Six Questions to Ask Your Cloud Service Provider Before Moving SAP to the Cloud


By: Jake Echanove, Virtustream Solutions Engineering Director
HANA Distinguished Engineer

Moving mission-critical applications such as SAP to the cloud can provide a great return in terms of user satisfaction and fiscal management. It requires careful consideration, however, when choosing the Cloud Service Provider (CSP). Before you take the plunge, ask yourself these six (6) basic questions:

  1. How do you assure performance?
    Many CSPs will not or cannot provide service-level agreements (SLAs) around performance. Companies looking to move their mission-critical SAP workloads to the cloud must have confidence that the systems will perform off-premises as well, if not better, than they do on-premises. It can be tough for CSPs to provide performance guarantees if they have multiple tenants sharing the same compute and storage infrastructure. Understanding how the CSP will manage potential noisy neighbor issues is an important component to consider when choosing a provider.
  1. What is the billing methodology?
    Flexibility in billing is one of the areas where a cloud deployment is advantageous. CSPs that bill similar to the old managed hosting model are not offering all benefits of the cloud. Some clouds charge based on the resources allocated, but offer the option to shut down systems when not in use to limit costs. A small number of providers take this a step further and offer true consumption-based billing, similar to how the power company bills for kilowatts. It is possible to sign a long-term commitment, but still take advantage of consumption billing. Signing on for a multi-year contract has benefits in helping to negotiate a better price and providing stability in the financial planning model, but paying on an OPEX model is a key differentiator for cloud based deployments.
  1. Where are your data centers located?
    The end-user experience should always play a role in the decision making. It is critical that the perceived performance does not decrease when moving systems to the cloud. Latency is a concern whenever moving systems off-premises. Some applications are highly resilient to latency, but others require multiple round trips during communication sessions. Having data centers in advantageous locations is important when choosing where to host cloud workloads. It is also important to work with a provider that has experience with running SAP systems in the cloud and can make architecture recommendations based on experience.
  1. When can you start a migration?
    An SAP migration is a complex and time consuming process. Working with a CSP that has the expertise and experience of migrating SAP workloads to the cloud will give confidence to customers on choosing one CSP over another. Working with a provider who knows the right questions to ask regarding areas such as scope, risks, downtime thresholds and interfaces will ensure a thorough planning session and enable a greater chance of success.
  1. Who are your customers?
    It is important for CSPs to provide a list of reference customers that include enterprises of similar scope, size, and motivations. Knowing that Global 2000 companies run their production S4 HANA systems in the CSP’s environment can be reassuring for prospective customers. Sharing a cloud with enterprise customers with common concerns regarding security, compliance, and performance is important for enterprises putting their systems of record in the cloud.
  1. Why are you different than others in the space?Knowing what, if anything, separates one CSP from another is important because this will help you to understand what additional value can be gained by moving to the cloud. Spinning up VMs or allocating more storage on demand are table stakes for most cloud service providers. Others specialize in the SAP world and have purpose built clouds to ensure that HANA runs as expected and SAP has the uptime and performance assurances required for the spinal fluid type applications. Additionally, a small number of CSPs focus on innovation in the SAP world.

Twitter: @JakeEchanove

Posted in Uncategorized | Leave a comment

PowerPoints to Insomnia Cure

Blog-Banner PowerPoint to Insomnia

by Chris Gaudlip, Virtustream Infrastructure Managed Services CTO

The title says it all…and we have all been through them…at first you are wide awake; by slide 93, you have made a grocery list, shopped online, read your email, instant messaged with a few folks and planned the weekend activities.

But, then there are the presentations that leave you with that feeling that, I just spent an hour of my life, but it was a quality hour, one I am glad I spent on gaining knowledge and more importantly wisdom.   Tidbit: Make sure your presentation instills wisdom and not knowledge.

If you are tasked with being a presenter, then you should think of it as the proverbial iceberg. Roughly 12-15% of it is above water and the part you see with the finished presentation. If you are taking the presentation seriously and it is a large audience, then put the ~85% below the water line as your effort to create the slides in the first place. I take a three-step process followed by my rule of THUMB:

Three Steps:

  1. The ‘Word Message’…I first create/brainstorm/re-read once for content, flow, wordiness, message, concept etc. (rinse, lather and repeat)
  2. Then the ‘Visual Message’…I look at the fonts, builds, pictures, diagrams, etc. If time permits, use this opportunity to engage your Creative Services department. Because Smart Art is neither Smart nor Art, and these folks can help you boost the production value of your presentations and help reduce the snore factor.
  3. With the third area as the ‘Talk Track Message’…This is usually the part most cannot take with them and one to spend some quality time on.

Opposing THUMBs to follow:

T=Talk Track that is

H=Humble, with an

U=Understanding of the

M=Message, without the

B=Blah, Blah, Blah

Follow this process and three out of four dentists will agree it was a valuable presentation.


Twitter: @chrisgaudlip

Posted in Uncategorized | Leave a comment

10 Tips for Securing Your Data in the Hybrid Cloud

Blog Banner


by Sean Jennings, Virtustream Co-Founder & SVP of Solutions Architecture


More enterprises are turning to hybrid cloud solutions, looking to employ the best elements of both private and public cloud environments. According to Gartner, nearly half of large enterprises will have hybrid cloud deployments by the end of 2017 and RightScale’s 2015 State of the Cloud Survey found that 55 percent of enterprises are currently planning for hybrid clouds.

With these increasingly common hybrid deployments, it will be important for enterprises to effectively secure critical data moving forward, minimizing all vulnerabilities, assessing real-time data and meeting industry compliance standards.

Sean Jennings, Co-Founder and SVP of Solutions Architecture at cloud provider Virtustream, says that today’s enterprises can learn many lessons about the unique challenge of securing the hybrid cloud from an unlikely source – ancient Chinese military general Sun-Tzu’s The Art of War.

Develop a strategic plan

“The greatest victory is that which requires no battle.” – Sun Tzu

Before migrating your data, take the necessary time to develop a comprehensive plan for securing it during migration and once in the cloud. By doing so, organizations can avoid worst case scenarios when facing threats in the future. Know what features you require in a cloud provider and have a thorough understanding of how the providers will protect your data.

Be self aware

“Know thyself.” – Sun Tzu

It is important to truly know the cloud environment in which you operate. Understand what your cloud provider does to mitigate risks, how they report incidents and what their plan is to restore and secure data effectively. Know the nature of the data and applications you are migrating to the hybrid cloud, and ensure that the platform of choice is suitable in all material respects.

Be aware of your environment

“Know thy enemy.” – Sun Tzu

It is also important to understand the type of space you are in, what specific threats there are and what, if any breaches, have occurred in your industry. Be able to explain why another company’s data was compromised so you don’t make the same mistakes.

Choose a compliant hybrid cloud

“Invincibility lies in the defence” – Sun Tzu

As a baseline point of analysis, your cloud provider should be fully compliant with the latest security standards and hold certifications widely accepted in the industry, including specific regulatory requirements applicable to your business. You can’t prepare for future threats if your provider isn’t following best practices. Caveat Emptor: be aware that compliance is often a static point in time snapshot.

But don’t rely on standards alone

“The general who wins the battle makes many calculations in his temple before the battle is fought.” – Sun Tzu

Many times, enterprises believe their data is completely safe simply because their hybrid cloud provider is compliant with one industry standard or another. The truth is, 3rd party certification of these standards are a snapshot in time, and sometimes obsolete before the ink dries on the certificate. Certifications are necessary, but not sufficient. Continuous monitoring of compliance is a must.

Embrace transparency

“Balk the enemy’s power; force him to reveal himself.” – Sun Tzu

Your cloud provider should be upfront and open about any emerging risks in the industry, including those directed at their technology stack. You want to know that your data is being protected, what the emerging threats and risks are to your services, and how these threats are mitigated. It is important to have clear understanding and reporting of the provider’s responsibilities and your own.

 Use all of your resources

“The opportunity to secure ourselves against defeat lies in our own hands.” – Sun Tzu

While there are many threats in IT today, there are also just as many tools and techniques to keep your data as safe as possible. Make sure you are using everything at your fingertips to thwart potential security breaches, and insist on a robust cloud platform. As an example, does your provider implement two-factor authentication and role based access controls? Is there continuous monitoring? Is encryption of data at rest available?

Stay one step ahead

“To defeat the enemy, become the enemy.” – Sun Tzu

Your security tools – and your provider’s – should be continuous in nature, probing for weaknesses and changes, giving you a real-time look at how your data is being protected in the hybrid cloud. Always find security vulnerabilities and weak points before potential attackers do.

No two clouds are alike

“If ignorant both of your enemy and yourself, you are certain to be in peril.” – Sun Tzu

While two clouds may share identical certifications, they will almost certainly have different risk profiles. Understand these risk profiles and their effect on your security plan. The threats and risks are dynamic, and so your compliance and security toolsets and services – and those of your providers – must be as well.

Prioritize risk management

“The opportunity to secure ourselves against defeat lies in our own hands.” – Sun Tzu

After assessing the state of your hybrid cloud environment, you may identify a number of vulnerabilities. That doesn’t mean you need to fix everything at once; identify which vulnerability presents the greatest risk and remediate it first, and completely. Deploy or consume tooling to continually asses the risk profile of your cloud assets.

Twitter: @VCDX17

Posted in Uncategorized | Leave a comment

A/C D/C is Not Only an Australian Rock Band from the 1970’s

Chris Gaudlip, Virtustream Infrastructure Managed Services CTO


As we enter 2016, I thought I would address a few articles on the ‘Data Centers of the Future’ or simply ‘Smart Data Centers’. One area of innovation over the past few years are called Smart PDU’s (Power Distribution Units). In the years past, a PDU simply monitored power usage and kept power distribution ‘clean’.

Those days are long gone. Today’s PDU’s monitor humidity, heating and cooling areas and so much more than just electricity.

Although I don’t have a specific article to share, a quick search (via your favorite search engine) will display the wares of many of the top PDU makers.

I am always asked, how can we innovate and what are you doing to make services more efficient.

To use an overused term…it’s time to think outside of the storage box or VBlock box, and look around at PDU data center management. We just might differentiate ourselves if our services evolve just like the age old datacenter into SMART SERVICES…and yes, we think outside of all boxes.

Do we offer management and monitoring of PDU’s in a customer data center and use Big Data to correlate it to our storage and backup services? Hmmmmm

A cut and paste from a manufacturer SMART PDE brochure immediately captures the innovation that has swept the datacenter from PDU’s of old that simply provided electricity.

Reduce energy costs

  • Identify high power consumption equipment by using logs and port
  • Find opportunities for consolidation of underutilized equipment
    such as near-idle servers
  • Use environmental monitoring to identify overcooling situations
    where temperatures could be increased for energy cost reduction

Manage and optimize power capacity

  • Use real-time remote monitoring to understand usage vs. capacity
    and make informed decisions on equipment additions and data
    center changes
  • Evaluate actual usage versus design assumptions (using equipment
    nameplate ratings) to understand true power needs which
    may help increase equipment densities

Spot and prevent potential problems to ensure uptime

  • Use alarms to quickly identify problems and drive resolution
  • Set alarm thresholds to spot potential problems such as overloads
    that could lead to power loss and downtime
  • Use logs to identify erratic power consumption
  • Use environmental monitoring to evaluate planned vs. actual
    temperatures to identify areas with insufficient cooling

Efficiently control power functions and resolve problems quickly

  • Use individual outlet control to remotely restart equipment or shut
    down specific units
  • Use sequencing to safely start up


Posted in Uncategorized | Leave a comment

Will The Real Enterprise Private Cloud Please Stand Up

Chris Hale, Virtustream Vice President of Technical Marketing

Survey after survey have reaffirmed that IT security continues to weigh heavily on the minds of global CIOs. As just one recent example, cybersecurity was cited as a top priority for the fourth straight year by respondents of the CSC Global CIO Survey. With innovation and agility as key CIO objectives, it should come as no surprise then that 80% of respondents to the 2014-2015 edition of that survey reported moderate-to-heavy investment in private cloud.

All too often, however, private cloud is implemented as a thin layer of automation on top of traditional virtualization technologies and IT practices. And all too often, these projects struggle.

According to a survey by Gartner’s Tom Bittman, the top problems encountered by organizations using private cloud include:

• Failure to change the operational model
• Doing too little
• Failure to change the funding model

Managed Cloud Image

In other words, plenty of private, but not enough cloud!

Private is Not Enough
It seems obvious enough that in order for something to be a private cloud it must be both a cloud and private, but achieving adequate “cloudiness” is exactly what trips up most enterprises.

What makes private cloud difficult for enterprise IT organizations is that cloud computing is as much a mindset as it is a technology choice. Some of the more important mindset shifts include:

• Real self-service. Some enterprises may have taken cues from their facilities teams in implementing self-service… rather than offering users real control they offer placebos that give the illusion of it. If your self-service instance creation form generates a help-desk ticket on the back end, you’re not thinking about cloud correctly.
• Pets vs cattle. Pets vs cattle has become a popular metaphor for the server lifecycle in traditional vs cloud systems. In the former we name and care for each of our servers as unique; in the latter we number them, consider them largely interchangeable, and replace them when they’re sick. Treating your private cloud servers like cattle is an important indication that you’re focused on true industrialization and automation, and a key indicator of success.
• On-demand economics. Fear of cloud sprawl, zombie instances, and the like, is often cited as a justification by those attempting to deliver private clouds using manual IT processes. In fact, charging the private cloud’s customers for resource usage is an important mechanism in helping the business align opportunity with expense, and ensuring that they use available resources responsibly.
• Application focus. While all cloud computing providers must be infrastructure experts and have an internal focus on operational excellence, the most successful commercial providers have a market facing focus on developers, and they invest heavily in application layer offerings. They do this because they know that to the cloud’s user the app is all that really matters.

While this isn’t a complete list of all private cloud considerations, if you’re able to implement these mindset shifts within your organization, you’ll be off to a good start for sure.

Cloud Mindset On-Demand
For many in enterprise IT, private cloud most immediately connotes a cloud computing system running on-premises, behind the corporate firewall. Certainly on-premises clouds can be an important part of a comprehensive hybrid cloud computing strategy, but they are not the only way to deploy a private cloud.

For those wanting the security and privacy benefits of a private cloud, a popular alternative to racking and stacking servers in the data center is the managed private cloud. Managed private clouds, like Virtustream’s enterprise cloud offer businesses the best of both worlds: private AND cloud.

A recent Enterprise Survey by Ovum identified 17 of the most important reasons why enterprises choose to work with managed service providers. Leading this list are responses suggesting that MSPs allow customers to:

• Improve focus on the core business
• Free internal resources to focus on more strategic projects
• Avoid capital expenses

In the case in which the MSP is a cloud provider, and the provided service is a private cloud, an additional reason may be added to this list: the cloud mindset is built in.

In the case of Virtustream’s managed private cloud they are supported by the same team, data centers, processes and xStream software platform that powers our public enterprise cloud offering – so you can be assured that your private cloud is as cloud as it is private. (and private it is…find out more about Virtustream’s chipset-to-compliance cloud security features)

To learn more about the challenges and rewards of managed private cloud, and to receive important tips for implementing one, download the Virtustream Managed Private Cloud white paper.

Twitter: @HaleChris

Posted in Uncategorized | Leave a comment

The Stage is Set

Rod Rogers, Virtustream CEO

These are exciting times for Virtustream. We’ve hit the ground running, and I’m thrilled about the new year and what’s in store.

First, it’s an honor to be leading an EMC Federation company alongside some of the most talented professionals in the industry. Our new structure gives us the scalability and reach to extend our global footprint in the complex, mission-critical cloud applications market. This is no small feat, and when you add that we’re just getting started, the future is looking brighter than ever. We aspire to record growth in 2016 in a number of our business segments and have assembled a portfolio of software and services that will allow us to partner even more deeply with our enterprise, service provider and public sector customers.

On January 27th, EMC held its Q4 earnings call, and Virtustream was featured as a significant part of the Federation’s growth strategy. Joe Tucci, EMC chairman and CEO, shared his thoughts on our ability to drive even higher growth rates in 2016 and beyond. The stage is set for us to aggressively pursue our growth agenda in 2016, and with our great team, Federation partners, and most importantly our customers, that’s just what we intend to do. Here’s a brief excerpt from Wednesday’s call.

“Virtustream, our newest Federation company, has fortified the EMC hybrid cloud portfolio. It ended Q4 with the strongest bookings quarter in its history. Since our last earnings call, we’ve evolved our approach relative to the integration of Virtustream. Importantly, we wanted to better leverage VMware’s enhanced multi-cloud, multi-device strategy and ensure that Virtustream continues to be a premier vCAN partner, embracing VMware’s technology suite.

We have decided to focus Virtustream on two key high-growth cloud opportunities. The first area is Virtustream’s heritage, namely to run complex mission-critical business applications on its modern cloud architecture, which features Virtustream’s internally developed xStream software technology, a true differentiator.

EMC’s strength is highly complementary here as its infrastructure principally supports mission-critical applications across its vast global customer base.

The second cloud area in which Virtustream will focus leverages EMC’s most trusted position: the enterprise storage arena, by offering a portfolio of cloud-based solutions for tiered data storage, archiving, backup and disaster recovery.

To help accelerate this second cloud storage thrust, we moved EMC II’s cloud-based commercial object storage service and its managed services business into Virtustream earlier this month.

Collectively, the new Virtustream will start out life with nearly $100 million in quarterly revenue. As I’ve said before, we are expecting very high growth in this area. Both Michael Dell and I are very excited about the prospects of our Virtustream business and feel that our combined synergies will drive even higher growth rates for this business in 2016 and beyond.”


Posted in Uncategorized | Leave a comment

The Future Looks Very Bright

One of the areas I am excited about in 2016 is Virtustream’s extended partnership with SAP – which offers a secure, flexible cloud infrastructure service for SAP HANA Enterprise Cloud (HEC).

We launched this service in EMEA & MEE this past week at the Barcelona FKOM event and we are launching the same service in North America this coming week at the Las Vegas FKOM event.
The feedback so far from SAP has been very positive, especially once we shared with them Virtustream’s experience, skills set and ability to execute around SAP and HANA Cloud (i.e., over 200 production customers in a multi-tenant cloud, first S/4HANA in a cloud deployment, etc.).

Several key areas unique to Virtustream’s HANA Cloud, which delivers HEC workloads together with SAP, is our industry leading support and certification for “Regulated Industries” including: Government: FedRAMP and FISMA certification
Commercial: PCI-DSS certified
Healthcare: HIPAA certified
As well as Financial Services, Regulated Utilities, and many others.

Another key area is around “Faster Time-to-Market” with our rapid deployment capabilities, which enable us to meet the most aggressive deployment timelines. There are some very cool innovations in this area, where our Application Automation teams are driving innovations at incredible speeds.

A third area is the ability to support Heterogeneous Application Environments. The reality is that most existing SAP landscapes are mixed environments with SAP applications, new HANA platforms, and legacy SAP on “anyDB” environments, as well as connected non-SAP applications. This also includes the ability to provide short-term transition landscapes for non-HANA DBs.

The last area is the ability to support a wide range of SAP HANA sizes. Regardless of ScaleUp or ScaleOut, and regardless of Virtual HANA or Physical HANA, we support the highest capacity available from the SAP approved OEM vendors certifications. And we continue to push innovations in this space to be able to handle the most demanding HANA client requirements.

In my humble opinion, this makes Virtustream’s HANA Cloud capabilities simply the most mature, flexible and cost effective in the industry! We welcome the opportunity to engage with SAP field teams, clients and SAP partners to have conversations in these areas to prove out our capabilities in greater detail.

For more, read Henrik’s entire blog at

Posted in Uncategorized | Leave a comment

Key Considerations in Architecting SAP HANA for the Cloud

SAP-HANA-logoBy Jake Echanove
Senior Solutions Architecture, Virtustream

Moving any mission critical workload to the cloud can be daunting, but deploying HANA in the cloud requires a special understanding of the options. There is still some confusion and misconceptions around what it takes to implement and run HANA in a multi-tenant environment, while still being in compliance with business continuity requirements. It is important for businesses to understand the HANA deployment alternatives and architectural design before selecting the best fit for their business continuity requirements.

One major barrier to entry for HANA has been the considerable hardware investment required to support the platform. Memory heavy appliances can be quite expensive and architects must design with this in mind. There is always a balance between cost and the resiliency of the high availability and disaster recovery design. This is not unique to HANA, but paying $100,000 to over $1m per appliance necessitates that many alternatives are considered before deciding on a final design.

One HANA deployment alternative is virtualized HANA (vHANA). Leveraging vHANA can provide significant cost benefits to a customer. First, customers can eliminate the big upfront CAPEX investment of a HANA appliance. Next, it is also possible to take advantage of the vSphere tools for high availability and disaster recovery. This would eliminate the need for two dedicated HANA systems; one for high availability and one for disaster recovery. Bear in mind that the cloud provider must have the correct architecture in place and the additional vHANA capacity to accommodate any failover that may occur. Finally, depending on the cloud service provider, there may also be an option for consumption based billing, so customers will be billed based on the resources used instead of the resources allocated. Consumption based billing can be very beneficial to the customer considering that HANA often has a large amount of memory and CPU sitting idle.

Even with the expanding virtualization support, many HANA implementations will still require physical appliances. This is relevant for both scale-up and scale-out scenarios. For scale-out high availability scenarios the option is to add one or more standby nodes that can takeover for any active node that happens to fail. There are a couple of options for scale-up high availability implementations. One is similar to scale-out by utilizing GPFS or a storage adapter where, in the event the primary node fails, the standby node would take over the persistent layer and load data into memory. The other option for scale-up high availability is HANA System Replication (HSR). HSR will use a combination of snapshots and logs to replicate data to the target system. The benefit of HSR is a quicker recovery time objective (RTO) because data can be pre-loaded into memory. HSR and storage level replication are also relevant for DR to send data to a target system in a secondary data center.

It is critical for HANA architects to understand the various options and what impact each will have on cost and RTO/RPO. Working with a cloud service provider that has extensive experience in architecting HANA in the cloud is crucial not only in ensuring a successful HANA deployment, but also in ensuring that business continuity and disaster recovery requirements are met.

Posted in Uncategorized | Tagged , , , , , | Leave a comment

SAP and Security in the Cloud

infosecBy Chris Hale
Vice President of Technical Marketing, Virtustream

The increased agility that comes with moving to the cloud solves many current technology challenges, but the journey to cloud computing can also accelerate the erosion of perimeter enforcement and trust boundaries. Many companies have been reluctant to deploy mission-critical applications, such as SAP HANA, in hosted cloud environments, due to these security and compliance issues. Enterprise companies looking to leverage all the typical advantages of cloud (cost, agility, scale, etc.) need to consider the following critical areas when considering this computing paradigm:

  1. Experience: SAP systems are typically complex, and require a number of interconnected servers, need correct versioning, and need certified and expert support. If your cloud provider does not have extensive and referenceable experience, with your exact landscape, then you need to keep looking!
  1. Performance: Hundreds, if not thousands, of users, potentially spread all over the planet, may need to access SAP systems, and if response time is slow, users will be inefficient and there will be direct costs. Hosted SAP systems need to use an architecture and WAN access process that balances cost with response time and an optimal design. Your cloud service provider must understand these challenges, offer various approaches and have extensive benchmarking experience to share so there are no surprises.
  1. Migration and On-boarding: This critical phase needs to have a project plan that makes sense and processes that limit the risks and time in transition. The longer a businesses is paying for two environments, the higher the costs, there are more database replication and updating issues, and other risks. Organizations need to see a detailed plan that is based on experience as mentioned above.
  1. Security Related Items:
  • RACI: Who does what? The RACI dilemma must be solved. Companies leveraging the cloud have to understand that there are shared security responsibilities. The cloud service provider typically handles all of the underlying physical, environmental, networking, storage and support systems management. Organizations that have needs for process and tools that include OS patching, scanning, logging, AV/AM, IPS, WAF, archiving, DR and IR Plans and testing, firewalls… on and on! The provider must have a well-defined process for identifying all of the necessary processes and then ensuring delivery of the selected items.
  • Data Sovereignty: Organizations that have PII data and workloads located in countries that have specific laws regarding where that data can and cannot be hosted, have to be supported. The cloud service provider has to have technical measures, contractual obligations and processes that fully support this critical area.
  • Search and Seizure and eDiscovery Issues: Organizations typically have many questions related to how the cloud service provider deals with subpoenas and requests for eDiscovery. The risk is that the cloud service provider hands over businesses data to authorities without the awareness of the data owner. Sophisticated and enlightened cloud users know how to leverage encryption and key management to eliminate this risk. Ensure that your cloud provider offers the tools to fully support the encryption during entire data lifecycle: before move, in transit, in use, in archive and data destruction once the workload is de-provisioned. Companies should be able to fully manage their own encryption keys, so they have exclusive control over who has access to data.
  • Audit and Compliance Support: Organizations should have their compliance framework fully supported by the supplier. ISO 27000, PCI 3.0, GxP, CSA, SOX, SSAE16, SOC2, HIPAA, NIST, FISMA, FedRAMP, etc. independently audited and compliant environments must be available. Audit reports and all of the related artifacts must be made available to the company, and the provider must fully support the business’s “right to audit.” Run, don’t walk, away from providers that don’t have this critical area fully addressed.
  • Security Posture: The organization’s security posture and maturity should improve during a move to the cloud. This is not counterintuitive. The cloud service provider should be using better tools from a very complete portfolio, have more security staff, leveraging threat feeds, and have the stated goal and offer proof of before and after, to demonstrate that the security of the businesses is in better shape after a move to the cloud.
  • Expert Consulting Available: Your cloud provider should have certified and experienced experts that can ensure that all risks are addressed appropriately. Test your potential provider with tough questions and challenges, if you don’t get good answers before the move, then you should not expect good support after the move.
  • Integration with Processes: Incident Response and Disaster Recovery are examples of critical functions that must be supported by the cloud service provider fully, or partially, as determined by the businesses. Testing, documentation and expert support must be in place to ensure continuity of operations during unplanned events.
  • Resilience: Things go wrong, but how the cloud service provider deals with an issue makes all the difference. The provider must have resilient capabilities to ensure that disruptions and costs are minimized during unexpected events.
  • Misconfigurations, Patching, SAP Notes: One of the highest risks for companies running SAP is ensuring the secure configuration of SAP is maintained during the product lifecycle, and risks increase if there are multiple support organizations involved. Ensure the cloud service provider has specialized tools that are specifically designed to scan for, identify, track and manage remediation efforts for SAP. Look to the recent breach of the SAP application at the US Federal Office of Personnel for evidence that vulnerabilities in this area must be addressed.

Support and Language Issues: Many cloud providers either outsource or partner with System Integrators, Basis Support Providers and other third parties. Ensure that your support is provided in a manner that minimizes costs and provides for as comprehensive as desirable support. The cloud provider should also offer those support resources directly and support all the languages that your user community needs.

As organizations continue to deploy complex and collaborative applications in private, public and hybrid cloud environments, and share data with global customers, suppliers and partners, security leaders must figure out how best to protect their entire ecosystem, and not just their organization. This is just a short list of the myriad items that organizations must consider as they contemplate moving critical SAP workloads to the cloud. Hopefully some of the items listed above give you additional considerations as you contemplate leveraging the cloud for your critical SAP workloads.

About the author

Chris Hale (Krystle Waters's conflicted copy 2015-04-18)

Chris Hale is Virtustream’s Vice President, Technical Marketing.


Posted in Uncategorized | Leave a comment

Venture Born. Enterprise Proven. [and now] EMC Strong

By Rodney Rogers
CEO, Virtustream

So I’m going to try to sum up the past 6 years in about 1,000 words. This may be a bigger challenge for me than this deal we just signed.

Before getting into it, I want to thank Joe Tucci, Pat Gelsinger, Howard Elias and everyone else that made this bet on us. We could not be more excited to embrace the awesome responsibility of Virtustream becoming the newest company in the EMC Federation.

We will not let you down.

 A Bit of Background:

 When my co-founder Kevin Reid and I started Virtustream in January of 2009, we were the antithesis of Silicon Valley hipsters. We were a couple of 40-something East coast guys whose technical experience came largely from the application services space (our Bios). We were, quite possibly, the least cool guys in the cloud. Further, we were intent on building a start-from-scratch cloud software and services business that would ultimately compete with the industry’s titans. Thankfully, we were foolish.

At that time we admired the core cloud architecture that AWS had built which ultimately ‘made’ the public cloud market that they continue to dominate today. We felt attempting to build a sub-scale AWS model, however, would be venture capital suicide and instead focused on incorporating many of the principles they pioneered in the way of multi-tenancy, elasticity, orchestration, and automation toward solving the engineering problem associated specifically with running I/O-intensive, mission critical enterprise applications (such as SAP and others) in the cloud. Further, we focused on automating many of the system functions required to manage these particular types of enterprise application environments so as to be able to offer a uniquely efficient managed service for the technology landscapes that ran on our cloud. Virtustream was born.

So in the midst of the 2009/2010 U.S. credit crisis we raised venture capital, built a team, and started to design and write xStream, our cloud management platform software. If you are not familiar with our technology you can find short high-level overview here.

We use xStream today to run our own cloud IaaS in North America and Western Europe, make it available as a commercial software product to Service Providers around the world to power their own cloud IaaS offerings, and also make it directly available as a commercial software product to enterprises and government agencies for private cloud builds.

Our Commercials

While there has been some promising IP developed in the venture capital backed cloud software and services space over the past 5 -10 years, it is more rare to find viable/sustainable commercial results. This is what we are most proud of. We were able to separate ourselves from the pack in this regard and as a young company achieve viable commercial results in a relatively short time in a space that is furiously IP-intensive and competitive.

Our business today is on an approximately $100 million annualized revenue run-rate of which approximately 60% is cloud IaaS and 40% is cloud software – the latter of which we primarily license to other Service Providers around the world. I believe we now have just achieved the first inflection point towards scaling this business. Not so much yet in our current revenue run-rate, but rather in the profile of that revenue now being very conducive to high forward recurring revenue growth rates based on major wins within Fortune 500 customers on both the IaaS and software fronts. We have proven to-date that we can win against anyone in our areas of focus without much geographical reach, or much of a balance sheet relative to our competitors. Virtustream did not exist just over 6 years ago, and I believe strongly we are well-positioned to grow within a reasonable timeframe  to a billion dollar revenue business by way of our own growth trajectory and by fully leveraging the Federation’s assets and reach. Yes, you can all now judge me accordingly on that.

This Deal

We had been preparing to take Virtustream public for about a year now. Earlier this year we had evaluated bankers and had received numerous data points on how we may price a public offering. We started down the path of a standard 3-Quarter process of selecting a banker, writing an S-1, and then ultimately filing it with the SEC. Our target IPO date range was Q4-15 to Q1-16.

As is often the case when you take yourself through a process like this, acquisition suitors emerge. We had dialogue with parties we knew well and knew had an interest in us. We received Term Sheets from a number of parties and evaluated our choices. The ultimate valuation ranges of these Term Sheets and the present value of the public offering pricing estimates were all in the same range of in/around $1.2 billion USD. We were in the wonderful position of having options, but also had a great burden of responsibility in making the right choice for our customers, employees and shareholders.

We chose EMC. It was, quite honestly, an easy decision. In addition to the terms EMC proposed, the enterprise-focused technology and service assets within the EMC Federation are, in our opinion, unparalleled. We believe that we help fulfill the EMC vision of being able to run any type of enterprise application in the cloud, anywhere in the world, through ultimately whatever method of consumption makes sense for the customer. EMC’s reach, sales force, commercial model and asset base will literally give us the opportunity to take this precious kernel of IP that we have developed and reach the world with it. Being structured as a new Federation Company affords us the opportunity to fulfill our own dream of changing the world of enterprise IT computing. We’re very excited about what this means in terms of expanding our technology offerings and reach for our customers and partners around the world – who play such an important role not just in shaping our journey, but also in shaping our very products and services.

In closing I will also say that we found every single person we dealt with at EMC to not only be outstanding in their area of professional discipline, but also just great people. That was also of ultimate importance to us.

We are humbled, energized and thrilled to now be EMC strong.

Posted in Uncategorized | 2 Comments

A Quick Overview of Virtustream’s Technology. Go!

By Rodney Rogers,
CEO, Virtustream

I was recently at a Fortune 500 cloud IaaS prospect and a senior technology executive there gave me “one opportunity” to describe what Virtustream did technologically and why she should care. Her two stipulations were that I had to make my case in 5 minutes or less, and without the use of any visual aids. She then just simply said, “Go:”

So I took a breath and went:

xStream, the cloud management software that powers Virtustream’s cloud IaaS, resides as an abstraction-based control plane above the virtual machine management layer in the cloud IaaS Stack. Our software diffuses the definitional bounds of virtual machines so we can size and service technology landscapes to the individual application requirements for compute, RAM, storage IOPs and network bandwidth. We then pool these resources in aggregate and optimally use them individually across our entire estate of hardware to service our entire estate of customers, sizing customer resource pools to specific QoS requirements. This allows us to always ensure that we have the required IOPs to guarantee the latency of the applications that run on our cloud, without over-provisioning hardware to do so.

This is particularly helpful for running heavyweight enterprise apps in the cloud (SAP systems and their residual interface apps, as an example), commercially guaranteeing application response times in production environments, eliminating unnecessary virtual machine “headroom” and ultimately billing customers on the individual resources they consume as opposed to allocation-based instance sizes. This allows us to offer a highly efficient service from both a unit price and volume of purchase perspective, while also being able to commercially assure the performance of mission critical apps running on our cloud.

We have also focused intensely on automating the functions required to maintain enterprise application landscapes. To accomplish this we have written a macro-orchestrator that sits atop an open platform which automates, through a library of digitized blueprints, the inter-dependent and sequenced actions (start, stop, clone, refresh, etc.) and the various system components (app servers, data base servers, web servers, etc.) of that landscape to perform a particular type of action (patching, application maintenance, upgrades, etc.) on the environment. This area is another huge differentiator for us particularly for SAP environments today, with Oracle on our near-term roadmap. We do not just address the automation of these management functions for the SAP or Oracle enterprise apps, but for the full ecosystem of web apps that interface with these core enterprise apps as well. This fundamentally allows us to manage more application landscapes with less system/application admin labor.

Finally, we add to this a rigorous set of security and automated compliance features that have largely been recognized by Gartner as best in class. From the table-stakes stuff of role-based access, the segregation of logical and physical assets, authentication, etc., through to the more complex features of encrypting data without damaging IO performance, through to performing silicon-level system integrity attestation (thru Intel TXT) and providing for the automated ingestion of massive amounts of sensor-generated technology asset data to perform continuous monitoring of assets for vulnerability and compliance-adherence. This area has also been a huge differentiator for us. We run the most secure cloud IaaS in the world.


We got that deal. Not because of my 5-minute pitch, but because of the real technology described in that 5 minutes.

The above is simply intended as a short introductory overview to Virtustream’s technology. There is a tremendous degree of further detail in the product sections, white papers, case studies, and other areas of our web site. Additional technical content for specific use-case requirements are also available by way of contacting us.


Posted in Business-Critical Applications, Cloud Computing | 1 Comment

Roundup of Virtustream @ SAPPHIRE


Round of Virtustream @ SAPPHIRE
by Michael Hoch
SVP of Cloud Advisory Services, Virtustream

SAP SAPPHIRE is always the biggest event of the year, with over 17,000 customers, prospects, and SAP experts rushing to Orlando to hear the latest and greatest from SAP.

This year, Virtustream @ SAPPHIRE was our biggest event in the history of the company. Our stellar booth sat right in the heart of the conference floor, with four stations where customers and partners could dig into critical topics for SAP customers interested in Enterprise Cloud solutions.

Of the hundreds of customers we spoke with over the three days, here are three themes that kept coming up again and again, by customers in almost every vertical, of almost all shapes and sizes:

  • Is real-time reporting with SAP S/4HANA actually real, or is it SAP hype? SAP’s announcements at Sapphire are often very forward-looking, bleeding edge technologies that have the promise of something great, but are just hitting General Availability. Many attendees wanted to know if S4HANA is real, and should be considered today, or if they should let it “burn in” for a while before putting it on their roadmap.

Virtustream encouraged customers to look at it now, today. A few weeks earlier, Virtustream’s announced the first production S4 HANA Customer in the Cloud with Don Whittington, CIO of Florida Crystals, took the plunge and completed the full migration to S4HANA in just 4 weeks. Also, Virtustream and its partner, Infosys, were demoing a real-life S4 Simple Finance solution that is being used today for by major automotive customer.

SAP users should be cautious about going too far, too fast with S4 Simple Finance – to use it does required a database migration for ECC onto HANA. However, SAP users should charge ahead with its close cousin S4 Central Finance – this can be deployed in a sidecar manner, without requiring a full ECC migration to HANA. It can connect to non-SAP systems using SLT. And it can greatly improve the speed, accuracy, and flexibility of financial reporting.

  • How can a CTO transform their on-premise infrastructure to become a real “IT-as-a-Service” provider? The enterprise cloud market has matured incredibly rapidly over the last 2 years, including support for SAP HANA. When Virtustream announced the very first ECC on HANA in the cloud, and launched its Cloud Service for SAP HANA at Sapphire 2013, we spent 95% of our sales efforts educating customers about how to buy SAP and HANA from a cloud provider, including what a true utility model is (as opposed to managed hosting), what kinds of SLAs to expect, how DR can be architected, which security frameworks could be supported, and so on.

Now, just 2 years later, most customers know what they want, and how they want to buy it. The big question is: Can we do this ourselves, in our own DCs? Or is “cloud” only available via a third-party? Large and small IT shops have always wanted to be able to provide fast-to-deploy, easy to manage, utility-based services for their internal groups. There’s a large existing investment in hardware and operations expertise that can’t be thrown away. And, despite the advanced security capabilities of many enterprise cloud services companies (including Virtustream), there are still many situations where the data must remain on-premise.

Virtustream’s Position: The full enterprise cloud IS available in an on-premise model today. A major manufacturing firm had a 0-minute recovery point requirement for their SAP HANA systems, which could only be met with a dual-site private cloud deployment within a metro region. Virtustream, Infosys, and VCE combined forces to provide a true enterprise cloud solution: utility-based multi-tenant for use by dozens of internal business units, highly secure, scalable, with near on-demand deployment capabilities for new projects sponsored by the business. Once fully deployed, the customer will be able to offer full “IT-as-a-service”.

  • Can a company with PCI, HIPAA, ISO, FedRAMP or other high security and compliance requirements really make use of an Enterprise Cloud? Ever since Amazon first launched their public cloud, there’s been concern about security in the cloud. Customers are rightly paranoid about maintaining their security frameworks. And in today’s climate, audit and compliance is not only a critical security capability, but a high cost of doing business. This is still the number 1 reason some customers say they may do test/dev in the cloud, but never run production.

Virtustream’s Position: It’s time to take a fresh look at security, both on-premise and in the cloud. With advancements in database encryption at rest, in motion, and in use, improvements in security hardening and user auditing, and mature end-to-end risk and compliance management offerings, and the ability to know where your data can and can’t move to using geo-fencing, the cloud is often *more* secure and compliant than an on-premise environment. It’s not easy, it’s not simple, but with sufficient expertise and experience, and the right tools and processes, a highly secure enterprise cloud is available and in use by major commercial and private sector companies today.

The approach we recommend to customers is to be as specific as possible about the security, audit, and compliance requirements for your SAP and non-SAP workloads. Use that as your calling card to evaluate enterprise cloud providers. Then collaborate with your cloud vendor on the design, risk profile, management processes, RACI, etc. The cost should be the last area to review: Once you have a design that meets your requirements, 9 times out of 10, your cloud vendor will work with you on how to get it at an attractive price. Of our 170+ SAP customers, we have not once met a security profile that we couldn’t meet or exceed. The cost was sometimes high, but the savings from moving the cloud generally far outweighed the additions for the extra security.

 About the author

MichaelHochMichael Hoch is Virtustream’s SVP of Cloud Advisory Services

Posted in Uncategorized | Leave a comment