 The Cube at EMC World 2014 is brought to you by EMC. Redefine VCE, innovating the world's first converged infrastructure solution for private cloud computing. Brocade, say goodbye to the status quo and hello to Brocade. Welcome back everybody. This is Dave Vellante with Steve Keniston and we're here live at EMC World 2014. This is the data protection and availability spotlight. We've been double clicking this afternoon on data protection as a service backup, talking a little bit about IT transformation and how IT services and data protection as a service fits into that. Tom McEwen is here. He's the vice president IT enterprise architecture and independent bank. Tom, welcome to the Cube. Thank you. So tell us about the bank. What's the focus of the bank? Give us a sort of paint a picture for us. Independent bank. It's a Michigan only community bank. Have 72 branches. We're a fully service bank, publicly traded, about 2.3 billion in assets. Been in business since 1864, roughly 912 employees and a couple of data centers. And round that, we're a EMC, long-time EMC customer. Steady Midwest company. You get to continue to grow. So talk about some of the challenges in your business, the drivers in your business. What's the business telling you as the IT guy? What do we want from you? Well, the financial vertical is going more electronic. And as a community bank, mobile adoption has been a big deal to us. Servicing our customers, our customers being able to service themselves, seeing a lot of growth in the paperless environment, trying to improve business processes and trying to streamline things to make it easier and quicker for our customers to transact with the business. So not only from a transaction standpoint, but I've kind of experienced this too, right? One, you've got the ability to, so I travel a lot for business, right? To be able to use my bank, 7x24, 365, any place in the world. Correct. Two, do things like, you know, I know, I got to imagine when the CEO of the bank saw the first time you could take a picture of your check and deposit, he said, I need to have that too, right? Now you've got all this data kept online for longer periods of time. How's that impacting what you got to do from a protection standpoint? Well, that's exactly a good point is data availability 24-7 internally and externally and how we're leveraging that is, we did a customer reference a while back and went through a transformation ourselves in our data centers to be an active, active data center. So we're leveraging with EMC Vplex, RecoverPoint and Atmost in our virtual environment. So tier one applications are on Vplex, tier two applications are on RecoverPoint. So transforming from a four-hour RPO, 15-minute RTO to basically going into a zero downtime environment for the bank and our customers. Wow, that's a pretty tight downtime. So what's the main application that you got to keep, make sure you keep running? Like what's the high priority? Really the high priority is the files that are associated with our customer facing points. So that could be check imaging, the ability to transact with checks coming into the bank and mortgage processing, all of those critical business applications that have data associated with them truly are what's behind the scenes. So that cuts across both file and block type infrastructure. What's the main product or technology using to make sure you're protecting that and meeting those RPOs and RTOs? Vplex is the primary product. Behind that is going to be Atmost. Atmost is sitting behind for the archive data. So it's object-oriented. We have multiple Atmost in our environment. So for the stale content that the customers may need to go and reference such as check images, they're going to come in and hit Atmost for that zero to 90-day file data that's going to be on the Vplex. So what about Viper? You see something like Viper and say, okay, that's going to fit into my long-term strategy. I got the Atmost APIs, I can leverage that. What are your thoughts on Viper? Certainly, so Viper has a very unique play into that transforming and redefining IT, so that software-defined data center. I see that as a great fit for being able to quickly provision and automate storage processes and improve IT service delivery to the business model. It takes away a lot of effort in the process of basically going in and under the hood and the work hours involved around defining storage and mapping storage to business applications. So the reason I ask is that you mentioned sort of IT as a service as a business model, and a lot of the customers that we talk to in the Wikibon community are trying to get there, and they say the hardest part is just understanding the business requirement, aligning with that business requirement and delivering on it. So where are you at in terms of that transformation, delivering IT as a service, generally and specifically what I'll call data protection as a service? Sure, data protection as a service, I mean, we've pretty much kind of nailed it from an RPO, RTO, where the business requires the workload, where I see the fit where it's being a little bit more of a challenge is on the new business requests coming into for new applications, new platforms, or changes to that data set. That's a little bit more unique where you're going to see some challenges around trying to redefine those key points. Okay, so you might to understand that you're, so you said you had a four RPO and a 15 minute RTO, and you've essentially gone down to a zero data loss environment and a near instantaneous recovery. And you apply that to all applications? Apply it to all critical business applications. So that is correct. So you're going to have a second layer, which is tier two applications, which the business has basically defined that those are not critical, not priority, they're not customer facing, they're not going to drive a business process that absolutely has to be there in that four hour window. Those can shift from that four to eight hour timeframe, and that's where RecoverPoint fits very nicely for that. That way I'm not adding overhead on Vplex for application platforms that don't need to be there. So you're aligning the expense to the business with the requirement to the business? That is correct. So you would talk just a little bit before about your Avamar implementation from a protection standpoint. Can you tell us a little bit more about where that fits in your overall scheme? Yeah, that's a great question. So with being heavily virtualized, almost 100%, Avamar was a nice fit with Vplex when we were an early adopter of it. Therefore, the RecoverPoint splitter for Vplex was only in the secondary site for going off to basically a third site. We didn't have a third site in our portfolio, and so in order to get that crash-consistent backup capability, Avamar layers that in there uniquely, so it has the ability to snapshot the virtual data to give you that crash-consistent protection. So that was kind of a layered approach to cover ourselves to make sure that if there was that instance, we would have crash-consistent availability of all the data within the same time frames. And what process do you guys go through to help you understand? I know you said your customer-facing apps are tier one. Anything else fall into that tier one? Some of the practitioners, as Dave mentioned, the Wikibon folks that listen, it's helpful for them to get an understanding of what's tier one, what's tier two, what's some of the decision-making process I use to have something slayed in there from a protection standpoint. A lot of it is surveying the businesses in terms of what application platforms that internally, that they're leveraging to do their daily jobs. And for them, the tall IT, specifically, if they were without this application in these time frames, could they still do their and continue business without suffering? And so you're going to have basically all the back-end applications, the Teller platforms, the Lending platforms, Harlan, Unify from Fiserv, OnBase from Wausau, those are critical business-facing applications internally that they've defined that need to be there. When you talk to your peers and thinking back when you had previously your existing environment, what keeps you and your peers up at night when you're thinking about data protection? The unknown, what is going to happen as a service provider going to cause an outage? Okay. And that goes into that IT as a service and so where we're at is we're looking to move more towards that software-defined data center to reduce the impact points. So I'm looking for specifics on how, give me some proof points. How did EMC help resolve those problems? And can you talk about any specific metrics or business outcomes that occurred as a result? Well, there's two points to that question. The first part is how did EMC help? Basically, we looked at different service providers and EMC isn't just a product company, they're a solutions provider. When I looked at their tight integration with VMware and other partners and players, they brought a whole solution stack to the table. So previously we had NetApp in play for a VDI environment. We ended up removing that because it didn't fit well within our environment for having one solution to go with, one vendor. So as I mentioned, Vplex, RecoverPoint, Avamar, Atmos, Source One for Archival Recovery, I have one stop shopping to go to with one provider that gives me that benefit. The business critical points that map into that comes around defining key metrics in terms of what is critical to the business for uptime and recovery to map to that solution set. Okay, so the outcome was you're able to meet those business requirements and deliver that service. If you had to do it over again, what would you do differently? If I had to do it over again, I'd do something a little bit differently is when I put in Vplex with VMware in a metro cluster environment, it was a little bit bleeding edge at the point. I probably would have vetted it out a little bit further. It took a little bit about six months of groin pain to get the solutions that fully mapped out and functional to where it needed to be truly that zero downtime environment. And I wish I would have done a little bit more on the business side in terms of validating some of the business processes. We had a few of them slip through the cracks that ended up getting vetted out in the process. So those were blind spots or white space that you had to fill in? Exactly. Okay, last question is if thinking about the next 12 to, let's say 18 months, what are the big initiatives that you're focused on? Infrastructure as a service, those IT as a service aspects, trying to align to where I'm doing more with less, that could be software-defined data center, it could be partners providing services that augment. So I'm trying to reduce big CapEx expenditures and go in with more of an OpEx fixed cost. How will that affect your data protection environment specifically? It shouldn't impact the data protection environment that's where those same requirements got a map over. And looking at partner assessments is very hard and when you're looking at cloud and service partners that say they have infrastructure as a service, there's not one size that truly fits all nor does they all cover the gamut. Tom, great having you on theCUBE. We always love the practitioner's perspective. Love talking to the guys who are actually doing it. Thanks very much. Yeah, thank you, I appreciate it. I'll keep it right there, buddy. We'll be back with our next guest. Right after that, we're live from Las Vegas, AMC World 2014. This is theCUBE.