 from the Wynn Resort in Las Vegas. It's theCUBE, covering .NEXT Conference 2016. Brought to you by Nutanix. Now here are your hosts, Dave Vellante and Stu Miniman. We're back, this is theCUBE, SiliconANGLE Media's flagship production. We're here covering .NEXT. This is our second day of wall-to-wall production. Bob DeSauce here, he's the director of IT and Info, heads the Info Security Office at Hallmark Business Connections HBC. Bob, welcome back to theCUBE. Thanks, glad to be here. So, HBC, give us the update, tell us about what you guys do. Yeah, so we are the B2B arm of Hallmark cards that everyone knows and loves. Our focus is really around relationships and incentives. So we play in a couple different markets. There's a customer incentive program, there's an employee incentive program, there's wellness engagement programs, and what we do is we help clients who wish to execute against those things, those values, we help them put together programs. We do that through the use of traditional greeting cards, we do that through the use of gift cards, we have 350 merchant partners that we work with, and really it's pretty straightforward. It's, you want to incense some sort of behavior, we help you build that program and we help you execute against that. How long do the typical programs last, Bob? You know, we've had some that are lifelong. It's the average program is three to five years, and it depends on the segment. The customer mass engagement ones can be single engagements or they could be multi-year engagements, but the wellness engagement and the employee recognition engagement, those tend to be longer relationships. Is that like as a service engagement or is it more of like a project with a beginning and an end? Is it? A little of both. You tend to see the waterfall approach used a great deal when it comes to implementing these projects, while the software platform that supports that is definitely developed in an agile methodology, the implementation of the programs tends to be elongated. They're somewhat complex. And in the business model, is it a ratable revenue, a subscription revenue, or is it? It's not, we're kind of looking at that as an option. Today it's a fixed fee. Right, okay. Typically we also claim a service fee if there's a transaction with a merchant. So that's interesting and that has implications. That investigation of a subscription-based model, you're talking about waterfall versus agile, has it real? The business model has implications as to how you develop, doesn't it? It absolutely does. And I think we're finally starting to have those conversations at the leadership level at HBC. We've got a relatively new president in place. We've got a new CIO in place. We're relatively new CFO in place and we're starting to get some traction around those conversations. We're starting to talk about doing business as a cloud provider. So we'll talk a little bit about the waterfall versus the agile and scrum methodology. I mean, this sort of hits the hot topic these days. People talk about DevOps and obviously, everybody wants the new shiny toy, but there's certainly places for waterfall with existing apps, existing processes. The tools work. You can't just jam scrum into that process, can you? Right, no, and we've actually tried that on a number of occasions. We've got a project management office that believes wholeheartedly in the agile development methodology. However, for example, our ERP implementation, they've been trying to turn that into an agile project for two years now and we continue to lose ground on that. So those kinds of projects tend to lend themselves well to waterfall. Again, those customer implementations I talk about where there's a lot of moving parts, there's complexity in how you configure each of those programs. That takes a lot of requirement gathering, a lot of VA and customer interaction. That lends itself well to waterfall. In contrast, when we develop the software products that we use to engage our customers, product we call Iris, that really is an iterative kind of thing. It was a, I guess it was a monolithic application for a long time, but with the new tools, with the new mindset around DevOps, they've started to build microservices. They've started to extract or abstract some of the front ends from the back ends. And so the logic is now abstracted from the presentation and those kinds of things, those definitely lend themselves well to iterative. Fail often, fail fast, those kinds of things. And we've learned a great deal doing that. And one of the reasons I was brought into HBC three years ago was that I do have experience both in infrastructure and software development. And we were doing what's popularly called DevOps long before it had a name. And it was really just a practical issue at that point. It was, how do you remove the constraints in the software development lifecycle value stream? And the number one constraint when the software development teams went agile was their inability to make an agile infrastructure. So I've got all this great code and I've got all this wonderful set of features and I want to put them out, but you can't give me a server. Well, we had to fix that. And so that was why I was brought in. And we started looking at ways to change the conversation between Dev and Ops. We brought in a couple of folks that were generalists and turned them loose with some of the new methodologies, tools. And we started having that conversation. And now we're starting to implement tools that are much more DevOps friendly, open source friendly. We're going to use a Git server for our file repository or source repository. We're going to be using Octopus for deployments. We're going to be using Puppet for orchestration. These are things that we weren't even talking about six months ago. So it's pretty exciting. So Bob, can you explain to us a little bit the interaction between kind of that DevOps tooling and the infrastructure you have? Because you talk at this show, Nutanix is more than VDI, but most of the applications that are deployed are, the same stuff that was sitting on your VMware sand, we just kind of move that over. So maybe if you can walk us through some of that. Sure. Well, originally when we brought Nutanix in, it was for a point solution. It was really about business analytics, business intelligence. And what we saw when we implemented that was that we had an opportunity to increase performance of a lot of our workloads. And we felt very confident in the infrastructure. And so we began the process of getting that vetted as our next generation data center. And so we've actually moved all of our customer facing critical workloads to Nutanix. We're not running that on any of the legacy infrastructure anymore. We're running some of the backend systems and things of that nature. I think though that one of the critical components, you mentioned we simply moved the workloads. And that's true in one sense, but it's also not true in the sense that while this was occurring in the infrastructure, we had software development occurring on the software. And we started to get these microservices. So these small micro apps that handle things like ordering of awards and redeeming awards. They now have their own micro app. While we still have the legacy backend systems, we now have a front end system that's much more agile and can play in that environment a little bit more. And so now the discussion has really turned around and we started to talk more about automation, orchestration and doing things through code. Which is, that's our next step. So the micro apps communicate to the backend through a distraction layer. That's right. The API that you guys developed. That's correct. The APIs are all developed in-house. That's awesome. Now when you describe the situation where the developers are running into a bottleneck because I need server, I need compute and I can't get it. How did you specifically solve that problem from an infrastructure perspective? Well I'm not sure that we've totally solved that problem. It's a process. I can tell you that when we deploy a server today, the process is more streamlined and we're less worried about capacity constraints than we were and so we have a better understanding about how to do it and we can do it in days rather than weeks. But so can you unpack that a little bit? Why, I mean, so how are you solving that problem? You're in the midst of solving it, but it's, everybody talks about infrastructure as code, but is it the developers who are provisioning now their own compute or is it still, I got to put in a request and the ops guys are much more agile? Yeah, I think it's the latter right now. We'd like to get to the point where we could do self-service. It's not realistic today, both in terms of a security and compliance standpoint as well as a capacity standpoint. We want to make sure we're managing the workflows. And again, I mentioned compliance. We have to have a segregation of duties. We've got sensitive data in those systems and so developers don't have access to those prod environments today. But what we have done is, I created this group. There's really just two people in it today that are focused on that DevOps value chain. Not to say they're DevOps people, it's just that they're focused on those ideals and they're integrated with our development team, even though they're on the operations team. And so they're bringing a better understanding about both sides' needs and so the dialogue is occurring and I think if nothing else, it's the dialogue and the collaboration that's driven the efficiencies that we're seeing. Now I think the next step in the evolution is going to be the automation through code. Infrastructure as code is something we're talking about a lot now. We're looking at Puppet to start kickstarting us in that direction. I'm not sure we know what to do with it yet, so we're still trying to figure that out, but we're bringing the tools in, we're having the discussions and we've got people focused on it, so we're going to figure it out. So what I'm trying to get to is Stu, you can help me with this, so you've seen the ads, right? We've seen them, it says you need VMware, you want Amazon, and then the answer is Nutanix, right? So we've been talking all week about mimicking cloud-like function and is it possible with this platform? I think it is. I'm not sure that I need a whole AWS platform in my house, but there are aspects of it that are important to us, and I think overall the idea is very exciting. Particularly for someone like me, I'm asked at the leadership level, why shouldn't we go to an AWS, right? It's OpEx, it's predictable, it's scalable, then I put my information security hat on, and I'm like, but I don't want that out there in the cloud, I want that in my data center where I can protect it. And so Nutanix offers us a balance there. It allows us to do a lot of the same things in the cloud way, and eventually we'll get to do more and more of those as the software kind of falls in line with this idea of the infrastructure. Well, it's interesting, I've looked back a few years ago, we go to Amazon re-invent, it's all developers that were there, and they're starting to do more to the enterprise and talk to more. I mean this show, you're the first conversation I've had on kind of the developer stuff in the week so far, not to say that there's not others doing it, I know you had a panel you were on, but you talk about that Amazon experience being ready for that modernization. The developers, how much do they know about it, care about it, does it just make the infrastructure invisible so that they don't need to worry about it? I think there's two camps. I think at HBC, there are the junior developers who kind of want to focus on just writing the code, and then there are those that are true software engineers, those have been doing this for a while, they're hungry for that knowledge. We've got a couple of architects that are very, very eager to learn more about the infrastructure, and so that's why we put these two folks from the operations group with them so that they can grow together, and so you've got the two folks in operations learning a bit more about development, and you've got the two architects in development learning a lot more about infrastructure, and they're picking the tool set together, they're building the processes together, and we're kind of vetting it as an enterprise architecture group, but the reality is the practitioners are developing what we're going to be doing in the coming years. Okay, so you've also got security under your peer view. I do. Part of the discussion about DevOps, and you'll be doing continuous integration, continuous deployment, in theory there should be a match because security, one of the worst things you can have is have old code in there and there's all sorts of vulnerabilities, so can you walk us through how DevOps is impacting security and what is the Nutanix angle there? Yeah, so there's this new term I've been seeing lately, DevSecOps, and I kind of like it. That's new to me, but. Well, I have been reading it in some of the blogs lately and I've kind of co-opted it, and the idea is that security can be treated exactly the same as any other type of infrastructure or code. We're using a tool called FXCOP to do static code analysis, part of its job is to look for security vulnerabilities, to check to make sure style guides are being followed and those kinds of things, and if you automate that along with your regression tests and your integration tests, and eventually you automate that into your builds, then you should have a certain amount of reassurance that what you're deploying is safe. Now I'm not sure we're there yet, but conceptually I think it's there. I think where Nutanix is going to help us there is through partnerships they have with companies like Alumeo and V-Armor that are going to help us remove some of the physical security appliances that we currently have and turn them into virtual rule sets, for example, and as long as you can script within those rule sets, those policies that you build, I think you're going to be reassured that what you deploy is going to be secure, it's going to be safe, and it's going to be effective for the customer. Bob, can you clarify your comments on the public cloud, you know, Amazon, and you said you thought about putting your security hat on, and I'm inferring that you're saying, well, I can control security in my four walls, and I'm nervous, but I want to understand your perspective. Yeah, I'm not entirely sure that I can control it, control is just an illusion. I actually think that Amazon and Microsoft do a wonderful job of securing those platforms. You know, it's really more about the trust conversation I have with clients and partners. They just feel more safe and secure knowing that their data is in our data center and it's well known where it is and how it's classified. When you put something in a public cloud infrastructure, you're not always sure exactly where it physically lives, and that's a problem for some of those folks. So you're saying your organization, you can deal with the sales objection more easily. I think that's right. And that's a business decision that you're making. It really is. All right, we'll give you the final word, Bob. Dot next, 2016, what are some of the takeaways, some of the things that you've learned when you go back and talk to your colleagues? Yeah, so I mean, it's always about the people for me, right, you get to meet lots of great people here. I'm learning about the great partnerships that Nutanix have cultivated over the last couple of years since we've been customers. I'm particularly interested in where security's going with this type of platform. And I'm loving what I'm hearing in terms of really creating that full featured platform that the folks at Nutanix were promising when I first signed up. It's happening, I'm excited about it and I can't wait to get back to using it. That's great. Well, Bob, thanks very much for coming on theCUBE. Thanks for having me. I'm Bob Lovops in Infrastructure, where this really appreciate it. All right. All right, keep it right there, everybody will be back with our next guest right after. This is theCUBE, we're live from the win in Las Vegas, right back.