>> Narrator: From theCube studios in Palo Alto in Boston, connecting with thought leaders all around the world. This is theCube conversation. >> Hi everybody. Welcome to theCUBE, this is Dave Vellante, and we're here to talk about a very important topic around de-risking infrastructure with business continuity. This is critical, especially in the era of COVID. And with me, to really explore this issue is Dr. Rico, who's the vice president office of the CTO at INFINIDAT Doc. Good to see you. >> Good to see you again, Dave. >> And Ken Steinhardt, is also here as a field CTO at INFINIDAT and I got to tell the audience, Doc, you're also the chairman of the Mass Motorcycles Association. You're a very cool guy. You're a pilot, you're a firearms instructor, all about safety, and Ken and Doc you're both musicians, right? Doc, I think he played the drums, and Ken, I know when we first met, you're a music guy, so wow. Surrounded by talent so, thank you so much for coming on. >> Glad to be here. Great to see you. >> For the other thing too is that you guys are long time storage industry experts. I've known you both for many, many years. INFINIDAT deep engineering expertise of course, everybody knows about Moshay, he created the most successful product in the history of the storage industry. And we're going to talk about the importance of data, especially in this era of COVID, and how mission criticality has really become more and more important. So, I want to start Doc with you and this notion of business continuity. How are you thinking about, and INFINIDAT thinking about business continuity in this isolation era? >> Well, that's a really great question Dave, because it has changed quite a bit. And as you said, we've known each other a long time, all the way back to when I still had hair, that was how long ago it was. But, business continuity is something that every business constantly looks at throughout their evolution. And it's one of these things where certain applications are typically more mission critical than others. And lately, what we've seen is this genre of a lights out data center that has become absolutely critical operating a business today. People can't just be on site anymore. People need to be working remotely, and that includes data center personnel and in many respects. So, this whole concept of business continuity now encompasses not only the operation equipment that's on premises, or sometimes even off premises, but it also encompasses applications that people need access to that they may not have thought of mission critical before, because working from home was a convenience or working remotely was a convenience, not a requirement for that business. >> You, Ken, I know you talked to a lot of CIOs. I was sitting at a CIO round table with my friends down at ETR recently, and one of the CIO said, when COVID hit, we realized that our business quote unquote business continuity plans were just way too narrowly focused on DR. What do you see from the IT community? >> It's funny because I literally was on a CIO round table with the West Coast this morning. And there were a couple of interesting comments that really stuck out to me from some of the people there. One was commenting of just reaffirming, what Doc said, how much people are working from home now. They said, traditionally they'd had traditional offices and they've just recently hired in this company about 250 people. He said, all of them are going to be remote workers and their normal from here on out, for the next 150 they're looking to hire is just that business as usual will be remote work. And one of the other CIOs chimed in with a quote that really stuck out to me. He said, "Remote work requires always on infrastructure in this day and age." And it's just a whole new way of having to make sure that businesses are operational and their workers can do what they're supposed to do. >> Well, so let's stay on that. I mean, ransomware's on everybody's mind. I mean, all you have to do is look at the stock market, you see, what's happened with Zoom, it's exploded. All the end point securities, identity access management security companies are going crazy, because (chuckles) people are now so vulnerable. So, they're more exposed to ransomware, Ken, what do we really need to know about ransomware? First, the smart company, smart organization is the one that is prepared and assumes the worst. Which means don't think it can't happen to you, especially when you look at a couple of the more public examples in the last couple of years in particular. So, it means you must take steps to protect yourself, particularly for the sake of your company, your business, your employees, your shareholders, your customers, everyone else. And that means deploying technology that assumes that if the worst case scenario could happen to you, how do you make sure that you have taken the steps that you can avoid the worst possible scenarios that could happen? >> Well, you know, Doc, lot of times when you have this discussion on ransomware, people say, well, should I pay the ransom? And sometimes people say, well, yeah, maybe it should go. You hope you never get there, right? (chuckles) >> Right, you absolutely hope you never get there. There is such horrible examples of paying ransom that just don't work. Just look at the Somalia pirates as an example, right? It doesn't stop them at all, but, take a look at what the potential impact is, not the potential impact to your business and your employees, but the potential impact to society. A couple of years ago with Sony, was very notorious case. More recently, a couple of months ago, Garmin. As you mentioned, I'm a pilot, but I was very worried as what reservoir, a lot of people in the aircraft and in aviation industry. What's going to happen not only with our private information, the account information, but what's going to happen with avionics updates? If Garmin didn't have a fallback plan, a way to recover, then what was going to happen? And I'm sure they were going through the process and the thoughts of, should we pay this year? How else do we get out of this? But, fortunately they had a very good plan in place and it only took them a couple of days to restore back to normal operations. Arguably as far as avionics goes, they were lucky in the sense that this happened to them right in the middle of an update cycle, which is 28 day cycle. But the fact that it only took them a couple of days, congratulations to them. I'm sure that with even better plans and a little bit of extra effort, it could have been a matter of hours instead of days. >> Well, let's come back to business continuity. Ken, do you feel as though businesses are not prepared based on the conversation we were having earlier? >> Some are, some aren't. It will be getting into that, I think in a little bit more detail as well, but historically, organizations I think have focused far too much just on traditional disaster recovery, usually with things like some of the technologies that have been around a long while like backup, and onto often having focused towards the technologies that really do keep the business running without human intervention if something were to ever go wrong. >> So, Doc, anything you'd add to that? I mean, what's the state of business continuity from your perspective? Are people having to really starting to accelerate a journey because of this COVID? >> I absolutely think they're accelerating a journey. They're also looking now at, this concept of multiple active sites. The concept of active sites is not something new, it's something that dates back a couple of decades and a lot of the financial industry. When they were struck, they were looking at some very significant changes in their operational paradigm because they realized that the system is going down and is only a small percentage of the problem that people impact is far worse. The operational procedures, the human intervention. So, what they would do is typically build out multiple sites and rotate the applications between them. What they really haven't done yet, at least not on a broad scale and certainly not in the U.S and some cases in Europe, they started this journey, having applications running simultaneously in multiple sites accessing the same data sets. It's not a brand new concept, but it's something that has improved significantly. The technologies have improved significantly over the course of the past decade. And with the introduction of our active backend solution, a couple of years ago, even brought it to an entirely new level. >> The people aspect that Doc mentioned is so critical. And that's certainly been one of the key lessons learned when real disasters have occurred is that the systems have to be, if you really want to keep your business operating making an assumption that people are going to have depending upon the nature of the disaster. Very different priorities and one of them is not, Gee, do I keep these ITs systems running or not? They're going to be worried about their co-workers, their families, other things, et cetera. So, the ultimate has to be systems that are capable of continuing the operation of the business in the face of a site failure, a metropolitan area failure or whatever it takes without the requirement necessarily for human intervention. >> So, I want to get into active-active. But before we do, I wonder if we could do a little sort of data protection one on one, a back up, a replication, you got snapshots, Doc, what do we need to know about each in the context of this discussion? >> I think the important thing to look at when you think about the different types of technologies and say you apply the solutions is that some of them apply to specific equipment failures, and some of them apply to data failure. And I separate equipment from data in the sense that data can be corrupted in some shape or form. It can be through malicious attack, like ransomware as an example, only one example, other types of malware can play a factor as well, or it can be incidental. Somebody pressing the wrong button, it can be an operational procedure, perhaps another system failure that causes a change in the data or corruption in the data that makes it essentially unusable. So, whenever we're looking at this, we have to start with what is the recovery point objective. The RPO that's where most people start with. And in the RPO, in essence, if you think of time zero, right now, it's where the failure occurs. Walk backwards. How far back can I go and still sustain my business? Now, there may be other procedural things you can do to catch up as close to that RPO and zero as you can, but each of these technologies that we're talking about give you a different RPOs, like rewinding a tape back to a point in time. So, that's the first place to start. >> Okay. So, let's bring up that slide actually. I actually liked this as the fireball slide I call it, but this is how people measure sort of the business impact, if you will, RPO and RTO. And what I like about this is in this digital world, it's kind of a cliche, but everything's getting more intense. People want, they don't want to lose data when you ask a customer, how much data are you willing to lose? They say none. >> None. >> And you say, well, how much are you willing to pay? So, Ken, I wonder if you could sort of describe that tension and that dynamic that's really underscored in this slide. >> Yeah. Oh, yeah, you hit it on the head David. It's the traditional trade off between RPO, RTO and cost. As Doc described with RPO, the objective would be to get as close to zero data loss as you could possibly get, with RTO which measures the time associated with how long will it take you to get back to your acceptable level of RPO. That is a time factor where for every minute or second, that goes by that you're not in business, that's the extension of the RTO. And historically, the closer you get as you approach zero RPO and zero RTO, usually the greater the cost goes up. And it's always been the eternal trade off, is a great analogy. It's sort of like if you want to buy a car. RPO equates for the quality of the solution, RTO is time or speed and cost is cost. If you buy a car, if it's good and it's fast, it won't be cheap. If it's good, and it's cheap, it won't be fast. And if it's fast, and it's cheap, it won't be good. So, usually that's the kind of tradeoff we will have to deal with there. And, the factors that will impact that, as Doc alluded to can be many. There's many aspects that you have to consider in terms of what is the service level that the business requires, and do we have solutions in place that can actually give us what is the real service level of the business requires if something were to go bad. >> Because, customers have gone through, unnatural acts, and Doc before you were kind of describing what some people would refer to as, as a three site, data centers and all kinds of things that people will do, but that brings us to active-active, Doc, what is active-active? >> Yeah, let me interject a point there, and then I'll get to your question about active-active. First is the question I can raise about service level, that's absolutely critical. And business may have different service levels for different applications. >> Dave: Right. >> And you never really know what that is. For example, I was working with a university a few years back, you normally think, well, universities is where they worried about, they're worried about their grading systems. Everybody's always worried about their financial systems. This particular university was worried about their golf course reservations system. (laughs) And their number one mission critical application, and I'm sure there was a little chunk tongue and cheek there as well, was the golf course reservation system because that directly impacted, there were alumni and had a direct correlation to the incoming donations for the following year. So, you never know what's going to be mission critical. Closer to home working very recently, there's a great case study from Aultman Hospital on a website. One of the things that they did, which I thought was absolutely astounding, was they took advantage of our offer to loan them free storage for a while, leveraging some of the COD that they're passing on demand that they weren't using. One of the reasons that they wanted this extra capacity was so that they can make telepresence available to their patients to visit with their families. At a time when families can't go into the hospital visit, when people are ill, what a great comfort to their family. So, this is a great way to look at it. When you think about these different service levels now, and you think about the different types of replication technologies that are available. Look at the multisite, what is multisite really doing for you? Multisite is giving you some level of synchronous replication so that you have an RPO of zero recovery point objective. It still may not be an RTO or zero, but it will be darn close to it. But more importantly, it's giving you an additional site to really maintain that RPO of zero in case the disaster radius, the blast area, the impact zone is even further away. Now, this isn't going to prevent any type of malicious intent, it's not going to prevent the ransomware case, and things like that, but it'll certainly prevent the catastrophic failure of the data center. What does active-active do? Well, active-active now, gives you the read write capability. And now our multisite implementation by the way, leverages our active-active. So, gives you the ability now to have the simultaneously running instance of an application in multiple data centers, reading and writing from the same dataset. And what that gives you, is not only an RPO of zero, but an RTO of zero, because now you can have an application in another data center stand in and take over for it. Naturally, the application needs to be able to do that. There are a lot of applications that are capable of it. The Oracle parallel server or rack technology, gives you that capability. There are other types of clustering technologies that will fail almost instantaneously, that will give you that capability. So, that's where really active-active comes into play. >> Yeah, makes sense for me. When I started the industry, the VAX clusters were sort of the now thing, right? >> Yup. >> (indistinct) (Dave chuckles) >> All right. So, what are you seeing in the marketplace? Are you seeing... What's the adoption look like? Are there any differences that you see by region? What can you tell us there? >> Yeah, it's interesting. Some of the first organizations that obviously jumped on to active-active type solutions, were those where there were in particularly, in things like financial services, some compliance requirements or financial incentives or motivation to make sure that the business was always operational. And it's interesting because there was a study that was done all the way back in 2003, by Roper, that asked business executives and IT executives the same questions relative to their perceptions of their companies or organizations ability to meet RPO or RTO service level agreements. >> Right. And we have some data on this that I want to bring up. So, this is the RPO data but please carry on. >> Ken: Exactly, and so they asked questions that really were about RPO or RTO. Hey, if a disaster hit, would you lose data and how much? And what the data showed was that the business executives and IT executives in Europe, were actually pretty much on the same page. They both said, yeah, we probably would lose some data or a reasonable amounts associated with it. But what was a little frightening, was there appeared to be a chasm of disconnect between the business executives, from the IT executives in the U.S. And what it showed was that the IT executives were on the same page as the European IT executives and the business executives from Europe, saying that, yeah, we'd probably lose some data. But it showed that very few of the business executives thought that they would. And then similarly, when they were asked the question about RTO, how long would it take? In terms of days, hours, et cetera, for your full operation to be back in operational and granted they were talking in 2003 terms back then, which was a little longer than where the technology can now address it now. There was, again, this consistency between the IT executives in both continents and countries, as well as the European business executives, but again, a disconnect where the business executives in the U.S thought, oh, no, we'll be fine. We'll have everything back in a couple of days or less than, it won't be an issue. In my opinion, in looking at that data, when it first came out, my impression was, well, now I understand why a lot of business continuity projects don't get approved because the IT people know that they need it, but the business executives have, if I could be so bold, an unrealistically optimistic view of their ability to achieve RPO and RTO, I'll give you a great example. There was a major high tech company around that timeframe that actually had a major outage in their email system. And email was not perceived to be at the time, ultra mission critical application for them. I know it seems strange in this day and age, but back then it was considered sort of an afterthought and they had a four hour SLA in case something went down where, hey, if we're down for four hours, we get it back and four hours, we're fine. And so, IT thought, they were doing a great job, 'cause they got it back in less than four. It was about three point something. And it turned out that the real impact of the business was so overwhelming, they had to completely overhaul the IT infrastructure that they've put in place to deliver that. So, it's an interesting issue, and it's the kind of thing where, as a result, I believe that as we sit here today in 2020, the disconnect in the U.S still exists. If you look across Europe, you tend to find a lot of deployments of active-active. The first country that probably did a ton of it was Germany, and then, lot of the other European countries did as well. For a multitude of reasons, you tend to see a lot of active-active deployments in Europe, but you don't see anywhere near as many as if I could be so bold, we probably should be seeing in the U.S, and I believe a major contributing factor to that is that there is still this disconnect, between business executives having a false sense of security that is unfounded by the infrastructures that they have in place. And if they were to ask their IT people, and maybe that's a good idea for them to talk more, they'd probably find that they're more exposed than they ever realized. >> Right. And of course in Europe, you've got, much tighter proximity, and you're up against borders of a 200 mile or a 200 kilometer roll, governments have tried to impose here, really can't be imposed in a lot of cases. Okay. Let's get into what you guys are doing here in the space. So, Doc, how do you approach ensuring access to mission critical data? What's INFINIDAT's angle? >> Yeah, I think it's several different layers that need to be applied here. The first INFINIDAT angle starts with the fact that our storage is a hundred percent data availability guarantee. It's simple enough. It's triple redundant architecture, seven nines reliability design, which equates to 3.16 seconds per year of downtime, which is less than a scuzzy time (laughs) I bet you know. Let's start with just, right, forget the nonsense, the system's are a hundred percent available guaranteed. We put some teeth behind that, and that's a great way to start. It's not necessarily going to fundamentally protect your data from site outages and network outages and server outages and things like that, so, let's be fed up and can go to in active-active infrastructure. And now you can take the system and put it either elsewhere behind a firewall on the same data center floor, or in a metropolitan area. Wherever you need it to be, separate power zones, separate networks zones, make it even more available. And then if you really want to go that next level of protection because you're worried about regional outages and things of that nature, multisite replication. But now it's up the ante even further. Let's look at the malicious intent, let's look at the data corruption. Let's look at all of the other possibilities of things that can happen to your data. So, implement snapshotting technology, in this snapshot technology, and InfiniBox is essentially free. There's no cost for the software, there is no performance impact because it's part of metadata updates that are happening all the time anyway. So, there's zero additional overhead of that. There's no additional, there's no copying of data going on with a snapshot, so there's no additional cost penalty associated with it. And you can snapshot this frequently for a Snapshot any of your data frequently to protect against data corruption. And if you're worried about some sort of malicious aspect, that's going to engage and perhaps gain access to the snapshots, we have immutable technology, and that is also free. It's there, it doesn't cost you anything other than the time it takes for the administrator to determine what the policy is. And now that can not be modified. It can't be deleted, it can't be modified, it can't be updated, can't be written to your inside whatever the polyp the defined policy is. So, now you're protected, you're a hundred percent availability, increase data hundred percent availability with active-active, and then increase your RPO capability with dissonance and protect yourself against data corruption with immutable snapshots. Or some combination of standard snapshots and immutable snapshots. >> Yeah, so, I was going to ask Ken, if this is a cost effective approach, but, I mean, it's free, it comes in the stack. >> That is the key word, and you both just said it. Standard and included functionality all based on that great snapshot technology, which was the foundation for it that Doc described. Active-active, standard and included, the ability to go to a third site for disaster recovery at the industry's lowest asynchronous RPO with a remote site. Standard and included, immutable snaps, standard and included. So, compared to traditional views of what most people had back to our illustrious triangle earlier of RPO versus RTO versus cost, you're still going to have the additional cost of media and remote site for protecting your data, obviously, but in terms of software license costs, we're making it simpler, we're making it easier, we're making it standard and included, and we're just making it so much more readily available for organizations to be able to achieve superior RTO and RPO at a cost point that maybe certainly is a little bit higher than just having that single system that Doc alluded to, it's still a hundred percent available, but it's way below what the expectations of this industry have been over the last 20 years. >> Yeah, which is double, triple, I mean easily. Well, can I understand you for a second. You've worked for a lot of different storage companies, Doc you as well, but how different is this? How unique is this? >> There are surprisingly few vendors that can offer true zero RPO at two zero RTO. There's really only a handful. We're one of them. And by handful, I mean about three in the industry, including ourselves, and where I think we differentiate is fundamentally to a lot of those points we just mentioned. The software standard and included so we're not going to charge you extra for it. It's going to be relatively simple to deploy and integrate a stock alluded to earlier with server cluster software and the key components that people would use there in terms of databases and in terms of operating systems. And it's fundamentally going to be able to offer not just that zero RPO, zero RTO active-active environment, but if you do, and when you do need to go to a third site at distance for the true disaster recovery, if you ever lost a metropolitan area, we're going to be able to do it at an RPO that is lower than anything else on the market. >> Doc, are there complexities associated with doing this at petabyte scale? I mean, you guys make a big deal out of that, and you're clearly excited about it, but, is it extra hard to do at that kind of volume at scale? >> I'm going to give you two answers, and say, yes, it's incredibly difficult to do, but then I'm going to say it's incredibly easy for the customer to do because we've made it easy. There a lot of ramifications to doing things at petabyte scale. There's the size of the caching cables that you don't have to worry about. There's the numbers of things that need to be checked, and counter checked and constantly crosscheck for validity. There's also the scale of things that happen like silent data corruption that need to be factored in. All of those things are being done by InfiniBox, on a constant basis with no impact to the customer, no impact to the administrator, no impact to the running application. And I think that's a frankly, another differentiator as well. Ken and I have some common history as well. (chuckles) Used to constantly talk about internally, what happens as things get larger, systems slow down. That simply doesn't happen with InfiniBox. And that's why service providers use us as well. Cloud service providers managed service providers are some of our biggest customers. Because they know they can have these large scale systems running with all these different workloads, all these different functions, be they snapshots, clones, whatever they are, with no impact and very easy and rapid to deploy. >> Yeah, I set up top, you got to be storage hardos to make this stuff work. (laughs) It's very complicated and we've seen it for years and years. Last question. Again, huge changes in the last 150 days where people are just really tuned in to things like digital transformation, I talked about security, business resiliency, business continuity. Where... I'll start with you Ken, how should users be thinking about this? What steps should they be taking like now? >> What a great question. And back to sort of where we started, because of the nature of how things have changed, more applications are mission critical than they've ever been before. And providing, and always on infrastructure to make sure that you can give your users and your customers and your business, the opportunity to stay alive in the face of just about anything that could happen has never been more important in the history of this industry. >> Doc, I'll give you the final word, you can pile on that. >> I think Ken summed it up really well, but I'm going to take a different twist on it. It's all about de-risking, and a lot of the CIOs and CTOs of companies that I've been talking to over the course of the past couple of months, have basically said, hey, my digital transformation initiatives are on hold right now because I've got to keep the lights on, I've got to keep my business running. In some cases, maybe I've had to sadly pare down my staff, but I've got, remote workers have got to worry about. So, find a partner that's going to de-risk your infrastructure for you. Take a look at some of the things that we've announced in the past few months as well. We'll take a lot of that risk way, not only from the availability perspective, but we're going to take the risk away from a cost perspective. If you want to talk about INFINIDAT, don't worry about things like, how am I going to migrate over to it? We're going to do that for you. We're going to work with you, we're going to come up with a plan, we're going to make as much of it non-disruptive as we can, and we're going to assume the cost of doing it. We're going to take away all the risk of availability. We just talked about all of that. We're going to give you guarantees, that are a hundred percent availability. We'll help you architect the right solution for you and we'll protect you moving forward. You might need some flex area of capacity as you work through some of these new applications and new initiatives, so, you've got to be willing to take the risk away with our elastic pricing models. Use the storage when you need it, return it when you don't, and you don't have to pay for it anymore. We'll make it that simple for you. We'll give you that cloud operating paradigm on premises, and by the way, no egress costs. (Dave laughs) >> Well, this is a hard problem for people because they've had to do the work from home pivot, IT people, specifically, I mean, they've had to spend to shore up that infrastructure and of course, organizations just saying, well, we're going to pull from other places, but, look, if you're not digital today, you're not being able to transact business. And so, you can't relax your business continuity plans, in fact, you have to evolve them. Guys, thanks very much for sharing your perspectives and insights on this whole notion of de-risking infrastructure with business continuity. Thanks for coming on. >> Thank you, Dave. >> Dave, is always a pleasure. Thank you. >> Cheers, and thank you everybody for watching, this is Dave Vallante for theCube, and we'll see you next time. (upbeat music)

>> Narrator: From theCube studios in Palo Alto in Boston, connecting with thought leaders all around the world. This is theCube conversation. >> Hi everybody. Welcome to theCUBE, this is Dave Vellante, and we're here to talk about a very important topic around de-risking infrastructure with business continuity. This is critical, especially in the era of COVID. And with me, to really explore this issue is Dr. Rico, who's the vice president office of the CTO at INFINIDAT Doc. Good to see you. >> Good to see you again, Dave. >> And Ken Steinhardt, is also here as a field CTO at INFINIDAT and I got to tell the audience, Doc, you're also the chairman of the Mass Motorcycles Association. You're a very cool guy. You're a pilot, you're a firearms instructor, all about safety, and Ken and Doc you're both musicians, right? Doc, I think he played the drums, and Ken, I know when we first met, you're a music guy, so wow. Surrounded by talent so, thank you so much for coming on. >> Glad to be here. Great to see you. >> For the other thing too is that you guys are long time storage industry experts. I've known you both for many, many years. INFINIDAT deep engineering expertise of course, everybody knows about Moshay, he created the most successful product in the history of the storage industry. And we're going to talk about the importance of data, especially in this era of COVID, and how mission criticality has really become more and more important. So, I want to start Doc with you and this notion of business continuity. How are you thinking about, and INFINIDAT thinking about business continuity in this isolation era? >> Well, that's a really great question Dave, because it has changed quite a bit. And as you said, we've known each other a long time, all the way back to when I still had hair, that was (indistinct). But, business continuity is something that every business constantly looks at throughout their evolution. And it's one of these things where certain applications are typically more mission critical than others. And lately, what we've seen is this genre of a lights out data center that has become absolutely critical operating a business today. People can't just be on site anymore. People need to be working remotely, and that includes data center personnel and in many respects. So, this whole concept of business continuity now encompasses not only the operation equipment that's on premises, or sometimes even off premises, but it also encompasses applications that people need access to that they may not have thought of mission critical before, because working from home was a convenience or working remotely was a convenience, not a requirement for that business. >> You, Ken, I know you talked to a lot of CIOs. I was sitting at a CIO round table with my friends down at ETR recently, and one of the CIO said, when COVID hit, we realized that our business quote unquote business continuity plans were just way too narrowly focused on DR. What do you see from the IT community? >> It's funny because I literally was on a CIO round table with the West Coast this morning. And there were a couple of interesting comments that really stuck out to me from some of the people there. One was commenting of just reaffirming, what Doc said, how much people are working from home now. They said, traditionally they'd had traditional offices and they've just recently hired in this company about 250 people. He said, all of them are going to be remote workers and their normal from here on out, for the next 150 they're looking to hire is just that business as usual will be remote work. And one of the other CIOs chimed in with a quote that really stuck out to me. He said, "Remote work requires always on infrastructure in this day and age." And it's just a whole new way of having to make sure that businesses are operational and their workers can do what they're supposed to do. >> Well, so let's stay on that. I mean, ransomware's on everybody's mind. I mean, all you have to do is look at the stock market, you see, what's happened with Zoom, it's exploded. All the end point securities, identity access management security companies are going crazy, because (chuckles) people are now so vulnerable. So, they're more exposed to ransomware, Ken, what do we really need to know about ransomware? First, the smart company, smart organization is the one that is prepared and assumes the worst. Which means don't think it can't happen to you, especially when you look at a couple of the more public examples in the last couple of years in particular. So, it means you must take steps to protect yourself, particularly for the sake of your company, your business, your employees, your shareholders, your customers, everyone else. And that means deploying technology that assumes that if the worst case scenario could happen to you, how do you make sure that you have taken the steps that you can avoid the worst possible scenarios that could happen? >> Well, you know, Doc, lot of times when you have this discussion on ransomware, people say, well, should I pay the ransom? And sometimes people say, well, yeah, maybe it should go. You hope you never get there, right? (chuckles) >> Right, you absolutely hope you never get there. There is such horrible examples of paying ransom that just don't work. Just look at the Somalia pirates as an example, right? It doesn't stop them at all, but, take a look at what the potential impact is, not the potential impact to your business and your employees, but the potential impact to society. A couple of years ago with Sony, was very notorious case. More recently, a couple of months ago, Garmin. As you mentioned, I'm a pilot, but I was very worried as what reservoir, a lot of people in the aircraft and in aviation industry. What's going to happen not only with our private information, the account information, but what's going to happen with avionics updates? If Garmin didn't have a fallback plan, a way to recover, then what was going to happen? And I'm sure they were going through the process and the thoughts of, should we pay this year? How else do we get out of this? But, fortunately they had a very good plan in place and it only took them a couple of days to restore back to normal operations. Arguably as far as avionics goes, they were lucky in the sense that this happened to them right in the middle of an update cycle, which is 28 day cycle. But the fact that it only took them a couple of days, congratulations to them. I'm sure that with even better plans and a little bit of extra effort, it could have been a matter of hours instead of days. >> Well, let's come back to business continuity. Ken, do you feel as though businesses are not prepared based on the conversation we were having earlier? >> Some are, some aren't. It will be getting into that, I think in a little bit more detail as well, but historically, organizations I think have focused far too much just on traditional disaster recovery, usually with things like some of the technologies that have been around a long while like backup, and onto often having focused towards the technologies that really do keep the business running without human intervention if something were to ever go wrong. >> So, Doc, anything you'd add to that? I mean, what's the state of business continuity from your perspective? Are people having to really starting to accelerate a journey because of this COVID? >> I absolutely think they're accelerating a journey. They're also looking now at, this concept of multiple active sites. The concept of active sites is not something new, it's something that dates back a couple of decades and a lot of the financial industry. When they were struck, they were looking at some very significant changes in their operational paradigm because they realized that the system is going down and is only a small percentage of the problem that people impact is far worse. The operational procedures, the human intervention. So, what they would do is typically build out multiple sites and rotate the applications between them. What they really haven't done yet, at least not on a broad scale and certainly not in the U.S and some cases in Europe, they started this journey, having applications running simultaneously in multiple sites accessing the same data sets. It's not a brand new concept, but it's something that has improved significantly. The technologies have improved significantly over the course of the past decade. And with the introduction of our active backend solution, a couple of years ago, even brought it to an entirely new level. >> The people aspect that Doc mentioned is so critical. And that's certainly been one of the key lessons learned when real disasters have occurred is that the systems have to be, if you really want to keep your business operating making an assumption that people are going to have depending upon the nature of the disaster. Very different priorities and one of them is not, Gee, do I keep these ITs systems running or not? They're going to be worried about their co-workers, their families, other things, et cetera. So, the ultimate has to be systems that are capable of continuing the operation of the business in the face of a site failure, a metropolitan area failure or whatever it takes without the requirement necessarily for human intervention. >> So, I want to get into active-active. But before we do, I wonder if we could do a little sort of data protection one on one, a back up, a replication, you got snapshots, Doc, what do we need to know about each in the context of this discussion? >> I think the important thing to look at when you think about the different types of technologies and say you apply the solutions is that some of them apply to specific equipment failures, and some of them apply to data failure. And I separate equipment from data in the sense that data can be corrupted in some shape or form. It can be through malicious attack, like ransomware as an example, only one example, other types of malware can play a factor as well, or it can be incidental. Somebody pressing the wrong button, it can be an operational procedure, perhaps another system failure that causes a change in the data or corruption in the data that makes it essentially unusable. So, whenever we're looking at this, we have to start with what is the recovery point objective. The RPO that's where most people start with. And in the RPO, in essence, if you think of time zero, right now, it's where the failure occurs. Walk backwards. How far back can I go and still sustain my business? Now, there may be other procedural things you can do to catch up as close to that RPO and zero as you can, but each of these technologies that we're talking about give you a different RPOs, like rewinding a tape back to a point in time. So, that's the first place to start. >> Okay. So, let's bring up that slide actually. I actually liked this as the fireball slide I call it, but this is how people measure sort of the business impact, if you will, RPO and RTO. And what I like about this is in this digital world, it's kind of a cliche, but everything's getting more intense. People want, they don't want to lose data when you ask a customer, how much data are you willing to lose? They say none. >> None. >> And you say, well, how much are you willing to pay? So, Ken, I wonder if you could sort of describe that tension and that dynamic that's really underscored in this slide. >> Yeah. Oh, yeah, you hit it on the head David. It's the traditional trade off between RPO, RTO and cost. As Doc described with RPO, the objective would be to get as close to zero data loss as you could possibly get, with RTO which measures the time associated with how long will it take you to get back to your acceptable level of RPO. That is a time factor where for every minute or second, that goes by that you're not in business, that's the extension of the RTO. And historically, the closer you get as you approach zero RPO and zero RTO, usually the greater the cost goes up. And it's always been the eternal trade off, is a great analogy. It's sort of like if you want to buy a car. RPO equates for the quality of the solution, RTO is time or speed and cost is cost. If you buy a car, if it's good and it's fast, it won't be cheap. If it's good, and it's cheap, it won't be fast. And if it's fast, and it's cheap, it won't be good. So, usually that's the kind of tradeoff we will have to deal with there. And, the factors that will impact that, as Doc alluded to can be many. There's many aspects that you have to consider in terms of what is the service level that the business requires, and do we have solutions in place that can actually give us what is the real service level of the business requires if something were to go back? >> Because, customers have gone through, unnatural acts, and Doc before you were kind of describing what some people would refer to as, as a three site, data centers and all kinds of things that people will do, but that brings us to active-active, Doc, what is active-active? >> Yeah, let me interject a point there, and then I'll get to your question about active-active. First is the question I can raise about service level, that's absolutely critical. And business may have different service levels for different applications. >> Dave: Right. >> And you never really know what that is. For example, I was working with a university a few years back, you normally think, well, universities is where they worried about, they're worried about their grading systems. Everybody's always worried about their financial systems. This particular university was worried about their golf course reservations system. (laughs) And their number one mission critical application, and I'm sure there was a little chunk tongue and cheek there as well, was the golf course reservation system because that directly impacted, there were alumni and had a direct correlation to the incoming donations for the following year. So, you never know what's going to be mission critical. Closer to home working very recently, there's a great case study from Aultman Hospital on a website. One of the things that they did, which I thought was absolutely astounding, was they took advantage of our offer to loan them free storage for a while, leveraging some of the COD that they're passing on demand that they weren't using. One of the reasons that they wanted this extra capacity was so that they can make telepresence available to their patients to visit with their families. At a time when families can't go into the hospital visit, when people are ill, what a great comfort to their family. So, this is a great way to look at it. When you think about these different service levels now, and you think about the different types of replication technologies that are available. Look at the multisite, what is multisite really doing for you? Multisite is giving you some level of synchronous replication so that you have an RPO of zero recovery point objective. It still may not be an RTO or zero, but it will be darn close to it. But more importantly, it's giving you an additional site to really maintain that RPO of zero in case the disaster radius, the blast area, the impact zone is even further away. Now, this isn't going to prevent any type of malicious intent, it's not going to prevent the ransomware case, and things like that, but it'll certainly prevent the catastrophic failure of the data center. What does active-active do? Well, active-active now, gives you the read write capability. And now our multisite implementation by the way, leverages our active-active. So, gives you the ability now to have the simultaneously running instance of an application in multiple data centers, reading and writing from the same dataset. And what that gives you, is not only an RPO of zero, but an RTO of zero, because now you can have an application in another data center stand in and take over for it. Naturally, the application needs to be able to do that. There are a lot of applications that are capable of it. The Oracle parallel server or rack technology, gives you that capability. There are other types of clustering technologies that will fail almost instantaneously, that will give you that capability. So, that's where really active-active comes into play. >> Yeah, makes sense for me. When I started the industry, the VAX clusters were sort of the now thing, right? >> Yup. >> (indistinct) (Dave chuckles) >> All right. So, what are you seeing in the marketplace? Are you seeing... What's the adoption look like? Are there any differences that you see by region? What can you tell us there? >> Yeah, it's interesting. Some of the first organizations that obviously jumped on to active-active type solutions, were those where there were in particularly, in things like financial services, some compliance requirements or financial incentives or motivation to make sure that the business was always operational. And it's interesting because there was a study that was done all the way back in 2003, by Roper, that asked business executives and IT executives the same questions relative to their perceptions of their companies or organizations ability to meet RPO or RTO service level agreements. >> Right. And we have some data on this that I want to bring up. So, this is the RPO data but please carry on. >> Ken: Exactly, and so they asked questions that really were about RPO or RTO. Hey, if a disaster hit, would you lose data and how much? And what the data showed was that the business executives and IT executives in Europe, were actually pretty much on the same page. They both said, yeah, we probably would lose some data or a reasonable amounts associated with it. But what was a little frightening, was there appeared to be a chasm of disconnect between the business executives, from the IT executives in the U.S. And what it showed was that the IT executives were on the same page as the European IT executives and the business executives from Europe, saying that, yeah, we'd probably lose some data. But it showed that very few of the business executives thought that they would. And then similarly, when they were asked the question about RTO, how long would it take? In terms of days, hours, et cetera, for your full operation to be back in operational and granted they were talking in 2003 terms back then, which was a little longer than where the technology can now address it now. There was, again, this consistency between the IT executives in both continents and countries, as well as the European business executives, but again, a disconnect where the business executives in the U.S thought, oh, no, we'll be fine. We'll have everything back in a couple of days or less than, it won't be an issue. In my opinion, in looking at that data, when it first came out, my impression was, well, now I understand why a lot of business continuity projects don't get approved because the IT people know that they need it, but the business executives have, if I could be so bold and unrealistically optimistic view of their ability to achieve RPO and RTO, I'll give you a great example. There was a major high tech company around that timeframe that actually had a major outage in their email system. And email was not perceived to be at the time, ultra mission critical application for them. I know it seems strange in this day and age, but back then it was considered sort of an afterthought and they had a four hour SLA in case something went down where, hey, if we're down for four hours, we get it back and four hours, we're fine. And so, IT thought, they were doing a great job, 'cause they got it back in less than four. It was about three point something. And it turned out that the real impact of the business was so overwhelming, they had to completely overhaul the IT infrastructure that they've put in place to deliver that. So, it's an interesting issue, and it's the kind of thing where, as a result, I believe that as we sit here today in 2020, the disconnect in the U.S still exists. If you look across Europe, you tend to find a lot of deployments of active-active. The first country that probably did a ton of it was Germany, and then, lot of the other European countries did as well. For a multitude of reasons, you tend to see a lot of active-active deployments in Europe, but you don't see anywhere near as many as if I could be so bold, we probably should be seeing in the U.S, and I believe a major contributing factor to that is that there is still this disconnect, between business executives having a false sense of security that is unfounded by the infrastructures that they have in place. And if they were to ask their IT people, and maybe that's a good idea for them to talk more, they'd probably find that they're more exposed than they ever realized. >> Right. And of course in Europe, you've got, much tighter proximity, and you're up against borders of a 200 mile or a 200 kilometer roll, governments have tried to impose here, really can't be imposed in a lot of cases. Okay. Let's get into what you guys are doing here in the space. So, Doc, how do you approach ensuring access to mission critical data? What's INFINIDAT's angle? >> Yeah, I think it's several different layers that need to be applied here. The first INFINIDAT angle starts with the fact that our storage is a hundred percent data availability guarantee. It's simple enough. It's triple redundant architecture, seven nines reliability design, which equates to 3.16 seconds per year of downtime, which is less than a scuzzy time (laughs) I bet you know. Let's start with just, right, forget the nonsense, the system's are a hundred percent available guaranteed. We put some teeth behind that, and that's a great way to start. It's not necessarily going to fundamentally protect your data from site outages and network outages and server outages and things like that, so, let's be fed up and can go to in active-active infrastructure. And now you can take the system and put it either elsewhere behind a firewall on the same data center floor, or in a metropolitan area. Wherever you need it to be, separate power zones, separate networks zones, make it even more available. And then if you really want to go that next level of protection because you're worried about regional outages and things of that nature, multisite replication. But now it's up the ante even further. Let's look at the malicious intent, let's look at the data corruption. Let's look at all of the other possibilities of things that can happen to your data. So, implement snapshotting technology, in this snapshot technology, and InfiniBox is essentially free. There's no cost for the software, there is no performance impact because it's part of metadata updates that are happening all the time anyway. So, there's zero additional overhead of that. There's no additional, there's no copying of data going on with a snapshot, so there's no additional cost penalty associated with it. And you can snapshot this frequently for a Snapshot any of your data frequently to protect against data corruption. And if you're worried about some sort of malicious aspect, that's going to engage and perhaps gain access to the snapshots, we have immutable technology, and that is also free. It's there, it doesn't cost you anything other than the time it takes for the administrator to determine what the policy is. And now that can not be modified. It can't be deleted, it can't be modified, it can't be updated, can't be written to your inside whatever the polyp the defined policy is. So, now you're protected, you're a hundred percent availability, increase data hundred percent availability with active-active, and then increase your RPO capability with dissonance and protect yourself against data corruption with immutable snapshots. Or some combination of standard snapshots and immutable snapshots. >> Yeah, so, I was going to ask Ken, if this is a cost effective approach, but, I mean, it's free, it comes in the stuff. >> That is the key word, and you both just said it. Standard and included functionality all based on that great snapshot technology, which was the foundation for it that Doc described. Active-active, standard and included, the ability to go to a third site for disaster recovery at the industry's lowest asynchronous RPO with a remote site. Standard and included, immutable snaps, standard and included. So, compared to traditional views of what most people had back to our illustrious triangle earlier of RPO versus RTO versus cost, you're still going to have the additional cost of media and remote site for protecting your data, obviously, but in terms of software license costs, we're making it simpler, we're making it easier, we're making it standard and included, and we're just making it so much more readily available for organizations to be able to achieve superior RTO and RPO at a cost point that maybe certainly is a little bit higher than just having that single system that Doc alluded to, it's still a hundred percent available, but it's way below what the expectations of this industry have been over the last 20 years. >> Yeah, which is double, triple, I mean easily. Well, can I understand you for a second. You've worked for a lot of different storage companies, Doc you as well, but how different is this? How unique is this? >> There are surprisingly few vendors that can offer true zero RPO at two zero RTO. There's really only a handful. We're one of them. And by handful, I mean about three in the industry, including ourselves, and where I think we differentiate is fundamentally to a lot of those points we just mentioned. The software standard and included so we're not going to charge you extra for it. It's going to be relatively simple to deploy and integrate a stock alluded to earlier with server cluster software and the key components that people would use there in terms of databases and in terms of operating systems. And it's fundamentally going to be able to offer not just that zero RPO, zero RTO active-active environment, but if you do, and when you do need to go to a third site at distance for the true disaster recovery, if you ever lost a metropolitan area, we're going to be able to do it at an RPO that is lower than anything else on the market. >> Doc, are there complexities associated with doing this at petabyte scale? I mean, you guys make a big deal out of that, and you're clearly excited about it, but, is it extra hard to do at that kind of volume at scale? >> I'm going to give you two answers, and say, yes, it's incredibly difficult to do, but then I'm going to say it's incredibly easy for the customer to do because we've made it easy. There a lot of ramifications to doing things at petabyte scale. There's the size of the caching cables that you don't have to worry about. There's the numbers of things that need to be checked, and counter checked and constantly crosscheck for validity. There's also the scale of things that happen like silent data corruption that need to be factored in. All of those things are being done by InfiniBox, on a constant basis with no impact to the customer, no impact to the administrator, no impact to the running application. And I think that's a frankly, another differentiator as well. Ken and I have some common history as well. (chuckles) Used to constantly talk about internally, what happens as things get larger, systems slow down. That simply doesn't happen with InfiniBox. And that's why service providers use us as well. Cloud service providers managed service providers are some of our biggest customers. Because they know they can have these large scale systems running with all these different workloads, all these different functions, be they snapshots, clones, whatever they are, with no impact and very easy and rapid to deploy. >> Yeah, I set up top, you got to be storage hardos to make this stuff work. (laughs) It's very complicated and we've seen it for years and years. Last question. Again, huge changes in the last 150 days where people are just really tuned in to things like digital transformation, I talked about security, business resiliency, business continuity. Where... I'll start with you Ken, how should users be thinking about this? What steps should they be taking like now? >> What a great question. And back to sort of where we started, because of the nature of how things have changed, more applications are mission critical than they've ever been before. And providing, and always on infrastructure to make sure that you can give your users and your customers and your business, the opportunity to stay alive in the face of just about anything that could happen has never been more important in the history of this industry. >> Doc, I'll give you the final word, you can pile on that. >> I think Ken summed it up really well, but I'm going to take a different twist on it. It's all about de-risking, and a lot of the CIOs and CTOs of companies that I've been talking to over the course of the past couple of months, have basically said, hey, my digital transformation initiatives are on hold right now because I've got to keep the lights on, I've got to keep my business running. In some cases, maybe I've had to sadly pare down my staff, but I've got, remote workers have got to worry about. So, find a partner that's going to de-risk your infrastructure for you. Take a look at some of the things that we've announced in the past few months as well. We'll take a lot of that risk way, not only from the availability perspective, but we're going to take the risk away from a cost perspective. If you want to talk about INFINIDAT, don't worry about things like, how am I going to migrate over to it? We're going to do that for you. We're going to work with you, we're going to come up with a plan, we're going to make as much of it non-disruptive as we can, and we're going to assume the cost of doing it. We're going to take away all the risk of availability. We just talked about all of that. We're going to give you guarantees, that are a hundred percent availability. We'll help you architect the right solution for you and we'll protect you moving forward. You might need some flex area of capacity as you work through some of these new applications and new initiatives, so, you've got to be willing to take the risk away with our elastic pricing models. Use the storage when you need it, return it when you don't, and you don't have to pay for it anymore. We'll make it that simple for you. We'll give you that cloud operating paradigm on premises, and by the way, no egress costs. (Dave laughs) >> Well, this is a hard problem for people because they've had to do the work from home pivot, IT people, specifically, I mean, they've had to spend to shore up that infrastructure and of course, organizations just saying, well, we're going to pull from other places, but, look, if you're not digital today, you're not being able to transact business. And so, you can't relax your business continuity plans, in fact, you have to evolve them. Guys, thanks very much for sharing your perspectives and insights on this whole notion of de-risking infrastructure with business continuity. Thanks for coming on. >> Thank you, Dave. >> Dave, is always a pleasure. Thank you. >> Cheers, and thank you everybody for watching, this is Dave Vallante for theCube, and we'll see you next time. (upbeat music)