Welcome to the Episode 365, part of the continuing series called “Behind the Scenes of the NetApp Tech ONTAP Podcast.”
There’s an old saying: If it ain’t broke, don’t fix it.
But what if it could be better? What if “fixing it” simply means “improving it”? Or – even better – letting someone else handle it so you have more time to take care of the numerous other tasks in your job?
That’s what the cloud is for, and in this Tech ONTAP Podcast episode, NetApp DeveloperAdvocate Shon Harris (@inkedtater, Shon Harris on LinkedIn) drops by to discuss the past, present and future of CloudOps and how it compares to all the other ops floating around out there in the IT-o-sphere and how Spot by NetApp can help improve the lives of DevOps engineers.
Finding the Podcast
You can find this week’s episode here:
I’ve also resurrected the YouTube playlist. You can find this week’s episode here:
You can also find the Tech ONTAP Podcast on:
I also recently got asked how to leverage RSS for the podcast. You can do that here:
The following transcript was generated using Descript’s speech to text service and then further edited. As it is AI generated, YMMV.
Episode 365: The Future of CloudOps featuring Spot by NetApp
Justin Parisi: This week on The Tech ONTAP podcast, we talk with Shon Harris about CloudOps and how NetApp Spot can help you achieve your best results.
Justin Parisi: Hello and welcome to the Tech ONTAP Podcast. My name is Justin Parisi. I’m here in the basement of my house, and with me today I have a special guest to talk to us all about cloud and CloudOps. So with us today we have Shon Harris. So Shon, what do you do here at NetApp? How do we reach you?
Shon Harris: Well, I am the developer relations lead for the Spot by NetApp group.
You can reach me via email at Shon, s-h-o-n dot harris @netapp.com, or you can follow me on the Twitter at inked, i-n-k-e-d tater, t-a-t-e-r, all one word. I’ve been with NetApp since September of last year. Joined coming over from a practitioner role and I lead up all of our developer relations and enablement and advocacy across the Spot portfolio.
Justin Parisi: Okay, cool. So talk to me a little bit about developer advocacy and what sort of stuff that you get involved with that.
Shon Harris: Yeah, so developer advocacy is a unique role. It’s basically talking to practitioners who are in the CloudOp space already who use the Spot products, but helping them use those products more efficiently and in a way that makes sense for their day-to-day operations, as well as going in and using my background as a practitioner and being able to talk about somebody who’s been in the trenches in the DevOps and platform engineering world, being able to go in as a practitioner myself and say, Hey, these are how I’ve solved these problems, this is how Spot can help you. These are some new ways to think about the problems that you’re facing.
So it’s a very unique role where there’s a lot of talking and being a part of the sales aspect, but it’s also bringing a little bit of the authenticity and knowledge of my professional background into the picture as well. I think that that’s the way that practitioners like to talk to each other, so it’s more of a peer level thing instead of a traditional seller/buyer type engagement.
Justin Parisi: So as a practitioner, can you tell me about how you would implement a DevOps mentality?
Shon Harris: Well, I mean, implementing a DevOps mentality is not for the fainthearted, but it’s the way that we need to go. It requires a real rethinking of how to approach communication and problem solving and doing it in a cohesive manner that breaks down silos. And so going in at ground zero takes a real effort to align everybody into the sprint cycle mentality where you’re going in and you’re trying to accomplish things in a very specific method, but at the same time, rethinking how you’re handling your deployments, how you’re handling your tests, and then building out the automation around it, I think is the other big challenge that a lot of practitioners have when they go into an environment that doesn’t have it, is how do I take all these tools to make it as automated as possible, and how do I balance that work out with everything else that gets thrown at me? And so it really takes a rethinking from the development and product side of the house, but also from the operations and the traditional IT side where it’s more of a cohesive relationship as opposed to throwing things over the wall and into the black box of, "well, this is somebody’s job and they’re gonna handle it," if that makes sense.
Justin Parisi: Right. So I would imagine that the traditional IT folks, Would present a little bit of friction to this sort of new shift in change and mentality. And really it’s the nature of it is mm-hmm to kind of resist change.
Shon Harris: Well, right. Your big thing is once you’ve got something dialed in and working the way that you want it, you don’t wanna change it. And it’s your baby at that point. Right. And for a long time, I had the same real struggle of allowing automated tools to come in and optimize workloads and do things that I knew that I could do by hand, but once I freed myself up to do more, I could focus as a more strategic member of the operations side of the house. And I quickly found that as I put more automation in place, the reliability and availability came with that as an added benefit. And then the organizations that I’ve worked in become to see me as a pragmatic problem solver, but also a strategic partner into the future of the platform. And so you find yourself being engaged more from an architecture perspective of what products got coming down the pipe. Instead of being told what you’re going to deploy, you have more of a voice when it comes to the actual deployment. And so changing that mindset, while hard and not the easiest thing to do, has been beneficial for every practitioner, including myself that I’ve spoke to, because it allows us to be seen as not the traditional IT guy holdup, but more of a, "Hey, we should talk to IT before we do this," type of deal.
Justin Parisi: So at some point there’s a light bulb where the traditional IT guy’s like, "oh, this is actually helping me. This is actually better." So what is that light bulb moment that you have seen when you are trying to sell people on this idea?
Shon Harris: I’ve seen pretty much three different methods. The first one is, "holy crap, this makes my life a lot easier because I’ve got automated tools doing things that I had to do by hand."
And a good example of that from me personally was I worked for a company and every morning on the platform, we had to do a. 30 to 45 minute system check before people logged into the system for the day to make sure that we caught in new problems. And you had to do it all by hand. You had to make a phone call, you had to test the dialer, you had to test incoming calls, right?
You had to test all these different functions by hand. And once we figured out how to automate that process, it really allowed us to focus on issues that we hadn’t really been able to pick up on that were behind the scenes.
That made it harder to expose that visibility because we had all that time back because nine times outta 10 there was nothing wrong. We didn’t have to do that check every morning. It was just an extra safety check. The second thing I find, is that light bulb increases communication and like I said previously, You find yourself becoming more strategic.
Instead of having requirements thrown at you, you get to guide the requirements. You get to come in and say, "Hey, this is what we’ve got in place and this is what we need to wrap our head around," instead of being told, "Nope, we need to adjust." And the third thing that really sets it off and turns somebody onto that DevOps mindset is from a security aspect and security not being a breach, but security being a compliance and governance aspect, where you have to go in and produce all of these documents and backing evidence for your compliance certifications. And being able to have copies of your security audit logs, being able to have Vulnerability assessments, being able to go in and run tools that automatically find these so that you can go remediate and do what you do best.
And once you go into your first compliance audit, that’s where I really see that third light bulb come on. From the security and governance standpoint.
Justin Parisi: So there’s all sorts of different types of ops. There’s DevOps, there’s SecOps, there’s DevSecOps. We are here to talk about CloudOps.
So what is the difference? Is there a major difference between all of those or is CloudOps kind of a combination of everything?
Shon Harris: I’ve been using the term X- Ops, because it seems that recently, as we find more things that require this cross-department collaboration, be it from a financial aspect with FinOps, be it from a product aspect with DevOps, be it from a security aspect with SecOps. I think all of the X- Ops roll into what we know as CloudOps, which is the total enablement of all the different practices and methodologies that come together to create a cohesive and agile environment across an organization. So FinOps is a part of CloudOps. DevOps is a part of CloudOps DevSecOps, and your security testing and penetration testing is a part. Security operations from your SOC. All these different things roll in and because the cloud is so ubiquitous as a technology item right now, they all roll into the overarching idea that is CloudOps, which is maximizing our resources, reducing our spend, and ensuring that we meet the five pillars of operational excellence when it comes to the different cloud providers that we work with on a regular basis.
Justin Parisi: Yeah, it’s kind of funny, I kinda get this idea, this guy has this epiphany where he is like, you know, it’s like ops, but in the cloud. Mm-hmm. And that’s what it is. I mean, it’s silly. But it, that’s what it is. It’s just all the ops, but in the cloud.
Shon Harris: Right.
And I think that the way that we have to look at it is how do people learn? People learn by piecemealing and chunking up big ideas and making them bite sized, right? The famous line is you can’t eat the whole cow at once. And while we try, because we’re IT professionals and we’re so used to being on call and we’re so used to being the ones responsible for the operations of a platform. Traditionally, that has been under the IT department and the IT department it shall stay and stay forever. But I think that as the cloud becomes more ubiquitous and more essential for day-to-day operations, and as we enable developers to do more and call infrastructure and as we enable people to have visibility into the cloud infrastructure. The idea of CloudOps is the cow, and the X-Ops, right? FinOps, DevOps, DevSecOps, all these ops titles are the bite-sized morsels that we hand off and at a small mid-size company that may be all the same person, but you’re just using the CloudOps name to describe your methodology so that you have those delineations in place. But in a larger organization, take a NetApp, take a Microsoft, take a Cisco, where you have whole groups dedicated to just FinOps, where you have whole groups that are dedicated just to DevOps and They have very specific goals in mind.
At the end of the day, it’s all the same, no matter what size organization you are. We all fall under the CloudOps umbrella. We’re all trying to manage the cloud, the public cloud providers or even the private cloud providers, we’re all trying to manage the backend infrastructure, and we have to do it in an automated fashion for our sanity. We have to do it in a methodical way for our business, and we have to do it in a responsible way to manage the money that we have because IT has changed so much with how we procure services and resources. Now, it’s not the traditional six month buying cycle that you used to see in enterprise sales.
It’s, I’m gonna go plug in a credit card and try this tool out. And so we have to be judicious there with how we spend the finances. So it all rolls under the overarching idea of what CloudOps is, but at the same time, there are specific tasks and resources, but if we can automate those, it makes life a lot easier.
Justin Parisi: So one of the selling points of the cloud is that most of the ops are not your responsibility, right? It’s the responsibility of the cloud provider. Mm-hmm. So where does the delineation start? Like what part of the CloudOps falls on the cloud service providers and what part of the CloudOps falls on the end user application owners?
Shon Harris: I am gonna say something very controversial because I think that at the end of the day, just as if you were working back, like when we did on-prem and we used co-located data center spaces. They take care of the physical aspect. So anything physical related – power, access controls to the physical plant.
Making sure that redundant power there, making sure the cooling’s there, making sure all the backend infrastructure works and everything else is on us, right? They might help, they might give you visibility into your specific tenant. They might give you access to your specific tenant, and they might be able to help with a data breach because, At the end of the day, you left a storage bucket open, or you left a server open to the world and somebody got in and compromised your data.
Yeah, they can help with that. But all of that is still your responsibility, just the same as if it was on-prem. And you need to approach it from that aspect, because if you go in thinking, "well, AWS is gonna take care of this piece," you’re gonna be sorely mistaken when something goes down and you don’t have a good backup to recover from, or when you get hit by an inevitable data breach because somebody missed a thing on a checklist.
So the tools that we make at Spot by NetApp are built with this idea in mind that we help give you that visibility and that peace of mind while putting your cloud provider back to their traditional role and giving you more control and power over the idea of the security and the infrastructure posture that you have to maintain for your organization.
Justin Parisi: All right, let’s kind of unfold that a little bit. Let’s talk about the Spot by NetApp offerings. So what sort of offerings does Spot give you that helps you with your CloudOps mentality?
Shon Harris: Yeah, so Spot is a holistic portfolio of all things CloudOperations inside the greater NetApp organization.
People think of NetApp from a cloud perspective. They think of the storage options, they think of BlueXP, they think of the traditional NetApp stuff. Spot is in a very unique spot because we – no pun intended – we work in a unique segment of the CloudOp space. So we have automation tools to govern and manage your virtual machine infrastructure in the public clouds. We have the ability to manage your containerized infrastructure in the clouds. We have a product that manages your security and compliance posture in the clouds. And then we also have a facet that offers open source database as a service, where we manage all aspects of your database and you just load the data into the data lake, and we help you transform it.
And then we also have API and security product that help manage access to APIs that give you alerts when something changes. And then an AI-based security remediation tool that detects anomalies. So it’s really a overarching suite that takes the FinOps, the DevOps, the DevSecOps, and all of that, and wraps it into almost one pane of glass.
CloudCheckr is still on its own. And InstaClustr still is on its own, but from the Spot by NetApp main console, you can address 95% of your infrastructure and security compliance needs and tools that help you make your job easier by putting that automation in place for you.
Justin Parisi: And a big part of that is also the cost analysis, like understanding where all the money’s coming from.
Shon Harris: Where is the money coming from, where is it going and how is it being used? And identifying opportunities for savings. Because a lot of the job of the cloud infrastructure team at any company, be it a startup, be it a cloud native startup, be it a 20 year, Established company that’s moving into the cloud.
You have to manage all aspects of the FinOps side of the house, the financial operations, which means you are procuring your financial commitments, you’re making sure that you’re burning down your spend effectively. There’s a whole slew of different tasks that you would have to do that don’t make sense for somebody to spend time doing.
Right? If we can use an AI tool to go out and identify where your burning cost down, and you can come back and look at a dashboard and make a click and say, I want to change this aspect of it. That saves you tons of time because we’ve identified it. If you need to go out and buy new savings plans or readjust your financial commitment with your public cloud provider, we have a tool that helps automate that.
We can go out and procure those savings plans and financial commitments with the cloud providers, but then we can also help adjust. One of the benefits of a savings plan and a reserved instance type of acquisition policy is you can sell those off. And so we also uniquely are in a place where we can go in and help sell off unused capacity, unneeded capacity.
We can adjust, we can put guardrails around the financial aspect of the cloud service providers that you work with.
Justin Parisi: And there’s also products like Spot Security where you can help your security team isolate issues and figure out what’s going on in that aspect.
Because you know, like you mentioned before, it’s X- Ops, so it’s all ops.
Shon Harris: Right, and I think that security is becoming more and more of an important aspect of CloudOps. Because so much of our data and our customers data is stored in the cloud. And so being able to use AI-based anomaly detection to generate a security baseline and then being able to remediate off of the variations that come up, really increases your security team’s time to focus on more strategic security initiatives. Like how do we protect our data even better, because if we can watch something as simple as a bucket for storage being exposed unintentionally, and catch it before something bad goes wrong, it makes your life a lot easier than having to deal with a breach after the fact.
And so Spot Security uses that AI model to go in and automate deviations from your generated baseline and do it in a way that is proactive instead of reactive.
Justin Parisi: And it’s especially useful in the cloud because things are always scattered everywhere. Mm-hmm. If you don’t exactly know what’s where and what’s what.
They might not have even belonged to you. Right? Right. Somebody spun up something on their own and you didn’t even know it. So Spot helps you isolate those particular problems and then address them before they become bigger problems.
Shon Harris: Mm-hmm. Right. And I think that that’s the big thing that we forget when we look at it from a security aspect. Security isn’t just about the breach. Security is about knowing what you have in the cloud, what’s running in the cloud, and what’s got your name on it. Because at the end of the day, if it’s got your name on it, you’re going to be blamed for it. And a good example of that is with the Equifax data breach a few years ago where it was because somebody forgot to update a simple thing like an Apache Struts configuration and it let people in and how many people had heard about Apache Struts before that and then all of a sudden it’s, we’re looking at, holy crap, we’ve gotta start patching things cuz we didn’t realize we had those libraries in our products.
Same with some of the breaches that we saw last year where it was because of a vulnerable library that got put into stuff. It doesn’t have to be as complicated as the supply chain attack where your TLS certificate gets hijacked. It can be as simple as a library not getting updated, and then that library goes out on your flagship product and you have to go in and patch everything because of that one misconfiguration.
And if we can catch that ahead of time, we save you a lot of headache and we save you a lot of time and problems when it comes to your security posture.
Justin Parisi: It could be as something as simple as your home setup. We saw that with LastPass. There was a Plex server, this guy didn’t update and somebody got into it and realized, Hey, this guy works for LastPass, so let’s hack in and get his credentials, and then all of a sudden they’re in. So it’s possible.
Shon Harris: How scary is that, that right?
Justin Parisi: You can’t even like, relax at home watching your movies without having to worry about some person trying to take over your company’s data.
Shon Harris: And security is a full-time job and any security analyst will tell you how many sleepless lines they’ve got.
And I’ve had the opportunity to work with talented security engineers who’ve stood up SOCs, and coming in from a ground level and putting the dev/sec aspect into CloudOps is harder than anybody can imagine, and something that you really don’t want to have to do after the fact. So if you can get started now by wrapping security into your DevOps posture and workflows, you’re going to thank yourself and your company will thank you later because you’re able to have that in place ahead of time.
Justin Parisi: All right, so let’s talk about CloudOps and circle back to that. What’s the current state? What is it doing today? And where did it come from and let’s move it into what’s gonna happen in the future.
Shon Harris: Yeah, so I think really. The cloud evolution started taking place in the mid 2010, so 2015 is really when we started seeing the cloud providers become more and more ubiquitous more aligned with service offerings that kind of match each other. 2020 and the shutdown of the pandemic really forced our hands into the cloud. So there’s two things that I really noticed is there’s one side of the coin that is, how can we go all in on the cloud? And you see this as a lot of cloud native organizations, companies that are born in the cloud for the cloud and of the cloud.
And then you see companies who were kind of forced into the cloud, because suddenly they had to adjust their operations for global shutdown economically. We didn’t know what was coming. And so they just forklifted everything into the cloud, right? They took their servers and they took their one application that’s running on one old legacy server, shifted it to the cloud, turned it on and said, here we go.
This is what we’re gonna do, and we don’t know when we’re gonna come back. Well, it looks like now we’re making the steps to start pulling things back, and we’ve seen it with big names and companies that have the ability to pivot back. But we also see companies and firms that don’t want to be spending as much, but they don’t have the resources to come in and really adjust their spend. And so they’re buying all on demand instances. They’re running in the most inefficient way possible. And they took their compute requirements and they said, we’re gonna look at this server. We’re gonna match it as close as we can, and we’re just gonna let it run on demand. And then they get a bill for a half million dollars and they say, holy crap, why was our bill this high? So, there’s gonna be a movement to repatriate off the cloud. I’m gonna talk about that more in a second, but I think there’s gonna be also a movement to the idea of how do we wrangle in the spend.
So you’re gonna force the cloud providers to start competing for every dollar in. Instead of having the massive year over year growth, you’re going to see people become more concerned about their infrastructure, and you’re going to see people becoming more and more cost conscious when it comes to the infrastructure that they buy from the cloud service providers. And then you’re gonna see the other side of the coin, which is repatriating that software back off the cloud into an on-prem environment, which works if you’re a large global organization and you didn’t tear down your data center when you moved everything out.
A lot of companies have done this and they can. But there are also a lot of companies that can’t repatriate because they’ve moved out of the cloud. They’ve reallocated that space, they’ve changed their power and their bandwidth requirements. And to get all that back in is gonna take a lot of work. And so it behooves us as partners with the major clouds to come in and help customers really optimize their clouds. Because the other thing that people don’t think about is from a compliance standpoint, so many people rely on their SOC-2, ISO, SOC-1, GDPR, all these governance regulations that regulate the data that we hold for customers and people we do business with.
You rely on your cloud provider for a lot of that backend infrastructure support and guidance. And I know that people are looking at their screens right now going, well, he may be right. I didn’t ever think about that aspect of it, but think of every time that you’ve had to go into your cloud provider and download their compliance reports so that you could present them as evidence.
Take that amount of data, double it, and now you get to manage it on your own, which either means you’re either gonna a, buy more tools to manage it on an on-prem environment, which means you’re gonna be making another capital investment where every five to seven years you’re replacing servers.
Or you can go to the consumption model, which is where the IT departments and trends have been going for the last half a decade, and we really have to optimize our spend because nobody wants to manage all that compliance, risk and put their compliance status at risk by having to bring all that back on-prem.
So is it gonna make sense for some companies? Yes. but it’s going to behoove us as cloud optimization experts to come in and help customers make the best choices and the best decisions using real world aspects from their workloads to really help ensure that they’re running optimized and efficiently in the cloud without sacrificing security, compliance, or reliability of your platforms.
Justin Parisi: So let’s talk about the next six months. Like I know you mentioned mm-hmm. Companies are starting to move back to on-prem and starting to think about how they’re spending their money for I T operations. So what do you see in the next six months to even a year out for CloudOps? Does it still have a place?
Shon Harris: I think it’s gonna be a huge part of how we manage going forward. And the reason I say that is because I think that you’re going to find engineers starting to get burned out. And there’s a reason DevOps and cloud engineers kind of bounce around from jobs every three to five years is because they get burned out. Managing infrastructure gets hard and so automation’s gonna become key. People are willing to continue to rely on cloud service providers. There was a report that came out a couple weeks ago in an article on the news stack that talked about how a majority of companies don’t wanna manage their own Kubernetes infrastructure.
It was like 86% said, Nope, we don’t wanna manage our own Kubernetes infrastructure. We want rely on cloud providers. But in a study that we did called the DevOps Revealed Report, that Spot by NetApp commissioned in late 2022, there was a consensus among everybody that we interviewed and we interviewed 500 DevOps professionals around the world.
99% of them said automation is the key. 3% of them said that they had that automation in place and didn’t have to worry about anything. And the other 96, 97% all said we don’t have enough automation in place, and that’s gonna be what we’re focusing on for the next 18 to 24 months is getting automation in place, getting financial commitments in place, and being able to Reliably run our infrastructure at scale up or scale down.
And being able to do that is where the market’s going. And so you’re gonna see lots of financial optimization tools, infrastructure optimization tools. You’re gonna see a lot of changes coming down in a lot of the open source tooling to handle advanced views on containerization.
And I think that you’re going to see the DevOps space take on a new strategic importance in organizations as it becomes more and more apparent that the day-to-day choices that organizations make impact their DevOps and need to be considered so that your operations can run uninterrupted. If another major events happens, your platform has to be able to respond and so companies are going out of their way to make sure that that’s possible.
Justin Parisi: Alright, Shon, you got anything else for us?
Shon Harris: I would just say in closing that if you want to give Spot a try, you can contact me and I can give you a guided walkthrough. If you wanna learn more about it, you can visit our website at http://www.spot.io. That’ll take you right to the page. We offer a free trial.
And I think that everybody should give Spot a look because even if it doesn’t make sense right now, it’s gonna make sense down the road with the things that are coming, the trends in the technology, the need for more automation around containers. The features that we’re packing into our platform are gonna be huge, so I just think everybody should give it a look and just keep your eye on this space because I think DevOps and cloud optimization are gonna become a lot more day-to-day than it seems like they are now, even if you don’t see it. And it’s gonna become more strategic than people have previously seen the traditional IT role.
Justin Parisi: All right. Awesome. So again, Shon, if we wanted to reach you, how do we do that?
Shon Harris: Yep. You can find me on Twitter @ InkedTater, i-n-k-e-d-t-a-t-e-r. You can email me directly at Shon, s-h-o-n dot harris, h-a-r-r-i-s @netapp.com. Be happy to talk with you or anyone else about your specific CloudOps needs and the challenges that you’re facing and how our platform can help.
Justin Parisi: All right. Well, thanks so much for joining us today and talking to us all about CloudOps and X-Ops and all the ops.
Shon Harris: Perfect. Thanks Justin. It was a pleasure. Look forward to talking to you again soon. Yep.
Justin Parisi: All what that music tells me, it’s time to go. If you’d like to get in touch with us, send us an email to email@example.com or send us a tweet @NetApp.
As always, if you’d like to subscribe, find us on iTunes, Spotify, GooglePlay, iHeartRadio, SoundCloud, Stitcher, or via techontappodcast.com. If you liked the show today, leave us a review. On behalf of the entire TechONTAP podcast team, I’d like to thank Shon Harris for joining us today. As always, thanks for listening.