming up with a sane solution that fits your organization to solve those problems, and it’s not just about plugging products in.

We have our Security Services that comes in with an assessment. My organization is the Application Security Group, and we have a security program that we helped build. It’s built upon understanding our customer and doing an assessment. We find out what fits, how we engage your developers, how we engage your QA organization, how we engage your release cycle, how we help to do governance and education better, how we help automate and enable the entire lifecycle to be more secure.

Not invasive

I
t’s not about bolting on security processes, because nobody wants to be invasive. Nobody wants to be that guy or that stands there in front of a board and says "You have to do this, but it’s going to stink. It’s going to make your life hell."

We want to be the group that says, "We’ve made you more secure and we’ve made minimal impact on you." That’s the kind of things we do through our Fortified Application Security Center group, static and dynamic, in the cloud or on your desktop. It all comes together nicely, and the barrier to entry is virtually eliminated, because if we're doing it for you, you don’t have to have that extensive internal knowledge and it doesn’t cost an arm and a leg like a lot people seem to think.

I urge people that haven't thought about it yet, that are wondering if they are going to be the next big breach, to give it a shot, list out your critical applications, and call somebody. Give us a call, and we’ll help you through it.

Gardner: HP has made this very strategic for itself with acquisitions. We now have the ArcSight, Fortify and TippingPoint. I have been hearing quite a bit about TippingPoint here at the show, particularly vis-à-vis the storage products. Is there a brand? Is there an approach that HP takes to security that we can look to on a product basis, or is it a methodology, or all of the above?

Los: I think it’s all of the above. Our story is the enterprise security story. How do we enable that Instant-On Enterprise that has to turn on a dime, go from one direction strategically today? You have to adapt to market changes. How does IT adapt, continue, and enable that business without getting in the way and without draining it of capital.

There is no secure. There is only manageable risk and identified risk.



If you look around the showroom floor here and look at our portfolio of services and products, security becomes a simple steel thread that’s woven through the fabric of the rest of the organization. It's enabling IT to help the CIO, the technology organization, enable the business while keeping it secure and keeping it at a level of manageable risk, because it’s not about making it secure. Let me be clear. There is no secure. There is only manageable risk and identified risk.

If you are going for the "I want to be secure thing," you're lost, because you will never reach it. In the end that’s what our organizational goal is. As Enterprise Security we talk a lot about risk. We talk a lot about decreasing risk, identifying it, helping you visualize it and pinpoint where it is, and do something about it, intelligently.

Gardner: Now, we also have research and development, and HP has been making significant investments, I wonder if you have any insight into not necessarily HP Labs, but technology in general. Is there new technology that’s now coming out or being developed that can also be pointed at the security problem, get into this risk reduction from a technical perspective?

Los: I'll cite one quick example from the software security realm. We're looking at how we enable better testing. Traditionally, customers have had the capability of either doing what we consider static analysis, which is looking at source code and binaries, and looking at the code, or a run analysis, a dynamic analysis of the application through our dynamic testing platform.

One-plus-one turns out to actually equal three when you put those two together. Through these acquisition’s and these investments HP has made in these various assets, we're turning out products like a real-time hyperanalysis product, which is essentially what security professionals have been looking for years.

Collaborative effort

I
t’s looking at when an application is being analyzed, taking the attack or the multiple attacks, the multiple verifiable positive exploits, and marrying it to a line of source code. It’s no longer a security guide doing a scan, generating a 5000-page PDF, lobbing it over the wall at some poor developer who then has to figure it out and fix it before some magical timeline expired. It’s now a collaborative effort. It’s people getting together.

One thing that we find broken currently with software development and security is that development is not engaged. We're doing that. We're doing it in real-time, and we're doing it right now. The customers that are getting on board with us are benefiting tremendously, because of the intelligence that it provides.

Gardner: So, built for quality, built for security, pretty much synonymous?

Los: Built for function, built for performance, built for security, it’s all part of a quality approach. It's always been here, but we're able to tell the story even more effectively now, because we have a much deeper reach into the security world If you look at it, we're helping to operationalize it by what you do when an application is found that has vulnerabilities.

Built for function, built for performance, built for security, it’s all part of a quality approach.



The reality is that you're not always going to fix it every time. Sometimes, things just get accepted, but you don’t want them to be forgotten. Through our quality approach, there is a registry of these defects that lives on through these applications, as they continue to down the lifecycle from sunrise to sunset. It’s part of the entire application lifecycle management (ALM) story.

At some point, we have a full registry of all the quality defects, all the performance defects, all the security defects that were found, remediated, who fixed them, and what the fixes were? The result of all of this information, as I've been saying, is a much smarter organization that works better and faster, and it’s cheaper to make better software.

Gardner: We talked a little earlier about how good security practices augment your data lifecycle. It sounds like your ALM and the proper sunrise to sunset of an application’s life, security is part and parcel with that.

In closing, let’s think about the vision, the idea of security. As you say, you never attain it. It’s a journey. But, what should be the philosophy of IT now vis-à-vis security? What’s the new philosophy?

Los: The new philosophy needs to be the Sun Tzu quote that we always hear. “Know thyself.” Look inward. We, in security, all want to look for the new hotness. What’s the latest attack against whatever piece of software that we probably don’t even have in our organization?

Important questions

L
et’s get out of that mentality and stop chasing those ridiculous kinds of concepts. While that may be important on some level somewhere to an organization, big or small, the most important questions are: what do you have, where is your data, what are your business processes, and how are you going to protect them?

If you don’t know what your company does, how it performs, how it works, and really what drives revenue, what are your organization’s goals, security needs to become part of the business. Security needs to understand the business. Security can’t be the little checkbox at the end of every process. It can’t. It has to be a part of every process. It has to be a part of every business decision.

It's not a revolution. It’s an evolution It’s something we’ve been talking about forever. Does that mean security teams will eventually go away? Possibly, but here’s where I am going with this. I've talked to a couple of CISOs who are doing it absolutely brilliantly.

They’ve split security into two functions, the operational role that does the day-to-day care and maintenance of the security devices and the operational things that make security work. That's the patching, the IPS management, malware analysis, and the incident response. That’s a small team, very tactical, very reactive on the spot.Built for function, built for performance, built for security, it’s all part of a quality approach.

It's not a revolution. It’s an evolution It’s something we’ve been talking about forever.



Then, there is a team that makes the policy and does the governance. That is the team that actually understands the business, that has a philosophy that protects the organization. They're not reactive. They have long-term vision. They have long-term strategies aligned with organizational goals, and they are flexible. That's the philosophy that we need to get into. That’s where it’s going and the intelligent enterprise, big or small, the intelligent company that is going to be doing it right, looking five year, ten years out is going to adopt that philosophy.

Gardner: Great. We've been talking about the consumerization of IT and security. We've been joined by Rafal Los. He is the Enterprise Security Evangelist for HP Software. Thanks so much.

Los: Thank you.

Gardner: And thanks to our audience for joining this special BriefingsDirect podcast coming to you from the HP Discover 2011 Conference in Las Vegas.

I'm Dana Gardner, Principal Analyst at Interarbor Solutions, your host for this series of the user experience and evangelist discussions. Thanks again for listening, and come back next time.

Listen to the podcast. Find it on iTunes/iPod and Podcast.com. Download the transcript. Sponsor: HP.

Transcript of a BriefingsDirect podcast from HP's Discover 2011 that focuses on new security challenges to IT security and the new approaches needed to address them. Copyright Interarbor Solutions, LLC, 2005-2011. All rights reserved.

You may also be interested in:

Thursday, June 09, 2011

Case Study: Paychex Leverages HP Tools to Streamline and Automate Application Development

Transcript of a BreifingsDirect podcast from the HP Discover 2011 show in Las Vegas on how payroll and HR services provider Paychex gains benefit from integrated application development tools.

Listen to the podcast. Find it on iTunes/iPod and Podcast.com. Download the transcript. Sponsor: HP.

Dana Gardner: Hello, and welcome to a special BriefingsDirect podcast series coming to you from the HP Discover 2011 conference in Las Vegas. We're here on the Discover show floor the week of June 6 to explore some major enterprise IT solution trends and innovations making news across HP’s ecosystem of customers, partners, and developers.

I'm Dana Gardner, Principal Analyst at Interarbor Solutions, and I'll be your host throughout this series of HP-sponsored Discover live discussions. [Disclosure: HP is a sponsor of BriefingsDirect podcasts.]

Our enterprise case study today focuses on Paychex, a large provider of services to small and medium-sized businesses (SMBs), and growing rapidly around services for HR, payroll, benefits, tax payments, and quite a few other features.

We're here with Joel Karczewski, the Director of IT at Paychex, to learn about how automation and efficiency is changing the game in how they develop and deploy their applications. Welcome.

Joel Karczewski: Good to be here today, Dana.

Over the past few years, IT has been asked to deliver more quickly, to be more responsive to our business needs, and to help drive down costs in the way in which we develop, deploy, and deliver software and services to our end customers.



Gardner: First, Joel, do you have a philosophy about application development, and has it shifted over the past few years?

Karczewski: Yes, we do. Over the past few years, IT has been asked to deliver more quickly, to be more responsive to our business needs, and to help drive down costs in the way in which we develop, deploy, and deliver software and services to our end customers.

To accomplish that, we've been focusing on automating many of the tasks in a traditional software development lifecycle as much as possible to help make sure that when they're performed manually, they're not skipped.

For example, automating from a source code check in, automating the process by which we would close out defects, that source code was resolving, automating the testing that we do when we create a new service, automating the performance testing, automating the unit testing, the code coverage, the security testing, to make sure that we're not introducing key flaws or vulnerabilities that might be exposed to our external customers.

Gardner: Tell us a bit more about Paychex. I probably didn’t do it justice, but tell me the extent of your business and also how many applications you're dealing with?

Karczewski: That’s a great question. Applications are basically just a combination of integrated services, and we've been moving forward with a strategic service-based delivery model for approximately a year and a half now. We have hundreds of services that are reused and utilized by our applications.

Payroll provider

Paychex is primarily an HR benefits and payroll provider, and our key customers are approximately 570,000 business owners and the employees that work for those business owners.

Gardner: And are they typically small businesses?

Karczewski: Small to medium. We've been focusing on the small-business owner because we believe that’s where our specialty is.

Gardner: And, automation for your customers is super important. In order for you to extend automation to them, you have to have applications that are perform well and are well-tested. Tell me why a services orientation and services delivery model is so important in your particular business.

Karczewski: We used to have customers that existed on one end of the spectrum or the other. For example, there’s the customer who wants to come to the website and do everything for himself or herself, a website with a minimal interaction with a specialist that we may have working at one of our 90-plus branches across the United States.

On the other end of the spectrum, there’s the type of customer that wants Paychex to do everything for them. They don’t want to do anything themselves.

We have clients who want Paychex to do some of the business tasks for them, but they want to still do some of the tasks themselves.



What we have been finding over time is that we're developing a hybrid behavioral approach. We have clients who want Paychex to do some of the business tasks for them, but they want to still do some of the tasks themselves.

In order to satisfy the one end of the spectrum or the other and everything in between, we've been moving towards a service-based strategy where we can package, bundle, price, roll out, and deliver the set of services that fit the needs of that client in a very highly personalized and customized fashion.

Gardner: It also sounds like, being in the payroll business, you're dealing with integrations across multiple organizations and financial institutions, and therefore your applications are not just in a certain silo and operating inside your four walls, but you really have to interact across dynamic and extended environment. Therefore, I should think testing, regression testing, and performance management is super important.

Karczewski: That’s correct. The more that we can automate, the more we're able to test those services in the various combinations and environments with which they need to perform, with which they need to be highly available, and with which they need to be consistent.

Gardner: How about data? I should think that this is fairly sensitive data too. We're talking about people’s paychecks, their benefits, and so forth.

Personal information


Karczewski: We have an awful lot of information that is very personal and highly confidential. For example, think about the employees that work for one of these 560,000-plus business owners. We know when they are planning to retire. We know when they move, because they are changing their addresses. We know when they get married. We know when they have a child. We know an awful lot of information about them, including where they bank, and it’s highly, highly confidential information.

Gardner: I have a good sense now of some of your requirements, the fact that you have got many applications, you're services oriented, and you've got these important requirements around performance, security, privacy, and so forth. How did you come at the solution to being able to produce, deliver, and maintain applications with these requirements satisfied?

Karczewski: We took a step back and took a look at our software delivery lifecycle. We looked at areas that are potentially not as value-add, areas of our software delivery lifecycle that would cause an individual developer, a tester, or a project manager, to be manually taking care of tasks with which they are not that familiar.

For example, a developer knows how to write software. A developer doesn’t always know how to exercise our quality center or our defect tracking system, changing the ownership, changing statuses, and updating multiple repositories just to get his or her work done.

So, we took a look at tasks that cause latency in our software delivery lifecycle and we focused on automating those tasks.

A developer knows how to write software. A developer doesn’t always know how to exercise our quality center or our defect tracking system.



Gardner: It sounds like you're also quite comfortable with software as a service (SaaS) and on-premises. Is that the case? Are you a hybrid consumer of application lifecycle management services?

Karczewski: Yes, and we're moving more into that space on a daily basis.

Gardner: Tell me specifically what HP products you're using and which ones you have in your sights for some future development and testing?

Karczewski: We're using a host of HP products today. For example, in order to achieve automated functional testing, we're utilizing Quality Center (QC) in combination with Quick Test Professional (QTP). In order to do our performance testing, pre-production, we utilize. Post-production, we're beginning to look an awful lot at Real Use Monitor (RUM), and we're looking to interface RUM with ArcSight, so that when we do have an availability issue, and it is a performance issue for one of our users anywhere, utilizing our services, we're able to identify it quickly and identify the root cause.

Metrics of success


Gardner: Are there any metrics of success that you can point to in terms of moving into these products and applying the automation, ways that you can measure the impact of these particular solutions?

Karczewski: We've begun looking at that. For example, we're looking at the number of testing hours that it takes a manual tester to spin through a regression suite and we compare that with literally no time at all to schedule a regression test suite run. We're computing the number of hours that we're saving in the testing arena. We're computing the number of lines of software that a developer creates today in hopes that we'll be able to show the productivity gains that we're realizing from automation.

Gardner: So, it does sound like you're interested in more visibility and grasping the metrics of how applications are performing throughout their life cycle.

HP recently announced the IT Performance Suite and an Executive Scorecard to try to help folks move towards that higher level of visibility. Any thoughts about whether that's something that would fit into your needs and/or have you had a chance to look that over at all?

We're very interested in tying those KPIs, those metrics, and those indicators together with the Executive Scorecard.



Karczewski: We're very interested in looking at that. We're also very interested in tying the scorecard of the builds that we're doing in the construction and the development arena. We're very interested in tying those KPIs, those metrics, and those indicators together with the Executive Scorecard. There's a lot of interest there.

Gardner: I always like to try to give examples. It’s one thing to tell, but it’s even nicer to show. Do you have any examples of an actual development activity recently that you can point to and walk us through how you've done it, what the methodology is, using some of these products and services and developing the efficiencies and the reliability that you require?

Karczewski: Well, we did one thing, which is very new to us, but we hope to mainstream this in the future,. For the very first time, we employed an external organization from the cloud. We utilized LoadRunner and did a performance test directly against our production systems.

Why did we do that? Well, it’s a very huge challenge for us to build, support, and maintain many testing environments. In order to get a very accurate read on performance and load and how our production systems performed, we picked a peak off-time period, we got together with an external cloud testing firm and they utilized LoadRunner to do performance tests. We watched the capacity of our databases, the capacity of our servers, the capacity of our network, and the capacity of our storage systems, as they throttled the volume forward.

We plan to do more of that as a final checkout, when we deliver new services into our production environment.

Gardner: Well, great. We've been learning about how development and lifecycle management is important for Paychex. It’s a human resources and payroll services company based in Rochester, N.Y. I want to thank our guest. We've been talking with Joel Karczewski. He is the Director of IT at Paychex. Thank you.

Karczewski: Thank you.

Gardner: And thanks to our audience for joining this special BriefingsDirect podcast coming to you from the HP Discover 2011 Conference in Las Vegas. We're here on the show floor and we're going to be talking about more HP news and finding more case studies to delve into.

I'm Dana Gardner, Principal Analyst at Interarbor Solutions, your host for this series of user experience discussions. Thanks again for listening, and come back next time.

Listen to the podcast. Find it on iTunes/iPod and Podcast.com. Download the transcript. Sponsor: HP.

Transcript of a BreifingsDirect podcast from the HP Discover 2011 show in Las Vegas on how payroll and HR services provider Paychex gains benefit from application development tools. Copyright Interarbor Solutions, LLC, 2005-2011. All rights reserved.

You may also be interested in:

Tuesday, June 07, 2011

Deep-Dive Discussion on HP's New Converged Infrastructure, EcoPOD and AppSystem Releases at Discover

Transcript of a sponsored podcast discussion in conjunction HP Discover 2011 on how HP's converged infrastructure strategy supports data center transformation and applications modernization.

Listen to the podcast. Find it on iTunes/iPod and Podcast.com. Download the transcript. Sponsor: HP.

Dana Gardner: Hi, this is Dana Gardner, Principal Analyst at Interarbor Solutions, and you're listening to BriefingsDirect. Today we present a sponsored podcast discussion in conjunction with the HP Discover 2011 conference in Las Vegas.

We’ll explore some major news around converged infrastructure and data center transformation, and learn how these strategic business goals of enterprises are more tightly aligned than ever to how IT infrastructure modernization takes root.

Until fairly recently, large IT organizations were grappling with a lot of unknown unknowns when it comes to the rapidly shifting requirements for their infrastructure and facilities. There was a sizable risk of locking in too quickly or in adopting unproven technology -- and then paying a dear price later, either in wasted investments or ending up with insufficient resources.

But now, after a series of rapidly maturing trends around application types, cloud computing, mobility, and changing workforces, the proper IT requirements mix seems much clearer. In just the past few years, the definition of what a modern IT infrastructure needs and what it needs to do has finally come into focus. [Disclosure: HP is a sponsor of BriefingsDirect podcasts.]

We know, for example, that we’ll see most data centers converge their servers, storage, and network platforms intelligently. We know that we’ll see higher levels of virtualization across these platforms and more applications, and that, in turn, will support the adoption of hybrid and cloud models.

In just the past few years, the definition of what a modern IT infrastructure needs and what it needs to do has finally come into focus.



We’ll surely see more compute resources devoted to big data and business intelligence (BI) values that span ever more applications and data types. And of course, we’ll need to support far more mobile devices and distributed, IT-savvy workers.

There is no longer a lot of risk in describing the quintessential data center of today and tomorrow and in recognizing that it will need to be highly energy efficient, automated, flexible, and modular. It will need to scale up and down and to adapt without complexity, delay, or undue waste.

How well companies modernize and transform these strategic and foundational IT resources will then hugely impact their success and managing their own agile growth and in controlling ongoing costs and margins. Indeed the mingling of IT success and business success is clearly inevitable.

So, now comes the actual journey. At HP Discover, the news is largely about making the inevitable future happen more safely by being able to transform the IT that supports businesses in all of their computing needs for the coming decade. IT executives must execute rapidly now to manage how the future impacts them and to make rapid change an opportunity, not an adversary.

How to execute

We're here with a panel of HP executives to explore the how -- no longer dwelling on the why or when -- to best execute on converged infrastructure and data center transformation. Please join me now in welcoming our panel, Helen Tang, Solutions Lead for Data Center Transformation and Converged Infrastructure Solutions for HP Enterprise Business. Welcome, Helen.

Helen Tang: Thanks, Dana. Great to be here.

Gardner: We are also here with Jon Mormile, Worldwide Product Marketing Manager for Performance-Optimized Data Centers in HP's Enterprise Storage Servers and Networking (ESSN) group within HP Enterprise Business. Welcome, Jon.

Jon Mormile: Thanks, Dana. Glad to be here.

Gardner: And, we're here with Jason Newton, Manager of Announcements and Events for HP ESSN. Welcome, Jason.

Jason Newton: Thanks, Dana.

Gardner: And lastly, Brad Parks, Converged Infrastructure Strategist for HP Storage in the HP ESSN organization. Welcome, Brad.

Brad Parks: Thanks. Glad to be here.

Gardner: Helen, let me start with you. You've been looking at these trends, and we’ve summed up a little bit of the urgency, but also the clarity when it comes to what’s needed. You’ve done additional research leading up to the Discover conference here in Las Vegas. What are some of the findings, and how are the trends from your perspective coming together to make this IT transformation inevitable?

Tang: Last year, HP rolled out this concept of the Instant-On Enterprise, and it’s really about the fact that we all live in a very much instant-on world today. Everybody demands instant gratification, and to deliver that and meet other constituent’s needs, an enterprise really needs to become more agile and innovative, so they can scale up and down dynamically to meet these demands.

In order to get answers straight from our customers on how they feel about the state of agility in their enterprise, we contracted with an outside agency and conducted a survey earlier this year with over 3,000 enterprise executives. These were CEOs, CIOs, CFOs across North America, Europe, and Asia, and the findings were pretty interesting.

Essentially, there were three buckets of questions asked in the survey titled "The State of Enterprise Agility." The first set of question was, "How important do you believe agility is in the enterprise?" Not surprisingly, over 95 percent of respondents said, it's very critical. It’s important to their overall enterprise success, not just in IT.

The second bucket question was, "If that’s the case, how agile do you feel your current organization is?" Less than 40 percent of our respondents said, "I think we are doing okay. I think we have enough agility in the organization to be able to meet these demands."

Not surprising

So the number is so low, but not very surprising to those of us who have worked in IT for a while. As you know, compared to other enterprise disciplines, IT is a little bit more pre-Industrial Revolution. It’s not a streamlined. It’s not a standardized. There's a long way to go. That clearly spells out a big opportunity for companies to work on that area and optimize for agility.

The last area or bucket of questions we asked was, "What do you think is going to change that? How do you think enterprises can increase their agility?" The top two responses coming back were about more innovative, newer applications.

But, the number one response coming from CEOs was that it’s transforming their technology environment. That’s precisely what HP believes. We think transforming that environment and by extension, converged infrastructure, is the fastest path towards not only enterprise agility, but also enterprise success.

Gardner: Let’s look at some of the news. There are various parts, and they are related. If we take them into certain order, I think we can then look at why this whole is greater than the sum of the parts.

Let’s start with Brad Parks. Looking at the Storage Foundation, HP Storage, tell me how we got here. Why has storage been, in fact, fractured, difficult to manage, and quite expensive. And then, what have we done now here at Discover to help bring that together and make that part of a larger converged infrastructure?

Parks: A couple of years ago, HP took a step back from the current trajectory that we were on as a storage business and the trajectory that the storage industry as a whole was on. We took a look at some of the big trends and problems that we were starting to hear from customers around virtualization or on the move to cloud computing, this concept of really big everything.

We’re talking about data, numbers of objects, size, performance requirements, just everything at massive, massive scale. When we took a look at those trends, we saw that we were really approaching a systemic failure of the storage that was out there in the data center.

The challenge is that most of the storage deployed out in the data center today was architected about 20 years ago for a whole different set of data-center needs, and when you couple that with these emerging trends, the current options at that time were just too expensive.

They were too complicated at massive scale and they were too isolated, because 20 years ago, when those solutions were designed, storage was its own element of the infrastructure. Servers were managed separately. Networking was managed separately, and while that was optimized for the problems of the day, it in turn created problems that today’s data centers are really dealing with.

Thinking about that trajectory, we decided to take a different path. Over the last two years, we’ve spent literally billions of dollars through internal innovation, as well as some external acquisitions, to put together a portfolio that was much better suited to address today’s trends.

Common standard

A
t the event here, we're talking about HP Converged Storage, and this addresses some of the gaps that we’ve seen in the legacy monolithic and even the legacy unified storage that’s out there. Converged Storage is built on a few main principles we're trying to drive towards common industry-standard hardware, building on ProLiant BladeSystem based DNA.

We want to drive a lot more agility into storage in the future by using modern Scale-Out software layers. And last, we need to make sure that storage is incorporated into the larger converged infrastructure and managed as part of a converged stack that spans servers and storage and network.

Gardner: Looking at some of the specifics, it seems as if cost is a big issue here. You've done a lot to bring cost down, going standard, and making utilization of storage more integrated into the other facets of the infrastructure. What sort of cost savings are we looking at, when you really do this well and when you look at it strategically?

Parks: There are really different aspects to cost, thinking about first capital expense. When we're able to design on industry-standard platforms like BladeSystem and ProLiant, we can take advantage of the massive supply chain that HP has and roll out solution that are much lower upfront cost point from a hardware perspective.

Second, using that software layer I mentioned, some of the technologies that we bring to bear are like thin provisioning, for example. This is a technology that helps customers cut their initial capacity requirements around 50 percent by just eliminating their over-provisioning that is associated with some of the legacy storage architectures.

One of the things we've seen and talk about with customers worldwide is that data just doesn't go away. It is around forever.



Then, operating expense is the other place where this really is expensive. That's where it helps to consolidating the management across servers and storage and networking, building in as much automation into the solutions as possible, and even making them self-managing.

For example, our 3PAR Storage solution, which is part of this converged stack, has autonomic management capabilities which, when we talk to our customers, has reduced some of their management overhead by about 90 percent. It's self-managing and can load balance, and because of its wide straightening architecture, it can respond to some of the unpredictable workloads in the data center, without requiring the administrative overhead.

Gardner: I suppose there's a bit of a catalytic effect, when you do the storage properly or with more of a modern architecture. You start to be able to move to a greater efficiencies in terms of the data lifecycle, managing data with an intelligent path in terms of where it's used and not used. Is there a larger role here for data that also plays into BI, at least addressing data as a lifecycle, rather than a problem asset?

Parks: One of the things we've seen and talk about with customers worldwide is that data just doesn't go away. It is around forever and that has contributed to this massive amount of data growth. So, one of the things we're looking at within HP Converged Storage portfolio is how do we not only help customers store that information -- for example, the ability to you have to look across up to 16 petabytes through a single pane of glass, that management view across that massive amount of information -- but how do they extract more value out of it.

Jason might talk a little bit more about the Vertica AppSystem solution, but within the storage domain, we're looking at building in intelligent search capabilities into these solutions and automated tiering to move data around either by physical location or physical tier to get more efficient and to extract more value out of that content.

Gardner: Let's now move to Jason Newton. Jason, tell about the big converged system’s portfolio news and perhaps a bit more about that AppSystem that was referenced by Brad.

Converged Infrastructure

Newton: We're really excited about this announcement. If you've heard anything from HP over the last few years, you've certainly heard a lot about the Converged Infrastructure and our strategy. In 2009, we started looking at the sprawl that customers were dealing with and the impact it was having on their business and environment. We saw that if you look ahead 5 or 10 years, convergence is a dominant trend.

That's the direction that things were going. We felt like we were in a great position as HP to be the ones to deliver on a promise of converging server, storage, network, management, security application all into individual solutions.

So, 2009 was about articulating the definition of what that should look like and what that data center in the future should be. Last year, we spent a lot of time in new innovations in blades and mission-critical computing and strategic acquisitions around storage, network, and other places.

The result last year was what we believe is one of the most complete portfolios from a single vendor in marketplace to deliver converged infrastructure. Now, what we’re doing in 2011 is building on that to bring all that together and simplify that into integrated solutions and extending that strategy all the way out to the application.

If we look at what kind of applications customers are deploying today and the ways that they’re deploying them, we see three dominant new models that are coming to bear. One is applications in a virtualized environment and on virtual machines and that have got very specific requirements and demands for performance and concerns about security, etc.

Security concerns also require new demands on capacity and resource planning, on automation, and orchestration of all the bits and bytes of the application and the infrastructure.



We see a lot of acceleration and interest in applications delivered as a service via cloud. Security concerns also require new demands on capacity and resource planning, on automation, and orchestration of all the bits and bytes of the application and the infrastructure.

The third way that we wanted to address was a dedicated application environment. These are data warehousing, analytics types of workloads, and collaboration workloads, where performance is really critical, and you want that not on shared resources, but in a dedicated way. But, you also want to make sure that that is supporting applications in a cloud or virtual environment.

So in 2011, it's about how to bring that portfolio together in the solution to solve those three problems. The key thing is that we didn't want to extend sprawl and continue the problem that’s still out there in the marketplace. We wanted to do all that on one common architecture, one common management model, and one common security model.

If you look at this trend toward integration and convergence, and you see some of the answers out there in the marketplace, you’ll see, for example, unique architectural stacks dedicated to a data warehouse environment or a BI environment. Then, you’ll see a completely different physical and software architecture for a virtual environment.

Then, if you look at cloud, you see a whole other island of different tools, different parts, different pieces. With our converged infrastructure strategy, we had the opportunity to do something really special here.

Individual Solutions

What if we could take that common architecture management security model, optimize it, integrate it into individual solutions for those three different application sets and do it on the stuff that customers are already using in the legacy application environment today and they could have something really special?

What we’re announcing today at Discover is this new portfolio we called Converged Systems. For that virtual workload, we have VirtualSystems or the dedicated application environment, specifically BI, and data management and information management. We have the AppSystems portfolio. Then, for where most customers want to go in the next few years, cloud, we announced the CloudSystem.

So, those are three portfolios, where common architecture addresses a complete continuum of customer’s application demands. What's unique here is doing that in a common way and being built on some of the best-of-breed technologies on the planet for virtualization, cloud, high performance BI, and analytical applications.

Gardner: This is an example where truly converged infrastructure has now gotten us to the level where we’re looking at not quite business process, but certainly a solution set and some very powerful capabilities now being executed on at that level.

Let's just quickly dig into one of those levels because it intrigued me. It was from the Vertica acquisition. We now, basically have a data warehouse, big data, real-time crunching capability, and a modern architecture designed just for that, but placed on the converged infrastructure. Tell me why that’s important and why that could be a game changer when it comes to analytics?

With the demands of big everything, the speed and scale at which the economy is moving the business, and competition is moving, you've got to have this stuff in real-time.



Newton: There are a couple of things. You hit on two points there. One is Vertica software, in and of itself. The architecture is one of the most modern architectures out there today to handle the analytics in real time.

Before, analytics in a traditional BI data warehouse environment was about reporting. Call up the IT manager, give them some criteria. They go back and do their wizardry and come back with sort of a status report, and it's just looking at the dataset that’s in one of the data stores he is looking.

It sort of worked, I guess, back when you didn’t need to have that answer tomorrow or next week. You could just wait till the next quarterly review. With the demands of big everything, as Brad was speaking of, the speed and scale at which the economy is moving the business, and competition is moving, you've got to have this stuff in real-time.

So we said, "Let’s go make a strategic acquisition. Let’s get the best-in-class, real-time analytics, a modern architecture that does just that and does it extremely well. And then, let’s combine that with the best hardware underneath that with HP Converged Infrastructure, so that customers can very easily and quickly bring that capability into their environment and apply it in a variety of different ways, whether in individual departments or across the enterprise.

Real-time analytics

There are endless possibilities of ways that you can take advantage of real-time analytics with this solution. Including it into AppSystem makes it very easy to consume, bring it into the environment, get it up and running, start connecting the data sources literally in minutes, and start running queries and getting answers back in literally seconds.

What’s special about this approach is that most analytic tools today are part of a larger data warehouse or BI-centered architecture. Our argument is that in the future of this big everything thing that’s going on, where information is everywhere, you can’t just rely on the data sources inside your enterprise. You’ve got to be able to pull sources from everywhere.

In buying a a monolithic, one-size-fits-all OLTP, data warehousing, and a little bit of analytics, you're sacrificing that real-time aspect that you need. So keep the OLTP environment, keep the data warehouse environment, bring in its best in class real-time analytic on top of it, and give your business very quickly some very powerful capabilities to help make better business decisions much faster.

Gardner: Very good. Jon Mormile, tell me a bit now how these developments we’ve heard from Brad and Jason now come together and are supported by the news around the data center transformation here at Discover.

Mormile: Thanks, Dana. First of all, when you talk about today’s data centers, most of them were built 10 years ago and actually a lot of our analyst’s research talks about how they were built almost 14-15 years ago. These antiquated data centers simply can’t support the infrastructure that today’s IT and businesses require. They are extremely inefficient. More of them require two to three times the amount of power to run the IT, due to inefficient cooling and power distribution systems.

These antiquated data centers simply can’t support the infrastructure that today’s IT and businesses require. They are extremely inefficient.



In addition to these systems, these monolithic data centers are typically over-provisioned and underutilized. Because most companies cannot build new facilities all the time and continually, they have to forecast future capacity and infrastructure requirements that are typically outdated before the data centers are even commissioned.

A lot of our customers are facing similar challenges. As I mentioned, we're talking about the ability to accommodate today’s IT, and there's the lack of scalability. But, they also have other driving factors that are affecting your businesses, such as the ability to build scalar facilities quickly.

They need to reduce construction cost, as well as operational expenses. This places a huge strain on companies' resources and their bottom lines. By not changing their data center strategy, businesses are throttled and simply just can’t compete in today’s aggressive marketplace.

Gardner: What are you doing to help them with that? What’s coming out? I'm intrigued by the EcoPOD, but there is more to it than that.

Mormile: As I mentioned, for some of these challenges that customers are facing today, HP absolutely has a solution. It’s basically surrounding our modular computing portfolio and it helps to solve these problems.

Modular computing

Our modular computing portfolio started about three years ago, when we first took a look at and modified an actual shipping container, turning it into a Performance Optimized Data Center (POD).

This was followed by continuous innovation in the space with new POD designs, the deployment of our POD-Works facility, which is the world’s first assembly line data centers, the addition of flexible data center product, and today, with our newest edition, the POD 240A, which gives all the benefits of a container data center without sacrificing traditional data center look and feel.

Also, with the acquisition of EYP, which is now HP Critical Facilities Services, and utilizing HP Technical Services, we are able to offer a true end-to-end data center solution from planning and installation of the IT and the optimized infrastructure go with it, to onsite maintenance and onsite support globally.

Gardner: So, we really have a continuum here. We're talking about AppSystems, where we've got appliances running specific apps, some of the Microsoft SQL databases, some of the SAP, ERP implementations, and then we are going in a concerted fashion down into the infrastructure, talking about virtualization, and then right into the facilities, where we have these PODs and modular approaches with efficiencies built in for cooling and energy conservation.

It's sort of end-to-end, but what’s fascinating to me, and I'd like your take on this, Jon, is that it doesn’t have to be adopted all at once. This is something that you have many different entry points.

You're talking about taking that IT and those innovations and then taking it to the next level.



Depending on the specifics of your enterprise, your service provider, whatever stage of development and maturity you are at, there is a way for you to jump on board, but at least you can start taking action. That, I think, is the key here. Jon, can you speak about the ability to jump in at any point, but still makes a significant progress?

Mormile: That’s basically the whole basis of a modular computing portfolio and converged infrastructure. HP can deliver the server, storage, and networking solution. We actually offer these solutions to 8 out of the 10 leading social media companies.

When you combine in-house rack and power engineering, delivering finely tuned solutions to meet customers’ growing power and rack needs, it all comes together. You're talking about taking that IT and those innovations and then taking it to the next level as far as integrating that into a turnkey solution, which should actually be a POD or modular data center product.

You take the POD, and then you talk about the Factory Express services where we are actually able to take the IT integrate it into a POD, where you have the server, storage, and networking. You have integrated applications, and you've cabled and tested it.

The final step in the POD process is not only that we're providing Factory Express services, but we're also providing POD-Works. At POD-Works, we take the integrated racks that will be installed in the PODs and we provide power, networking, as well as chilled water and cooling to that, so that every aspect of the turnkey data center solution is pre-configured and pre-tested. This way, customers will have a fully integrated data center shipped to them. All they need to do is plug-in the power, networking, and/or add chilled water to that.

Game changer

B
eing able to have a complete data center on site up and running in a little as six weeks is a tremendous game changer in the business, allowing customers to be more agile and more flexible, not only with their IT infrastructure needs, but also with their capital and operational expense.

When you bring all that together, PODs offer customers the ability to deploy fully integrated, high performing, efficient scalable data centers at somewhere around a quarter of the cost and up to 95 percent more efficient, all the while doing this 88 percent faster than they can with traditional brick and mortar data center strategies.

Gardner: Jason, going to you now, pretty much the same question. We have this comprehensive ability. We have a much more rapid physical plant capability. This now allows for people to come in at different points in their maturity, but still have a roadmap or vision of how to get to a converged infrastructure, a transformed data center. What’s the process that you encounter at that AppSystem level, where people can get involved quickly? What would you recommend that they do first?

Newton: That depends on the customer. The whole point of the Converged System portfolio is that if you like the concept of a converged infrastructure and you want to get there, we have a very simple, flexible, optimized answer for you, for workload, virtual cloud, and dedicated application environment.

As to where a customer can start, go back and look at what your business priorities are, and your level of maturity. We've got quite a few experts that will sit down to talk to you and assess where you are in that continuum. The best place to start is what is your business asking for and what are the problems that you're trying to solve? What are the outcomes? What can you deliver? That's the place to go.

The best place to start is what is your business asking for and what are the problems that you're trying to solve? What are the outcomes? What can you deliver?



A reason someone would be looking at apps is because someone in the business is saying, "I need to make much better decisions much faster." Maybe it's supply chain decisions or it could be something in retail. Or, "I need to do some better financial analysis or make better offers to my banking customers. And, I need something much more powerful than just the data that I have, and we need to do it very quickly."

I would say to look at a Vertica real-time analytic system or a data warehouse solution that we've co-developed in Microsoft. That would be a perfect place to start. The good news is that if your next priority, after getting that software in the business, is you get that virtual environment more cleaned up and running more efficiently, more optimized and simplified in terms of management, VirtualSystem would be your next step.

If you're already doing a lot of virtualization today with HP on BladeSystem, on 3PAR, or on our LeftHand technology, I would say to build on that same architecture, keep all that in place, and upgrade that to a complete CloudSystem environment.

There are a lot of entry points. It really depends on the business priority at what you are trying to do. The good news of this approach is that you can come in at any point and you can scale and and extend and know that when you solve those different application needs, you're going to be doing it in a common way, not sacrificing best of class.

Gardner: We should also point out, Jason, that at Discover here we're seeing a lot of professional services and support announcements as well that dovetail and supplement these other announcements. Maybe you could give us a very quick recap of where the professional services kick in, and perhaps that's also a starting point.

Start services

Newton: You're right. There is a multitude of those at this show. We have some new professional services. I call them start services. We have an AppStart, a CloudStart, and a VirtualStart service. These are the services, where we can engage with the customer, sit down, and assess their level of maturity -- what they have in place, what their goals are.

These services are designed to get each of these systems into the environment, integrated into what you have, optimized for your goals and your priorities, and get this up and running in days or weeks, versus months and years that that process would have taken in the past for building and integrating it. We do that very quickly and simply for the customer.

We have got a lot of expertise in these areas that we've been building on the last 20 years. Just like we're doing on the hardware-software application side simplifications, these start services do the same thing. That extends to HP Solutions support, which then kicks in and helps you support that solution across that lifecycle.

There is a whole lot more, but those are two really key ones that customers are excited about this week.

Gardner: Brad Parks, you've been hearing from Jason and Jon. They supplement and support what you are doing in storage. But, when it comes to getting started, do you have any recommendations, whether it's professional services or some sort of a path or model for working the storage transformation and modernization process into these other larger activities around, AppSystems and facilities?

The combination of our portfolio and our expertise is really going to help our customers drive that success and embrace convergence.



Parks: The approach is very consistent across the board. Converged Storage is a foundational building block that is materialized inside the VirtualSystem, CloudSystem, and AppSystem, those internal part of that larger converged data center that Jon talked about. Along that way, you can have different entry points ,and we certainly have a full set of services to help people get started.

One of the things that we announced this week is the Technology Services Organization. HP recently did a complete reinvention of their consulting portfolio.

As we've seen customers trying to modernize their storage infrastructure and take advantage of some of these converged storage trends, they have responded with a set of workshops, start services, to get people down that path, as well as enterprise services for those customers who are looking to start to bridge between internal IT and cloud environments that might be hosted externally. Our HP 3PAR Utility Storage platform is now a standard offering as an outsourced storage service within enterprise services.

Last, we know that internal IT folks have to upscale and continually learn these new technologies, so that they can feed those back into their business. HP ExpertONE has recently come out with a full set of training and certification courseware to help our channel partners, as well as internal IT folks that are customers, to learn about these new storage elements and to learn how they can take these architectures and help transform their information management processes.

Gardner: Let's go to Helen Tang for the last word today. Helen, based on the research that you’ve conducted and the fact that we have these large trends, some organizations are working towards cloud-computing models, for example, more rapidly than others. Some organizations focus just on converting apps and modernizing them, or perhaps adopting appliance models.

These services are designed to get each of these systems into the environment, integrated into what you have, optimized for your goals and your priorities, and get this up and running in days or weeks.



What is it about the research and the fact that there are so many different ways the organizations need to react rather to these trends that makes sort of the über view of what's been announced this week such a good fit?

Tang: Clearly, ever since HP launched our Converged Infrastructure strategy and portfolio in 2009, we’ve seen great traction among the analyst community, and more importantly, our customers. We’ve helped over 1,000 customers on different stages of this journey, taking their existing data center environments and transforming them, so they can embrace convergence and be able to maximize the enterprise agility that we talked about earlier.

This set of announcements that we’re talking about in the show this week, and hopefully, for the remainder of this year, are significant additions in each of their own markets, having the potential to transform, for example, storage, shaking up an industry that’s been pretty static for the last 20 years by offering completely new architecture design for the world we live in today.

That’s the kind of innovation we’ll drive across the board with our customers and everybody that talked before me has talked about the service offering that we also bring along with these new product announcements. I think that’s key. The combination of our portfolio and our expertise is really going to help our customers drive that success and embrace convergence.

Gardner: Very good. You’ve been listening to a sponsored podcast discussion in conjunction with the HP Discover 2011 Conference on some major news around Converged Infrastructure and data center transformation. There is lots more information available through the various landing pages, and press reports on these events this week.

I’d like to thank our guests for adding some more context, depth, and analysis. We’ve been joined by Helen Tang, Solutions Lead for Data Center Transformation and Converged Infrastructure Solutions. We’ve also been joined by Jon Mormile, Worldwide Product Marketing Manager for Performance-Optimized Data Centers And, Jason Newton, Manager of Announcements and Events for HP ESSN, and as well as Brad Parks, Converged Infrastructure Strategist for HP Storage. Thanks to you all.

This is Dana Gardner, Principal Analyst at Interarbor Solutions. Thanks also to our listeners, and come back next time.

Listen to the podcast. Find it on iTunes/iPod and Podcast.com. Download the transcript. Sponsor: HP.

Transcript of a sponsored podcast discussion in conjunction HP Discover 2011 on how HP's converged infrastructure strategy supports data center transformation and applications modernization. Copyright Interarbor Solutions, LLC, 2005-2011. All rights reserved.

You may also be interested in: