In this Run and Reinvent podcast, I chat with BMC Software CIO Scott Crowder about the company’s move to the cloud and what it’s like to drink your own champagne. Below is a condensed transcript of our conversation.
Allison Cramer: Last time we spoke, we talked a bit about your cloud journey with BMC and how things have started off. So, maybe you can start off with just telling us what are some of the considerations you had? Why did you push towards moving BMC more into the cloud, and what were some of your initial observations?
Scott Crowder: It started really about seven or eight years ago, when I really showed up for the first day, and some of our engineers invited me to go look at the data center. And I walked in the center, one of 36 data centers that we had, and I thought, “Oh my goodness, we really have to rationalize these data centers, and really modernize the overall infrastructure.”
The majority of the data center foot space, footprint that we had at the time was actually for our research and development organization, which basically, IT would get an order from R&D, we would go and procure that, stand up the instance, whatever it may be, Unix, Windows, Solaris, etc, and then hand it over to R&D, which that as it would never be seen again. So, the reclamation of assets never really happened. R&D would order, and we would deliver, and that’s how it was for many, many years here at BMC.
As part of our cloud journey, we decided that we really needed to rationalize the hardware footprint, which went through extensive evaluation of energy efficient and high-performance compute storage, network virtualization stack, etc, and standardized on that. And then we really kicked off in earnest our data center consolidation initiative. We went from 63,000 square feet of data center, and 36 different data centers and labs, and were able to actually consolidate that over a four-year period, down to four primary data centers, as well as wiped out a megawatt of power.
And then, also, really transformed the way we delivered services to our research and development business partners. So, in the past we were order takers, as IT, and really using one of our products that’s really build for large carriers. It’s cloud lifecycle management, or CLM. We were able to build a self-service capability for our research and development organization, and really wipe out the order taking mentality and philosophy, and really become more of a self-service type of infrastructure-as-a-service provider, for our research and development organization.
So, literally, our R&D group really doesn’t have to talk to us, unless they need something wildly exotic, or out of the norm. They can go into our portal and pick whatever they want, from 10 virtual machines, large, medium, small, to a full-stack build of our Helix ITSM, or any of our different products. So, we really got IT out of the way, but also really enacted, because we were leasing these assets to our research and development engineers, so, really, we lease it for 90 days, and then we reclaim it.
If they need to extend, they can, which really gives us the ability to now control our capital cost, and really become more efficient, and ensure that those assets that they’re using are reclaimed and available for other engines nearest to use at some other point in time. So, that was really our private cloud, again, going from 63,000 square feet, to 7,000 square feet, 1.6 megawatts down to 600,000 watts. And then, really, building out that self-service capability for our private cloud.
The next step, and this was all sort of in tandem, was really making sure that our business systems were best-of-breed, and I’m really talking about our internal business system, that not only research and development use, but our HR organization, marketing and sales organization, accounting, finance, Etc. So, we really adopted a staff-first approach, and really today, about 80 to 85 percent of our business systems are software-as-a-service.
And I consider that public cloud as well. And what that really gave us is the agility, it gave us best-of-breed business systems that are industry standards now, and really took us to the next level, as far as reducing the overall dependency of our business on our data centers. So, most of those things are really off-premise now, operated as software-as-a-service.
So those are two big blocks, and then the third one really, as the public aloud adoption became more relevant, AWS, Azure, Google, etc, our engineer started building more and more cloud-specific, or public cloud-specific products. And we use our technologies to actually provision those assets as well, within Amazon, Azure, etc. And in probably about 15 to 20 percent of our development now is really focused on public cloud-native APIs, web services, microservices, etc. And we actually deliver a lot of services, as part of our software-as-a-service portfolio, via AWS and Azure. So, those are really the three clouds that I look at, when I think about our transformation journey.
Allison: As folks are considering their cloud migration, or movement to the cloud, they start to consider, do they want to move all the activity off of specific particular sever and move that into the cloud, or do they want to look at moving an entire application into the cloud? And both of those have different issues associated with them, and maybe there are different reasons why you would choose one or the other. Could you give folks some advisor guidance on folks struggling with that question?
Scott: As you can imagine, at BMC we are operating a fairly extensive private cloud infrastructure, with tens of thousands of virtual machines that are, again, more or less self-service, with regards to our research and development group. We operate those virtual machines for about $135 a year, for a medium or midsize virtual machine. To run that on an on-demand instance, or any other on a public cloud would be multiples of that.
And, for the things that really just need a basic virtual machine, basic Wintel or Linux operating system, it’s much more cost-effective for us to do it in our private cloud. But as I mentioned before, all the things that we’re doing, from a public cloud-native perspective, it just makes sense that everything like that is in the public cloud, AWS, or Azure.
I think a lot of people, overtime, and really early on, when things were really amping up around public cloud, there was a lot of people that just said let’s move everything to the public cloud oh, it’s going to be cheaper. And really, my philosophy on that is, do the things that makes sense. So, if it is a new application that you’re developing, absolutely put that out there, put it on AWS, Azure, etc. If it’s an application that is portable enough, and makes sense, and can operate in that environment, you can certainly do that, but there are a lot of applications that it doesn’t make sense just to move to the cloud, just because you think it’s going to be cheaper. And really, what we found is, it depends.
So, when we are operating large data centers at scale, and using a lot of our software, really, all of our software, we can operate a lot more efficiently than the average IT organization. The average IT organization only uses probably about 35 to 50 percent of a server, whereas in our case, were using 90+ percent of our computer memory, with regards to our virtual machine infrastructure. So, we can do it a lot cheaper, but it depends on the sophistication, I believe, of the IT organization, and how much they are really using the hardware resources that they have.
One instance, for example, we would not move our Oracle or ERP to the public cloud, because, from a licensing perspective, we can operate that more efficiently in our own data center. But, there’s many things that we have done, and there, again, I think a lot of the applications, or business applications that we use utilize here at BMC Software are predominantly on software-as-a-service platforms, not customized, not specific to BMC, but really, something that, like a Salesforce and major software service providers offer.
Allison: What are some of the new security challenges you’ve had, or how have you addressed things as part of your cloud adoption?
Scott: You can really never relinquish the security posture, and approach an ownership to the public cloud provider. They are providing certain services, and trust me, they’re very good at what they do, with regards to trying to keep the bad guys out, but our security team is always intimately involved in all aspects of what we’re rolling out to the public cloud. We actually, we go through a rigorous analysis of the various providers that we’re using, to ensure that they have all of the right credentials, we have auditability, SOC 2 {compliance}, etc, and now there’s GDPR, there’s just a whole new level of governance that you have to think about.
One of the things that really help us, with regard to public cloud, is one of our products, and it’s really BMC Helix Cloud Security. And what that enables us to do is actually ensure that all of the right settings are in place before you move assets into AWS or Azure. For example, there are many holes that can be opened, or that are open just by default, with regards to an instance that you spin up. And the last thing that you want to do is have people have access to your crown jewels, or your customer database, or whatever it might be, by not having the right settings in place.
So, really, cloud security helps us ensure that we don’t shoot ourselves in the foot, and that when we do move applications out to the public cloud providers, that all the right settings are in place, and if there are, then, future vulnerability that are identified, that we have the ability to really close those holes up, with the push of a button, really making it simple and sort of effortless to ensure that your security posture is in place on the public cloud assets.
Allison: We very affectionately refer to your team as Customer Zero, for a lot of our products at BMC. So, I’m wondering, in addition to Cloud Security, what are some of the other things that you’ve tried out that we offer that I’ve helped in your journey? How did you use them, and what problems did they solve for you?
Scott: We use all the different Helix products, so one of our favorites is the Helix Multi-cloud Discovery product, which really is the only product in the industry today that gives the capability of really mapping all the various systems that are talking to each other, the dependencies on the various applications, as well, identifying all of the different web services, microservices, APIs, etc, and there’s hundreds of them AWS and azure, and how those map to your hybrid architecture and infrastructure.
So, many, many customers are living in this hybrid world, and really being able to map the public APIs, microservices, web services, etc, to what’s happening in your private data center on your systems and records, ERP systems, things like that the, are vitally important, and that’s really one of the only products that has that capability, and we work very closely with both Azure and AWS to make sure that we had all of that mapped out. We mentioned cloud security already, so that’s one of the big ones that we are using.
I’d say, from an ITSM perspective, Innovation Suite is one of the ones that were using, with regards to building chatbots, and also enter operating with IBM Watson. So, that’s a big one. Smart IT is a big one, as well. So, there are many products that are really cloud-native, that we’re delivering as a service, that are relevant to today’s truly hybrid world in which we live in.
Allison: Do you have any additional comments you’d like to leave for other CIOs who are working through their cloud migrations?
Scott: It’s a journey, and you have to be pragmatic about what you’re going to go tackle. You can’t solve it all at once. These are, a lot of times, like our data center consolidation initiative, is a multi-year initiative. But one of the strategies that we said was let’s consolidate and play. So, let’s get rid of 50,000+ square feet of data center, and understand all of the different assets standardized and infrastructure framework. And then, that makes it a lot easier, once you really understand the different things that are within your infrastructure, and again, and you can use our multi-cloud discovery to do that. But, standardized, and then ultimately, you pull the trigger on making it happen.