Search
Follow me:
Listen on:

Day Two Cloud 122: Two Customer Journeys To VMware Cloud (Sponsored)

Episode 122

Play episode

Ethan Banks and Ned Bellavance hosted a panel discussion at VMworld 2021 with two VMware customers using VMware Cloud. This discussion looks at what works, where the customers ran into issues, and how their cloud journey is progressing.

Our guests are Mari Lovo, Director, IT, Cloud Infrastructure Services at University of Miami; and Vesko Pehlivanov, Senior Managing Director, Security and Technology Services, Solution Strategy and Architecture at Sterling National Bank.

Mari says approximately 30% of her workload is in the cloud, primarily on Azure. Vesko says Sterling National Bank has fully migrated its operations to the cloud, with a mix of workloads running in VMware Cloud and cloud-native applications.

We discuss:

  • The primary drivers when deciding whether to place an application in VMware Cloud or use the native public cloud constructs.
  • The main factors in deciding to leverage a major public cloud to run VMware Cloud as opposed to hosting yourself or running in a colo.
  • How they decided which public cloud to use for VMware Cloud
    Thinking about the time since you adopted VMware Cloud, what’s one big benefit you’ve discovered and one surprising challenge?
  • The long-term strategy with VMware Cloud –  Is it a transitional technology to public cloud, a steady-state deployment for specific applications, or a growing portion of your IT infrastructure?

Show Links:

VMware Cloud

Mari Lovo on LinkedIn

Vesko Pehlivanov on LinkedIn

Transcript:

[00:00:05.450] – Ethan
Welcome to Day Two Cloud. And today we’ve got kind of a very special edition. Ned and I were invited to host a panel discussion at VMworld 2021, and we did an interview with a couple of folks who are using VMware cloud services as a way to move them along their cloud journey. And we got right into an interesting discussion, didn’t we?

[00:00:27.590] – Ned
We sure did. And it was an authentic discussion because these are customers who are currently using the solution, and sometimes it was awesome. And sometimes they ran into some issues. So it was really cool to hear how they’re using it and how their cloud journey has progressed.

[00:00:42.830] – Ethan
Yeah. And you say authentic because it was VMware. Let us have a real discussion where it was a bit of a warts and all conversation. Some elements were really great for these folks, and some things were less great. And we got into some of those details with VMware’s blessing, which was really nice. So enjoy this VMware panel discussion.

[00:01:02.510] – Ethan
We’re going to step right into it. And you’re going to hear who the guests are and their backgrounds right about now.

[00:01:08.570] – Roger
Mari Lovo is the director of IT Cloud Infrastructure Services over at the University of Miami, Florida, and Vesko Pehlivanov, he is the senior managing director, solution, strategy and architecture at Sterling National Bank. And away we go. So go ahead, Ethan, over to you.

[00:01:28.130] – Ethan
Hi, everyone. Welcome to the panel here. I am Ethan Banks, cohost of the Day Two Cloud Podcast with Ned Bellavance. You can find out more about that at Day Two cloud dot IO. We are part of the Packet Pushers podcast network. Jumping into the conversation today, we want to dive into how these folks are using VMC. So, Mari, let’s start with you. Would you tell us a bit about your organization and the existing, well, what you’re doing on premises? What you’re doing in cloud, what kind of applications you’re running? How do you decide where to run an application?

[00:02:01.610] – Ethan
Give us that background, would you?

[00:02:04.130] – Mari
The University of Miami is a private University. We have about 15,000 students and 5000 employees. We primarily run enterprise applications for the University. That includes authentication, domain services and specific departmental applications, as well as manage the data centers and stuff like that. As far as our environment, we’re probably about 70 30 on Prem versus cloud. We’ve been running in Azure for about seven years now, and it started off with 30 native Azure VMs, and now we’re running about 500 resources in Azure, whether they be IaaS or PaaS.

[00:02:51.170] – Ethan
So that 70% is on premises and the 30% the cloud or the other way around the first way.

[00:02:56.690] – Mari
The 70% on premise got it.

[00:03:00.170] – Ethan
Okay. Busy a lot of students, a lot of applications to support and Vesko. We want that same background from you.

[00:03:09.050] – Vesko
Sterling National Bank serves consumers and businesses primarily in the New York Metro and the Hudson Valley region. We also have a specialty finance business that serves businesses nationwide. We are running mostly financial services applications, things like loan origination, credit deposits. Recently in a white paper with VMware and Deloitte, we’re claiming to be the first traditional bank to be 100% in public clouds. All of our applications, the majority running on VMware cloud, probably 90%.

[00:03:53.450] – Ned
Okay, so in terms of I don’t want to call it traditional because it is VMware in the cloud, but you’re running 90% of your workloads there. And another say about 10% is running on what would be sort of cloud native. Is that’s the correct breakdown?

[00:04:09.410] – Vesko
In terms of applications we host? Yes, we also have a lot of SaaS applications, and the traditional part is for us being a traditional type of bank, retail, brick and mortar, not new generation fintech those you would expect to be from the ground up built in the cloud. Right.

[00:04:29.990] – Ned
Right, so these were applications that were hosted in a data center somewhere initially, and you made the decision to migrate those applications to a VMware platform running in a cloud. Did you consider making the move to just the native platform and what went to the decision of saying, hey, this makes more sense to stay on a VMware platform.

[00:04:52.550] – Vesko
Of course, being in the business of running IT. Our primary concern is availability.

[00:05:02.690] – Vesko
No business disruption, maintaining client experience to the highest possible degree. So from that perspective, the easiest path to migration in our assessment was with VMware Cloud, and the tools to allow us to get out of the data center business.

[00:05:23.270] – Ned
Right. You got out of the data center, but you still have that consistency and predictability, probably that your customers are probably looking for.

[00:05:31.590] – Vesko
It’s more basic is just more complicated and involved VMotion.

[00:05:39.750] – Ned
Okay, Mari, I’m curious. You said 70% is still on Prem. What is driving that decision to keep those applications on Prem as opposed to making the move to the cloud?

[00:05:53.310] – Mari
Some of those applications that are on Prem are actually applications that can’t be moved to the cloud because of latency. So, for instance, there’s one application that handles access control to even the dorms or just doors in general. That one, for instance, could never be cloudified, so to speak, whether it’s in VMware cloud, even though we did think about it or in native cloud, just because any kind of hiccup in network connectivity would cause a major issue on campus.

[00:06:26.010] – Ned
Yeah, You can’t make light going any faster.

[00:06:29.670] – Ethan
So latency is in just adding too many milliseconds for that card swipe or whatever to allow people in or worse yet, some kind of a network outage. And you can’t get a card swipe to authenticate against anything at all.

[00:06:42.870] – Mari
Exactly.

[00:06:48.990] – Mari
They have to check in every so often, and if they don’t check in, they lose all their information. So that causes an issue. Other than that, it really has to do with the comfort level of the developers or the application owners, whether they want to kind of have it right there next to them versus be able to put in the cloud. So we’ve done a lot of work with trying to convince them of first. You know, we did like the IaaS model, the lift and shift, and little by little, we’ve kind of gone into the PaaS model.

[00:07:22.350] – Mari
Now that VMware cloud is available, we’ve been doing some changes where we’ll move a VM from on Prem to the cloud, and there’s still a little bit of finagling that we have to do. But for the most part, it’s been one of the ways that we can introduce it to people and kind of help them have this comfort level of, hey, it’s somewhere else, but we still have access to it.

[00:07:45.630] – Ethan
Is that because they’re comfortable with VMware on premises and how that works, and they’re particular about the infrastructure itself or just the nebulous concept of, oh, it’s in the cloud makes them nervous.

[00:07:56.910] – Mari
I think a little bit of both. I think part of it is they are more comfortable with VMware, they understand how VMware works. And some of them are actually like OVF files, like virtual appliances. So that’s part of it, too. Right. And then when it comes to the whole nebulous of being in the cloud, I think we’ve kind of gotten past that since we’ve been doing this for about seven years, but there’s still some hesitancy when it comes to certain application owners as to whether their application can be running in the cloud or whether the application itself, the vendor will allow it or bless it in the cloud and support it in the cloud.

[00:08:39.930] – Ethan
So you’ve got 15,000 students back on campus, Mari, but you must not have for a while with the pandemic and Covid and so on. And I’m guessing there are a lot of people, maybe not on campus that were what changed in your environment to deal with that? And did that change? Is everything like, back to the way it was, or is that a new strategic initiative going forward now because of COVID?

[00:09:04.830] – Mari
During Covid, we went down to I think there was a few months where there was no one on campus. Then we had kind of a mix. Last school year, there was like a mix of hybrid on campus and then fully remote students. For the most part, anybody on the corporate side of UM was off campus. So we were remote. We still kind of are and the faculty and student facing staff are back on campus now. So when it comes to the campus itself, it’s pretty much back to normal.

[00:09:40.170] – Mari
It’s more the corporate arm that is still in a weird remote stage. So we’re still kind of figuring out whether we’re going to be hybrid, whether we’re going to be remote, whether some employees are going to be completely remote or not. It’s still in that kind of flux right now, like most organizations.

[00:10:00.870] – Ned
Right, did that change your strategy at all when you’re looking and evaluating new applications to roll out knowing that you’re going to be mostly or entirely remote from where the data center is.

[00:10:11.910] – Mari
Yes. Definitely. It helped us leverage Cloud more, and it helped people understand what we were doing with the cloud. So we were able to spin up things without really having to go into the office to actually plug in place, kind of actually rack and stack stuff. Right.

[00:10:33.250] – Ned
Right.

[00:10:34.810] – Mari
And that was awesome. Not having to do that. We still had some of that going on. But for some of the necessities during the major lockdown, we didn’t have to do that. We didn’t have to go and acquire any physical hardware. We just were able to do it on Azure, whether it be with the VMware cloud platform or just native.

[00:10:57.910] – Ethan
If everybody’s working remotely anyway, that whole latency argument can go away for a lot of applications.

[00:11:04.450] – Mari
For some of them. Yeah, for a lot of them. And we’ve been little by little trying to move those to the cloud, whether it be a SaaS model or in Azure, right.

[00:11:16.450] – Ned
Right, yeah. I actually worked in higher Ed for a little bit as a systems administrator, and there were a few people who really wanted that box, like they could walk down the hall and touch the Sun Box that was running their application, and if they couldn’t do that, they got very upset. And then we did this whole data center migration to a facility that was, like, 50 miles away, and suddenly none of them could touch it. And that changed the dynamic completely in a good way.

[00:11:40.570] – Mari
It’s still the same.

[00:11:45.350] – Ned
Vesko, I’m curious. In terms of your choice to go 100% public cloud. Was that process accelerated by the pandemic, or were you at that state prior to the pandemic happening?

[00:11:57.830] – Vesko
We were that first phase of our digital transformation prior to the pandemic. The pandemic itself had minimal impact on the overall strategy. We kicked off phase one around early November 2019. So by the time the pandemic started, we were already underway. Plans were in place. It complicated them slightly. Instead of planning migrations and migration waves in a room together, everyone being remote. But outside of having to adjust communication collaboration patterns, there was no other meaningful impact.

[00:12:42.990] – Ned
Okay. Did it accelerate the process that you’re maybe in a larger hurry to get everything moved into VMware on Azure?

[00:12:51.390] – Vesko
No. We had a one year timeline. We hit it pretty much straight on the mark. We closed the last migration wave two weeks before the deadline.

[00:13:03.030] – Ned
Okay. That’s nice to hit the deadline, right.

[00:13:06.090] – Ethan
How did you guys move that fast Vesko? To move all those applications in and that sort of a timeline. Was it because you were staying in the VMware environment? Because the flip side of this is what some companies are doing is if they can figure out how they will refactor their apps into Cloud native. But I’m guessing you didn’t do that for a lot. Just based on the timeline you’re describing .

[00:13:30.030] – Vesko
Yeah, exactly .It would have been impossible to refactor them within a year. As I said, it’s a lot more technically involved VMotion, but you can extend your network into the VMware cloud. So basically, you don’t have to change IP addresses, domain names for anything. Just move it across. We do have to do it in waves for latency bandwidth purposes.

[00:14:02.370] – Ethan
Wave as in this is a group of apps. We have to move together. They’ve got to go together. We can’t split them up.

[00:14:07.170] – Vesko
They have to go together. And there is a capacity limitation. How many you can move in the same wave because they have to migrate. Then you have to set up disaster recovery within the same weekend window. Basically, we have to mobilize testers to test all the applications to make sure not just that they are up and running, but also that user client experiences intact. So not a lot of time. That’s why they were broken into multiple waves every weekend from March onwards. More or less.

[00:14:43.650] – Ned
Sounds like it was more of a logistics problem, than it was a technology problem. The technology was like, yeah, we got that part. But now we got to get all these people together and get all the testing done.

[00:14:53.430] – Vesko
Yeah.

[00:14:54.510] – Ned
I’ve been through a few DR tests, and those are always like a big brouhaha, and it’s usually getting all the people together. And I got to imagine a large scale migration like this is like doing a DR exercise every other weekend.

[00:15:06.330] – Vesko
Yeah, it’s planning, testing and coordination, especially with businesses, application owners, that were the biggest challenge, not the technology.

[00:15:18.030] – Ethan
Vesko, you mentioned extending your IP network from on premises up to the cloud so you could keep the same IP address. Did I hear that, right?

[00:15:26.190] – Vesko
Yes.

[00:15:27.750] – Ethan
Okay, from a networking perspective, that scares me a lot. So did you run into any technical challenges when you extend one IP network between the two sites like that?

[00:15:37.590] – Vesko
Not in the extension itself. Extension works fine by now. First, VXLAN is tested well understood and then baked into the hypervisor with HCX. So that worked well. We had, I guess again, planning related challenge with capacity. At one point, we had capacity limitations, not because of bandwidth, but because we were running too many concurrent sessions. We didn’t factor in that regular backup would kick in in the same change window over the same weekend, basically more than doubling the number of active sessions at the same time. We just had to upgrade the appliances to the next size.

[00:16:32.070] – Ethan
When you said VXLAN and then using the VMware HCX product to do the extension. Now, I’m not scared anymore because I actually understand how that architecture works and keeps you safe. Vxlan particularly. I get it. So I feel better now that you’re doing it that way.

[00:16:47.730] – Ned
You said after the migration, you also were re protecting those VMs with disaster recovery after the migration. And that had to happen in the same weekend as the migration itself?

[00:17:00.270] – Vesko
Yeah. We’re using a primary and secondary software defined data center, so they have to sync between the primary and the secondary.

[00:17:11.850] – Ned
Okay. And those are in two different geographic regions.

[00:17:15.330] – Vesko
Yeah.

[00:17:15.870] – Ned
Okay.

[00:17:16.770] – Ethan
Mari, are you guys doing anything cloud native, or looking to do something cloud native as opposed to keeping things in the strictly the VMware form factor.

[00:17:26.910] – Mari
The majority of what we have in the cloud is Cloud native. VMware. We just deployed the AVS stack about we’re probably nine months in or more than six months in at this point since we completely deployed it. So the majority of what we have when it comes to IaaS and PaaS in Azure native, and that’s because we’ve been there for about seven years. So AVS is fairly new compared to native.

[00:17:58.110] – Ned
Yeah, I was going to say if you’ve been in Azure for that long, you’ve seen some pretty significant transitions in Azure itself. You’re probably back in the old service model before they move to the resource manager.

[00:18:10.170] – Mari
We actually had some stuff that was still in Classic last year that we were pushing to get out of Classic because the developers were like dragging their feet on it.

[00:18:23.070] – Ned
Yeah. Well, if it works, why move it? Why change it, right? Their priority is to keep things working for whoever’s consuming that application.

[00:18:33.330] – Mari
Yeah.

[00:18:33.510] – Ned
Is the plan long term to first move applications that are currently on Prem to AVS to get developers comfortable, and then maybe use that as a springboard to go cloud native? Or do you imagine that some applications will just remain on the AVS platform long term?

[00:18:49.230] – Mari
I think it depends. The virtual applications or the virtual appliances that, like, for instance, our network team uses for Firewalls. That’s one of the ones that we put into AVS because it didn’t get the same bandwidth with the Azure native version. And when we put it into AVS, we got the bandwidth that they were expecting. So things like that, I think it really depends on the application or the appliance, in this case, how it really uses Azure’s native environment versus AVS and whether it can tap into the underlying hardware or not, and that will make our decision.

[00:19:35.910] – Mari
But basically, I think we really are kind of moving towards a lot more kind of PaaS type situations where we can use the efficiencies of Cloud and AVS would be more for things that just really can’t be changed right now or in the near future.

[00:19:56.730] – Ned
Right. I definitely encountered that where the vendor is supplying that appliance, and that’s what you got. So you can have to make do with it.

[00:20:03.390] – Ethan
We got a question that’s come in that would be good to share here from Jeffrey. Many of our customers are looking to logically architecturally extend their on prem infrastructure into the cloud without changing too much of the tech stack, the management tooling, operations, and so on. So he gives an example here if they are using Fortinet on Prem, and they don’t want to use the NSX Firewall in VMware cloud because this complicates operations. This goes for many of the third party core networking infrastructure services. How have you folks, Vesko and Mari, how have you dealt with these sorts of issues?

[00:20:38.050] – Vesko
Exactly as Jeffrey points out, we didn’t actually change any of the stack we were running on VMware hypervisors in the data centers before, it’s more or less the same just in somebody else’s data center. Firewalls that we used on premise are the same firewalls, just virtualized.

[00:21:00.310] – Mari
Same. We actually.

[00:21:01.330] – Vesko
Same rule sets, some modifications, but that’s just some modifications to the rule set.

[00:21:07.030] – Mari
Yeah, we’re using the same thing. Actually, one of the things that we found was that the NXS Firewall actually hindered some of the applications the way that they transfer over client IPs or don’t transfer client IPs was an issue for us. So we had to use our Juniper Firewall instead, and that actually has worked for us for those applications that we were having issues with in AVS.

[00:21:35.890] – Ned
Okay, so the biggest change is you’re just going from a potentially physical appliance to a virtual appliance in VMware, but all the major networking vendors have a virtual and physical version of their appliance. It sounds like that transition wasn’t especially hard. Were there any gotchas that you ran into in terms of how those virtual appliances run or are deployed?

[00:21:55.810] – Mari
Not really. They deployed the same way as they would on Prem. The one thing that would be a gotcha would be that sometimes at least on the Azure version of VMware, some of the features were not on by default for us to be able to administer, so we would have to work with support to have them turned on. Give us a time window of having that permission. I guess you could call it and then be able to change whatever settings we needed to change to do whatever we needed to do.

[00:22:34.030] – Ned
Ah interesting, so they give you just a time bounded permissions for the next hour you can toggle this switch, and then after that hour, that ability goes away.

[00:22:42.970] – Mari
Yeah. And I think they actually my systems architect usually works with them. They actually do, like a screen share, like watching to make sure he doesn’t break anything or whatever.

[00:22:54.550] – Ned
Right. Because they’re managing a decent portion of the platform. So they want to make sure you’re not going to do anything that breaks their ability to manage that platform.

[00:23:02.410] – Mari
Correct. Aside from that, the feature set is pretty much the same. It’s just that some things are turned off for you as the user.

[00:23:10.030] – Vesko
You don’t have the same concept of a traditional DMZ sandwich between two Firewalls, so we had to re architect it and just adjust our designs and processes to fit in that model, achieve the same security objectives just in a slightly different way.

[00:23:32.150] – Ethan
Considering some of the design and architecture requirements that you’re dealing with, here. Did you think about running VMware cloud on your own gear, maybe colocated or something like that or on Prem, as opposed to hosting it in a public cloud. You’re both running in public cloud. So how did you decide to end up running VMware cloud there?

[00:23:52.010] – Vesko
In our case, we don’t want to be in the data center management business, the power, including real estate, all of that hassle. We’d rather have somebody else do it.

[00:24:05.570] – Ethan
Simple enough. So not even Colo, though you really just didn’t want to have to touch physical gear at all Vesko.

[00:24:11.030] – Vesko
Yeah, and that was particularly helpful during COVID because we didn’t have to send onsite engineers to data centers. So and on.

[00:24:20.750] – Mari
For us, it was that we were actually considering getting rid of our Colo or downsizing. So.

[00:24:29.090] – Mari
When the opportunity came up that AVS was going to be made available, we decided to take it so that we could start testing it not only for the fact that we didn’t want to continue putting stuff into this Colo, but also to have a third region, because Miami is Hurricane Alley, so to speak again, it’d be nice to know that there was something somewhere else where it might not be affected, even though most of the data centers here are whatever category, whatever, wind proof or whatever. But still a major major Hurricane could take out the power grid or whatever, and we’d still be affected.

[00:25:12.350] – Mari
So this was one of those opportunities to show that we could have a third region outside of Miami, outside of Florida and be able to still use the same hardware, so to speak that we have on Prem.

[00:25:29.990] – Ethan
Now, you’re in Azure, Mari, and is that because you had history with Azure, and so you decide to keep your VMware cloud install going on Azure? Or was there some specific reason you picked that instead of AWS let’s say?

[00:25:42.830] – Mari
The University has a really strong partnership with Microsoft. So we started off in Azure. We have a very tiny footprint in AWS. So since our majority of our footprint was in Azure, we decided to stick to Azure.

[00:25:58.670] – Ned
Okay, how much do the native constructs in Azure bleed into AVS? Does it use things like Azure AD or is it really just, you know, it’s running in an Azure data center, and that’s all the interaction.

[00:26:10.730] – Mari
No, there’s interaction. It uses Azure AD. We do have, I think, at least two domain controllers that are living inside the stack as well, but it does use Azure Ad. It uses other features outside of in the Azure ecosystem, so we can actually tap into storage and stuff like that.

[00:26:33.470] – Ned
Okay, so if you wanted to use some Azure Blob storage or table storage or whatever, you could connect that into the services you’re using in AVS, which public cloud are you leveraging VMC in?

[00:26:46.430] – Vesko
In AWS.

[00:26:47.750] – Ned
You’re in AWS. Okay. What was the reasoning behind picking AWS as the cloud to go with over some of the other options that are out there for VMC.

[00:26:58.370] – Vesko
We already had some applications on AWS, and at the time of our selection, VMware Cloud, was most mature on AWS. That was a couple of years ago.

[00:27:13.590] – Ned
Yeah, I remember that.

[00:27:15.210] – Vesko
Actually more than that. We started the selection probably three years ago.

[00:27:19.710] – Ned
Yeah, I don’t remember exactly when they all launched, but I know that the VMware on AWS is definitely the first, and so it makes sense that it’s the most mature of all of them at this point.

[00:27:29.970] – Ethan
Vesko those other apps you mentioned that were already in AWS, so there were some proximity concerns. There are latency concerns where you needed these other apps to be able to talk to what you were going to host on VMC.

[00:27:42.930] – Vesko
No, they’re cloud native, but we were familiar with AWS. Had presence, production infrastructure and anyway, the others were either nonexistence or just launched from a VMware offering perspective.

[00:28:03.330] – Ethan
I know there are some tie-ins between VMC and AWS and AWS a variety of different services. Are you leveraging those or any of those interesting?

[00:28:12.930] – Vesko
Yeah, VPCs, you have to use. VGWs, some standard constructs, but it’s fairly minimum.

[00:28:23.070] – Ned
Okay. So since you adopted VMware Cloud on AWS, what’s the biggest benefit or the most surprisingly awesome thing that you’ve enjoyed since adopting the platform?

[00:28:35.070] – Vesko
I would say, serving as an enabler for the next phase of our digital transformation, having a stable, reliable infrastructure so we can treat it basically as the utility to build on. After that project was over, we launched the next phase of digital transformation, focusing on colleagues, client experience and some other components of digitizing business process and so on. That wouldn’t be possible without having the migration first.

[00:29:13.230] – Ethan
So Vesko real talk here. You just cited stability of the cloud infrastructure as a big part of the reason kind of a foundation to move on to the rest of your digital transformation. Really? It’s been that good, especially compared to on Prem, because if you through enough money at it. You can make your on Prem pretty robust too.

[00:29:32.730] – Vesko
Not in terms of availability being more stable than on premise. But. We don’t have to worry about upgrading the cloud infrastructure, for example, or the basic maintenance of the stack underneath. Right?

[00:29:49.890] – Vesko
That all comes as a package from VMware cloud. That’s what I mean. You don’t worry, for example, about your electricity or pipes, right? You can switch providers, and you still don’t worry about them. You can think about adding automated lightning in your house if the power would go down from time to time, that would not work as well. Right. Or if your dorms wouldn’t open when you swipe your card.

[00:30:24.190] – Ned
Mari, I’m curious. Since you’ve adopted AVS for some applications, have there been any surprising challenges you’ve encountered things you didn’t expect as you move stuff onto the platform.

[00:30:35.830] – Mari
So like I mentioned before, the one challenge that we really encountered that we were surprised by was the whole firewall issue, especially when it came to applications that use the ADFS that require the client IP to be transferred over.

[00:30:53.290] – Ned
I just cringed a little bit when you said ADFS, I’ve had to deploy that solution more than once. And, yeah, working with the network team at any location where you’re trying to put that in, because you have the ADFS proxy, and then you’ve got some weird rules that need to be put in place. That’s challenging by itself. But you said there are some additional challenges because the NSX firewall.

[00:31:15.550] – Mari
Yeah, on the actual AVS installation. So it wasn’t transferring over the client IPs. So basically, it wasn’t Authenticating people. And it was one of the applications that we moved from on-prem to AVS. And the reason we moved it was because we were trying to take advantage of the benefits of extended security updates because it was an application that was 2008, and we’re trying to get them off of it. It’s one of those things that securities like, hey, and our solution was let’s move it to AVS because we can extend the support for a few more years and at least have a little bit more of a window of opportunity for these guys to work on getting off 2008.

[00:32:02.890] – Ned
Yeah, I didn’t even think about that. I forgot about that whole extended benefit. If you move it, is it just if you move it to Azure, in general, AVS falls under that umbrella.

[00:32:12.250] – Mari
Correct.

[00:32:12.970] – Ned
Oh, that’s really interesting. So a potential use case for someone in AVS could be I just have these 2008 boxes, and I need to keep them in service. Maybe if I move them to AVS, that buys me a couple of years until I can.

[00:32:25.990] – Mari
Exactly, I think it’s three years from the date of the end of life or end of support of that. So I think it was end of support last year. So after two years, I’m not boasting the two years. I’m kind of trying to keep it to six months. But technically, we have about two years.

[00:32:46.330] – Ned
Ideally, you’ll get off of ADFS as well and maybe use like, Azure ADFS.

[00:32:52.210] – Mari
We’re in the process of that as well. But that was one of the things that we bumped into because we hadn’t had that issue until this one application was moved, and we realized that that was an issue, and we were like, oh, okay. How do we get around this? And we finally realized we just had to use our regular Juniper Firewalls instead.

[00:33:10.390] – Ethan
Mari going back to that 70 30 ratio where you got 70% on Prem and 30% of your apps up in the cloud, are the benefits you’re getting from your cloud hosted apps enough that there are more in that 70% that you’re planning to migrate to cloud, or are you at that point where the 70 30 is kind of where you’re going to be at for the long run because you just really have to have these apps on-prem for whatever reason.

[00:33:37.150] – Mari
Yes and no. I think part of it is that we kind of focused on applications that we needed in case the University went down. So, for instance, authentication for our SaaS providers, our website, so that we could communicate email, stuff like that. We really focused on those kinds of applications at first. And anything that’s what I would call public facing. So any kind of Web sites or web presence that we have is what we focused on. After that, we’ve kind of looked at different applications, for instance, anything that has a GPU.

[00:34:19.210] – Mari
We don’t have a GPU stack per se on campus, like a virtualization stack that actually can do that. So we’ve done POCs and stuff like that for any kind of researchers that need GPUs in Azure because we can just spin up a server and even put it on a schedule or whatever and not have to worry about getting all this hardware that may or may not be used in the long term. So those are definitely the benefits of the cloud for us having the ability to spin up anything that we need to spin up without having to procure hardware.

[00:34:56.290] – Ned
Yeah.

[00:34:57.010] – Ethan
Especially this day and age when procuring hardware means would you like it next year or the year after?

[00:35:03.610] – Mari
Aside from that, like five months of waiting for approvals and POs and all that kind of stuff? Yeah.

[00:35:12.490] – Vesko
Unless you make your own chips.

[00:35:14.230] – Mari
Yeah.

[00:35:16.150] – Ned
Even then, though, the actual chip fabrication plants are starting to have some pretty extended lead times like TSMC and whatnot. So even if you design and send them a design, you get in line. Somebody else might leave you if they got more money. I’m curious, Vesko, you sort of mentioned phase two of your digital transformation. How does VMC fit into that? Is the plan to use it as like a transitional technology where you’ll eventually migrate most of your apps to a cloud native? Or is it going to be sort of the steady state for a lot of your applications going forward?

[00:35:53.170] – Vesko
Steady state for a lot of applications. Generally, our strategy is that for new business demand software as a service is our first choice. For things where we have intellectual property or want to control the user experience. We go with platform as a service and infrastructure as a service is a maintain state. We don’t develop a lot of full stack homegrown applications. It’s mostly third party applications, so they will just happily sit there.

[00:36:29.950] – Ned
Okay. So you’ve got this priority list and sort of almost decision matrix of what should we do with applications? So your existing apps sounds like most of those are just going to remain where they are as they’re running. And then as new applications or new needs roll along. I should say you’ll make a decision whether to run it as SaaS, run it on platform as a service or host it on infrastructure as a service. And that would kind of be the last of the three options for most of the software.

[00:37:00.010] – Vesko
Right. And we’ve been doing religiously annual upgrades to the major business applications. If there’s a major change from the software providers and they’re offering software as a service, then we’ll consider it. But that’s out of our control.

[00:37:18.550] – Ned
Interesting. Okay. So if an application you’re running internally now, they start offering it as a service. You’ll at least take a look at that service and see if it lines up with what you need as a business.

[00:37:30.610] – Vesko
Since it’s third party, you may not even have an option if they say we no longer offer it as on premise application. Here’s our new cloud. You have to use that.

[00:37:41.770] – Ned
Were there any concerns in terms of regulations you have to follow because you’re in the financial services industry. Were there any concerns around that and going all in in Cloud and using VMC.

[00:37:55.630] – Vesko
There are our primary concerns deal with preserving client data and Privacy. That doesn’t change irrespective of where the infrastructure is.

[00:38:07.150] – Ned
Right.

[00:38:07.870] – Vesko
And to that end. VMware Cloud fits well because hosts are dedicated to us. They’re not shared.

[00:38:16.090] – Ned
Right. You don’t have to worry about the multi tenancy of the physical hardware.

[00:38:20.470] – Vesko
Yeah.

[00:38:21.130] – Ned
Okay.

[00:38:22.930] – Vesko
The VMware cloud stack on top of all the hosts that you’re buying. Those are dedicated.

[00:38:28.750] – Ned
Right.

[00:38:30.970] – Ethan
Mari, Give me your long term strategy for VMware Cloud, because a question that’s come up from Ned and I on the day two Cloud podcast is VMC a transition strategy for companies or, like, a long term play? Do you have thoughts on that?

[00:38:45.610] – Mari
I think ultimately it can be both. And like I said, it really just depends on the applications you’re using. For us, we’re definitely cloud. First, we try to look at SaaS applications first, when it comes to anything that we’re moving to on an enterprise level. And then when it comes to the smaller Department type things, we’re a University, and not all applications are going to be built for cloud. So that’s where the on premise and the AVS that come into play, where we can’t. Either it doesn’t run well in Azure native, or it runs better on a VMware environment.

[00:39:30.790] – Mari
So I think it really just depends on the organization and the kind of applications that they have available to them.

[00:39:40.030] – Ethan
It was a non committal answer, but you justified it well, when you said it can be both.

[00:39:43.870] – Mari
Yes, it can, especially for universities and academic organizations. We’re limited sometimes as to the applications that we have available to us and the kind of support or research and development they put into those applications. So it makes it kind of hard if you were talking to me about, like a bank or a different technology company or even a hospital, I would say it would be more clear cut, but not a university environment.

[00:40:20.630] – Ned
When I worked in higher Ed. We were using this one enterprise application. I think it was originally from Oracle. Maybe but it had been so heavily customized by the various teams in the University that when they did come out with an as a service version of it. There was no way to migrate just because they tweaked this and added a special module here and actually changed database tables and stuff. There was no way to do it. So it was a non starter in terms of that application.

[00:40:53.150] – Ned
So I’m sure you’ve gone through similar experiences with what you got down there.

[00:40:57.950] – Mari
No, most definitely there’s just applications that are still written in, like, 32 bit that can’t run in Citrix or Horizon or any kind of type of virtual environment. So it’s very difficult to really say, oh, yeah, we’re going to go all Cloud native because that’s just not realistic. I think that’s where Azure VMware stack or VMware solution really comes into play and helps us be able to still say, hey, we’re in the cloud. It’s resilient. It’s got all this uptime, but it’s still able to run in the same kind of environment that it’s running on Prem.

[00:41:44.150] – Ethan
Well, we hope you enjoyed this discussion, this panel discussion that we brought to you from VMworld 2021, and our thanks to VMware for sponsoring us, because that is how Ned and I feed our family. So the sponsors are pretty awesome.

[00:41:55.910] – Ethan
Hey, virtual high fives to you for tuning in. We really do appreciate it. If you have suggestions for future shows, Ned and I would love to hear those things we monitor on Twitter at day two cloud show. You can tweet at that or if you can fill out the form on Ned’s fancy website, ned in the clou dot com. Other ways you can keep in contact with us and with the packet pushers community, we have a free slack group that is open to everyone. Vendors included, go to PacketPushers dot net slash slack and join.

[00:42:23.330] – Ethan
It’s a marketing free zone for engineers to chat, compare notes, tell war stories, and solve problems together. Again, that’s packet pushers dot net slash slack. Until then, just remember, Cloud is what happens while IT is making other plans.

More from this show

Day Two Cloud 147: Google Cloud Is Not Just For Devs

Today on Day Two Cloud we peel back the curtains on Google Cloud with a GCP insider to find out how Google Cloud differentiates itself, its embrace of a multi-cloud approach, and more. Our guest is Richard Seroter, Director of Outbound Product Management...

Episode 122