Announcer: This episode of SolarWinds TechPod is brought to you by THWACKcamp, a worldwide virtual IT event. Register for free at THWACKcamp.com.
Kevin: Alright, welcome to SolarWinds TechPod. I’m your host for this episode, Kevin Sparenberg, and joining me today, I have Jez Marsh, THWACK® MVP and founder of Silverback Systems.
Jez: Hello there!
Kevin: And we also have Brad Cline, director of IT here at SolarWinds.
Brad: Hey Kevin, thank you for the invite.
Kevin: Thanks for being here. So, today we’re going to talk about futureproofing, your other full-time job. So, it’s a buzzword we’ve heard a lot in the industry for various numbers of reasons, but when you hear the word futureproofing, what does it mean to you?
Jez: Well, it’s a difficult one because it all depends on what context, right? So, you can futureproof your hardware or you can futureproof yourself. But in this day and age with virtualization, futureproofing your hardware, that’s really just futureproofing the actual platform, right? But for yourself, well, that’s a whole new ballgame.
Brad: Definitely. From my point of view, I was saying first I go to a bit of an oxymoron, you know, to me futureproofing is almost endless fruitless endeavor to some extent, but at the same time, like it is something you have to think about every kind of purchase you make, every plan you make, every architecture you start looking at. And then for yourself, obviously we were talking about personal. Your goals or your career, how does that align with what can be coming around the pike, you know?
Kevin: Okay. So that begs the question, is it even really a thing?
Jez: Yeah, definitely. Like you say, something you hear everywhere, and whilst some people will say that futureproofing is really just staying on the treadmill and keeping up with the Joneses, it’s important to keep learning. That’s my take on it. If you stop learning, then you may as well just give up. Right?
Kevin: Okay. But when we talk about futureproofing, we mentioned hardware, we also mentioned software. We talk about like the platform. Is that really something you can get ahead of? Is there something, can you plan for a decade down the road?
Brad: You can try. [laughter]
Kevin: Will you fail if you try to plan a decade down the road?
Brad: I think if you really try to sit down and plan something out that far ahead with technology and how rapidly everything is changing these days in our world, I think you’re going to potentially fail. You’re going to set yourself up for a constant development cycle that you’re never going to end. And that’s a lot of the platforms that we’re looking at are essentially a constant development platform now. So, maybe that is success or where the success is found, but is that possible to continue forever, I guess?
Kevin: Well, yeah, I mean I remember being on projects and they’re like, “I need you to build this architecture good for three years.” You know, because a vendor or whatever came in and said, when you signed this contract, you’ll get this hardware from us, you’ll get support, unlimited support or whatever the deal was, and you’ll get that for three years. So, in my mind when I was given that, my futureproofing, and I–you can’t see but I’m doing quotes–my futureproofing was getting me to that three-year mark from the time of contract signing. Now Jez, you do a lot of work out for other people. Is this something you run into frequently? Where they say, “I just need this to last X.”
Jez: Yeah. Umm…
Kevin: You don’t seem happy about that.
Jez: No. Because if you’re planning short-term, you open yourself up to a lot of risk, right? Because what you have planned for three years, what are you going to do after three years? It’s almost a continuous thing. You don’t have to keep renewing it. But every organization is different. Sometimes it’s out of your control, what the interval is. Sometimes it’s five years and some people try and keep it in with, say the release of Windows, right? Or new hardware platforms coming out. Eventually you’re going to get given a curveball. So, you have to build flexibility into your futureproofing to make sure that you can roll with the punches. If you try to plan everything to the nth degree, I think you’re gonna fail.
Brad: I think you nailed it there, Jez. I mean, from what I’ve seen, you know, and I’m sure you’re seeing it all the time, is if you take too much time upfront on the planning, you’re not going to get the product out the door. Right? And you’re not going to meet the requirements from your customer, consumer, whoever it may be. But you have to be flexible in your application. You know, as you’re designing and building an architecture and think, what potentially is going to be coming? I know what the current needs are, I know what might be coming around the bend and we’re seeing these trends in IT and in the industry and in the world. What can I do when I’m picking out a platform that might meet, you know, X out of so many of the requirements that we know are coming at us. And I think that’s about as close as you can kind of try to get in with futureproofing. But it’s like buying a new car, right? I mean you know, you’re not gonna have the car for 20 years, most likely. Probably not going to have it for five, most people these days. So , you know when you were going to roll off the lot, it’s basically obsolete as far as you know, all things are considered, but you’re going to go for the one that’s going to meet your needs as long as you can possibly, you know, squeeze it out of there without having reliability issues.
Jez: Yeah. Give yourself a plan B as well, because if you’re too rigid, as you said, Brad, if you’ve got no flexibility, you become brittle. And that’s not something any organization wants to be.
Kevin: No one sharp hit and the whole thing crumbles. Yeah. That’s the last thing you need. But it’s funny you bring up the car analogy because if we buy hardware from a vendor, regardless of who that vendor is, if we buy stuff that was released today, is that already behind the curve because they’re already doing active development hardware and software. Whatever I buy today, they’re already working on the next. The next is out there waiting to go to somebody.
Brad: I’m here seeking, you know, nodding my head. You know, nobody can see it. But yes. Yeah. I’m completely agreeing with you. I mean, yeah. Whenever we’re buying something, they’re already something, they already have it in their lifecycle, that’s you know, a few months or a few weeks away from being announced, that’s probably going to completely supersede whatever we have in our pocket that we’re signing on.
Jez: You gotta accept it. You gotta accept that what you’ve put in may already be obsolete within a week almost. You know? It’s a tough one but you need to make sure that what you delivered deals with what you need it to deal with right away and accept that there might be something better around the corner. Because there always will be.
Kevin: Yeah. But isn’t there a lot about kind of getting requirements ahead of time? Because that can be tricky, especially with new tech and I mean this in a very general way. Like if we’re going to implement a new HCI infrastructure and just an example, if an organization is going to implement a whole HCI infrastructure, how much legwork do you need to do in advance to make sure you can make the right call? You know before the POs go in for purchasing, before the professional services are added to come out and actually install the stuff in your building before the man hours are, you know, devoted to these things. How much kind of legwork is done? Cause that’s what I think of as futureproofing, is the planning before the purchase.
Brad: Yeah. No, I think that’s exactly it, right? It’s making sure that you’re meeting the requirements a business has for the foreseeable future—what you can see coming down the road and what you can kind of anticipate as the pro in your field.
Jez: Yeah. It’s like the old adage—if you, if you fail to plan, you plan to fail. You need to have a good groundwork before you do anything. But you can’t be too specific because IT is fluid. You know, we all know that.
Brad: Well, that’s what got me into it, right? I had always been excited and interested in tech, but whenever, as a career, like where do I want to be? I want to be in the place that’s always changing and always a challenge. Right? And so, I think a lot of IT pros are that way. I know the guys in this room are right here.
Jez: Oh yeah. I mean I started off as a Microsoft engineer. I had a period of time where I could have taken the fork, to take me into network management. But I said, no, I like my Windows, I’m going to stay with that. But part of me regrets the decision to being inflexible at that point because I’ve had to learn it anyway, but later on.
Kevin: And none of them seem to agree either.
Jez: No. Exactly. So a lot of things that you do, especially if you work with enterprise monitoring and you’re not an expert in everything because you know who is, you always have to learn something about everything to make sure that you can monitor it properly. And that’s one of the reasons why I love working with SolarWinds products.
Kevin: It kind of forces you to have those conversations with those groups to understand their needs and then translate that to your business requirements for you to be able to provide that person.
Jez: Yeah, exactly. You, you ask the relevant questions to the client, they tell you what they want and then you then decode that into how you deliver the proposal which suits their needs. And also reading between the lines. If you’ve done enough research with various people within the same business—and that’s key. You never choose just one guy to talk to or girl, right? You have to make sure that you’ve got different opinions because what suits the network team might not suit the application team, and so on. You have the right conversations with the right people to give you a rounded outlook of what you need to do. And it’s the same in anything in it.
Kevin: Yeah. I’ve run into problems. And at my previous job, I was one of the monitoring eng—let me rephrase that—I was the monitoring engineer. Other people consumed the infrastructure I built. But what that required for me was I had to go out, I had to have those conversations, sit down with the people and say, okay, how can I help? How can I help you by doing a little work myself, you know, tell me what you need to monitor. Tell me what’s important. Tell me what hardware’s good. Tell me, even more than that, tell me what we can ignore. Tell me what red herrings are everywhere, so I can have that. And a lot of that was building a conversation. But for me, I had to get that by talking to not only my management saying, Hey, I’m going to reach out to the team in charge of the document management system and I need them to give me basically an architectural breakdown and they’re not going to want to, so I need you to kind of grease the wheels with them so we can make sure the monitoring infrastructure is actually built for them, so they can take advantage of that. And I think a lot of that comes in, you mentioned stakeholders without using the word, essentially. But a lot of that also boils down to the way management looks at it. I will tell you; this is no joke. Every year my manager would go to the tech conference for the networking vendor and then come back and say, we are doing this. And it was always the thing, whatever new shiny was there, as soon as he got back, it was, I’m going to talk to the partners, I’m going to get installed. We’re going to get these things in, we’re going to get licenses, we’re going to do whatever that thing was that was talking about the keynote and wherever the parties were and all of that stuff and it just felt like he was buying into the marketing, which I can’t say good or bad because a lot of the stuff that came out of those types of shows is fantastic.
Kevin: But, do we need to chase that bleeding edge? And for me it was an incredible double-edge sword, which is why I think bleeding edge is appropriate because we were on the cusp, we were doing the very cool things. We were the first ones getting, you know, this feature, and that feature, and this other feature and it made us just look fantastic. The caveat to that, was when things went bad or we had questions, there was one place we could go and that was the vendor and if they didn’t have an answer yet because with bleeding edge we were left out to dry.
Jez: Yeah, you were the beta testers for their own product effectively. But you’ve paid for it.
Kevin: Yeah, it happens. But that’s the bleeding-edge thing. Is that something that, and I know as an IT passion person, I want to try to do that. I want to read the articles I want to know about, and this is dating myself but 15 years ago, I wanted to know about virtualization and what it’s going to do with the infrastructure, how it’s going to change. And now it’s like I want to know about serverless and APIs and containers, but is that the right call for the business? Should we chase that bleeding edge, that something that has to come from management or is that something that the IT pro is kind of responsible for?
Brad: I think it’s definitely on us as IT pros to make sure that we’re keeping up with everything in the industry, right? Because oftentimes our leaders and stakeholders, they’re focused on running the business. You know, unless you’re just in a completely IT-driven business or our company, you’re going to be the one that’s responsible for kind of going to them and telling them, you know, these new things that are coming down the pipe could improve the way we’re operating as a company. Right? That’s what takes IT from just being a service industry, providing a service to the company to actually leading the business and actually being a partner, you know, in my mind. But that part of what you were talking about earlier with that bleeding-edge, double-edge sword, right. That’s a very tough one to manage properly. I mean you’ve got… you’ve got this tipping point of being too far ahead and too far behind, and both are equally bad. But I think in general, as IT pros, it’s on us to keep up with that, see how it applies to the business and engage, use our risk meters to gauge. Because I’m sure all of us in here and everybody who ever listens to this has been burned by picking something or being too early of an adopter. And you know, vice versa, we probably have a few dozen stories where it worked out really well for us. But you get to a certain point where you can hone that sense and you go, okay, that’s not already yet. That’s not ready for us. And it’s not ready for the risk level this company accepts. Or this one, this is a risk we can accept, and this is going to put us ahead in this way and make us more efficient. You know? So that’s definitely where you start to hone that sense, I think.
Jez: Yeah. So, every business will have its own tech Goldilocks Zone, which is perfect for them. Some people are more cavalier, and they go, yeah, I want to be bleeding edge all the time and who cares if I bleed? I want to do it. And then you’ll have some people be like, oh no, that might hurt us. I don’t want to do that. And though both of those are great, they both have downsides. You know, you have the beta testing in the bleeding edge and you also have the almost becoming obsolete if you leave it too long. And in my career and my job as a consultant, I have a number of conversations with SolarWinds customers that have left it too long and that meant that they can’t really upgrade without redeploying and running in parallel. And that has loads and loads of challenges that they have to manage. It’s a difficult one to get right, but you need to not be blanket and take the broad church of IT into account.
Kevin: Well, I mean that’s the people that I’ve gotten, you know, comfortable sitting on their laurels. But the flip side of that is, I know that I had a very good experience with bleeding edge, one that comes to mind. It was a very interesting one and it was putting video presence units in all of our sites. The business case for it was if we can basically have high-def videos where it actually feels like you’re in the room with somebody. We don’t have to fly the people at our offices to other offices at the cost of, you know, however many tens of thousands of dollars it is for international trips. If you can just basically go into a room and literally feel like you are right here with us on the other side of a desk, then great! But the costs, the technology investment for the hardware, the room builds the dollars for licensing, the number of hours it took to set the thing up came out to something I think it was somewhere in the range of like $16 million. So, it was pretty high.
Jez: Don’t want to get that wrong.
Kevin: Well, and that’s the thing. It was, and we took a long time planning that. We spoke with the vendor for a number of months to make sure we had everything lined up. Now that’s something that went fantastic for us because it turned out at the end of one year after the final one was installed. It was something in the neighborhood of like $40 million saved to the business. So that was an investment in IT that paid off for the business. Now I’ve gotten burned. That is no joke. We’ve put in hardware that’s way too young, way too early, or the other one that’s my favorite is right after acquisition. Like we’re looking at this piece of hardware and then some other company just bought them, so we’ll just buy it through them even though they’re not really the ones, company B is the one who did the acquisition, but they’re not the ones who really know the hardware and then you’re kind of going through loops to try to get support for it.
Brad: That brings up a really good point around futureproofing. You have to consider your vendor, your supplier. I mean that’s a huge part of it because if they’re not going to be there or they’re going to get acquired, that can completely change their roadmap. That may completely misalign with what your plans were and what your stakeholders wanted.
Kevin: Yeah, and the sad part about that is their original trajectory might’ve been perfect. Lockstep, exactly what you’re looking for. And then as an acquisition deal, everything gets reprioritized and it happens. It happens at hardware, it happens in software, it happens. Sometimes it happens in internal infrastructures. If you actually have a plan and you’ve got all your stakeholders lined up and you’re like, this is what we’re gonna do and this is our plan for Project C and then the stakeholders move off to other companies, then you’ve got to basically do your legwork again.
Jez: Yeah, exactly. You know, if you have key people and they leave, replacing that SME, the subject matter experts, really, really difficult to do. Expensive and also risky because what you may plan, Kev, may not be the same approach that Brad would take. Right? And there’s the same take that, you know, I may have a different opinion on how things are, but you are the one that spend the money and what I want to do might not work with the money you’ve spent and then they have to start again, money lost. A big risk.
Kevin: So one of the things I hear a lot right now is , and I’ll be honest, it’s something I’ve fallen behind on, is basically the software-defined (blank) and for whatever a software-defined networking, software-defined LAN, software-defined storage, software-defined insert-whatever-noun-you-would-like-at-that-time. Is this something that we’ve really, in your opinions, is this something we need to really investigate today or is it just something to kind of watch to look for, you know, a year, or two years down the road?
Brad: I’m going to say at this point, if you’re not seriously looking at it, you might be a bit behind, you know, as far as solutions go, I mean it’s definitely already there and in many forms when it comes to around automation and like the virtualization side, if you look at, you know, particular stacks around VRA and those types of things, right? Once it comes to the networking side, right? I think we’re on the cusp of maturity. Everything that we’ve been seeing and watching, like y’all, I’m sure y’all been watching it for a few years now, but my general sense, right, the bigger companies are starting to adopt and that can sometimes be a barometer for you as well. Like these other companies that are probably more risk-averse than you are, could potentially be less. But mostly, the larger you go, generally they’re more risk-averse. Are they starting to adopt, and produce those solutions? If so, then it might be time for you to start jumping. But everything we’ve seen from the SDN side, I think our next solution, at least when we were planning for a new platform, when we were trying to “futureproof,” there’s my air quotes. I’m thinking when we get a new platform in the next two to three years, which we need to be always architecting, SDN will be a part of it.
Kevin: Jez, you work with a lot of customers in various sizes and shapes. Are you getting these kinds of questions from your people? They’re probably looking to you as an authority. So, where does that fall in?
Jez: Again, as a generalists overall, sometimes even I have to pass it on to somebody else or introduce them to somebody else. But the important thing is to pass on to my clients is that you don’t want to leave it too late. Because if you miss the boat, you could end up losing customers because they won’t do business with you because you’re too far behind. That in itself is a risk which some companies just won’t take. Case in point, a while back, there was a customer of mine who was talking about, completely random, not really approaching anything to do with what I was doing for him. I was there to actually do a health check on their Orion® Platform, but they said, what do you think about Office 365? Do you think we should use it? And I was at the time I was like, well, yeah, it depends. And that’s always the answer to most questions. It does depend on what you’re going to do. You know, are you ready to get rid of your on-premises stuff? Are you ready to go half-and-half and be hybrid with Exchange? You know, that that’s something that a lot of customers have done. They’ve stuck with a hybrid because they’re hedging their bets. They’re not entirely sure if it’s going to work out. Yeah, it’s a question I get. But again, it depends on the arena that it comes in, whether I can be authoritative enough to give them the answer or at least give them what I feel, my opinion on it, you know? And everybody’s got one of those.
Kevin: Yeah. They’re like something else I’ve heard of. [laughter]
Kevin: Well that actually brings up an interesting one. If you do something like the software as a service, like you mentioned O365, which is an excellent example because I was Exchange Admin, so I like the ability of not actually having to maintain the underpinning architecture anymore. But, you kind of have to check yourself if you’re doing this futureproofing and let’s say that’s a simple example, but you’re doing a migration to a new platform, whether it’s SaaS solution or anything else. I’m a pure IT guy, so I don’t think about security a lot and I know I should, I’m really bad at it. I’m the first one to admit it’s something I need to worry about more. Is it something that you need to get involved, like in the initial planning or is it like at the stage two out of, like, six or is it something that you kind of go, “Ehh, we’ll worry about that later?”
Brad: I think it really has to be upfront. I mean, as a kind of a, I don’t know the best term, “guardian” or whatever for the company’s systems. I mean, most places, especially depending on your role, if you’re higher up in the IT organization, most people aren’t going to be double-checking your work. Right? I mean, you’ve got to be the one that’s always thinking about that and also thinking about and telling your stakeholders because they know that the data needs to be safe. They don’t necessarily have the know-how, and the why’s at all times. And so, it comes with the futureproofing discussion. I mean, the thought process there, I think that we talked about earlier is like you need to be thinking about the best interest of the company that includes the security side. It can be really cumbersome. It can be really tough because there are so many attack vectors these days. I don’t think a week goes by that we don’t see a major player out there getting hit. You know? And I think part of that has to do with the kind of CI/CD process that we’re in nowadays. In this futureproofing, kind of, always new releases. I think we’re pushing at such a pace in it in general, that full security testing of applications and platforms just doesn’t have the time to happen. Like it used to. That’s a for better or worse. I think it’s one of those things we’re always going to be walking through. We’re also seeing much higher intelligence behind the attacks and also the amount of money that seems to be put into the organization’s performing these attacks. I mean, some of the things like the newest Apple one that came out, right? I mean, that one was off the charts in complexity. One of the security analysts had said that this would not be something that could be done by an individual. So, I mean, that’s a really tough place to be, but it’s something we really have to always consider.
Jez: Yeah. I mean and then you add in the complexity of things like deepfakes and phishing which, have you found out about this week? Where there’s technology out there now where they can literally have a few snippets of your voice and then they can basically make a call to your accounts guy and transfer a quarter of a million pounds to somebody else.
Kevin: You’re making me really paranoid about being on this podcast [laughter]. I’m just going to lay that out there.
Brad: I have to break off because did you all see about the one where they had Will Smith in The Matrix?
Kevin: Oh yeah.
Brad: I mean that blew my mind honestly. I mean it was sort of the voice, right? They didn’t do anything to change the voice, but I mean that was done with just a piece of software and, I don’t know, a couple minutes of putting his picture in over Keanu Reeves and you’re watching it and the mannerisms and everything are there. Like it’s amazing that that wasn’t a multimillion-dollar CGI production to do that change-out.
Jez: It’s pretty terrifying really. But that’s the world we live in. That’s just, I don’t think that gets enough focus really. People think, “oh, you know, that’s kind of funny. Yeah, look at this video, that’s a funny.” But then when you think about the implications of that, it’s a scary place that we’re going with things like that, where they could make me pretend to be somebody from al Qaeda or something. You know what I mean? It’s crazy.
Brad: Well, I think about like, lots of times I go back thinking about like, our grandparents or ones that are in situations right now, right? Like you got the people calling them and hitting them for money and everything else. Well, what happens when it’s on a video call and they’re hitting them up with your face and your voice. Right. And they’re going to transfer money to an account. I mean, that stuff’s pretty scary to think about it.
Jez: I don’t think that’s too far away either.
Kevin: No, I think, I think that’s probably something we’re looking at shortly, but that kind of raises an interesting question in my mind because I remember 10, 12 years ago, I told my parents I was banking online and they flipped out. They’re like, how could you do that? Everything’s insecure. It’s the Wild, Wild West. And I’m like, no, I did my legwork. The bank I’m using is full encryption back-and-forth, you know, read their articles, you know, data’s encrypted at rest, data’s encrypted in transit, you know all this stuff that you check when you do security and you choose from a vendor. This seems to be in today’s version of that. This is the beginning of that where you actually have to worry about things that we didn’t have to worry about even five years ago. Like AI was a term. Everyone knew what the term meant but now it’s actually, they are chips being made specifically for this purpose. Machine learning, being able to program the machines and learn off of its own mistakes and successes and continue on that. This is going to change the way we think about futureproofing ourselves and our organizations over the next short term.
Brad: Well I think it’s a perfect example of how futureproofing can be that kind of fruitless endeavor some extent, right? We have to do our best with it but take the deepfake and the implications that has, right? Like we probably could have predicted in some sci-fi book, you know I was thinking this is going to come eventually but like actually seeing it in our lifetime, like this thing just popping out, it gets your wheels turning. All the ways that this can change and that’s something that you probably wouldn’t have predicted when you’re going for a solution or looking for security around device. Would you, if you were doing biometric scanners at your doors, you know, would you have planned for somebody being able to deepfake your face with just a simple thumbnail picture of you, right? Like that’s kind of an example that can shoot a hole in futureproofing.
Kevin: So there really is, there is such a thing as futureproofing, but it’s a never-ending cycle. I mean that’s kind of what I’m getting from this discussion. I can futureproof for it today and I can think about the future, you know, the far off future, two years, five years, 10 years, but, tomorrow I’m still doing the work again. And the day after that, I’m still doing the work again.
Jez: You got to set yourself some checkpoints. So this is my plan. But every six months, say for example, I’m going to validate that plan, is it still fit for purpose? If it’s not, I need to do some more work.
Brad: I almost want to say futureproofing is like really being at the point where you kind of talked about earlier Jez, which is being flexible, right? I mean, you’re never going to get the perfect design. You’re never going to get the perfect solution together, but you have to be flexible and roll with all the punches, you know, and you plan out best you can, take in all those requirements and just you look for the best solution and then you’d be ready to roll with it.
Jez: Yeah, absolutely.
Kevin: All right, well that pretty much does us for time for this particular episode. I want to thank my guests, Jez Marsh.
Jez: You’re welcome.
Brad: And Brad Cline.
Brad: Thank you Kevin.
Kevin: And don’t forget to subscribe to TechPod and we’ll see you next time.
Moderator: Thank you all for joining our podcast, and don’t forget to register for THWACKcamp. Learn the latest in IT from SolarWinds Head Geeks™ and IT pros like you. View this year’s schedule at THWACKcamp.com.