The VP of product marketing and cloud evangelist for HP Cloud Services, Margaret Dawson joined HP last February to help drive this cloud "startup business" within the HP enterprise. In this work, Dawson has been able to draw on many years of experience in the cloud community as former head of product management and marketing at Seattle-based cloud provider Symform and in other roles. Dawson has shared her thoughts on the current issues businesses face as they make decisions on deployment of IT infrastructure and on how HP solutions can help with InsightaaS.com editor Mary Allen. In the edited version of this conversation below, Dawson offers frank opinion on shadow IT, the need for cooperation between IT and line of business managers in the development of security/governance policy, cloud integration challenges and HP’s OpenStack value proposition.
Mary Allen: One of the things that I hear when I talk to people about hybrid cloud is "Oh yeah, I've got a private cloud deployed. I have server virtualization. And I get my SaaS apps from Salesforce." Would HP define this scenario where there are siloed systems and data as hybrid cloud or would you call that something else? And what is your approach to helping customers with this type of environment?
Margaret Dawson: That's an interesting question, and there are a couple of different ways to look at it. From the customer perspective, the reason they call that hybrid is because they are dealing with different cloud environments that they are trying to manage — it's not a single environment with simplified visibility or management. But I think what you're describing is actually fairly unique because when we talk to customers, a lot of them don't actually think about the fact that they have different cloud environments at all. Often those public cloud applications are what we call shadow IT or rogue clouds.
We did some research not long ago where we asked "Do you have public cloud? Do you have hybrid cloud?" and respondents said "No." But when we started asking detailed questions about their use of specific solutions, they responded, "Oh yeah, some of the business is using that." There’s been kind of a reality check though. Especially in the last few months we've heard IT leaders start to say, "I've got to get a handle on what's out there." It's as if they don't know what they don't know." What they're living in today is what we like to call 'hybrid hell' because it is hybrid; they have different cloud environments within their organization. The problem is that there is no governance; there are no common security policies or even policy around usage or management capability.
I think what you were referring to was pure hybrid in an academic sense where you've got different cloud environments working together. There's a broader definition that I just call hybrid computing or hybrid IT, which is where you have several different environments within your overall IT infrastructure or IT ecosystems. The hybrid IT reality of today is that customers can have traditional infrastructure, which may be virtualized but is not truly cloud. They may have some private cloud and some public cloud that IT may govern and most likely a whole bunch that IT does not. It's this mixture of environments, vendors, applications, management, software policies, and governance. What we're seeing is IT finally saying, "I can't continue to have this hybrid craziness. I've got to somehow bring it into view so that I can introduce some common governance and security — some true hybrid management so that I know where my data is and what systems are out there.
Allen: This is a huge problem for businesses, but how can IT, which is traditionally a service that business users rely on, force this reigning in that needs to happen? Line of business managers have a credit card and they have Internet access. How do you advise people?
Dawson: It's not going to happen in one week, but I really do think we're going to see IT try to take back control. Data breaches and very targeted attacks on specific companies with increasingly sophisticated tactics are only going to increase this year, building tension between line of business who says, "I'm just going to use some app to do whatever I want to, and I'll put mission critical data up there and it'll be fine," and IT which is trying to protect corporate data. That's why I begin my conversations by advising IT to first recognize that business needs these productivity tools or applications - make sure that you know what is driving them to these applications or rogue clouds. Whether it is development or websites or collaboration tools, identify what's missing and then work with business to see if there are other solutions that would allow you to have better governance within their requirements.
There's going to have to be some give and take and that's the challenge. IT needs to come in with policies around governance and then give business some leeway within that: say, for example, "here are the three things you've got to do. If you follow these and let me know, then you can go get your application." So acknowledge the fact that you can't own every piece of it, and then develop policy for that vendor. Specify the things that any application or cloud that the business is going to purchase needs to follow so that you own that vendor policy guideline and you own some access control rules. For example, even with Salesforce — we're a huge Salesforce user within HP — there are guidelines in terms of what your role and responsibility is that determine what kind of access you get to Salesforce. Not everybody gets the same license.
There's going to be some clean up and they're going to need — fortunately or unfortunately — to shut down some of these rogue clouds. Some of the scary ones are the file transfer, and the collaboration apps, where huge files and huge amounts of data are being sent in a fairly casual way. I think that's one of the areas IT is really going to focus on.
Allen: That's pretty interesting. You've given me a policy-based solution to this problem as opposed to a technology-based solution.
Dawson: That's totally right. It's not a technology problem; it's a behavioral problem and a policy governance problem. Going forward, there are only going to be more cloud solutions that facilitate end-user self-service. So if you don't start at that policy behavioral level, it's only going to get worse, especially since we're seeing so much more sophistication from a security attack perspective.
Allen: What about the technology aspects? One of the issues that I'm intrigued by is the integration of all of these different cloud applications. It may be that IT is able to persuade the business user to pick apps from a defined list, but at some point these applications need to access the same data and to work together in order to work well. So what's HP doing around that whole integrate piece with SaaS apps?
Dawson: We used to think of integration as literally having to build out connectors between different applications or different platforms. What we're seeing now as the future for integration is leverage of open API infrastructures to allow that portability, that movement of data and that communication across different clouds or even across traditional infrastructure in cloud platforms. One of the reasons that HP has made it investment in OpenStack is that open ecosystem. We are very much true to the OpenStack API: we leverage OpenStack as a foundational element across our hybrid architecture so that you can have interoperability and portability of data and applications across public, private, traditional IT or whatever mixture you have, as well as be able to do that within that OpenStack ecosystem. There are hundreds, if not thousands, of solutions that are also leveraging that same open API infrastructure so you can begin to have this real agility and rich ability to work in a heterogeneous environment, which is the reality of every company.
The whole integration topic has really evolved over the past two or three years. We started with SOA as the answer, a shared services layer where you get all the data. Then we went to pure point-to-point integration and sometimes it was point-to-many. Now we're really looking at it from an API perspective and at having this open approach to data integration while making sure that you're following security and governance.
Allen: You have just described three different approaches to the whole issue of integration. Where do you think most of HP's customers are on that journey?
Dawson: It varies, but I would say most enterprises they are somewhere in the middle and they have different pieces of their infrastructure that are further along. When it comes to new applications, they're absolutely looking to develop those and deploy those in the most dynamic cloud environment in order to move more forward quickly on that journey with new applications, new workloads, new solutions. The challenge or the biggest transformation will happen with the legacy app where they may have invested millions of dollars and with traditional applications that are sitting in their data centers. The bigger question is how do you help them get that agility, integration and next generation delivery within those legacy apps? The reality is that you can't just rip and replace or move that app completely to the cloud — that's not a realistic solution. But can you put a new web front end on that, so that other applications can access data from that legacy app but still provide that agility and integration that you need?
There are different ways to solve this issue, but it's definitely a journey and it definitely involves multiple steps. It's not a one-size-fits-all or single answer. It really depends on where they have their applications, where they have their data, how many data centers they have, and how old is their infrastructure. There are a number of questions to start with: where is it they're trying to go, what are those new solutions or workloads that they need to deploy, is a global employee workforce, what is the situation or circumstance? And then you need to start to plot out that journey and move them through that maturity model to where they need to be.
Allen: I'm thinking about a manufacturing environment, for example, where they'd have a proprietary application that they've developed for their own operation. It’s not likely that a SaaS provider would be able to develop some kind of templated app that will work in that situation.
Dawson: Right, but there are ways to use the data within that application in a new way. It’s important to touch base with reality because we sometimes can get the impression from different vendors that everything is moving to the cloud. That's just nirvana. There's always going to be a need for some kind of traditional infrastructure, not to mention the fact that behind the cloud is in fact a data center. We forget that there are a whole lot of servers and networking equipment, racks, bandwidth and everything else that is powering these wonderful cloud solutions. There will always be a mix of infrastructure that will depend for every company on they've invested in. In the case of proprietary apps that have been built over many years for a very specific use case or industry, the question is how do you help them take advantage of the latest capabilities, while recognizing the fact that they have an investment in this application which they must continue to use for their business.
Allen: Let's bring HP in here.
Dawson: Our differentiation, or the reason we believe we are winning in this hybrid computing world is that we can literally work with customers across an entire spectrum, whether it's server infrastructure, networking equipment, software, connectivity, or whatever it is. Building a cloud-ready data center, leveraging existing infrastructure while upgrading to more next-gen data center, public cloud, professional services, cloud management software that can manage and provide visibility across the entire mixed infrastructure from traditional IT all through cloud. Leadership in all these areas is our value proposition and our key differentiation is basing that all on open, enterprise grade hybrid delivery. We don’t necessarily own all the pieces — it may be that we bring in partners or we integrate with other solutions — but we can help manage, set customers on that journey and fill in the gaps, no matter where they are or what pieces they need.
Allen: When I first talked to HP about hybrid cloud, one of the advantages or benefits of Converged Infrastructure was that the same platform and architecture was used in HP’s private and public cloud service. How does Converged Infrastructure support some of the customer challenges we have been talking about — such as data portability?
Dawson: From just a pure infrastructure perspective, we obviously are going to leverage the best-in-class infrastructure that HP is developing and deploying for the data centers. We leverage that not only with the solutions we sell to customers as part of our private cloud, but we also leverage that same infrastructure in the data centers as the heart of our public cloud. So that has not changed. But where we have improved is in our OpenStack platform that we call Cloud OS, which now serves as the software foundation for all these solutions as well. So what you have is this common infrastructure architectural element both from a hardware and software perspective, which allows you to go up the stack and build that out however you need to.
What's also interesting is that we're able to provide customers with a lot of different ways to enjoy the economics or the agility of cloud, even when they’re using traditional infrastructure. For example, we have a solution called Flexible Capacity that actually resides in customer data centers and allows them to lease space in a true kind of public cloud economics model where it's on-demand, pay for what you use only when you need it. Maybe it's bursting for extra computing instances or storage capacity, but the solution actually sits on-premise. For applications where latency might be a key issue, you've got the ability to burst out, paying for what you need, but it's sitting right there in your infrastructure. There are different ways to respond to the hybrid delivery that may not actually be cloud, or true cloud, but a combination of services.
Allen: Does HP's public cloud have any data center infrastructure in Canada? This continues to be an issue for some Canadian customers.
Dawson: Currently we deliver public cloud out of two major data centers in North America. We have plans to globalize that over the coming 12 to 24 months. For Canada specifically, one of the strategies that we are using at HP is not only building out our own infrastructure and cloud implementation but we are also working very closely with service providers and other partners to provide global solutions for customers worldwide. It won't necessarily always be an HP public cloud that is the right thing to provide to our customers. In certain regions, it will be delivered through partners that have the experience or have the infrastructure there.
As we build out we're actually leveraging existing data centers and infrastructures that already exist within HP. So with the initial public cloud build, we went with two data centers just for the public cloud. But we have this very robust ecosystem of HP data centers worldwide through our enterprises services group and other areas. So we'll be leveraging those cloud-ready data centers as we build out, while also working with a key service provider and other partners on a global basis.
Allen: I’m wondering how HP’s public cloud service has been received. Has there been a shift, for example, from outsourcing to cloud services?
Dawson: On the management side, we're actually still seeing a huge amount of growth and interest in managed services or hosting private cloud, as well as virtual private cloud. We've seen a lot of growth there over the past year and it continues to be very popular with customers because it's of that best of both worlds. It's kind of a global solution. For many customers there are better economics as you're still in that multi-tenant environment. But you get lock down and access control and really it's more of a sense of control than anything that is comforting to many companies. And having someone else manage that for you, or even host that for you, adds to the appeal because it’s more public cloud capability or benefit where you're not having to build out the infrastructure yourself. So many customers tend to lean towards VPC.
With our Canadian customers, we're seeing a lot of interest in both our private cloud and our cloud system overall. So we've had good success with that in Canada as well as with the VPC solution.