Ultimate Guide to Hybrid Monitoring
Aug 15, 2023 1:30 PM - 2:30 PM EST
The pandemic forced organizations to pivot into hybrid or cloud-native infrastructures for speed and scalability. This rapid transition requires observability to integrate legacy systems with cloud technology and monitor data and analytics. What should you know about observability’s role in cloud and hybrid environments?
Observability involves analyzing every aspect of your application, including telemetry data and the end-user experience. When designing infrastructure around observability, it’s critical to align your resources to enhance application performance and diagnose functional issues. But regardless of observability, transitioning from on-premise applications to a cloud-native environment is costly. So aligning margins and consolidating workloads are essential in optimizing and managing associated costs.
In this virtual event, Gregg Ostrowski, the Executive CTO at Cisco AppDynamics, joins Greg Irwin for a discussion about hybrid cloud monitoring and observability. Gregg shares how to implement hybrid applications into a cloud-native environment, the challenges of transitioning from legacy to cloud technology, and how to boost cloud security controls.
Cisco AppDynamics, part of the Cisco Full-Stack Observability suite of solutions provides the natural foundation for banks, financial services and fintech organizations to develop their observability and monitoring strategy. By encompassing everything from code to cloud, these solutions enable businesses to comprehensively monitor, analyze, and optimize every dimension of the customer digital experience. Armed with this holistic visibility, organizations can make informed decisions that have a tangible impact on business growth and success.
Co-Founder, Co-CEO at BWG Strategy LLC
BWG Strategy is a research platform that provides market intelligence through Event Services, Business Development initiatives, and Market Research services. BWG hosts over 1,800 interactive executive strategy sessions (conference calls and in-person forums) annually that allow senior industry professionals across all sectors to debate fundamental business topics with peers, build brand awareness, gather market intelligence, network with customers/suppliers/partners, and pursue business development opportunities.
Executive CTO at AppDynamics
Gregg Ostrowski is the Executive CTO at Cisco AppDynamics, a business observability platform helping companies optimize their back-end operations. As a thought leader, he has over 25 years of experience in tech leadership positions, including Research in Motion and Samsung, where he was responsible for enterprise services, developer relations, and sales engineering. Having worked across Fortune 1000, public sector, and partner organizations, Gregg helps companies accelerate growth through digital transformation, mobility application deployment, and high-ROI business solutions.
Co-Founder, Co-CEO at BWG Strategy LLC
BWG Strategy is a research platform that provides market intelligence through Event Services, Business Development initiatives, and Market Research services. BWG hosts over 1,800 interactive executive strategy sessions (conference calls and in-person forums) annually that allow senior industry professionals across all sectors to debate fundamental business topics with peers, build brand awareness, gather market intelligence, network with customers/suppliers/partners, and pursue business development opportunities.
Executive CTO at AppDynamics
Gregg Ostrowski is the Executive CTO at Cisco AppDynamics, a business observability platform helping companies optimize their back-end operations. As a thought leader, he has over 25 years of experience in tech leadership positions, including Research in Motion and Samsung, where he was responsible for enterprise services, developer relations, and sales engineering. Having worked across Fortune 1000, public sector, and partner organizations, Gregg helps companies accelerate growth through digital transformation, mobility application deployment, and high-ROI business solutions.
Senior Digital Strategist at BWG Connect
BWG Connect provides executive strategy & networking sessions that help brands from any industry with their overall business planning and execution.
Senior Digital Strategist Tiffany Serbus-Gustaveson runs the group & connects with dozens of brand executives every week, always for free.
Greg Irwin 0:18
Good afternoon. Nice to speak with you all. My name is Greg Irwin. And I'm co hosting today with Gregg Ostrowski over at AppDynamics. So this is the BWG AppDynamics show. Um, and some of you have been on our sessions before. For those who are joining for the first time we follow a standard format, which is interactive, we genuinely believe that conversation drives a better experience than presentation. So if you're on the line, don't be surprised if I come to you with a question. Maybe as per story, you can go as deep you can go as light, you can pass whatever you want. But it's definitely more fun and more interesting to kind of get specific, and to make sure that we're hitting on the topics that you all care about. Um, we're here with an update. So at the is a, an observability, company part of Cisco, they're doing it, they're doing this for awareness, I'm not going to do a sales pitch here, but I will just put it out there. But they can solve a lot of your problems, if they can be helpful, they'd love to talk to you. If you have a colleague, that wouldn't be benefit. Great, that would be appreciated. That's kind of the extent of the sales pitch for this. But we'll kind of get into the topics and really, hopefully, you know, share some new ideas, answer some questions. So along those lines, one overriding goal, one overriding goal for today, which is making new contact. All right, you're gonna, you're gonna hear from people other than Gregg and me. And everybody here has a common understanding a common interest common focus around observability and can be an amazing personal resource for you. So reach out to him over LinkedIn, come to us here at BWG, and we'll help make the connections. It's the best part of these forums above and beyond the wisdom that we'll be discussing. Then one other thing is the chat. We have a chat window here, it's incredibly effective in this format. So you can sidebar in ask a question, you know, start a dialogue, you see a comment from somebody else build on it, that can run in parallel, and, and it works really well. To make sure that that again, you're getting to the things that that you're really focused on. Alright, without further ado, Gregg, please take a moment. Give a little personal intro and a little intro here on AppDynamics?
Gregg Ostrowski 2:57
Sure. Yeah. Thanks, Greg. Thanks for having me on. Like I said earlier, not I'm not used to saying the name Greg. And it's not reflecting back on me. So yeah, nice to meet everybody today. So Gregg Ostrowski, I'm part of our product and engineering team inside of AppDynamics, part of Cisco. I'm a CTO advisor. So I get out, I'm actually customer facing a stay on top of market trends, to really help build our product direction where we want to take the the next iteration areas of hotspots, we want to focus on that ultimately solving a lot of the bigger challenges that we see with our customers when it comes to observability. Just a little background on myself, I've been at AppDynamics now for coming on six years this November. So it's a feels like a lifetime. Prior to that I was the vice president of Enterprise Services at Samsung, where I actually built a new business for Samsung around building and delivering applications for our end customers. And then previously to that, I spent about 18 years, or sorry, 14 years in working for a small Canadian company that was once king of the hill called Research In Motion, who is no longer king of the hill called Blackberry. But anyway, he's a good fun front run. Happy to talk with everybody today. And again,
Greg Irwin 4:08
look forward to the dialogue. So, Gregg, let's start with q&a Between you and I. I'd like to get your take on where observability is, its capabilities around these hybrid environments. And as I'm gonna lead you here to a customer story, I'm always going to customer stories. Tell me about their environment. Tell me what you know what they were dealing with. While we're doing that, just as we're getting rolling here, at let's get the chat started. So do me a favor, grab your keyboard. And right now, please add a question or topic. What's one thing that you really want to hear about? It can be Michi, it can be tech, it can be high level trend, you name it, whatever it is, put it in there. And that way we know we're going to be hitting on the things that matter. Alright, Gregg, while while everyone's doing that, let's let's start down the path here of the trends you're seeing in terms of observability. And how it kind of works in a in a hybrid environment. Sure.
Gregg Ostrowski 5:16
So let's, let's first start off by kind of setting the setting the stage here. And you look at the the challenges that we see industry wide. I hate to bring the pandemic up, but I'm gonna bring it up anyway. So the pandemic put a lot of organizations in a position where they had to rapidly change the transformation strategies, and they're in their plants started going really quick, towards a cloud native infrastructure, to be able to go after that speed and scale that they need to go appease their customers. Now, what I've seen happen is the last, I'm gonna say, last year or so, there has been a little bit of a rethought process on how to properly set up and manage the workloads running between a hybrid and cloud space. So there's been a lot more of a surgical approach being taken. And the reason being is when you start looking at observability, when you go span, a traditional application in the app to your node model. And you're combining cloud native resources from microservices, containers, things along those lines, the dynamics changed. So the concept of the application changed, right. So it's no longer a matter of, you have an app running on a server or some location and you're able to now appease your customers, you're not plugging in microservices, we have things that fire up at a moment in time, and they close down and they run the application and the way they go. And then you have containers below that, right, you have the ability of scaling out through containerization. So now what I've been seeing is the hybrid approach, or the hybrid application space has been growing and growing in popularity. And you now bring on a couple other challenges, right? So as you start Spurling into the cloud native space, you're also creating additional silos that need to be able to transition the path of the applications as you know, you connect it to a database or something on premise, spanning out to a microservices running in a container on the cloud, or even on, you know, cloud cloud native is running on premise as well. But the matter is, is that you've changed the dynamics here, where you've effectively increased the sprawl of the application space, using different myriads of technologies. And I actually saw a great graphic A while ago, where it shows, you know, what applications look like. And it kind of shows like a Lincoln Log Set or a block set where you see these really weak blocks on the bottom, that's your legacy application, and then all the new stuff piling on top. And it's an it's effectively a very good description, because it shows you that you're not when you start adding in cloud native, you're not taking something away, you're adding to it. So your continuous continuously growing. So I've started to see, you know, the challenges where folks need to be able to provide infrastructure level observability. For things like containerization adopting open standards around open telemetry, open telemetry has been getting to the point where it's where it's fairly mature. So bringing on new new capabilities to to create a standard way of instrumenting, the cloud native applications, you have to combine that with what you have legacy so that you're able to get the full path. So what's been happening is you get the sprawl going on, additional silos being created, and folks have looked at it as two separate areas to monitor. So you look at the cloud, you look at hybrid, or inventory, you look at cloud, you'll get on prem, you got to bring those two together, you got to be able to traverse the entire path of the application. That's one of the parts I feel a lot of our customers still struggle with, because they look at two new teams come in from cloudops sre teams, DevOps teams coming out building cloud native apps, they start building their own set of observability. While they have what's in place for years, bridging that together as the keep key part that that really helps under Get that underlying view of that entire path, the entire transaction path of the application. So when you have an outage, you know, if it's a container issue, you know, if it's a JVM issue, you know, if it's a database issue, you're not spending gobs amount of time trying to figure out what's the identification, where the problem came from. And then the last piece I want to add to that is that over the last couple of years, the business leaders have been taking more and more of an active role in technology. So not only do you got to look at it from an observability approach to look at what's the performance of my app for what's my user experience look like? But what's the return to the business look like? What is the revenue look like? What is the you know, making sure the users are happy because ultimately, a lot of cases the the application is the only way that the consumer is able to interact with the business. So when the business is investing to say we want to update our applications and make them faster, more performing better experience, they're putting that that dollar figure into that app and they need to be having countability or validation that the moves and improvement have been made. So when you kind of look at it from an overserved, observability perspective, it's not just a matter of being able to bring together the the the entire transaction path from start to finish, whether it's running in a legacy manner, or whether it's running in cloud native, but you also have to have that business context. So you know, what moves you're making is actually bringing value to
Greg Irwin 10:27
the business. So I'll bet I'll bet this group knows better than anybody, the pain of lack of observability. Right? That I have no doubt that the, this group, some of these, some of these folks here been up late nights, trying to troubleshoot or, you know, had to answer, you know, complicated questions about why why things aren't aren't working. So I want to touch on that as much. I'd like to touch on this idea. So Gregg, there's something that's come up a lot, which is just the cost of observability. And maybe we'll get to there. I'm not we're not going to shy away from that. But but maybe we just talk about what is the AppD, perfect, clean picture for how an observability stack should run? You just said it, you got a Lincoln Log foundation that's built and built and built lots of different stacks and architectures. If you were to if you were to come in and say let me just design this for you, how would you design it? Well, first, you
Gregg Ostrowski 11:36
got to look at the tech stack, right, you got to look at what's in play. So when you we kind of bring that into into, you know, the the overarching conversation, you know, if you're starting to deploy, and I just saw a great question pop up here, why do hybrid? Why do hybrid from the get go? I like that question we're gonna have to, we're gonna have to touch on that one. So in the ideal scenario, it's a matter of being able to observe every aspect of the application. Now there's a couple challenges that need to be solved. One is, we've been plagued in it, I, you could tell by the look at me here, I've got more than a couple of years and in the in the IT space of about 30 years. Now I look like I'm 21. But, you know, that's neither here nor there. But when you kind of look at it from the overarching space, being able to have a mindset of seeing everything, how does your domain impact the end end user. So if you kind of use a use case, so say, say, for example, you have you have a Tesla car, you have a nest thermostat, and you have, you know, heating, that's alright, you have cameras that manage your house, all three of those items are giving you telemetry data, right, but they're not meant to work together. They're they're meant to give you telemetry data of your own individual domain. So you think about that, from a networking infrastructure, devout DevOps perspective, they're all looking at their own little, little environments. So number one is when you start thinking of building a plan for observability, the strategy from the get go has to be about aligning resources, so that you all have a good understanding of what you're doing and how it's impacting the app. This way, when you go into the war room, you're not looking at 150 people trying to figure out looking at my my own independent tools and pointing at everybody else saying, hey, my stuff is running fine, must be somebody else's problem. But at the end of day, you can have, you can have a list that shows everything's running fine, but the end users still being impacted. So being able to have that that clean look that showcases every dependency of the application, and every single transaction that goes through. So if I log in as an example, if I log into a banking app, typically your banking app, the front end is going to be hosted in the cloud. So you can get that fast user experience when you get in. But minute I click on an account I want to go to it's going to go back into my mainframe to pull me out of the account details. So if if something's going wrong in the accounts not showing, there's a linkage break between the application connecting to the mainframe, how do you quickly resolve that and by having a observability solution that gives you that full application stack quickly identifies that for you. Secondly, bringing on top the business context, so that when you're when you're moving, and you're investing in observability, you got to make sure the business leaders have a way of seeing that logical flow. So one of the things that we do that that is kind of relevant to our platform is we start to derive out the business transaction. So if you think about it, from a viewing and monitoring perspective, each person can look at their own domain, see if there's network slowdowns and see if there's a database issue when it comes down to the business transaction, bringing it up to that logical flow. So that's when you log in. You go to your dashboard or in the banking scenario, you go to your accounts page. You go select something you transact, you exit the application, you have a full conversion of using that application. So when you kind of think about it from that preview, don't look at in reserve ability is just saying, hey, I want to make sure I can understand And what might containers look like? I want to look at the overarching flow and bring up that logical flow. So that if there's a problem with the payment service of your app, you're looking at your payment service, and all the components that are dependent on that, versus going down the way we've always done things and saying, let's bring everybody in the room and figure out where the problem
Greg Irwin 15:20
Gregg Ostrowski 15:36
you know, it's, it's not a difficult, it's not a difficult item to do. It's a matter of putting together the right strategy, though. So think about it from that point of view, when you want to go move something down the path of observability, and build something all inclusive that for each domain, you got to get alignment for everybody. That's the that's the key part, it's got to be set down from a top down strategy to say, we're going to go down the path of observability. I've heard organizations, you know, brain, their observability strategies, like observe 360, or some names that they give it because they set that overarching strategy that everybody's going to be put on the same page. That piece I believe, is more difficult getting everybody aligned than it is involving the technology, the technology has evolved to the point where you can deploy agents for your traditional based apps for J VMs. For no js applications. If you want to start pulling in cloud native data, you can start leveraging things like open telemetry or Prometheus that's already baked into the the infrastructure to be able to pull that data through. So the setup time, and being able to get value out of out of observability is something that can be done fairly quickly. And like I said, it's just really setting that strategy upfront to get alignment from everybody on the teams to make sure that everyone knows that this is going to be the plan going forward. And deployment can
Greg Irwin 16:54
happen afterwards. Can we talk about a customer story, let's keep my last thread for you in this kind of intro part of our call. So tell us about one one, you know, typically complex customer, what they did, and what the change was in terms of, you know, ultimately mean time to resolution and better insights. Yeah, tell us a story.
Gregg Ostrowski 17:21
So I got, again, multiple stories, and based on the various groups that are on the call here from different organizations, I'm gonna actually give you a couple. So first and foremost, when folks are in that that transitory state, building a new transformative effort, there's a lot of folks I work with that deal in the travel or hospitality industry that are looking to make sure that they can get the best experience for their third consumers. So again, that's where the strategy starts at the very top, they came up with the concept that we want to be able to put a full inclusive strategy together, they start pulling in cloud services, because they want to create speed and scale for their application. Now, from a strategic perspective, it's setting up you know, we'll do mind mapping, understanding where the dependencies are understanding where the challenges are concerns, risks, all those items set up front in the planning stages. Once you get down the path of rollout, generally, what they do is they find what they call a showcase app or a solution they want to target first. And that's their proof of concept. So they start to instrument that application, they start to derive the results, they see what type of capabilities that they can do. They maybe they start to build executive level dashboards that showcase, you know, when somebody's booking a flight when somebody is being able to commit their payment, so that the leaders start to see all of that. And once they get that showcase app done, it's it's all downhill from there, it's a matter of rinse and repeat as you start to add more of those business critical applications to your observability strategy. So that's one use case that is fairly recent To me that is, in that travel and hospitality space. Now from a from a, from a finance perspective, is going to go this is going to blend in, I'm gonna answer two questions at one here. Somebody asked the question, why do hybrid. So when you start looking at financial services, in particular, they're governed by a lot of federal policies, a lot of global policies, you know, they have challenges where things must be on prem because of data sovereignty issues, security issues, things along those lines that they want to maintain or maintain that. So what'll happen is they focus on the core pieces of the application first, that's the the value part of making sure that the run of the mill business can happen. As they start to expand out they add to so they've typically have already had observability in there from from, you know, quite a long period of time because that's very key and and relevant for finances, in financial industry in particular. But as they start to grow, they want to add to it Now the interesting part about that is the concept that I started to see become more and more relevant is that you have going back to the different domains piece, you have items that are out, there are tools that are deployed already. So now what they want to do is they want to be able to aggregate telemetry coming in from different tools, correlate that together, and be able to derive results out of that. So that's those areas that I had personally taken a big interest in, because that's where things really start to change, you're never get, you know, most of these financial services firms I speak to have well over 100 tools, I mean, I can't even give you the number accurately, but it's well over 100, maybe even 300 or so, now, what's going to happen is you're not going to want to, you know, teams are not going to want to give them up. So thinking about it from a platform approach, to be able to ingest other telemetry data, whether it comes in through an API, or maybe you standardize an open telemetry, you can now have a centralized platform that enables you to start to correlate those metrics as a as they come through, provide some analytical insights to it so that when, like, Take Take, for example, want to be able to list everything, I now see that on the networking person, I see my networks are slowing down. But now I will also want to see the applications that are being impacted by my network going down. So that way, when you were able to go into the war room, you're able to say, x y&z happened, these three things were impacted during my my application failure. So when you kind of look at that longer term, the strategies are starting out where you have your centralized tools or your your deployments that are focused on one specific use case or an area that you want to target, expanding out to more of a broader approach to be able to pull data together, enabling you just start to process and analyze that.
Greg Irwin 21:54
I've seen it now come up a couple of times, I've heard it in my forums, the question is realizing cost savings, affordable observability. You know what I in fact, I don't want to ask the question, but I'm going to do is I'm going to invite in Adam, Adams, Dave, and, Adam, do us a favor? Give a you know, simple question, and maybe a little bit of context here so that we can get at it. Sure.
Adam 22:20
Sure. So what we've got right now we got we have cloud and hybrid deployed globally, right. So through multiple different organizations, we've got AWS running, pulling a lot of different metrics and data right now in CloudWatch. Things going through obviously, in CloudFlare, and Akamine, and multiple eCommerce platforms, with you know, ETL boomy sitting in the middle of this, which is difficult to get data out of that. But ultimately, what we're trying to figure out organizationally, right, is we've got all this stuff that's sitting in AWS CloudWatch. And that's expensive, you know, Google employee expensive to kind of store that there, then we've got to pump all that data back into New Relic on our side, which gets more expensive as we're pumping that data back across, and then try to then come up and correlate all of these different events, then, you know, alert and send things into like JIRA or some other things. So we'd get some sort of a notification. So one of the questions that we're kind of struggling with organizationally, right now is, you know, what do we keep in AWS and CloudWatch? And what are we doing and learning and notifying there, versus New Relic, and then trying to come up with that cost equation? It's not super efficient to do it that way. But it's definitely, you know, less, less expensive than pumping every single CloudWatch log over into, you know, New Relic or some other
Greg Irwin 23:39
tool. That that's pretty fundamental. Yeah,
Gregg Ostrowski 23:45
that's pretty fundamental. That's something that you know, so we, you know, we also ingest data coming in from Cloud watch and things like that, you know, I'm going to break down the cost piece and two factors. One is, you know, your cost of observability. That's where you got to start leveraging things like supporting tags, being able to select things data, regionally things along those lines, so that you're not pulling down everything. That's where the cost can start to go out, your egress fees will start to go up pretty quickly on on AWS. So that's where you got to you got to be very surgical on what you want to pull out of out of CloudWatch. Now the other part too, is you'll also look at things like AI, are you are you looking at open telemetry at all? No, not right now. So the token telemetry can also be a piece that would be of interest to you. That's something that's been becoming more of the de facto standard for cloud native, makes it easy to plug it into this CI CD pipeline and it's vendor agnostic, so it's just straight up opentelemetry But open telemetry get us spaces and Trent sorry, traces and spans of your of your data. Now. So your cost of observability is is got to be a bit more refined, right? So that way you're not pulling in more than you need. That's, that's one of the bigger, that's one of the bigger challenges that I had been involved with to try to figure out what we do on our end. And, you know, you change polling intervals, because you're not in our polling data. So ways of kind of reducing that cost. But on the flip side, you also need to look at observability, from a cost perspective on how much your workloads cost running in the cloud. So I think that's the bigger the bigger area of of the cost impact. This is a thing where it's, it's like, you know, back in the day, when I built my first application I was working for a bank myself is actually one of the first online banking apps back in the late 90s. You basically just take the server and you 10x The resources, and you hope for the best. I mean, that's the way we used to do things. I mean, let's be frank, right? We're now when you're when you're setting up, you know, Kubernetes workloads running in the cloud, you can't just oversize it 10x, because you're going to be paying for that it's going to run in an optimal an optimal way. We also got to be able to justify and understand what's that cost on a monthly basis for that workload. So one of the parts that we had embarked on is we actually acquired a company called up Sahni that does workload cost optimization and management. So it's kind of like a, it's kind of like a walking a tightrope, you want to make sure the user experience as best as possible, but you also want the cost to be in alignment. So looking at it from an optimization perspective, like how much is or how well is your cloud workload optimized to be in alignment with the margins that you're looking for, from a business side of things. This way, when you're when you're in that, you know, you want to run an optimal rate, you should effectively be using as much as you pay for. But then ultimately, when you want to scale, you know, if you hit a big spiking element, you know, folks are an insurance, we've got open enrollment and you know, finance and retail have the Black Friday things that go on, you want to be able to scale out. But you also want to make sure that things are scaling back down to normal size so that you have something that's observing your run rate, keeping the seasonality to it, so that you know when to expect a big bump in capacity and when you expect it to close back down. So think about it from that perspective. observability is not just about performance, you got to keep in line that the cost analysis of that from an optimal optimization standpoint and that way, and that way, when, and I'll actually be very frank, I had I was burned personally, at my previous job, when we tried to build a solution that we sold to customers that we wanted to get back in, this is going back to 2020 12 to 2014. The idea of a consumption based pricing model back then was unheard of, we had to come up with a flat rate pricing. And the problem was we were charging 45 bucks a user and the cost was roughly $60 per user. So when you have to go to the CFO and explain that to them, it's not a very good conversation. So the mindset is, when you build cloud services, you got to also monitor that cost perspective of it. So that you're right in alignment. Everybody does a really good job scaling you up quickly, but they don't bring it back down as fast.
Greg Irwin 28:07
So again, in the spirit of stories, all right, I like that idea of you've got the logs, you have the usage, you should be able to do some prescriptive things in terms of use of cloud infrastructure. Is that our Is that Is that pretty standard in terms of your you know, your preferred deployments?
Gregg Ostrowski 28:32
It's that question to me.
Greg Irwin 28:33
Yeah. Greg, that's for you. The question is, you know, do you believe that you should be doing cost optimization within your capability platform?
Gregg Ostrowski 28:41
100%? I think that is probably an area where you got to look at I mean, if you're not looking at how much your your cost? I mean, that's, well, let me let me actually step back here real quick. If we all remember, we go back to, I don't know, 2010 or 2011, when the cloud was starting to really become hyped up. The mindset was that move everything to the cloud, everything's going to be cheaper, everything's going to run better, and you're going to be good to go. The reality is, it was it was the opposite. I've spoken to so many folks that have had challenges where all sudden, the surprise bill comes up and expecting, you know, $50,000 for the month are coming in at 150,000 a month. So you're looking at 300% increase of cloud spend because of poor optimization. So you know, now when you when you kind of bring that into the overarching fold, if you're not thinking of cost optimization, or cost monitoring or cost management, however you want to phrase that you got to take a look at that because that's something that can come back and be become very challenging to unwind as you go too far down that path. Part two is I've been hearing this quite a lot is a lot of folks also want to be able to monitor their carbon footprint. There's a lot of a lot of efforts going around sustainability. So understanding what your carbon footprint spend what while you're running cloud services is also another area of food for thought of where things may be going. So I've been seeing that come up
Greg Irwin 30:07
quite a bit as well. Let's, let's bring Randy in on this topic. Randy, I saw your question here. I think it's a little bit broader in terms of cost savings, would you mind putting putting a voice to it?
Randy 30:24
Well, this is something, you know, I hear over and over again. So I've been involved with, you know, cloud migrations for probably 15 plus years. And at some point during that process, you know, the, it's almost like the the cloud costs, get away from the organization, right? There's a lack of governance, initially, or maybe even systemically, where, especially with larger organizations, where there's, you know, dozens or hundreds of different teams with, you know, different rebill structures, and you start adding up the costs and the duplication of effort. And all of a sudden, you know, the same challenges that were on prem are all of a sudden crop up in the cloud.
Greg Irwin 31:12
Right? Well, I gotta tell you, if this group doesn't have techniques on how to address it, I don't know who does. So I'm gonna put you on the spot. What's your approach? You've been through it, you've seen the problems. What, I'm not here just to promote the AppD model. Tell us what, how you tackle it. So
Randy 31:38
you know, there's, there's really no substitute for governance, right. And teams don't like it. They don't like the badgering, you know, of, you know, you're using too much space, clean it up, turn off services you're not using. But really, that's that's the only way is just to, it's, it's kind of a little bit crass. But you know, you bludgeoned the teams into submission, right? But but that's the only thing that works, right? Because if it's easy to consume the resource, which cloud resources sources are very easy to consume. Teams will consume a lot of them, especially data science teams, kind of data science for many decades, and there isn't a compute resource out there, that data science team will exceed the capacity of
Greg Irwin 32:26
I would agree with that. So that gets to chargebacks. Just, you know, tracking, monitoring, ownership, reporting, and then and then and then implementing that governance. Correct. Yeah. So, look, this group is the group, I'm going to keep asking the questions here, Jason, jump jump right in, I like that. Space, increase requests are always through the roof. Tell us a little bit about what you've seen on on monitoring, and how you Taklon? Well, we, we have like
Jason 33:02
most of our CloudWatch, that comes through opsgenie For incident response, and then it pushes to slack. And that way, you know, our entire team has visibility to the, to the metric alerts that come through, without us having to have like 20 people on our opsgenie account. And as long as they snooze it, then I don't get a phone call on my cell phone. So that's something that I had to bludgeon them with. But, you know, it's you get the disk space alert. And then, you know, the next thing I see through our change control request system is, we need more space. And it's like, you know, just because we're on the cloud guys doesn't mean you know, you have an unlimited supply, you know, clean out your logs and, you know, get rid of the temp files that you you know, move over for deployment. And, and, you know, it's it's, it's, it's always a tough battle to overcome, because that is the one bad thing about cloud is is they know that this, that the resources are unlimited. But the suitcase full of money runs out sometimes.
Greg Irwin 34:11
So we, what are you working on Jason, what's it could be solving a pain point, or working on some modernization?
Jason 34:18
Um, you know, I think that we're almost fully cloud except for, you know, the core banking stuff that you'd have to access through, you know, our VPN back to, you know, like ASI or the Federal Reserve or things like that. So most of our stuff is small micro services or really small applications that reside in the cloud. And then we connect that back to our, to our systems. So I'm, you know, I'm, I'm really trying to get out of the data center world just because of the cost. You know, we have a data center right now that we've, I mean, this year, last year, that Last year, we finally were able to move to a cloud based HSM for our encryption. So, you know, the PCI auditors are finally starting to come around and realize that the clouds here, it's not going anywhere, you know. And that was one of the things that we basically had in our data center, it was just the leased lines coming in from our processor directly there. And then we VPN that tunnel back over to Amazon. So I know that with direct connect with Amazon, that's another thing. So we're probably going to try to go with that. I'm just I know that cloud is more expensive, but it's so much easier to manage. Going.
Gregg Ostrowski 35:42
The I can't can't disagree with that. The one part I want to ask you, though, Jason, with the way that you start to ingest data coming in from from CloudWatch, and then trigger events and things like that from it. Do you run into challenges with alert fatigue are getting getting way too many? Alerts spammed out to the folks Watch out.
Jason 36:02
I mean, that definitely, that definitely happens. You know, like, sometimes you'll get a spike, and then it'll go away, and then you'll get a spike, and then it'll go away. So, you know, I'm sure that I could probably have my alerts set up a little bit more intricately, they're pretty, you know, 85% or higher, send me an alert when it's bad. 85% or higher, close that when it's okay. Fairly simple, you know, but we only have like five or six apps on on the cloud. So it's not like I'm monitoring a whole slew of things.
Gregg Ostrowski 36:36
Gotcha, gotcha. That's another that's another complaint I hear pretty regularly, they get it, they get to folks want to fine tune and reduce the amount of alerts that come through to make sure that they're meaningful.
Jason 36:47
Right, right. Yeah, there's a lot of that. Yeah, I agree. There's a lot of the alert fatigue, were just like, oh, it's that one again, it'll go away. And five minutes after that process stops running. I'd say the other thing, if there was one other thing that is a pain point, is figuring out how to fine tune. And it's this is in my my part of the expertise. But I think that our team might have some challenges. But being able to fine tune Mongo queries, we use Mongo DB. And because it's a no SQL database, it can be very intensive on RAM. And you know, somebody runs a certain report at a certain time of the day, you can almost count on, you know, the alert start coming in for about an hour.
Gregg Ostrowski 37:44
We got it. We got it. I want to we should bring up Jeff. He disagrees that cloud is more expensive than on prem. I think that's a good, I think that's a good discussion to have right there.
Jeff 37:54
I think you kind of have an apples to oranges comparison there. So if you're on prem, you've got capex, you've got op X, you're making amortization of hardware, you have to deal with hardware, fail rates, hard drives, motherboards, things like that. You're paying for power, you're paying for consumption. I mean, honestly, infrastructure, you're paying for connectivity and stuff like that, once you move that to the cloud or anything like that, I mean, all that is baked into the price and your pay as you go. So if you decide to turn it off and not use the service anymore, then you're not paying for anything versus on prem, you're sitting there having to still power up those servers, maintain those servers, support those servers, bring in professional services, people to patch them and stuff like that. So it's definitely an apples to oranges comparison.
Gregg Ostrowski 38:33
You're absolutely right. The areas though, that I see folks that are heavily datacenter are in certain industries, like service providers, or a lot of travel, a lot of airlines are still running data centers, and they were able to their their feeling is that it's, it's, it's cheaper to run it on prem than it is to run in the cloud. And if you got to look at their business, their their data centers are not going to go away. So you're not going to, you're not going to lose that you're not going to gain that the real estate costs or the power costs because they already have the data center set up on prem. And there's a lot of scenarios to where some of the cloud providers once you start getting into these heavy, heavy CPU driven applications, ones that require a lot of eye ops that typically come from the mainframe, cloud providers haven't caught up there yet that they can't provide that same level of processing capabilities that you can still do on prem. So there's, it's kind of like, I agree with you, Jeff. It's it's, it's, it's apples and oranges. But it also depends on the industry that that someone's coming from. And if you're in a if you're in that type of, you know, heavy transaction heavy CPU intensive type applications, a lot of cases on premise is turning out to be cheaper, but they're not. It's not like they're running, Legacy tech. They're running, you know, OpenShift and Kubernetes on premise so they can scale allowed on premise on a massive Linux environment. So it's so it's using that blended of cloud native with on prem. But it's just really kind of boils down to what industry that you're in, where it makes sense. from a cost perspective. I think not everybody's going to be the same on that one.
Jeff 40:17
I'm curious, how many flops of processing power? Do you see that kind of delineation where it makes more sense? Because I mean, most of the major cloud service providers do have HPC clusters, they have the ability to do advanced GPU and higher end processing power. It's just that higher skews for VM. So it depends on it's actually the price point the capabilities are out there, there's just not a demand or a cluster for that. So where do you see that delineation,
Gregg Ostrowski 40:44
really, anybody who's still running a mainframe, that's, that's if I want to just be very blanketed, mainframes have not gone away. They're still processing a large amount of transactions, large amount of data. And that's primarily that, you know, if you're that heavily data center, that you're still running a mainframe, chances are running on premise is still going to be cheaper.
Greg Irwin 41:06
Right now, I have a couple good comments here, I'm gonna I'd like to bring in watch, let's say, over at labs, give a little intro and maybe share a story what's what's one pain point, or one focus point in terms of observability, you'd like to either share or, or get some feedback on? Yeah,
Guest Speaker 41:30
thank you for having me. I recently moved over from the buy side, and started working as director of technology for private market, which is a it's a startup, it's a spin off of, that's focused on private markets. So very different from what I'm used to, I've been with banks and hedge funds, and, you know, you name it from quant shops, etc. So, you know, building out a lot of legacy infrastructures. And now, I'm coming from the other direction where I am coming from a cloud only infrastructure, I'll be it, there's some legacy bits to it. But I'm inheriting this and also being asked to build out net new so I mean, a very interesting situation where I don't have a lot of CapEx sunk into this. And I'm looking at a purely optics opportunity. And, you know, there is also there's, there's thoughts of, of, you know, having a hybrid approach later on, maybe for development, or for, you know, third parties, just because, you know, the concern, a lot of it is, you know, of IP and access and collaboration. And, you know, it, it's kind of split between how I would run a hedge fund or a bank versus how I would run, you know, a broker dealer, which it's where it is right now. So, very interesting situation, and I am focused mainly on security. Right. That's my, my, my chief responsibility. But, you know, there's a lot of other aspects to it. So there's, that that's, that's a, if anyone could help me in that aspect. I mean, it's pretty broad. But, you know, we use a Kubernetes, you know, we have, it's a Ruby on Rails application. The biggest caveat is that as a is also a service provider for us. So they, they host everything for us. But we're moving away from that. And we're trying to do more, because we brought in our own developers, we have our own people. And we're starting to build out our own application that that now has become something of its own thing. So we have to figure out how to host that with without, but, you know, that's a combination of, hey, do we do things? You know, using, you know, the basic, the old school legacy stuff, which is Amazon, you know, with, you know, IDP and then, you know, scale up? I don't think they have thought how, like a scaled solution. But I want to put those things ahead of us right now, before you know, things start to escalate. And we have to do a lot of things. But
Greg Irwin 44:34
yeah, where would you say your observability meaning you're monitoring your, you know, proactive, sort of Alney infrastructure, infrastructure up to experience.
Guest Speaker 44:49
Yeah, so I mean, everything is everything that's going on right now is really just bringing in the new version. So the application was around a long time that was that was owned by. they spun off about a year ago. So what we've done in the past year is build something based on the source code, but something completely new. So now we're going to be running everything on legacy platform. But we have to think about this on scale. And the scale we're talking about from hundreds of users to hundreds of 1000s of users a month. So what we have right now is fine for what we were doing, but I'm looking for for help. In this space, where people that have experience in that kind of scale. You know, again, because we're, we're the systems I've hosted, you know, we're hundreds of users at most, right? If if, if not 1000. So having to do more of a client facing solution, it has a lot more, I guess,
Greg Irwin 46:01
complexities. Yeah. Gregg. Any, any, any immediate? Any quick responses here?
Gregg Ostrowski 46:12
It sounds like it. So it sounds like you have kind of like the challenge that I see very commonly in the financial space where you're, you're still dealing with legacy technology, but you got to expand to it. My Is that am I reading
Guest Speaker 46:26
that correctly? Yeah, you got it? I mean, pretty much, but it Yeah. You know, that's, that's the part that is,
Gregg Ostrowski 46:34
is very common. I mentioned this before, they I only, I only speak to customers, or I'm aligned with customers in our enterprise category, as well as public sector. So the larger the larger enterprise customers, as well as the federal governments and things like that. So I see that very commonly where your timelines to move, based on business decisions don't always align with technology strategies to be able to shift from Legacy two, to more of a nascent technology or cloud native technology. So you got to you got to use what you have. And it makes it very, very challenging. But that's what I was saying earlier, when you can span the entire path regardless. So one thing that with us in app dynamics, we never really care where your application is located or where they're running, you gotta have, you gotta have a span to be able to see what's happening from start to finish, whether it's running to a non primary source, or whether it's running to a cloud resource or entity in the cloud. And that way, when you're starting to make decisions going forward, like one of the one of the most valuable things when I actually started being an AppDynamics customer, before I came on board, and you know, as the guy who used to run the dev team, the topology of the application goes out of date, and like no time. So a developer would give me the topology of the app, and I'd look at it three days later, it'd be completely different or something we changed to it that was relatively material. And you have that same scenario where you're going to start to add to items of the app, and you want to just automatically just be discovered, so you know where all the dependencies are. That way, when you have a strategy going down that path, you get observability from the get go so you can understand where the impacts are being made. But as you start to transition for more of that legacy tech, you know, the components that need to be moved. So that way, that way you can think of this strategy is I want to get observability in today, and I want to be able to plan for the future so that I know where developers should prioritize. The other thing, too, I'd love to bring in the conversation here is about security. If we have time for security, because a lot of folks have been migrating to cloud native, you effectively expand your attack SEC attack surface. And if you look at like the log for J issue that we went through, back in was two years ago. Now I remember, it was like Christmas time. Lock for J was an interesting one, because it was a very commonly used library for applications. But if you think about it, if you're running full cloud or 100%, cloud, you got log for J impacting your app, the developer, the hacker gets in is now able to issue commands, they can get into your Kubernetes environment, and they can effectively take down your whole business. So when you think about it, from a security perspective, the security mindset and observability also has to be part of the mix. Because you got to look at it from a runtime level security. So that when log for J happens, you can quickly identify it there, block it so it can't can't be harmed. But then also look at the containerization because if you look at Kubernetes challenges right now, security and Kubernetes is now becoming a target point. So being able to have that container level security so that somebody can understand if there's any bad actors that are firing up erroneous containers are good Getting access to your data points all inclusively. So when I look at observability, and strategies that we build, security has got to be in the place so that you can quickly respond to threats and vulnerabilities as well as maintain performance.
Greg Irwin 50:13
So I'll lay around here, because I think, I guess I think more operationally about security issues versus application performance. And different people different roles, maybe it's the same logs, or they're pulling the same logs are two different functions. How quickly are these are these really coming together? In terms of the you know, the SRE team taken on some of these responsibilities, a real collaboration between security functions and, and an SRE functions.
Gregg Ostrowski 50:55
It's improving, but it's still not there yet. We the the, I think I'll give you the use case, I've heard lock for J. For for from our customers are as mundane as the security team would hand a list of applications to the app dev team, and say, These are the ones that we think have logged for Jane, let us know which ones actually have the vulnerability.
Greg Irwin 51:18
You know, and, you know, quite honestly,
Gregg Ostrowski 51:21
security and development teams are like this. They're not, they're not working together like they should be. So realistically speaking, for the security team to hand over a list of applications to an app dev team, it's not going to be their top priority. So when you kind of think of it from that purview, the one area, the one area that we also had targeted in is being able to provide that runtime level security so that if log for J was there, and actually, I saw that, I believe it was Sujit commented on here that they used AppDynamics for log for J, which is, which is good.
Guest Speaker 52:01
I mean, I have worked on this product for almost like five years now. So at that time, I dealt with a lock for J shoe because some of the Java agents with IP and Apache regions, they they ran into this issue. So I have my fair share of memories, as far as dealing with that issue.
Gregg Ostrowski 52:16
my fair share of scars on my back to the but the whole concept is that you can't let a threat sit out there and not address it in a meaningful, fast way. Because like I was saying, if you get into log for J, you can start getting access internally, you get access to the whole kimono, can take down everything. So that's my my, my point here is that from an observability perspective, don't just think about it for performance or business metrics. Think about bringing security into the fold. Let them use their own existing sim tool and just feed them alerts that come through from a from a security threat detection and
Greg Irwin 52:52
invulnerability perspective, from a from an organizational structure. Let's look ahead, look at 10 years too far, five years. Yeah. Are these functions going to meaningfully? Are these functions going to melt? Certainly the tools do expect more and more more sophisticated security capabilities within within update.
Gregg Ostrowski 53:21
I'm sorry, I'm just reading the commentary on the government discussion we have going on here.
Greg Irwin 53:26
So just to repeat it, the question is, where's this heading? You looking at your roadmap? Share with us what you can, yeah, you know, how sophisticated and how deep is AppD gonna get with security controls, you know, within within the platform.
Gregg Ostrowski 53:46
So if you look at if you look at Cisco's business as a whole, get a relatively large security business that we've been collaborating with for quite a while. So we've enabled our Cisco SECURE application part of the AppDynamics platform that does just that it scans for runtime vulnerabilities for for a Java node dotnet applications, if there's a vulnerable library will detect it, you can actually set a policy to block that library from initiating and then you can go back and do the upgrade as you see fit. We recently enhanced that to be able to expand to integrate with three other Cisco products, one called Talos. So today, or before we did the integration, we will pull down the CVE data from the public Miss database to be able to get the threats and vulnerabilities pulling in Talos feeds we now are able to identify if there was a bad IP address that's going after your application. We also integrated with protocol Kana, which is a business risk analysis tool so that you can understand if you have a flurry of threats come in maybe 50 or 100. You know which ones are most impactful to your business? And then the last component is a protocol panopticon, which is a cloud native security. So All. So we've integrated for API, third party API securities, if that's built into your app, we'll be able to identify if there's a threat within one of those API's. Now panopticon by itself is that tool, it's enabling you to do that container level security. So if you want to be able to monitor your containers in your application flow, from a cloud native per view, you have that capability. So that's all part of what we call full stack observability, with inside the overarching suite of Swift, Cisco sets, Cisco tools, when you look at AppDynamics AppDynamics, focused on the observability and the management of it by bringing in other integrations, we expand it out to what we call full stack observability to cover some of these larger use cases that I'm mentioning here. But our roadmap going forward is is to continue going down that path of speed, AI driven correlation and quickly understanding where you can start to identify where the challenges are, but also building a roadmap down the path of automation. So that's something that was, you know, AI ops came out like two years ago, or three years ago, it was like the biggest thing everybody talked about, but it kind of fizzled out to go back to observability. Where we see this going futuristically is now that you have a lot of automation tools that are focused on Cloud, building that into your observability solution. So when you do need to auto scale, you can kick that off, when you need to shrink it back down to kick that off. When you want to leverage something like TerraForm, to be able to create new infrastructure for new applications on the fly, you can start to do things along those lines. So it's a matter of building that encompassing solution to see what's going on and be able to resolve things from a very, very fast and automated fashion.
Greg Irwin 56:40
Very cool. So we've just got a couple of minutes. Let me let me recap here, a call for last question. So you can jump in, you can raise your hand, you can do whatever you want. The the the chat here has been outstanding. Remember, the overriding goal, which is make one new connection. So I love the dialogue. And we can go a lot deeper on specific issues. But please remember to make that one connection with somebody else across the line here. Remember, big thanks to Gregg and the team over at AppD. If they can be helpful. In any of your initiatives, please, you know, please reply. We'll do an outreach. Afterwards, you'll have the opportunity to reply. But of course, we'd love to talk to you. In the group, any, any closing comments here for the for everyone, you can throw out a question, throw out a comment. And then we'll we'll head back to Gregg go. And and we'll wrap it up. Just I don't see it. So Gregg, I'm going to turn to you for a closing comment.
Gregg Ostrowski 57:51
Oh, well as a real pleasure having a conversation and dialogue here. I mean, we could have probably gone on for the rest of the afternoon. You know, again, when you start thinking observability don't think about just performance, bring bring together the overarching picture or plan to make sure the business is tied in make sure all domains are focused on a centralized solution. And also think about that security piece security is going to become more and more relevant. Actually, here's a little here's a little trivia question for you. Who knows what the annual budget is for for cybersecurity globally?
Greg Irwin 58:25
Oh, goodness. I love to see the gases. I'm going to try and get put in the chat. Let's see. Let's see what some numbers are globally, globally. I'm pretty sure everyone is googling. I mean, I don't know. Could it be adjacent? I like that. But that said, huh? So so I'm gonna go I don't know. I'm going to aim high. Gregg, you're the
Gregg Ostrowski 58:54
closest around $6.5 trillion 6 trillion. Yep. So that is that is the global budget for all organizations. So if you kind of put it in perspective, if we wanted to give everybody in the world free health care, it's about 8.5 trillion. So when you kind of go from that bridge, and when you really look at it, there's no ROI. There's no spending money just to protect your business but there's no return on that. But it's it's funny, Jason says my bank would like to process fees on those Burgess. But anyway,
Greg Irwin 59:31
that everyone, Gregg, thanks for a great session, everyone. Thanks for jumping in. Thanks for leaning in. Let us know if we can help people connect in everyone. Have a great day.