 This is theCUBE, we're live here. This is day two and we're unpacking data protection. We're going to talk about the market trends generally, but also specifically what's going on within Oracle. Guy Churchward is here. He's the president of the EMC VRS division and he is joined by Steven Manley, who's the CTO. Both are CUBE alums, long-time CUBE guests and friends, gentlemen, welcome back. Good to see you again. Thank you, appreciate it. I'm glad to be here, man. So Guy, I'm going to start with you. You've been on about a year now. What have you learned? Anything that surprised you and anything that really pleased you? So what have I learned? Definitely never follow Manley. You know, that was my sort of plight into this country. You're like, well, did you an elevator? Just blackmail, he got me here by blackmail. I mean, I haven't seen my wife now for about a year and a half. But in all seriousness, what's really interesting in the last year is just seeing the acceleration of interest around back-up recovery and into the data protection and then obviously into data management. Whereas before it used to be a checkbox and it was kind of uninteresting, stuck in the back of the archives of IT, now it's something which is absolutely critical to the business driving forward. And actually, we talked about it at launch around it being really back-up recovery being the long pole now around IT innovation. I truly believe that. So we're bringing it into a much more trendy way of executing it from the marketplace. So that's something, so the speed of which you have to innovate in this space has changed exponentially in the last few years, for sure. You came into this role with obviously a little bit of experience in the industry. Large division at EMC, doing well but transforming. Anything that surprised you in the last 12 months that you didn't expect? I think that from a level of complexity, I mean, one is I'm blessed with joining EMC. I am loving it. I mean, in other words, every day is a new challenge, which is good. We've progressed through the organization. I think the criticality of BRS as a division to EMC is now being seen. So for instance, the keynote today, it was covered quite extensively by both Joe and Jeremy, which is great. And I think that the sort of the move towards data center consolidation and now into the service provision side and into cloud has come at us much more aggressively. And I think that this is something which I've been surprised at just how fast the adoption of each of these spaces has been. Specifically, IT wanting to enable themselves as being a service provider. Now I want to come back to that. Stephen, I want to go to you. Two years ago, you laid out the vision that EMC has been now on a path for 24 months. I want you to sort of briefly describe that vision and talk about specifically what it means to Oracle customers. So the basics of the vision are pretty simple, that you really do need to transform the way you do backup from really what was kind of a my way or the highway, traditional legacy backup architecture to something much more of how do I put back up into kind of an IT as a service mindset. And our approach for that really is, we call it the protection storage architecture and it really comprises, you need three loosely coupled components. So one basic anchor is, you got to find the right protection storage. So for 20 years in this industry, the answer for protection storage was, wow, it's tape. And then you just debated which kind of tape you were getting. At this point though, the answer is by default, well no, it's deduplicated disk and you want to find the right type of deduplicated disk as your anchor, something that's going to work across your entire environment. The second piece then, and this is where it's going to come into play a lot with the Oracle teams is, and then you really need to plug in with the sources of the data. So think of that as, you know, obviously last month we were at VMworld, so you're hypervisor. A few months ago we were at EMCworld, plugging in with your primary storage. Now we're at Oracle Openworld, and it's very much how do you plug in with your application. But in each of those cases, you really need to be able to plug in with those data sources to get the intelligence that they offer, both from a data flow, you know, making the backup and recovery fast, as well as the control. So giving those administrators more visibility into the protection. And then the last piece is that data management services that you pull to tie everything together. So regardless of how you're protecting the data, regardless of what the environment looks like, your backup team needs that visibility across all the different ways that you protect their data, be it from a storage stack, from an application level, from a hypervisor level, or from a traditional backup layer. So we've really been on that journey of delivering the protection storage architecture. And basically every few months or so there's another step forward. Obviously one of the areas that we've really led here was the database administrators. In most environments that we went into, I think the DBAs and the backup team, that was the source of the greatest pain. You know, there was, it was, you know, one of the lines I heard very early on in this job was a DBA just complaining bitterly about the backup team. And what the DBA said was, look, you know, the backup guys keep telling me that they've protected my data, that it's safe, that I should trust them. But I have no visibility into it. Back box. Back box. And the guy said, you know, it's hard for me to trust the backup team because really, if they were smarter, they'd have been DBAs. So, so, so you had this tension between- So no, I don't, we don't trust you and we insult you. Yeah, that was basically it, right? Let's get started. The backup guy was sitting right next to him when he said it. So a lot of what we've been working on is there was a lot of tension in that relationship. And we've really been helping with the service mindset of, all right, the backup team really can offer the services that the DBA needs. And the DBA gets that visibility and that comfort into the protection. And so as we've moved into this new architecture, I'd say by far the database administrators and those Oracle workloads have been the most aggressive to adopt. So be more specific on what's in it for the, what's in it being data protection as a service. What's in it for the DBA? So there's really two things, right? So the first thing for the DBA is you get visibility into what's going on. No more black box, right? So if I'm an Oracle admin, right? You saw a lot of what Jeremy showed on stage today with enterprise manager and recovery manager and how you can use those interfaces, which Oracle's done a great job of building out. So the DBA gets to do their own backups, gets to run their own recoveries. The second thing they get is as Oracle makes optimizations in how they protect their database. And again, Oracle's been great at that. They've done obviously the block change tracking. They've worked on incremental merge. Our man itself in their integration with our boost technologies, Oracle continues to move that bar forward. Well, by letting the DBA have a little more control over the protection, they also get those performance advantages. So they get the visibility and they get the better performance. If you're a DBA, what more could you ask for? So I was joking this morning about the cozy relationship between Stafford Katz and Joe Tucci. The technology industry is being more and more like sports industries. You come to these events and there's lots of music and there's a lot of fanfare and then you get friends competing on the field to play. And there's a lot, it was clearly a lot of mutual respect, but I want to ask you guy, EMC this morning in its keynote laid out a vision of horizontal infrastructure, supporting diverse applications across the portfolio. And we've been hearing all week, all year, for the last two or three years. And we heard again from Thomas Curian at Oracle, the red stack, the vertically integrated approach. That's how we're going to compete. I wonder if you could give us your perspectives on the industry in terms of juxtaposing those two philosophies. Yeah, so for us, what we look at, and in fact, Stephen Coyne is saying about two years ago, which is the accidental architecture. I kind of want to dig in like that, but. And the concept of this, and again about six weeks ago, we were talking about people bring your own backup to market. One of the things that challenges you, you have to centralize, you have to centralize all of your data for certain reasons, right? So for instance, Thomas Curian, I think in the afternoon, was talking on the keynote about big data. Big data analytics means that you have to put all the data in a centralized location, contextualize it, and then basically understand how to drill it for IT operations, security forensics, for that type of needs. And then exactly the same thing is, the more you centralize the data, in other words, pull it into a centralized point, you actually can get efficiencies out of it, either driving it from deduplication standpoint, or from a security, so in other words, you're actually ring fencing one thing, or from a data analytics. So in other words, you've got an open stack data source that you can allow to drill it for the IT operations. So as much as, we look at it from a horizontal perspective, and if you look at the backup and recovery space, we see data domain as being that pool. So in other words, you can get a data lake that allows you to suck all the information into a centralized location, you can secure it, you get the best bang for the buck out of it, you get the best deduplication. The challenge that you have is, if you look at what Oracle, for instance, was describing about the red stack is, it works perfectly if your organization is exclusively red. But organizations aren't that, they're heterogeneous. So as much as we see and appreciate what they've done on the database, and the value that they bring to their customers, and what they've done on blockchain tracking that we utilize with things like DDBoost, we believe that if you go all the way down their stack, you end up with fragmentation, and this creates an accidental architecture. So you end up with pockets of data in multiple different places. So depending on your flavor of applications, you bring your own backup. So you could end up with 20 or 30 different backup applications and targets around your organization. Your deduplication goes up, your cost efficiency goes through the floor, I should say. Your utilization goes up, and then from a security aspect, you've got many more points that are attacked by critical data. So you take all of the inefficiencies that you really want to gain by things like deduplication and centralization, and you gain it just by taking a very sort of a vertical slither. So as much as I understand why you would want to do that, it actually, in a large scale enterprise, doesn't make any sense. That's why Horizontal kind of makes much more sense in our market of being data-protected in the backup. Yeah, and we've written about that a lot at Wikibon, and we basically concluded that it's a narrow value proposition. So you better be printing money when you take that approach, otherwise it's going to be too expensive. But I want to follow up on that concept of sort of a data lake, John Furrier calls it the ocean. Lake is too small, he says, but this notion of a centralized repository for your data, which it sounds like you would subscribe to in terms of simplifying things. But at the same time, you see a lot of trends that are counter to that. You see a lot of the web guys are leaving data in place, shipping function, and you see it as well, I'm sure. There's sort of distributed, scale out, leave it where it is, Hadoop kind of thing. That's got to make protecting data a lot more difficult, but you've got customers that want to go in that direction. So how do you do that? Would you create some kind of virtual data lake? I wonder if you could talk about that a little bit. So I'll cover a little bit and then Steven sort of covered it with proper words. So one of the things is, do you play golf? Yeah, I try. Okay, so part of golf is to be successful, you kind of have to focus. And the other thing is you limit the variable. Maybe that's my problem. You know, and if you think about it, when you go up and address the ball, you do it in exactly the same way. So the more you limit the variables, the easier it is to actually execute against it. And the same with IT. So if you limit the amount of things that you're actually thinking about, the easier it is to do it. And that's why you do why you want centralization. Now, for us, we look at it and say there's two types of storage. There's commodity storage and then capacity optimized storage platform. So capacity optimized would be something like a PBBA. Data main, obviously IDC's just published out. It's growing at 7 plus percent of the market. Where are you guys now? We're about 60 to 63 percent. So still way ahead of the market. And in fact, you know, subtle plug to our software side of the business that is little talked about. We've grown at about four to five times the market keg. So we're actually aggressively, you know, driving that market as well, I guess, the best way to do it. And that's a combination of, sorry to digress, but that's a combination of NetWorker and Avamar, right? Actually, so we've got the data protection suite, which is NetWorker, Avamar, DPA, and we've got the sidecar around the email archiving side as well as source one. Okay, great. So the reporting and then the archive. Great. So back to kind of back off the interval, you've really got these two types of things. You've got capacity optimized storage and you've got commodity hardware and you've got two places that you can do it, either on-premise or off-premise. So cloud versus on-premise. And then on-premise, most IT managers want to move to be a service provider. So they want to provide their own cloud service. So you kind of think about it from where data is going to hang out. It'll be on one of those four pieces, which is, you know, public or private cloud and it'll be the capacity optimized or it'll be, you know, of commodity based on the RPO and the criticality of the information. So you have to create a data lake, data ocean and you have to take those four pieces into account. So if you can do things like common data format, you can actually have an open format of the data itself and you can also have things like common catalog. It allows you to be able to see it in a fabric of a data ocean but give people the best opportunity with regards to RPO, RTO and securities. The more you fragment the data, the more points of attack it as. And that's really why from a security perspective, you kind of want to roll these things around. And that's also why, you know, we roll together the backup recovery with archiving because on the archiving side, a lot is around compliance. You know, so in other words, if you've got HIPAA compliance or PCI compliance, you still need to be able to drill that information for that data and you need to show immutability of it. Yeah, so you're talking about also leveraging, not only securing that data, but also leveraging it for more use cases, getting more value out of it. I know we're very tight on time but I got to keep asking you guys, I'm sorry, Mike. Stephen, you just wrote a blog and you talked about in the 90s and mid 2000s after that time that you'd have an agent that agent would read in data, he'd pack it up and then send it off in a proprietary format to a target. And it just sort of lived there for that one narrow use case, which was insurance. Exactly. And you talked about the data deluge changing that. It sort of ties into what we were just talking to Guy about in terms of more uses of data. Can you just talk about how the world has changed from that model? Right, so there's probably two things I want to put in. One is, yeah, from that deluge, as the data grew, the old traditional model just didn't scale. That was the big problem that we all hit is looking through and touching every single piece of data just to get a copy of it has gotten too expensive. And so this is where that data source, the intelligence in the app or the storage or the hypervisor in the data path, they can do really smart things that a traditional backup agent can't. And by having those touch the data, they actually keep the data in that original native format like Guy was talking about. So I keep VMs as VMs and database files as database files so that when I get these copies, they're not locked away from me being able to use them. They're actually usable for other things, disaster recovery, data mining, analytics, distribution, what have you. The other thing, and this goes back to kind of what Guy was saying and your point before, you are going to end up having data in different spots, right? You're going to have some data, public cloud, some private cloud, some might be in a Hadoop cluster, some might be on an Isilon system somewhere. The important thing isn't always that I've got to get the data physically located in one spot on one type of storage, my way or the highway. The real crown jewel and the thing that I think a lot of people don't focus enough on is, the data's important, but the crown jewel in the enterprise is the metadata, understanding the context of your information. And that's the lake that you really need to get. You need to get that common metadata lake so that no matter whether you're data sitting in a Hadoop cluster, or it's up in AWS, or it's on a VMAX, or it's on some other vendor's storage, or no matter how you're storing it, if you can have that one common metadata lake that tells you where everything is so that you know what you need to stitch together when you need to stitch it together, that's when you can really start to bring your enterprise together. That's a really interesting point because the early days of de-jupification, the question you'd obviously ask was, how do I protect that metadata? How do you technically do it? And I really trust it. And now you're talking about how do you leverage that metadata for business value reasons. You got it. That's great. All right, I got one more question. I know we're running over here, but I want to come back to the security issue. None of the folks in the Wikibon community, directly as a result of the NSA and Prism disclosures, whether you agree or disagree, it doesn't really matter, they're out there. A lot of people have woken up and said, oh my gosh, what are people in the cloud doing with my data? Is it encrypted? Are they talking to the NSA? Are they giving my data to the NSA? Wow, maybe I should rethink my cloud strategies. Maybe I should go into IT as a service on-premise, and particularly data protection as a service ties into that. Have you seen that type of sort of backlash, if you will? And then from a security standpoint, talk about what EMC's strategy is with regard to delivering data protection as a service. Yeah, so there's a couple of things. I mean, one is, we've definitely seen the backlash, but it's been happening for the last couple of years. And in fact, predictably a few years ago, you saw some of the larger cloud vendors at breaches, and you worry about that. And the other thing is that they do things called cloud helping. So in other words, if you're working with a less reputable cloud environment, if they're basically all cloud bursting, is if they run out of capacity, they'll actually literally contract with another cloud. It could be a different country. It could be somewhere else. It could be a state that you actually don't want to drop the data into. Joe's cloud. Yeah, I mean, literally. So you kind of have to work with a reputable cloud vendor, and you also have to put your toe in the water. I think what's interesting is, and again, if you look at the sweet portfolio that we have with RSA, all the way from the compliance products of Archer, all the way through NetWitness, and then into their security event management products, what's important is to collect the information and understand from a perimeter standpoint, you have to monitor the firewalls from a logging standpoint. You have to understand where your data is, who's getting access to it, report that back. And cloud vendors that really understand and embrace security will allow you to take the logs on a quarterly basis or a monthly basis and provide you the alerts back into your systems. So you can feel comfortable that just because you send your data and information to the cloud doesn't mean that it disappears. It doesn't mean that you don't have visibility to it. You really should insist on making sure that you've got the visibility and controls. And that really comes down to what tools that they're using, how do they scale? So we work with VCHS, obviously with VMware. We have from backup as a service with BRS, we have probably over 200 vendors that do backup as a service with our products. And then obviously in part of our portfolio, we also have Mose. Each of these ones, we're very careful to make sure that we have the right security mandates. The products are in there and then people have the audit capabilities. That's right, you clawed Mose back into your portfolio. I'm very happy to see that. Good move, yeah, yeah. All right, gentlemen, we're out of time. Thank you very much. I love having you guys on. I could go for quite some time, but really appreciate your perspectives. Keep it right there, everybody. We'll be right back. This is Dave Vellante, we're live from Oracle Open World. This is theCUBE.