 Live from the Wynn Resort in Las Vegas. It's theCUBE, covering .NEXT Conference 2016. Brought to you by Nutanix. Now, here are your hosts, Dave Vellante and Stu Miniman. We're back, Lewis Carr Jr. is here as the CIO of Clark County. Lewis, thanks very much for coming on theCUBE. Good to be here. So, what's happening at .NEXT for you? Well, how's the show going? Show's going well. I sat in on the executive track and that was interesting. Not so much focused on technology, but on some visionary sorts of things around negotiation. Robert Gates spoke there about his experience in the public sector and his experience in the White House and everything. So that was very interesting. Oh, take us inside a little bit. It was a secret, super CIO private session, but what was the general tone? Negotiation, that's an interesting topic. We had Malotra on here. Yes. You're a very interesting fellow, right? Right, very interesting. And just some basic techniques, you know, fairly short session, but some basic techniques on how to set up and how to prepare for negotiations, which as CIOs, whether it's contracts or hardware or even personnel, we negotiate probably every day. We had Robert Gates on theCUBE a few weeks ago, out here, actually. And of course, he was talking with us about leadership. I presume he was talking about that. He's got a new book, leadership. What did you think? What was your assessment of his remarks? Oh, excellent. I mean, he's seen things and done things that most of us will never know about. Pretty humbling, right? Yes, uh-huh. And he talked about leadership. And what's interesting is, because he served in federal government, it's particularly, I think, relevant to me, at county government, some of the challenges we have with staffing, you know, we may not pay like private sector pays for technology folks, but nonetheless, we have good folks and he talked about leadership and aspects of how to keep, how to build new leaders, how to keep staff motivated. So it was good talk. What are some of the things that are driving your organization in terms of county government, some of the challenges that you're facing and how does that affect your information technology? Yeah, a little bit about the county to help you understand why we're doing some of the things we're doing. We're a county of about 2.1 million people and in the unincorporated part of the county, which the Las Vegas Strip is part of the unincorporated county, we have about 650,000 residents. So we provide municipal services to those 650,000 folks and then county-wide services like Treasurer Assessor to the 2.1 million and then public services to the 44 million visitors that come here every year. So we do have a complex organization, 39 departments, 50 elected officials, and my responsibility is to manage the technology for most of those departments. So in an arena like that, trying to standardize as much as we can, trying to keep the infrastructure as simple as possible, as homogeneous as possible, is one of those driving factors because that also reduces costs, complexity, reduces downtime, all those things. Can you share with us a little, what's the technology environment like here in Clark County? It's like, I've toured the Supernap, which is like this phenomenal tour you do. This is the place, I mean, Dave and I in theCUBE, we're here all the time for the big technology conferences. So, how is it as a technology center? And it is interesting because we're a fairly large county in terms of geography, 8,000 square miles. So certainly the core here, Las Vegas, Henderson, the Strip, most of our technology's here, but we still have to extend our technology out to rural areas, Laughlin in the far south, Mesquite, Searchlight, these small towns, but we still offer services. It might be sheriff services, might be court services. We even have a microwave network because our geography is just so large. So some of the drivers that, as we have this large geographic area, most of the technology is here in the urban center, we need to make sure we have technology that can support public safety, that supports our public works departments. Every weekend we have a couple hundred thousand folks coming into town using the highways, using the streets, medical services, ambulance services, we have to provide those. So it's truly a 24-hour city for us with a population that certainly fluctuates from weekend to weekend and holiday to holiday. Well, you've also seen some New York growth in the last 10, 15, 20 years in this whole area, and it used to be just cranes. Yes. Yeah. How was that in terms of? That was, at that time, I wasn't with Clark County, but I was still here in the valley, and to see double digit population growth year over year for like 10 years was incredible. Like you said, there'd be half a dozen cranes building new hotels and things like that, so the population growth, the impact that had on housing costs, the impact that had on education, possibly putting a strain on the school district here and those sorts of things, it has been a challenge. Growth is sometimes a challenge, especially growth like we experienced back in the 90s. So if the hockey team comes in, is that under your purview? No, and it's my understanding that the announcement was made earlier today and posted on ESPN that we will be getting an NHL hockey team. Awesome, great, but you won't be providing Zamboni services in the end, so that's something else. No, they'll be playing in a stadium that was privately financed. So you talked about simplifying your infrastructure, standardizing, I presume that's why you're here at Nutanix, obviously it's you hearing a lot of messaging about that. Why is that important to you as a CIO, standard infrastructure, simplify that infrastructure, versus tuning that infrastructure for whatever, maximum performance, highest availability, lowest cost for each application? Yeah, in a general sense, because again, we're a fairly complex county, we have a number of apps. The application line of business app that social services use is different than the line of business apps that district court uses and that's different than the line of business app that juvenile detention uses. So all these apps, it's very difficult, maybe nearly impossible to tune everything for all these specific apps, so we really like a system that lets us kind of plug and go and has some internal capability of allowing us to do some, I'll call it auto-tuning, but more system management at a level where we can monitor system usage, aggregate that. We're trying to transition to a county IT department that's more of both a SAS and IAS, infrastructure as a service, software as a service provider to our 39 departments. What we want them to tell us is their needs. This is what we need in terms of a system or this is what we need in terms of a server and we just provide it. They shouldn't have to know if it's at our main data center, at our co-location facility in the cloud, that shouldn't matter. As long as it's reliable, as long as it's cost effective and we're meeting their business needs, that's what should matter. So we're trying to install an infrastructure with capacity, a little bit of dynamic capacity if you would, where we can grow as they need us to grow, shrink as we need them as they need us to shrink. So is that your vision to build out that service catalog and where are you in your journey in doing that? We're probably in the first couple of steps. We're becoming more mature as it relates to DR, one of the initiatives of coming here for some of my staff is to really learn how Nutanix is able to help us in disaster recovery and high availability across a wide area network so that we can establish really kind of this tier zero, our core services, DNS, DHCP, AD across a wide area network with high availability in multiple locations. So we're trying to understand that and that becomes a basis of us to build high availability across the county. Well, that's great. It's really important for companies and agencies to be able to understand the services they supply, having that kind of cloud-like model. How does public cloud fit into what you're using and deploying? We're venturing into that area slow. We're fairly conservative and part of it is we have some data that we just want to make sure, criminal justice data, things of that nature. We're very cautious of where we put it, where we store it. We'll get there, but we're just taking a cautious approach. We are transitioning to exchange in the cloud though. That's probably our most aggressive initiative to date. Well, it's interesting that you say that you're conservative, yet you're using Nutanix. So how do you square that circle for us? Well, conservative in terms of the management of our data, but progressive in terms of adopting new technology to drive cost down and to drive reliability up. Can you speak to, what's your experience been on that cost model? Obviously from an operational standpoint, we understand the simplicity. Do you have any kind of TCO metrics or even the solution itself? Some people will say, oh, that acquisition of a hyperconvergence cluster is not inexpensive. So what's your experience been? Yeah, and we're still building some of those cost metrics, but there are a couple of things that we have seen. One is just because of the compact nature of the hyperconverged technology in our Colo facility where we would have used like two or three racks. We're just using half a rack. So that's a hard cost savings every month. The gift that keeps on giving, we like to say. As it relates, we're still developing cost models as we develop more maturity around management of the Nutanix infrastructure. We're going to be looking at Prism Pro to see how some of those capacity tools can help us, capacity planning tools can help us with hitting our metrics in terms of cost, in terms of performance, in terms of showback model. My department, we charge back for all of our services. So I want to get in a better position to show back to the users what they're using, storage, CPU, network, all those things. Then they can adjust their usage based on the information we give them. So we're putting the power in their hands to control their cost. So you charge back as a blob or like you have some kind of ratio based on budget or users or? Yeah, it's not as, it doesn't have the fidelity that I'd like for it to have. So it's kind of an average right now, number of users, and we, for simplicity's sake, it's not terribly accurate, but it's easy to understand. Yeah, but your consumer can't really act on it and make decisions. It's kind of like our healthcare. Exactly, we want, and in some cases they can, some cases we've been able to identify systems that are exclusively used by one department and then we can charge them back. And then they can choose to downsize that system or increase that system. But for the most part, I'd like to get into a position where more of our services, we have that level of fidelity, where to your point, they can make a business decision to cut back on this, expand on that based on what their business needs are. Yeah, that's great. So you're basically replicating a cloud-like model, a public cloud-like model within your own infrastructure. Exactly. Building service catalogs, being more responsive, like you said, self-service, well, or quasi-self-service. How will that work? If somebody wants to compute, you'll spin it up for them, or just to keep it under control? We'll spin it up, but the long-term future would be, there might be some sort of a portal where almost like an Azure sort of thing where they could go on, they would specify what they needed, how long they needed it, and when it was spun up, we'd be, the clock would be ticking, like the meter on the taxi cab, when they shut it down, they'd be presented with their bills. So again, it's in their hands to manage their costs. So, have you had a chance to look at the announcements that they made this week, anything that kind of stood out for you and us of curious, are you using the Acropolis hypervisor? We are not at this point, and I am not that technical, so some of the announcements go over my head, but I do have about two or three of my folks here, and they're really excited about some of the announcement that you guys have had. So, we've had some discussions about how the new technology will help us kind of stabilize more of the Nutanix environment. We're looking at acquiring more for VDIs. Some of our short-term initiatives are a proof of concept around VDI using Nutanix. We're also looking at, as I mentioned, high availability, we hope by the end of the year to have a proof of concept done around high availability for one of our line-of-business apps as well. So, they're hearing solutions here that will help us accomplish those goals. Great. One of the trends we'd seen for a while is there had been some consolidation of the stack. Nutanix is a relatively young player, so if you're buying them, you're still using lots of others. I know you're using SAP, you're using other environments. How do you look at Nutanix as a partner and how do they fit into kind of your other partnerships that you have from a technology standpoint? Yeah, as I look at kind of the strategy for Clark County, it is about standardization and consolidation from a hardware and software perspective, whether it's SAP, we're using Service Now or ITSM solution. Instead of buying all these one-offs, we'd like to really leverage the tools we have more to reduce our application footprint. That has the advantage of one, reducing costs, but two, developing deeper expertise for the staff. Instead of a programmer having to know 10 different tools, if he or she can learn one or two tools, they can become better experts at that tool. It was interesting at the CIO panel this morning, the interviewer invoking the career is over, Rubrik. But there was discussion about the role of the CIO. So I don't want to go to the careers over, but there was useful discussion, I think, around the role of the CIO in terms of technical CIO versus more business-oriented, you mentioned, just now you're not a technical CIO, you're not a CTO. So how do you see that role evolving? It's actually one that we've talked about a lot on theCUBE where the technical CIO, we see going more to a CTO role, and the CIO becoming more of a business, you're in a government organization, but it's still business, you know what I mean by that. So you are a business process CIO, is that right? Yeah, and I do have two deputies, I would consider them in today's terminology CTOs. And they report to you? Yes, they do. So my job, I spend most of my time interacting with the department heads, assistant department heads, executives, elected officials, to understand what's driving our business, how can we improve customer service, and both me and my deputies meet with department heads and various folks throughout the county. But I spend the majority of my time focusing on how we can enable the business to do things better, faster, cheaper. And I take those conversations back to my CTOs and then they figure out which technology matches up best. So you're essentially building relationships with your customers, understanding the requirements, turning those into actual services, and you're the middleman of sorts, making that all happen, and of course you've got a management role as well, so you've got a stick that you can use. Okay, so, and I think increasingly would you agree, that's the role of the CIO, is translating those requirements into services and getting delivery. Yeah, and there's also this secondary CIO role, Chief Innovation Officer. I consider myself that role as well. As I talk to other departments and they talk about solutions they've seen at conferences that they've attended, software solutions, hardware solutions, I work with them to try to create, again, to innovate in their departments, whether it's the social services folks and mobility initiatives, or it may be some other initiative in other departments where we're really trying to maybe take a couple steps back and to your point, we're looking at their process. What are they trying to accomplish? Regardless of the technology initially, but what's driving this new line of business or what's driving this new service? Is it a regulation that's come or they have metrics that show that they can do things better? And then we look at how our technology can help them drive towards their performance goals. What about the CISO? Does the CISO, do you have a CISO? Yes. Does he or she report into you? Yes, he does. Okay, so that's an interesting discussion, right? Yeah, and I've seen, but we have a great collaborative group around security. Myself, my CISO, the Risk Management Director, and the District Attorney. Who obviously do not report into you. Right, who do not report to me, but we collaborate on a number of things as we look at policies around information security, around PCI, ACGIS. So this group of people, it's a good mixture of technical folks and again, the risk manager and her understanding of what level of risk the county is willing to take on for certain types of initiatives and the District Attorney, his understanding of what is required by Nevada Revised Statute, all that plays in into how we build our security program. So that's an interesting regime. So a lot of people will say, oh, the CISO should have latitude. Maybe they're reporting to the CIO maybe not, but they should have latitude because otherwise it's the Fox watching the henhouse. But you've got a regime that involves risk management. So it's an integral part of risk management and you got a legal expert involved. To whom do you all, I don't want to say report, but to whom do you communicate about what's going on with cybersecurity? Is there, what's the overseer board? And part of my role is to have that communication, the discussion with the executive oversight board, the county manager, the two assistant county managers, the CFO and the CAO who I report up to. CAO's Chief Administrative Officer. Yes. And that's essentially the top dog of the organization, is that right? A lot of the internal services report up to her. And so that board that you just described, how tuned in are they to cyber and has that level of signal increased over the last several years? I think they're fairly well tuned in. I have quarterly meetings with the entire board where we go over initiatives. Of course, every other week I'm meeting with my boss and I keep her abreast on the initiatives that we're working on. And we have a handful of technology initiatives around security now, PCI compliance, identity and access management. We're going to be rolling out, we've done a pilot and we're going to be rolling out a fight listing software to complement our antivirus software. We're also doing some things around two factor authentication. So that's part of my security portfolio. And I'd say they are well engaged because they've given me the funding to move forward. So I report back to them on the progress on all these initiatives. How much discussion Lewis goes on with regard to responding to incidents and how much of that funding goes to the response plan? I presume you're the leader of that response plan. Right. We're tweaking our cyber response plan now, both internal within the county proper and because we're government agencies and we work close with a number of others, we're looking at an intra agency plan as well because there are some dependencies that we have on other government agencies and that they have on us. So we're starting to explore and we'll be building out an intra, an inter agency cyber response plan. Do you test your response? You know, like testing DR, right? Do you practice responding? It's still in the formative stages. Unfortunately, we've had to use it once or twice. So I would say that it has been tested. Yeah, okay. But is that part of the formal funding process? I mean, they give you funding to sort of secure the perimeter and probably do other things, but is it an explicit sort of line item, if you will, for practicing like a fire drill? No, it's not an explicit line item. It's kind of just baked into the program. Yeah, okay. So it's part of the regime. Right. It's a fascinating topic and it seems to be changing, right? I mean, it used to be all about protect the perimeter, toward penetration and now it's much more about response and responding and communicating. Yeah, it is so difficult because sometimes the threat might be from within. So how do you respond both from an internal threat and an external threat and having that response plan in place? And like you said, practiced so that you know it works. All right, Lewis, we're out of time, but I'll give you the last word on, talk about the conference here, things you've learned, things you'll take back to your team. Things I've learned, part of the great thing about most of these conferences that I attend is meeting other public sector folks. So I've met a number of folks, ASU, A&M, the city of Houston, Harris County. So we're all starting to network so that we can share ideas. Granted, Nutanix, we can call them, they can give us great ideas, but having other public sector agencies that we can call and say, how did you handle this? Not only from a technology perspective, but also from a procedure and policy perspective, Nutanix probably wouldn't know how or why government procedures and policies are the way they are, but I can call Harris County or I can call Orange County. And if they're using the technology, then we can share ideas. It's all about the peers. Yes. Bringing you content from.next to the peer group within the Silicon Angle community. Lewis, thank you very much for coming on theCUBE. My pleasure. My pleasure. All right, keep it right there, everybody. We'll be back to wrap right after this short break.