WW W .D KL .COM
SE PT E M B E R 20 18
Cont nte 2
W W W .D K L .COM
tent ents IT Infrastructure Transparency vital to the Modern Enterprise
P.6
So, where’s my data living today?
P.14
What is Digital Transformation and why do retailers need it?
P.20
Do you trust yourself with your own Cloud Security?
P.26
Capping is Good. Or, Capping is no longer a bad word
P.32
3
Take control of the IoT Edge Onboard, manage, monitor and secure all your connected things and gateways with Pulse IoT Center.
www.vmware.com
4
W W W .D K L .COM
Letter from the Editor
Though this may sound like a cliché, our world is changing at a rapid rate. And with that change comes an entirely new way of interacting with the world. We live in an era where everything from personal time, to social issues, to politics, commerce, and more, are all managed through technology. We consume and interact with fervour in a globally connected society that influences every aspect of our lives. We see this especially in business. The newly introduced term of “digital transformation” has quickly gone from buzzword to a tangible reality—a driver that encompasses the human element of brand experience, consumer expectations, and so on. It’s this influence that’s now driving economical change around the globe as companies struggle to meet the new digital demands and expectations of their customers. Then, of course, there’s omni-channel customer engagement—a direct result of digital transformation. The old guard of commerce and even eCommerce has now shifted with the tides of social and technological change. Consumers expect more, and that is the crux: expect. Meeting customers’ expectations of how they interact with retail is driving business across all vertical markets. After all, if you can order a coffee through an app, why can’t you order a car the same way? All this change firmly rests on the foundation of the IT infrastructure that maintains the modern business environment. It’s this demand on infrastructure that causes the ripple effect that is digital transformation. For instance, an app can be designed and built—but what of the outcome? Does it need to speak to a multitude of disparate systems? Does it create exponential data growth? Who accounts for that in the IT hardware world? It’s for all these reasons that we bring you this issue of DirectionIT Magazine. In this issue, we tackle the subjects that interconnect from digital transformation, to cloud and data centers, to security implications, to how it affects traditional infrastructure, and more. As always, we hope you enjoy our Magazine and that it imparts at least a little bit of insight into our collectively complicated small world.
Allan Zander Editor-in-Chief
5
TRANSPA 6
W W W .D K L .COM
IT INFRASTRUCTURE
PARENCY
VITAL TO THE MODERN ENTERPRISE By Craig S. Mullins, President & Principal Consultant, Mullins Consulting, Inc.
Today’s modern data centers are composed of many different systems that work both independently and in conjunction with one another to deliver business services. The hardware, software, network resources, and services required for the operation and management of an enterprise IT environment is commonly referred to as your IT infrastructure.
7
THE CHALLENGE OF MANAGING IT INFRASTRUCTURE
It can be challenging for IT architects and executives to keep up with the burgeoning IT infrastructure. Homogeneous systems were common in the early days of computing, but most medium to large organizations today have adopted heterogeneous systems. For example, it is not uncommon for Linux, Unix and Windows servers to be deployed throughout a modern IT infrastructure. And for larger shops, add in mainframes, too. And when multiple types of servers are deployed that impacts everything else. Different operating systems, software, and services are required for each type of server. Data, quite frequently, must be shared between the disparate applications running on different servers, which requires additional software, networking, and services to be deployed. The modern computing infrastructure is inherently complex. Furthermore, technology is always changing—hopefully advancing—but definitely different from it was even just last year. Consider the database management system (DBMS). Most organizations have anywhere from three to ten different DBMSs. Just a decade ago it was a safe bet that most of them were SQL/relational, but with big data and mobile requirements many NoSQL database systems are being deployed. And NoSQL does not rely on an underlying model like relational, every NoSQL DBMS is different from every other NoSQL DBMS. And let’s not forget Hadoop, which is not a DBMS but can be used as a data persistence layer for unstructured data of all types and is frequently used to deploy data lakes. Additionally, consider the impact of cloud computing: the storing and accessing of data and programs over the internet instead of your own servers. As organizations adopt cloud strategies, components of their IT infrastructure will move from on-premises to the cloud. What used to reside in-house, whether at your organization or at an outsourced location, now requires a combination of in-house and external computing resources. This is a significant change. Application delivery has changed significantly as well. Agile development methodologies combined with continuous delivery and DevOps enable application development to produce software in short cycles, with quicker turnaround times than ever before. With microservices and APIs, software components developed by independent teams can be combined to interact and deliver business service more reliably and quicker than with traditional methodologies, such as the waterfall model. This means that not just the procured components of your IT infrastructure are changing, but also your in-house developed applications are changing more rapidly than ever before, too.
T OF INF
And there is no end in sight as technology marches forward and your IT infrastructure morphs to adopt new and useful components. The end result is a modern, but more complex environment that is more difficult to understand, track, and manage. Nevertheless, few would dispute that it is imperative to keep up with modern developments to ensure that your company is achieving the best possible return on its IT investment. But keeping track of it all can be daunting. It is easy to miss systems and components of your infrastructure as you work to understand and manage the cost and value of your technology assets. And, you cannot accurately understand the cost of your IT infrastructure, let alone be sure that you are protecting and optimizing it appropriately, if you do not know everything that you are using. In other words, without transparency there is anarchy and confusion.
8
W W W .D K L .COM
THE CHALLENGE F MANAGING IT FRASTRUCTURE 9
IT COST TRANSPARENCY
10
W W W .D K L .COM
IT COST TRANSPARENCY
The goal of IT must be to run it like a business, instead of as a cost center. It is often the case that senior executives view IT as a black box; they know it requires capital outlays but have no solid understanding as to where the money goes or how expenditures enable IT to deliver business value. On the other hand, it is not uncommon for senior IT managers to look at company expectations as unrealistic given budget and human resource constraints. The problem is that there has been no automated, accurate method for managing and providing financial visibility into IT activities. Budget pressure and IT complexity, as discussed earlier, have conspired to make it more and more difficult to provide IT cost transparency. But a new category of software is emerging that delivers cost transparency for IT organizations. The software offers automatic discovery of IT assets with the ability to provide cost details for each asset. By applying analytics to the IT infrastructure and cost data, the software can offer a clear picture of the cost of providing applications and services to your enterprise. This useful insight enables CIOs and other IT managers to make faster, fact-based decisions about provisioning and purchases. The capabilities of such software can vary by vendor and solution, but capabilities to look for include:
•
Automated collection of IT asset details
•
Tracking of operational metrics and usage
•
Cost modeling capabilities
•
Executive and CIO dashboard
•
Custom reporting and analysis
•
Forecasting and budgeting
•
Chargeback reporting and billing capabilities
•
ROI analysis for IT projects
Armed with the facts provided by IT cost transparency, CIOs can accurately discuss budget allocations with business executives. When you understand your IT infrastructure and know what you spend on IT resources and applications, your company can make informed decisions because they know where the money is spent. But IT cost transparency is not just a solution for improved communication. By using IT cost transparency software to model and track the total cost to deliver and maintain IT software and services, better decisions can be made. For example, infrastructure components like servers and storage arrays are frequently deployed with more power or capacity than is needed. Such over-provisioning—whether it is CPU, memory, storage or any other IT asset—costs money and wastes resources. With an accurate view of what is being used, how it is being used, and what it costs, it becomes possible to provision capacity as needed. Not provisioning until necessary can significantly reduce costs, by delaying spending as well as taking advantage of Moore’s Law, or the tendency for capacity and performance to increase while cost decreases for technology over time. With an accurate view into your IT infrastructure and its cost it becomes easier to keep your IT and business initiatives on track. Armed with accurate data, your business and IT teams can better align investment with goals and therefore better manage budgets and spending. Cost transparency solutions provide decisionmakers with knowledge of where money is actually being spent throughout the business. IT leaders can use this information to make accurate decisions about current allocations and future investments. Chargeback for IT services has traditionally been troublesome for organizations with a complex IT infrastructure. How can you accurately charge for IT services when you may not know all of the services being delivered and on what components, let alone the actual cost of those services? IT cost transparency can be used to drive service-level agreements (SLAs) based on actual costs and requirements. IT cost transparency can be a significant help for outsourced IT departments. An actual accounting of the real IT costs can help you to negotiate—or renegotiate—your outsourcing contract and bill.
THE BOTTOM LINE
Attempting to understand the cost of IT is too frequently a one-off effort conducted to address a crisis such as an audit, a contract negotiation or to define a new budget. A better approach is to understand your IT infrastructure and the cost of IT services and software with a proactive approach using automated IT cost transparency software. Let’s face it, we’ve been living with anarchy for too long and an informed, automated, analytical approach to managing IT costs is long overdue.
11
Freak Blue Cruiser Flying carrousel-tourbillon 7-day power reserve Silicium technology T. 561.988.8600 ulysse-nardin.com
TH E E TE RNAL MOVE ME NT Ulysse Nardin, from the movement of the sea to the perpetual innovation of Haute Horlogerie. For over 170 years, the powerful movement of the ocean has inspired Ulysse Nardin in its singular quest: to push back the limits of mechanical watchmaking, time and time again.
By Paul Hogg, CEO, Inteleca IT Business Solutions It never ceases to amaze me that IT continues to evolve so quickly— and not just from a feature / function perspective. I mean it in the way that we all collectively internalize IT advancements, how buzzwords become something real and tangible, and how we are all able to adapt at such a fast pace. It also makes me chuckle at times when I’m writing an article such as this and have to use terms like “traditional virtualization.”
14
W W W .D K L .COM
15
“TRADITIONAL VIRTUALIZATION” SPEAKS VOLUMES Ponder that for a moment. The fact that there is now traditional virtualization speaks volumes as to what we now expect from our infrastructure and what is to come. It also speaks to what we have to address to make sure these types of practices don’t accidentally backfire and take the business down with it. It’s this forward-looking preparedness that brings me to hybrid cloud and why plans need to be in place that speak to more than just cost savings and the practice of simply moving data around. Though easy in concept, it’s not exactly something that should be taken lightly—not that I think anyone would. More so, my fear stems from the global social acceptance of change and how we can all fall victim to complacency when implementing new technology—after all, everything is easy in this day and age … right? So, here’s the issue: Updating a data center and just getting a bigger pipe to the internet is not the right mindset to have. And though this solves some of the high-level technical issues, such as speed and performance, our experience with our customers has taught us that things are rarely that simple.
CONSIDERING THE NETWORK
Then, of course, there’s the network itself. A good analogy: just because you put fancy racing stripes on your 1989 Fiero doesn’t mean it’s fast or furious. Note: don’t judge me on my love of the Fiero. But networks are just that—if you want to win races, make sure your infrastructure is ready to play the game. And, are you ready to play the scalability game? Just because you can move data to different places it isn’t the end-all be-all of virtualization. There’s a real chance that your infrastructure will need to scale. Primarily because one begets the other. Virtualization is brought about because data is growing, and resources need to be adjusted. But adjusting only goes so far. Eventually, locations, gear, networking speeds, and everything else will need to be addressed for growth. In the end, the only advice I can truly give is plan, plan, and plan some more—and partner with a team of people who do this for a living. The scope of this stuff is a million miles wide and a million miles deep and, ultimately, for companies it will be succeed or drown.
16
W W W .D K L .COM
ADDRESSING HYBRID CLOUD CHALLENGES From understanding the limits of the internal IT team, to legal aspects, and more, hybrid cloud comes with a host of challenges that needs to be addressed. Here’s an easy one: Facebook. I’m sure you’ve been following the news and what Facebook has been going through—a lesson to be learned for sure. Its data was misused and now Mr. Zuckerberg is sitting in front of Congress to explain his actions. And though I don’t want to get into the politics or implications for Facebook, it leads to a very real topic: How do you manage and control your data? I’m not saying that anything nefarious is happening with most companies, just be aware of the complications that arise from data and where it resides, and what it’s for. After all, the first challenge when designing a hybrid cloud is where to draw the line. Whether it’s regulatory compliance, data sovereignty, or privacy requirements (OK, not to whip a dead horse, but Facebook, again)—all of these things should be among your first considerations.
17
Wh 20
W W W .D K L .COM
hat is Digital Transformation and why do retailers need it? By Andrew Armstrong, CCO omNovos Omni-Channel Customer Engagement
When it comes to new technology, there are two distinct attributes that are always present: a term that almost no one understands, and an implementation path that is even harder to understand. Sound familiar? So, what is it that must occur to better understand and embrace new technological advancements—all without seemingly chasing proverbial squirrels or getting lost in the collective confusion of new tech fads? Simply put: don’t get caught in the hype ‌ instead, ask what your business needs to succeed and to start at your own pace.
2 1
A new renaissance A perfect example of this is the new world of “Digital Transformation,” the latest term that for some still represents the newest in high tech buzzwords, but for many more a term that has come to represent a new renaissance in our technological age. So what the hell is it? The best way to describe Digital Transformation is to first explain what it is not—it’s not just tech for the sake of tech. The idea that companies can somehow “transform” digitally in the twenty-first century is a lot like telling people that they should switch from buggies to cars 130 years after the first automobile was invented—too little, too late. What Digital Transformation does represent and what it symbolizes, is a business approach that is equal parts technology and end-user / customer experience. With the advent of mobility, an era of data was introduced never seen before. That data, and its inherent link to overarching connectivity, has brought about the next great revolution in business: the essence of Digital Transformation.
The human element and the power of the people
To accurately describe the term Digital Transformation, let’s first begin with the end-user / customer side of the equation. As mentioned, when the era of mobility was introduced a new world of connectivity came with it. From social media, to anytime/anywhere enabled eCommerce, to apps that manage every aspect of our personal lives—collectively these represent a source of personal empowerment. The fact that we can all share thoughts, moods, personal opinions, reviews, and more—all on our own timeline—represents a level of control and oversight that we have never had. It has created a new narrative and a new power over our own destinies that we have never before experienced. Pair that power and what it represents as a collective influence over the retail world, and now the tables suddenly turn towards consumer demands and expectations—the power is in the hands of the people— where every retailer is held accountable and, simultaneously, held in stark comparison to its competitors and even other industries. These comparisons become commonplace in this new era of consumer expectation and demand. So, what are retailers doing to address customer expectation and demand? As consumers of all types use and compare experiences from brand to brand, companies must answer the call for better services and must meet customer expectations to remain relevant and competitive. It’s at this point where old services and new technology must be reimagined and retooled to serve the digital world in the future. This is the first half of Digital Transformation. It does away with the archaic approach of what was known as the Customer Journey, and now firmly places the power in the hands of the consumer, creating a more comprehensive approach now known as the Customer Experience.
22
W W W .D K L .COM
The technology that supports the experience
Obviously, technology plays a huge role in Digital Transformation: it’s the engine that drives customer experience and business outcomes. However, the challenge that is associated with Digital Transformation is not the process itself, it’s the dissolving of old guard IT silos that’s the hurdle to overcome. In the past, such things as eCommerce, brick-and-mortar, customer support, account management, and so on, all resided in very deliberate silos—many of these never spoke to each other. This is partially a corporate culture issue but, more importantly, it’s a technological one. Creating an environment where highly siloed technology can speak to one another was never an easy thing to accomplish. Having ERPs, point-of-sale, eCommerce, and payment gateways, just to name a few, all work harmoniously is, well, crazy. Right? After all, disparate technologies being leveraged as one system was never a reality worth chasing. Now, add in the likes of Artificial Intelligence, chat bots, social media data, single-user-profile data, and combine those with all of the other aforementioned systems and you have an even bigger conundrum—one that also happens to represent the need for Digital Transformation. Now, having the ability to create the connective tissue between all aspects of a company’s business process mechanics and to leverage and utilize it to deliver a seamless and highly engaging customer experience whether online, in-app, or in-store, is not just needed—it’s downright expected. Therefore, Digital Transformation requires the technical expertise to enable all systems to connect and speak to one another, all while automating the majority of these processes in a way that supports the end goals of the company and the customer. When you take the customer into consideration first—designing a desired experience that is highly personalized to everyone—you create a roadmap for technical implementation. Then, by tackling each system on a granular level and creating the connective tissue to leverage data and process, you achieve your end goal: a business that is truly transformed … Digitally ;)
2 3
Focus your Business
Non-stop Business Continuity Instantly recover any app, any data on any cloud
veeam.com
Why outsourcing Cloud Security is in the best interest of everyone By Kyle Watson, Cedrus Digital Transformation Solutions, Managing Partner, Information Security
Companies are continuing their ongoing migration to the cloud. If anything, the pace of this migration is accelerating. This can be seen in two main areas: 1. Companies are moving their custom applications off their own infrastructure and onto hosted platforms such as Amazon AWS and Microsoft Azure. 2. Many business units are taking advantage of existing Software as a Service (SaaS) applications to solve problems quickly, rather than rely on IT to build them a custom solution. These changes improve customer agility, but add new challenges for IT security and, in particular, the security of data.
26
W W W .D K L .COM
2 7
Securing Cloud Applications
The challenges in securing cloud applications are quite different. There is no longer a perimeter to defend indepth as applications are scattered and geographically diverse. There is not even a known set of applications to secure, as in many cases business units are making use of SaaS applications without IT being aware of them. Finally, the security model of the infrastructure providers depends on a model of shared responsibility, where the provider and the customer have different but interrelated responsibilities.
Securing Cloud Applications
The challenges in securing cloud applications are quite different. There is no longer a perimeter to defend indepth as applications are scattered and geographically diverse. There is not even a known set of applications to secure, as in many cases business units are making use of SaaS applications without IT being aware of them. Finally, the security model of the infrastructure providers depends on a model of shared responsibility, where the provider and the customer have different but interrelated responsibilities.
The new IT Paradigm
Today, IT no longer has direct access to the physical environment as it once did. This is particularly true of SaaS applications where the vendor only provides minimal access to functionality in a shared environment, typically by a combination of user interface and API access. However, important corporate data, much of it regulated or restricted, now resides in these environments within applications that can be opaque to the end user, and where the rules around data storage and protection may be poorly defined. With these changes, we are moving from an environment where security meant locking down the perimeter, to a model where data security is paramount. This new model needs to be looked at from two different perspectives: that of the technology that is needed, and that of the people-related aspects, the policies and governance that surround the management of cloud-based applications and data.
The Technology
The technology itself—the tools that provide ways to control, monitor, and protect information assets based upon the rules decided under governance/policy—is in fact the easier of the two to come to grips with. New categories of tools now exist that allow an organization to come to grips with Cloud Security management, such as cloud-based identity and access management (IAM), and cloud access security broker (CASB). The tools can provide capability in several areas, including identity management in the cloud (IAM), authorization and authentication for cloud services (IAM), data loss prevention (CASB), malware prevention (CASB), anomaly detection (CASB), and cloud application usage risk mitigation (CASB).
28
W W W .D K L .COM
The Policies and Processes
However, the more complex part of Cloud Security is coming to grips with the policies and processes needed to manage these new tools. Many capabilities will need to be developed, along with ongoing operational management of the new tools and governance processes. These will include ongoing management of the processes, validation against regulatory standards, and dayto-day operational management. These are the items that need to be taken care of so that risks are mitigated, compliance and regulatory issues are enforced, threats are managed in real time, alerts are monitored, and reporting is timely.
Staffing Scenarios and Financial Implications
And, of course, there are the usual issues related to building out new capabilities: the staffing scenarios and financial implications that coincide with the management of Cloud Security. For smaller organizations, attracting someone (or multiple people) to the organization can be a challenge, along with the difficulty of retaining employees once they have been trained in skills that are highly in demand. For larger organizations, the financial aspects of calculating staffing costs versus returns need to be considered. Even when finding and retaining the right individuals with the right skill sets is accomplished, the financial aspects that apply can soon come into question. It might be difficult to justify the costs of building the new team if there are more effective options available via outsourcing.
Delegating and Leveraging the Collective Experience
Delegating these Cloud Security challenges to a managed services company can start to make a lot of sense. Experts who have the knowledge and pedigree to tackle modern Cloud Security challenges head-on by leveraging the collective experience gained through simultaneously monitoring a multitude of companies, bring with them a plethora of benefits with little to no downside. Aside from the monetary aspects of predictable operation costs (moving CapEx to OpEx), professional managed service providers can also immediately implement everything from best practices to delivering automatic notification and implementation of regulatory change—because it’s their job. So, in the end, why is outsourcing your Cloud Security in the best interest of everyone involved? The answer is clear.
2 9
GO CAPPING IS
Or, Capping is no longer a bad word By Keith Allingham, Marketing Manager, DataKinetics Data Performance & Optimization
32
W W W .D K L .COM
OOD Okay, yes it is: Nobody in their right mind is going to cap their business-critical workloads. Yes, you want to save on operational spend—in fact, you need to—but not at the expense of completing business-critical workloads on time. I mean, just forget about it! It’s not happening. Move on.
So now that we have agreed to never cap important workloads, I think we still are interested in saving on operational expense though, right? I mean, that’s a major internal pressure for everyone in the IT organization; we all know that. And with MLC costs projected to increase—no, make that expected to increase—okay, they absolutely will increase. Well, that just makes the cost control pressure even greater. However, there are ways to do both: to safeguard your business-critical workloads, and to help control the cost of running those workloads—at the same time. More than that, you may actually help those workloads run faster. Sounds unbelievable, I know. Worse than that, it sounds risky.
But the truth is that you can do all of it—believe it. How? Capping. Okay, hold on, don’t stop reading. This isn’t some crazy circular argument: there are ways to do this, and to do it without risk. Critical workloads will complete on time—maybe even faster. And you’ll save on operational expense, without the risk. So how does that work? Automation. More precisely, by automating a process that otherwise is both manual and highly risky.
3 3
IBM SOFT CAPPING Some background information. IBM’s soft capping feature was introduced in reaction to the needs of the customer base to help control MSU costs that were running very high for some customers, especially those in growing high transactionintensity environments. In these environments, MSU usage and the rolling 4-hour average (R4HA) based MLC, can be particularly spikey. Usage is not flat and predictable, but can rise steeply for a day or a few hours, resulting in very large MLC rates based on one or two resource usage spikes within a charge period. (The monthly charge is based on the maximum usage within a given month.) IBM soft capping works. The solution helps to suppress the resource usage spikes (and the associated MLC peaks) by artificially capping usage to a given level. The problem is that the whole soft capping mechanism is largely misunderstood and is therefore avoided, for the most part, by those mainframe shops that need it the most.
SOFT CAPPING CHALLENGES Soft capping allows you to manually set limits on MSU usage, based on past usage knowledge and some type of understanding (agreement?) on how much cost is too much. The problem is that once we start capping the critical workloads, we lose interest in cost savings. Slowing those workloads down is often politically disagreeable, and can incur increased costs in other ways—SLA non-compliance ramifications, for one thing. On the up-side, soft capping also allows for manual intervention to make changes if the capping of certain workloads is causing problems. For example, there may be intense pressure from the finance department to control rising costs, but there can be equal or more intense pressure from other departments to prevent critical workload performance reduction. If that happens, you can go in and tweak it manually. While effective, the manual aspect of this capability throws some risk into the equation. The process can often be laborious and time consuming, especially in complex heavy-use, multi-business unit, multi-LPAR environments, which is most mainframe shops. Without proper care (or expertise) the process can also become error prone, and can lead to unintended and costly results. So we have a tool that can be used to control costs, but you must allocate SysAdmin or DBA time and resources to make it effective. And you don’t have any excess in human IT capital to spend on it—who does? What can you do about this situation? Well, the answer is automation; specifically, automated soft capping.
34
W W W .D K L .COM
AUTOMATED SOFT CAPPING Automated soft capping essentially takes the risk out of soft capping. There are a few soft capping automation solutions out there—the best ones are applicable to both batch and online processing, and allow you to borrow MSU resources from one LPAR and apply them to another LPAR running the critical workload(s). We’re talking about MSUs that you’re already paying for. An automated solution dynamically and automatically controls the defined capacity for each LPAR. Each individual LPAR is fine-tuned to leverage available white space and provide capacity on demand by taking into account the capacity needs of all LPARs. Being able to dispatch additional work on a specific LPAR—while operating under the R4HA—will control your MLC while increasing capacity and throughput for critical workloads. Of course, the most important aspect of an automated solution—is the automation. The ability to change LPAR capacity settings on the fly is the key to saving on operational cost, and an automated system does that lightning-fast and error-free.
SOFT CAPPING IS GOOD WHEN IT COMES WITHOUT THE CAPPING PART The idea of soft capping is a no-brainer when you first think about it: anything that helps control rising costs is a great idea. The problem is the capping part. Saving operational cost is less exciting when your boss or an executive throws lightning bolts at you for lowering the performance of critical workload processing. So, how about this: soft capping, with the cost savings—but without the capping? Yeah, I want me some of that! Fortunately, that’s actually a real thing. You should look into it.
3 5
WW W .D KL .COM
W W W .D K L .COM
SE PT E MB E R 20 18