 From theCUBE Studios in Palo Alto in Boston, connecting with thought leaders all around the world, this is a CUBE Conversation. Hi everybody, welcome to theCUBE. This is Dave Vellante, and we're here to talk about a very important topic around de-risking infrastructure with business continuity. This is critical, especially in the era of COVID. And with me to really explore this issue is Dr. Rico, who's the vice president, office of the CTO at Infinidad doc. Good to see you. Good to see you again, Dave. And Ken Steinhardt is also here as a field CTO at Infinidad. And I gotta tell the audience, doc, you're also the chairman of the Mass Motorcycles Association. You're a very cool guy. You got, you're a pilot, you're a firearms instructor all about safety. And Ken and doc, you're both musicians, right doc? I think you play the drums and Ken, I know when we first met, you're a music guy. So, wow, surrounded by talent. So thank you so much for coming on. Glad to be here. Great to see you. Well, the other thing too, is that you guys are, you know, longtime storage industry experts. I've known you both for many, many years. Infinidad, deep engineering expertise. Of course, everybody knows about Moshe, created the most successful product in the history of the storage industry. We're going to talk about the importance of data, especially in this era of COVID and how mission criticality has really become more and more important. So I want to start doc with you and this notion of business continuity. How are you thinking about, and Infinidad, thinking about business continuity in this isolation era? Well, that's a really great question, Dave, because it has changed quite a bit. And as you said, we've known each other a long time. All the way back to when I still had hair, that was how fun it was. But, you know, business continuity is something that every business constantly looks at throughout their evolution. And it's one of these things where certain applications are typically more mission critical than others. And lately, what we've seen is this genre of the lights out data center has become absolutely critical to operating a business today. People can't just be on site anymore. People need to be working remotely, and that includes data center personnel in many respects. So this whole concept of business continuity now encompasses not only the operation equipment that's on-premises or sometimes even off-premises, but it also encompasses applications that people need access to that they may not have thought of as mission critical before because working from home was a convenience or working remotely was a convenience, not a requirement for their business. Ken, I know you talked to a lot of CIOs. I was sitting in a CIO roundtable with my friends down at ETR recently. And one of the CIOs said, you know, when COVID hit, we realized that our business quote unquote, business continuity plans were just way too narrowly focused on DR. What are you seeing from the IT community? Yeah, it's funny because I literally was on a CIO roundtable with the West Coast this morning. And there were a couple of interesting comments that really stuck out to me from some of the people there. One was commenting of just reaffirming what Doc said, how much people are working from home now. They said traditionally they had had traditional offices and they've just recently hired in this company about 250 people. He said all of them are going to be remote workers and they're normal from here on out for the next 150 that they're looking to hire is just that business as usual will be remote work. And one of the other CIOs chimed in with a quote that really stuck out to me. He said, remote work requires always on infrastructure in this day and age. And it's just a whole new way of having to make sure that businesses are operational and their workers can do what they're supposed to do. Well, so let's stay on that. I mean, you know, ransomware is on everybody's mind. I mean, all you have to do is look at the stock market. You see what's happened with Zoom. It's exploded. All the end point securities, identity access management security companies are going crazy because people are now so vulnerable. So they're more exposed to ransomware. Ken, what do we really need to know about ransomware? First, the smart company or smart organization is the one that is prepared and assumes the worst, which means don't think it can't happen to you, especially when you look at a couple of the more public examples in the last couple of years in particular. So it means you must take steps to protect yourself, particularly for the sake of your company, your business, your employees, your shareholders, your customers, everyone else. And that means deploying technology that assumes that if the worst case scenario could happen to you, how do you make sure that you have taken the steps that you can avoid the worst possible scenarios that could happen? Well, Doc, a lot of times, when you have this discussion on ransomware, people say, well, should I pay the ransom? And sometimes people say, well, yeah, maybe you should go, you hope you never get there, right? No, you absolutely hope you never get there. And there's just horrible examples of paying ransom that just don't work. Just look at the Somalia pirates as an example, right? It doesn't stop them at all. But take a look at what the potential impact is, not the potential, just the potential impact to your business and your employees, but the potential impact to society. A couple of years ago, with Sony was a very notorious case, more recently, a couple of months ago, Garmin. As you mentioned, I'm a pilot. I was very worried as were a lot of people in the aircraft and in aviation industry, what's gonna happen, not only with our private information and account information, but what's gonna happen with avionics updates? You know, if Garmin didn't have a fallback plan, a way to recover, then what was gonna happen? And I'm sure they were going through the process and the thoughts of, should we pay this? How else do we get out of this? But fortunately, they had a very good plan in place and it only took them a couple of days to restore back to normal operations. Arguably, as far as avionics goes, they were lucky in the sense that this happened to them right in the middle of an update cycle, which is a 28 day cycle. But the fact is it only took them a couple of days, congratulations to them. I'm sure that with even better plans and a little bit extra effort, it could have been a matter of hours instead of days. Well, let's come back to business continuity. Ken, do you feel as though businesses are not prepared based on the conversation we were having earlier? Some are, some aren't. We'll be getting into that in I think a little bit more detail as well. But historically organizations, I think have focused far too much just on traditional disaster recovery, usually with things like some of the technologies that have been around a long while like backup and all too often having focused towards the technologies that really do keep the business running without human intervention, if something were to ever go wrong. So Doug, anything you add to that? I mean, what's the state of business continuity from your perspective or people having to really starting to accelerate a journey because of this COVID? I absolutely think they're accelerating a journey. They're also looking now at this concept of multiple active sites. The concept of active sites is not something new, it's something that dates back a couple of decades and a lot of the financial industry, when they were struck, they were looking at some very significant changes in their operational paradigms because they realized that the system's going down and is only a small percentage of the problem. The people impact is far worse, the operational procedures, the human intervention. So what they would do is typically build out multiple sites and rotate the applications between them. What they really haven't done yet, at least not on a broad scale and certainly not in the US, in some cases in Europe, they started this journey having the applications running simultaneously in multiple sites accessing the same data sets. And this is something, it's not a brand new concept, but it's something that has improved significantly, the technologies have improved significantly over the course of the past decade. And with the introduction of our active active solution a couple of years ago, even brought it to an entirely new level. The people aspect that Doc mentioned is so critical and that's certainly been one of the key lessons learned when real disasters have occurred, is that the systems have to be, if you really wanna keep your business operating, making an assumption that people are going to have depending upon the nature of the disaster, very different priorities. And one of them is not, gee, do I keep these IT systems running or not? They're gonna be worried about their coworkers, their families, other things, et cetera. So the ultimate has to be systems that are capable of continuing the operation of the business in the face of a site failure, a metropolitan area failure, or whatever it takes without the requirement necessarily for human intervention. So, and I wanna get into active active, but before I do, I wonder if we could do a little sort of data protection one on one, you know, you have a backup, you have replication, you got snapshots. Doc, what do we need to know about each in the context of this discussion? I think the important thing to look at when you think about the different types of technologies that you can apply to solutions is that some of them apply to specific equipment failures and some of them apply to data failure. And I separate equipment from data in the sense that data can be corrupted in some shape or form. It can be through malicious attack, which like ransomware as an example, only one example, other types of malware can play a factor as well. Or it can be incidental, you know, somebody pressing a wrong button, it can be an operational procedure, perhaps another system failure that causes a change in the data or a corruption in the data that makes it essentially unusable. So whenever we're looking at this, we have to start with what is the recovery point objective, the RPO, that's where most people start with. You know, and the RPO in essence, if you think of, you know, time zero right now, it's where the failure occurs. Work backwards, how far back can I go? And still sustain my business. Now there may be other procedural things you can do to catch up as close to that RPO as zero as you can, but each of these technologies that we're talking about give you a different RPO. It's like rewinding a tape back to a point in time. So that's the first place to start. Okay, so let's bring up that slide actually. I actually like this, it's the fireball slide, I call it, but this is how people measure sort of the business impact, if you will, RPO and RTO. And what I like about this is in this digital world, you know, it's kind of a cliche, but everything's getting more intense. People want, they don't want to lose data. When you ask, you know, a customer, how much data do you want them to lose? They say, none. And you say, well, how much do you want them to pay? So Ken, I wonder if you could sort of describe that tension and that dynamic that's really underscored in this slide. Oh yeah, you hit it on the head, Dave. It's the traditional trade-off between RPO, RTO and cost. As Doc described with RPO, the objective would be to get as close to zero data loss as you could possibly get with RTO, which measures the time associated with how long will it take you to get back to your acceptable level of RPO. That is a time factor where for every minute or second that goes by that you're not in business, that's the extension of the RTO. And historically, the closer you get as you approach zero RPO and zero RTO, usually the greater the cost goes up. And it's always been the eternal trade-off. It's a great analogy. It's sort of like if you want to buy a car. RPO equates for the quality of the solution. RTO is time or speed and cost is cost. If you buy a car, if it's good and it's fast, it won't be cheap. If it's good and it's cheap, it won't be fast. And if it's fast and it's cheap, it won't be good. So usually that's the kind of trade-off we all have to deal with there. And the factors that will impact that, as Doc alluded to, can be many. There's many aspects that you have to consider in terms of what is the service level that the business requires and do we have solutions in place that can actually give us what is the real service level that the business requires if something were to go bad? Because customers have gone through unnatural acts. I mean, Doc, before you were kind of describing what some people would refer to as there's a three-site data centers and all kinds of things that people will do. But that brings us to active-active. Doc, what is active-active? Yeah, let me interject a point there and then I'll get to your question about active-active. First is the question that Ken raised about service level. That's absolutely critical. And a business may have different service levels for different applications. And you never really know what that is. For example, I was working with a university a few years back and you normally think, well, universities, what are they worried about? They're worried about their grading systems. Everybody's always worried about their financial systems. This particular university was worried about their golf course reservation system. And their number one mission critical application, and I'm sure there was a little tongue-in-cheek there as well, was the golf course reservation system because that directly impacted their alumni and had a direct correlation to the incoming donations for the following year. So you never know what's going to be mission critical. Closer to home, working very recently, there's a great case study from Alton Hospital on our website. One of the things that they did, which I thought was absolutely astounding, was they took advantage of our offer to loan them free storage for a while, leveraging some of the COD, you know, capacity on demand that they weren't using. One of the reasons that they wanted this extra capacity was so that they can make telepresence available to their patients to visit with their families. You know, at a time when families can't go into the hospital to visit, you know, when people are ill, you know, what a great comfort to their family. So this is a great way to look at it. When you think about these different service levels now and you think about the different types of replication technologies that are available, you know, look at the multi-site. What is multi-site really doing for you? Multi-site is giving you some level of synchronous replication so that you have an RPO of zero recovery point objective. It still may not be an RPO of zero, but it'll be darn close to it. But more importantly, it's giving you an additional site to really maintain that RPO of zero in case the disaster radius, the blast area, the impact zone is even further away. Now, this isn't going to prevent any type of malicious intent. It's not gonna prevent the ransomware case and things like that, but it'll certainly prevent the, you know, the catastrophic failure of the data center. What is active active do? Well, active active now gives you the read write capability and our multi-site implementation, by the way, leverages our active active. So it gives you the ability now to have a simultaneously running instance of an application in multiple data centers, reading and writing from the same data set. And what that gives you is not only an RPO of zero, but an RPO of zero, because now you can have an application and another data center stand in and take over for it. Naturally, the application needs to be able to do that. There are a lot of applications that are capable of it. You know, the Oracle Parallel Server or RAC technology, you know, gives you that capability. There are other types of clustering technologies that will fail over almost instantaneously that will give you that capability. So that's where the active active comes in play. Yeah, it makes sense. I mean, when I started the industry, it was about the VAX clusters were sort of the now thing, right? Yup. And kind of started it all, right? So, Ken, you know, what are you seeing in the marketplace? Are you seeing, you know, what's the adoption look like? Are there any differences that you see by region or what can you tell us there? Yeah, it's interesting. Some of the first organizations that obviously jumped on to active active type solutions were those where there were in, particularly in things like financial services and compliance requirements or financial incentives or motivation to make sure that the business was always operational. And it's interesting because there was a study that was done back all the way back in 2003 by Roper that asked business executives and IT executives the same questions relative to their perceptions of their companies or organization's ability to meet RPO or RTO service level agreements. Right, and we have some data on this that I want to bring up. So this is the RPO data, but please carry on. Exactly, and so they asked questions that really were about RPO or RTO, you know, hey, if a disaster hit, would you lose data and how much? And what the data showed was that the business executives and IT executives in Europe were actually pretty much on the same page. They both said, yeah, we probably would lose some data or a reasonable amount associated with it, but was a little frightening, what was a little frightening was there appeared to be a chasm of disconnect between the business executives and the IT executives in the US. And what it showed was that the IT executives were on the same page as the European IT executives and the business executives from Europe, saying that, yeah, we'd probably lose some data, but it showed that very few of the business executives thought that they would. And then similarly, when they were asked a question about RTO, how long would it take, you know, in terms of days, hours, et cetera, for your full operation to be back in operational and granted they were talking in 2003 terms back then, which was a little longer than where the technology can now address it now. There was again, this consistency between the IT executives in both continents and countries, as well as the European business executives, but again, a disconnect where the business executives in the US thought, oh no, we'll be fine, we'll have everything back in a couple of days or less and it won't be an issue. In my opinion, in looking at that data when it first came out, my impression was, wow, and now I understand why a lot of business continuity projects don't get approved because the IT people know that they need it, but the business executives have, if I could be so bold, an unrealistically optimistic view of their ability to achieve RPO and RTO. I'll give you a great example. There was a major high tech company back in the, around that timeframe that actually had a major outage in their email system. And email was not perceived to be at the time a ultra mission critical application for them. I know it seems strange in this day and age, but back then it was considered sort of an afterthought and they had a four hour SLA in case something went down where, hey, if we're down for four hours, if you get it back in four hours, we're fine. And so IT thought they were doing a great job because they got it back in less than four. It was about three point something. And it turned out that the real impact to the business was so overwhelming, they had to completely overhaul the IT infrastructure that they couldn't place to deliver that. So it's an interesting issue and it's the kind of thing where as a result, I believe that as we sit here today in 2020, the disconnect in the US still exists. If you look across Europe, you tend to find a lot of deployments of active active. The first country that probably did a ton of it was Germany and then a lot of the other European countries did as well for a multitude of reasons. You tend to see a lot of active active deployments in Europe but you don't see anywhere near as many as if I could be so bold, we probably should be seeing in the US. And I believe a major contributing factor to that is that there is still this disconnect between business executives having a false sense of security that is unfounded by the infrastructures that they have in place. And if they were to ask their IT people and maybe that's a good idea for them to talk a little more, they'd probably find that they're more exposed than they ever realized. Right, and of course in Europe, you've got a much tighter proximity and you're up against borders of a 200 mile or 200 kilometer rule that's where we've, governments have tried to impose here, really can't be imposed in a lot of cases. Okay, let's get into what you guys are doing here in this space. So, Doc, how do you approach ensuring access to mission critical data? What's Infinidats angle? Yeah, I think it's several different layers that need to be applied here. The first Infinidats angle starts with the fact that our storage is 100% data availability guarantee. So, it's simple enough. I mean, it's triple redundant architecture, seven nines reliability design, which equates to 3.16 seconds per year of downtime, which is less than the scuzzy time that much. Let's start with just, right, forget the nonsense. The system's 100% available, available guaranteed. We put some teeth behind that and that's a great way to start. It's not necessarily gonna fundamentally protect your data from site outages and network outages and server outages and things like that. So, let's beef that up and go to inactive active infrastructure. And now you can take the system and put it either elsewhere behind a firewall on the same data center floor or in a metropolitan area, wherever you need it to be. Separate power zones, separate network zones make it even more available. And then if you really wanna go that next level of protection because you're worried about regional outages and things of that nature, multi-site replication. But now let's up the ante even further. Let's look at the malicious intent. Let's look at the data corruption. Let's look at all of the other possibilities of things that can happen to your data. So implement snapshotting technology. And the snapshot technology in the Finnebox is essentially free. There's no cost for the software. There's no performance impact because it's part of metadata updates that are happening all the time anyway. So there's zero additional overhead to that. There's no additional, there's no copying of data going on with a snapshot. So there's no additional cost penalty associated with it. And you can snapshot this frequently for a snapshot any of your data frequently to protect against data corruption. And if you're worried about some sort of malicious aspect that's going to engage and perhaps gain access to the snapshots, we have a mutable technology. And that is also free. It's there, it doesn't cost you anything other than the time it takes the administrator to determine what the policy is. And now that cannot be modified. It can't be deleted, can't be modified, it can't be updated, can't be written to inside whatever the defined policy is. So now you're protected 100% availability, increase that 100% availability with active active, increase your RPO capability with distance and protect yourself against data corruption with immutable snapshots. Most in combination of standard snapshots and immutable snapshots. Yeah, so I was gonna ask Ken if this is a cost effective approach, but I mean, it's free, it comes in the stats. That is the key word and you both just said it. Standard and included functionality all based on that great snapshot technology which is the foundation for it that Doc described. Active active, standard and included the ability to go to a third site for disaster recovery at the industry's lowest asynchronous RPO with a remote site, standard and included immutable snaps, standard and included. So compared to traditional views of what most people have had back to our illustrious triangle earlier of RPO versus RTO versus cost, you're still gonna have the additional cost of media to remote site for protecting your data obviously but in terms of software and license costs, we're making it simpler, we're making it easier, we're making it standard and included and we're just making it so much more readily available for organizations to be able to achieve superior RTO and RPO at a cost point that maybe certainly is a little bit higher than just having that single system that Doc alluded to that's still 100% available but it's way below with the expectations of this industry have been over the last 20 years. Yeah, which is double, triple, I mean, easily. Kendall, let me stand you for a second. You've worked for a lot of different storage companies, Doc you have as well, but how different is this? How unique is this? There are surprisingly few vendors that can offer true zero RPO at true zero RTO. There's really only a handful, we're one of them and by handful I mean about three in the industry including ourselves and where I think we differentiate is fundamentally to a lot of those points we just mentioned the software standard included so we're not gonna charge you extra for it. It's going to be relatively simple to deploy and integrate as Doc alluded to earlier with server cluster software and the key components that people would use there in terms of databases and in terms of operating systems and it's fundamentally going to be able to offer not just that zero RPO at zero RTO active active environment but if you do and when you do need to go to a third site at distance for the true disaster recovery if you ever lost your metropolitan area we're gonna be able to do it at an RPO that is lower than anything else on the market. Doc are there complexities associated with doing this at petabyte scale? I mean you guys make a big deal out of that you're clearly excited about it but is it extra hard to do at that kind of volume at the scale? I'm gonna give you two answers and say yes, it's incredibly difficult to do but then I'm gonna say it's incredibly easy for the customer to do because we've made it easy. There are a lot of ramifications to doing things at petabyte scale. There's the size of the caching cables that you don't have to worry about. There's the numbers of things that need to be checked and counter-checked and constantly cross-checked for validity. There's also the scale of things that happen like silent data corruption that need to be factored in. All of those things are being done by InfiniBots on a constant basis with no impact to the customer, no impact to the administrator, no impact to the running application. And I think that's frankly another differentiator as well. Ken and I have some common history as well but used to constantly talk about internally what happens as things get larger, systems slow down. That simply doesn't happen within InfiniBots and that's why service providers use us as well. Cloud service providers, managed service providers are some of our biggest customers because they know they can have these large-scale systems running with all these different workloads, all these different functions, be they snapshots, clones, whatever they are with no impact and very easy and rapid to deploy. Yeah, I set up top. You got to be storage hard-o's to make this stuff work. It's very complicated and we've seen it for years and years. Last question. Again, huge changes in the last 150 days where people are just really tuned in to things like digital transformation. I talked about security, business resiliency, business continuity. Where do we start with you, Ken? How should users be thinking about this? What steps should they be taking like now? Well, a great question. And back to sort of where we started. Because of the nature of how things have changed, more applications are mission critical than they've ever been before and providing an always-on infrastructure to make sure that you can give your users and your customers and your business the opportunity to stay alive in the face of just about anything that could happen has never been more important in the history of this industry. Doc, I'll give you a final word. You can pile on that. I think Ken summed it up really well, but I'm gonna take a different twist on it. It's all about de-risking. And a lot of the CIOs and CTOs and companies that I've been talking to over the course of the past couple months have basically said, hey, my digital transformation initiatives are on hold right now because I've got to keep the lights on. I've got to keep my business running. In some cases, maybe I've had to sadly pare down my staff, but I've got remote workers I've got to worry about. So find a partner that's gonna de-risk your infrastructure for you. Take a look at some of the things that we've announced in the past few months as well. We'll take a lot of that risk away, not only from the availability perspective, but we're gonna take the risk away from a cost perspective. If you wanna talk about infinite ad, don't worry about things like, how am I gonna migrate over to it? We're gonna do that for you. We're gonna work with you. We're gonna come up with a plan. We're gonna make as much of it non-disruptive as we can. And we're gonna assume the cost of doing it. We're gonna take away all the risk of availability. We just talked about all of that. We're gonna give you guarantees about 100% availability. We'll help you architect the right solution for you and we'll protect you moving forward. You might need some flex area of capacity as you work through some of these new applications and new initiatives. And you've got to do, we're gonna take the risk away with our elastic pricing models. Use the storage when you need it, return it when you don't, and you don't have to pay for it anymore. We'll make it that simple for you. We'll give you that cloud operating paradigm on-premises, and by the way, no egress costs. Well, this is a hard problem for people because they've had to do the work from home pivot, IT people specifically, I mean, they've had to spend to shore up that infrastructure and of course organizations are saying, well, we're gonna pull from other places. But look, if you're not digital today, you're not being able to transact business. And so you can't relax your business continuity plans. In fact, you have to involve them. Guys, thanks very much for sharing your perspectives and insights on this whole notion of de-risking infrastructure with business continuity. Thanks for coming on. Thank you, Dave. Dave, it's always a pleasure. Thank you. Cheers, and thank you everybody for watching. This is Dave Vellante for theCUBE and we'll see you next time.