Shawn Rosemarin’s experience in the tech industry has been broad and deep. His career spans implementation with SAP and sales with IBM and Dell, a stint as Canadian CTO for Hitachi Data Systems, service as a mentor with the CFC IdeaBoost Accelerator, and now setting strategic direction for the VMware engineering group.. He currently acts as Chief of Staff for Americas Systems Engineering.
Out of this extensive experience, Rosemarin has developed a strong sense of the ‘winds of IT’, and a unique ability to align technology capabilities with business needs. These traits are on display in the discussion below, where he outlines the latest innovation from VMware, and considers its applicability in the Canadian marketplace. In my first encounter with Rosemarin back in 2011, he patiently described cloud computing concepts. Since then, market understanding of cloud and industry advance have each expanded exponentially. But have they kept pace with one another? To learn more about trends driving adoption of VMware technology in Canada, implementation challenges and business outcomes, and the key role played by IT, read on. The following is an edited version of an interview with Rosemarin conducted at VMworld 2016, the event that launched the company’s new Cross-Cloud Architecture framework for advanced hybrid technology deployment. (ed.)
Shawn Rosemarin: The most exciting part of this whole thing for me is thinking back on the original journey of private to hybrid, and hybrid to public, and now seeing the Software Defined Data Centre come to life. The amount of substance, the amount of success, and the amount of clarity and vision VMware have created this year really demonstrate this. If you boil it down, the market is saying, “Yes, I bought your proposition on compute – the server doesn’t matter. I bought your proposition on NSX – any switch, it doesn’t matter. I’m buying your proposition on storage, because frankly it’s kind of a no-brainer.” And now, enterprises are starting to think “Well yes, I do want a common security model, and a common discovery model, and a common deployment model across clouds.”
Mary Allen: Yes, I remember an impressive VMworld keynote delivered back in 2007 by Paul Maritz, who was acting VMware CEO [Chairman of the board,Pivotal]. He showed really impressive vision in a talk on ‘cloud computing 101’, in which VMware technology was positioned as a new operating system for the data centre, and software the vehicle. A few years later, VMware’s messaging was around the ‘Software Defined Data Centre’ – and today the messaging and portfolio has evolved further with software stitching together many additional functions.
Thinking about the advanced capabilities that VMware has announced – the Cross-Cloud Architecture and related services, for example – can you discuss their relevance to the Canadian market? Technology adoption typically begins with the right drivers. Is the Canadian market mature enough to derive real benefits from their implementation? What challenges would drive adoption of this technology in Canada?
Rosemarin: Let’s break this into components: Cross-Cloud Architecture, which is the strategy; VMware Cloud Foundation, which is comprised of the components that span private and hybrid cloud infrastructure; and Cross-Cloud Services, which extend the deployment of key services across public multiple clouds. Starting at the Cloud Foundation side of things, from an ESX perspective, obviously 80 plus percent of the market, depending on how you measure it, is fairly mature, [and server virtualization] is pretty much a de facto standard when it comes to computing. In terms of NSX, we don’t break out our Canadian numbers, but there’s no reason to believe that the uptake on deployment of NSX that we revealed on our [global] financials, which was 100 percent year-over-year growth, is not representative of what we saw in our Canadian business.
Allen: But isn’t there a little bit of catch-up with NSX, relative to ESX?
Rosemarin: In terms of market size as a whole, absolutely. Each year you’re looking at an overall global market in ESX of around 500,000 customers, while the latest numbers released for NSX were, I believe, 1,700, and the latest numbers for VSAN were 5,000. These are comparatively small, but if you consider the global deployments of micro-segmentation, 1,700 is a pretty big number. Similarly, if you look at global deployments of Virtual SAN, 5,000 is a bigger number. The good news is that when you look at our foundational base, we have a significant potential market to connect with – to say, “Hey, we want to help you push your abstraction beyond compute and into the network and storage layers.”
When we consider maturity, we need to look at the fundamental product. Cloud Foundation is ESX, NSX and VSAN plus the SDCC Manager, a key component of the platform that simplifies the creation and the integration of the hardware to turn it into virtual instances. You wouldn’t buy SDCC Manager on its own; it’s not even available on its own. At root it’s the glue that takes the VMware Cloud Foundation platform, and allows the user to spin up virtual data centres.
Compare that with vCloud Suite from a few years ago. There was good packaging, but there were a lot of products, and there were a lot of solutions that sometimes customers hadn’t deployed – maybe they hadn’t deployed vRA, or they hadn’t deployed vROps. We offered a deal for buying these together, but there was hesitation because the maturity wasn’t there. Today, ESX deployment is very mature in the Canadian market, and the number one factor pushing NSX is that the current security model is just flat out operationally unbeatable.
Allen: So you see the driver for NSX in terms of security challenge rather than a more generic networking issue – the need for networks to keep up with VM speed in cloud computing?
Rosemarin: Correct, but as in private cloud more generally, there are three main drivers for NSX adoption. The first use case is disaster recovery: the primary site must be connected with a secondary site via network virtualization. Problem number two is security. The organization may have firewalls, but in order to fully secure its applications in a “zero-trust” framework, it would have to have 1,000 firewalls, which would mean 1,000 firewall rules, and a firewall team of thousands of people to manage that, which is just not feasible. The third scenario occurs in the creation of new workloads. Without the programmatic policy drive automation that is NSX, every time a new workload is created, a ticket would have to be created asking the network team to go and provision those new network players. By automating the policies associated with the creation of the network, the solution can drive agility. Every single client across Canada that we talk to has those challenges – DR, security and automation/agility.
What forces businesses to move on NSX, is that they come to a point where their current security and network model is untenable and unsustainable. If they can continue to scale the way they’ve always scaled, they won’t change; it’s when they hit the wall that they move to NSX as a solution.
With VSAN, it’s really been the phenomenon of hyperconvergence that has been driving adoption. It makes a lot of sense to reduce your east-west traffic by having your storage sit with your servers, and in some cases, to integrate with your network switches to achieve additional performance benefits. And due to the ubiquity of our virtual hypervisor, VSAN is and should be the de facto standard for virtual storage.
When you look at these market trends and adoption drivers through a Canadian lens, you see a great future ahead for VMware Cloud Foundations. The market is already buying all these components, and it makes a lot of sense for the customer to scale on that trend. Customers will have choice in hardware, but will want to buy against certified Cloud Foundation hardware already available in the market as ’VSAN Ready Nodes’.
Allen: Why a certified list if you are selling software?
Rosemarin: Think of it in the same terms as our ESX Hardware Compatibility List, except it’s a VMware Cloud Foundation Ready Node. We certify the hardware solutions to ensure they perform to the standard our customers expect. The other option today is EMC (VCE), which provides an entire kit as part of the VxRail and VxRack line-up. This is a fully integrated Cloud Foundation stack with all in the hardware, an approach that is well suited to the Canadian market. Customers are going to buy the components anyways, but packaged, this solution is even more attractive, especially to the many midmarket businesses here. Canada has a small number of accounts with revenues over $1 billion, the rest are smaller. It’s a land of opportunity in entrepreneurship…
Allen: From the customers’ point of view, what is it that they need to have, and what do they need to do in terms of implementation to make ready for effective use of Cloud Foundation? Are there any organizational change, change management or HR elements that come into play? Is it as easy to deploy as the point and click demos at VMworld suggest?
Rosemarin: Pat [Gelsinger, CEO] made a comment this morning that was very profound. He said that the tool [SDDC] itself is not complex – you point and click. But if you think about the governing idea here – that we’re going to secure, run and manage workloads, based on policy not people – that means that the organization has to standardize and formalize its policies. Some of that’s going to be political, in terms of what my business requirements are, and some of that’s going to be technical – the business has to understand enough about the way the network operates, the way that first hand indent files or information compliance policy sits, to ensure, for example, that the server talks to the right server, and not to the wrong individual service.
That logic layer is all within the realm of IT today. And one of the most exciting things is that the business needs IT more than ever; they want the agility, they want that automation, they want that simplicity that something like Cross-Cloud Services can deliver, but the logic that allows for this currently sits within the head of the IT individuals.
Allen: So you don’t anticipate any major changes within the IT department, in terms of new skills?
Rosemarin: Oh, absolutely I do. I think you’re going to see a lot less of the repetitive command line interface functions. I expect change from that kind of work to architectural work that actually up-levels the people so that they can agree on the best organization-wide policy for deploying virtual infrastructure and applications, for example. And the creation of this will be automated because the creation is all repetitive process based on policies, but the team will have to tell business what that creation needs to look like. So understanding and being able to build the knowledge engine into a tool which says, “this is what we will deem acceptable, and this is what we want,” will become important. This really up-levels everybody, from the practitioner to the architect.
Allen: That’s an interesting perspective. And what about the template? Who creates the blueprint? Are you doing that in VMware, on behalf of different kinds of customers? Are they vertical, horizontal? Or have you simply created a tool that allows the customer to template?
Rosemarin: All of the above. Within vRealize Automation, which is an adjunct to the Cross-Cloud Architecture, but not part of Foundation, lies the ability to create the blueprints that you need from scratch. We also have a solution exchange, a publicly accessible site, where you can go and download blueprints from some of the more common applications out there as a typical starting point. And within IBM SoftLayer [VMware’s new public cloud partner], as part of its service, IBM actually maintains and sells an enterprise grade blueprint catalogue. So you can buy it, you can build it, or you can borrow it.
Allen: So in terms of prerequisites, the customer needs to have some VMware Foundational solutions already installed…
Rosemarin: Yes, ESX, NSX and VSAN, but it’s not all or nothing. You may choose to have a component of your architecture running on Cloud Foundation, and you may choose to have other solutions. What a lot of organizations will do is assess their data centres to determine which elements are up for refresh. Some the hardware that predates Cloud Foundation will obviously not be certified to run the solution, and these will run their term. But as these components come up for refresh, the most effective way to refresh the environment is to purchase Cloud Foundation compatible infrastructure. And unlike some of the other hyperconverged solutions out there, with VMware Cloud Foundation the customer can go out to bid for the infrastructure from multiple vendors. So as the other components roll over, the business will continue to evergreen its data centre system.
Allen: So it’s not so much a brand issue as a date then, in terms of infrastructure you will certify for VMware Foundation.
Rosemarin: Correct. Simply put VMware Cloud Foundation hardware has to be listed and certified as a Virtual SAN ready node. There are already well over 100 infrastructure solutions certified. But remember, this is all still VMware, it’s just a question of how you’re buying it. If you have older non-certified hardware you can still deploy NSX as a stand-alone technology to your existing environment – you’ll buy standalone licenses for NSX, and standalone licences of ESX. But over time you’ll migrate to VMware Cloud Foundation.
Allen: Is there some kind of financial incentive here for the customer to run Foundation and on-board different components? Is there any sort of advantage to buying in a package?
Rosemarin: I don’t think the pricing of packaging has been released yet, but like any organization, we’ll reserve the right to look at the appropriate places to bundle and package accordingly. But I think the real key here [with cloud provider partnerships, like IBM SoftLayer] is that we’ll start to see clients begin to take the way they buy internally and translate this to buying ‘as-a-service’. When the client looks at IBM (or the other 4,000 vCAN partners that can choose to participate here), it really becomes X or Y. The client can buy infrastructure as-a-service from the provider on an OPEX model, or buy and deploy it internally as a perpetual license (CAPEX); it’s exactly the same platform regardless of whether it is on premise or hosted by the provider.
So this makes for a very transparent market. If the client feels the provider can do it for less than an internal solution, they should purchase that as it means the provider is running the infrastructure more efficiently, and delivering more value than is the internal team.
Allen: Does this open up an opportunity for the cloud offerings to cannibalize your existing on-premises business? If it’s the very same thing?
Rosemarin: I think you’ll see a significant amount of extension. I think you’ll see workflows that otherwise would never have gone on turn to private cloud, and start to move out [to public cloud]. It’s no secret – customers are looking more and more to consume on an OPEX basis versus a CAPEX basis; we’ve seen a shift in our revenue model. We’re asked about this in every quarterly earnings report, and I think we have a pretty good handle on what we can expect. Remember what Pat [Gelsinger] said in his keynote [at VMworld]: when you look at the cloud adoption through 2030, 50 percent of the market will sit in the public cloud in 2030, which means that 50 percent will still be sitting with traditional on-premise infrastructure.
Allen: Even though this will be a very slow transition, it’s important for you to hedge your bets, and to have some options in public cloud as well. vCloud Air was less successful than it was expected to be….
Rosemarin: If you look at the new positioning of vCloud Air, it has been reframed around specific cases to address the needs of VMware customers who have very specific, very sophisticated VMware infrastructure requirements in their hosting. And when you look at what we’re doing with IBM, with Cross-Cloud services, which will now drive NSX, with Arkin, which is now vRealize Network Insight, and if you look at our ability to drive discovery, to drive encryption through dynamic network encryption, which will be an extension of NSX next year, you have to recognized that even if the workloads are sitting on a non-VMware Cloud Foundation, they still will be consuming a significant amount of VMware services.
Allen: In discussions with customers, you must need to provide some ROI statements. What do you tell customers they should look for in terms of benefits, and what kind of metrics do you offer to convince them that they really should be running under Foundation?
Rosemarin: For over a decade, we’ve leveraged a capacity planner to help organizations assess their opportunity in virtualizing their physical servers. With NSX, we acquired Arkin to create vRealize Network Insight, which provides really good visibility across domains, in terms of what the potential is to drive savings through network virtualization, and micro-segmentation.
A lot of the benefit is that the customer gets better security, but they do look for what the savings will be north, south, east and west across the network. So Arkin, or VRNI, gives us just that. And on the VSAN side of things, we now have calculators that have been rolled out across our sales teams, which have helped organizations figure out what kind of savings they’ll get from moving to VSAN from a traditional standalone storage array. All those tools currently exist.
Allen: And what can you say of the Foundation platform itself. Is there some additional benefit to running the Foundational platform on top of these components?
Rosemarin: That comes down to the SDCC Manager, the secret sauce that allows you to add more hardware, or upgrade additional hardware in a unified way. All of the patches come unified so the customer doesn’t have to be in the stitching business, working to make sure that this patch isn’t going to blow up that patch at the infrastructure level.
Second of all, as infrastructure components are hooked into the virtual environment, SDCC Manager will merge the virtual resources. It basically replaces the manual effort, for example, of taking the equipment, putting it in the rack, spinning it up, and attaching it to VSAN or to NSX. This means much quicker time to value.
Allen: Are there other kinds of benefits that customers can look towards? We’re talked about cost savings, but are there other kinds of TCO or productivity benefits that you could point to, that may be more difficult to measure?
Rosemarin: There are basically five benefits of moving from today’s infrastructure, which might consist of some VMware technology and some that is not, to a standardized VMware Cloud Foundation. First and foremost you’ve got costs: CAPEX savings, as you will be taking up significantly less space, and consuming much less expensive hardware, as this is going to be optimized for your environment. The second benefit is on the OPEX side; because of SDCC Manager, and because of the automation that’s built into the tool sets, you’re going to be spending a lot less on staff resources needed to “keep the lights on,” to maintain the equipment.
Third of all, you’re going to have unified IT, so when the line-of-business requires resources, you will give them abstractive infrastructure, which means you will not need to do what I like to call “infrastructures and tickets.” You won’t have to go across 20 different individual groups and have them create infrastructure; it’s all there in the same place; it’s all in VSAN and it’s all easy to deploy. Foundation also delivers security, so inherently your entire environment will now be standardized across a common set of security policies, and you won’t have to go to the security team each time you create a workload to ask them to create firewall rules, to open a bunch of ports, etc.
And then last but not least, I would say extensibility is a final advantage. It’s a huge benefit to be able to move a workload out to IBM SoftLayer without any pain and suffering. Neither will the customer experience any pain moving the workload back in, or to vCloud Air in some geographies. There is no resistance in migration, so the cost of change becomes very low, making it easier for the customer to make decisions based on business need.
Allen: You mentioned security. We are starting to see people focus more on calculating the cost of not having proper security framework in place. You see it in increased insurance costs, in scandal and in increased legal penalties imposed for data breaches…
Rosemarin: It’s lost revenue, it’s brand, it’s employee loyalty. Security is absolutely paramount. I think a lot of organizations are very comfortable and trust the security policies that they have built within the walls of the data centre, but they’ve been a little bit hesitant to consume public cloud, due to their inability to extend that policy out. But now that a VMware customer can take one single ubiquitous security policy, and with Cross-Cloud Services extend that out to Amazon, or it extend it to IBM, the customer can actually put the workload in the best possible place for it to live, without having to compromise by keeping it within the wall garden.
