CA's Mel Estrada Speaks His Mind About Splunk

Dana Gardner: Hi this is Dana Gardner, principal analyst at Interarbor Solutions and you are listening to Briefings Direct. Today, discussion on management of systems, networks, and application availability; we are discussing this with Mell Estrada, the Senior Business and Product Manager at CA’s Enterprise Systems Management Business Unit, as well as Michael Baum, the Chief Executive Splunker at Splunk. I would like to welcome you gentleman to the show.

Mell Estrada: Thank you.

Michael Baum: Thanks for having us Dana.

Dana Gardner: Mell, before we get into the meat of the subject -- management, which is a quite meaty subject these days, given the level of complexity that most enterprises are managing and dealing with, Tell us a little bit about your background, what you do at CA and what you were doing before you got there?

Mell Estrada: Well, thank you. I am the person responsible for CA’s Enterprise Systems Management solutions on the distributed side and been with CA for approximately seven years; most of that time has been spent on managing distributed infrastructures with a heavy emphasis on the networking systems layer. I have had experience both as a user of managing technology as well as a provider of management technology, and my relationship with CA has allowed me to represent CA in industry leading events such as Interop, where I write the RFP response that has been selected by the Interop review committee for both providing that event with network management and service management for the last seven years. Prior to working with CA, I was the Deputy CIO and Director of Technology Infrastructure at PRT group, which is a global application development and integration company. And prior to working with PRT group I was working with IBM Corporation in the Microelectronics Division in the Hudson Valley of New York in areas involving DLFI Engineering, Telecom Engineering and Distributed Computing Environment Engineering.

Dana Gardner: Great. So you have got a great and interesting background for both sides of the fence of managing complexity and dealing with complexity. So let me ask you this Mell, in terms of availability, what’s the single biggest issue today for management -- you know, Distributed Networks and Systems?

Mell Estrada: Well, increasingly we are in an age of computing known by various acronyms, but it’s something that everybody can understand on demand. Increasingly, or years -- in years past, organizations could have scheduled periods where they would do upgrades and maintenance, and they would actually take down their systems, because the systems were primarily inward facing; but because of the web and web based technologies, and just a whole emphasis of making your customers touch your systems and allowing your partners and service providers and the extended value chain, increasingly, internal systems have become much more out facing. So, the schedule outages and the scheduled systems that are offline for maintenance and such -- that’s really a thing of the past. On demand implies that the systems are available for computing services, for revenue generating opportunities, for communicating with clients and your extended value chain. So increasingly, five nines is really what organizations are shooting for. And so, making sure your systems are available at a five nines level, or approaching that from both -- not only communication computing requirements, but also communication requirements is something that every organization is challenged with; and increasingly because of regulatory compliance requirements, and security requirements et cetera, the network and the systems and the IT folks really have a much more broader sense of what requirements they have to deal with. So from the IT support perspective, service availability, five nines available, secure scaleable infrastructures -- it's really a composite of different things and that’s why organizations like CA is involved with anything having to do with the data center, we basically want to be in the vanguard for data center technologies.

Dana Gardner: Right, so is it fair to say that over the last 5 or 10 years more and more of IT has become mission critical. Is that a fair assumption?

Mell Estrada: Oh absolutely; it's mission critical, and it's mission critical for different constituents; both the folks who are providing support and services to internal organizations, as well as the clients who are touching you. Years ago, if your systems failed or are having a problem, the outside world didn’t really know that. Now, if your systems fail or are not available, the outside world increasingly sees that because things are so much more outward facing.

Dana Gardner: Right. So, as more of our systems have become mission critical in terms of their function, we are also undergoing a series of complexity issues whether its open source or increased number of components and heterogeneity within; and enterprise infrastructure, virtualization, which is having an impact at different levels within the stack and data center, services where you need architecture and composite applications which put a level of unpredictability on some of these resources as applications are being accessed as services. Where are we right now in terms of a continuum of complexities? Is this a moderating trend or exploding; on the scale of 1 to 10, where are we on the complexity meter?

Mell Estrada: I think we are growing quickly from a level 5 to a level 9 of complexity; this is being driven by the a variety of different things as I may have already spoke about, but the convergence of networks in terms of applications and the like, the requirements to secure them and at the same time the requirements to make them optimal performing and obviously the requirements to make sure that the data is protected and always available for backup, disaster recovery etc.

Dana Gardner: So there really isn’t too much controversy here about the nature of the problem. I don’t think we need to canvas the marketplace in order to discern that this is -- you are right, complexity explosion. So what about the solution side to this issue? What is Unicenter and CA doing about it, and more specifically how can an enterprise managing this complexity, visualize their systems with as close to a single view as possible in order to get a holistic management benefit?

Mell Estrada: Well, what CA is doing and has been doing for sometime is to try to simplify and unify the management of IT systems and IT infrastructure. That’s part of our legacy, going from Mainframe to Distributed Systems to Web based and Mobile Systems. CA has been in the business now for 30 years -- almost 30 years of providing management technologies to manage the entire value chain of IT. And going back from the availability of the infrastructures, then the network and systems layer, the database layer, the application layer, because what we want to do is minimize the finger pointing and basically, point to the problem -- anything that helps the IT organization, which is a major part of the IT buzz and a major part of the technology investments companies are making, anything that makes those people much more effective, much more efficient in terms of taking the 80% it takes to figure out where the problem is at, and the 20% to fix it -- just reversing that trend, taking no more than 20% to figure out where the root cause of the problem is and spending that 80% with service restoration and service optimization. So its really about taking the complexity out, which means the automation of technology, and specially from the management perspective, helping weed through all of that information as to what could be contributing to a user problem, or a system problem that affects many users. And being able to discern, is it an individual client that’s having a problem, or thousands of clients having a problem and we’ve just seen the first ones coming in.

Dana Gardner: So you’ve got a haystack and you’re continuously looking for the next needle; but you need to get all the needles as much as you can without looking at haystacks individually, you need to take the whole barnyard into view. Now that you’re working on some level with Splunk as I understand it, can you explain it; perhaps Michael you can chime in. What is it that you two organizations come together on within this problem solution set? Can you describe your relationship and what are some of the benefits?

Michael Baum: I find it interesting, as I’m sitting here listening to Mell talk about his history and long history with computing. I am realizing more and more that I am truly a child of the Internet age. When we managed large infrastructures at places like Yahoo and at Infoseek it was pretty much a given that there’s always something broken somewhere in the infrastructure. And I think I like your needle-in-the-haystack example because it was a matter of, will you get to the problem and find it before your users get to the problem and find it? And that was the race that we played day after day after day in the data center.

Mell Estrada: Yeah, in fact to echo that, what we are trying to do is to -- because we do cover a very wide breadth of technology, we do have solutions to help the network administrator, to help the system administrator, to help the application administrator and the database administrators optimize, fine tune, consolidate, manager reference structures, but we know very-very well that when problems happen, rarely or sometimes rarely, it's just one phase of the infrastructure. Because of how things have been woven together, one problem affects things uphill and downhill; and you want to make sure that the needle that you are separating in identifying where that root problem is happening from. So, we do know that IT, being what it is -- man made; there will be problems. And sometimes are technological problems or sometimes they are not; there are human problems and user caused problems, but a problem is still a problem. And when you are having thousands of organizations touch your systems either by the hour or by the minute, you basically want to make certain that those systems that you as IT people, know what’s happening and how to figure out and get the services restored if they are offline.

Michael Baum: I wanted to pick up on something that Mell said earlier about the 80% and the 20%. Certainly, in my experience that’s what I've seen in these large infrastructures that you spend 80% of the time looking for the problem and a much smaller percentage of the effort actually fixing the problem and that’s what we focus on at Splunk, helping people find where the problems are and the relationship that we are launching with CA I think is very important. Because CA is a leader in being able to watch all of the different components in the data center and let you know when a problem does occur; the nice marriage between the two companies is when that alert occurs -- when that problem occurs, now directly from the CA Unicenter NSM product, you can launch right into an investigation using Splunk relative to the components that you think are involved, but also find connections with the components that you may not be aware are involved.

Dana Gardner: Okay, so is this an OEM relationship where Unicenter is going to be using some of the technology from Splunk, and can you define a little bit more deeply the nature of the relationship and then we can get into how we would actually solve some problems?

Mell Estrada: Well, from the CA perspective, we are very excited about the opportunity to work with Splunk because, like Michael was saying, we have two very good technology sets. Splunk brings interesting indexing and search capabilities and CA brings up the large breadth of monitoring and management capabilities and bringing them together and integrating them in a -- at least, at this point in a -- what we call a partnership perspective, we are saying and letting the world know that we are taking the heavy investing out of the customer’s hands; we, as proactive vendors in this space with world class technologies, are coming together in a proactive manner to help them manage their data and their data centers in a much more efficient manner. And we think we have a compelling story to tell and we are going to be using the -- and showcasing the integration at Interop and going forward thereafter.

Michael Baum: Back to your point there, of what exactly are we doing here; I think the business problem -- the IT problem that we are trying to solve; if you step back and you look at -- as you and Mel described, this complexity equation you know, going from a five to a nine, the flipside of that, the reflection for IT organizations is, they have had to become a lot more sophisticated about dealing with that complexity and the problems they deal with as things get more complex and most IT organizations, large IT organizations today have done a really good job with help of products like Unicenter, at building a work flow, building a set of infrastructure around dealing with finding problems and alerting on those problems in the infrastructure. What I’ve seen in my past, and what we’re trying to attack together with CA is, okay, now that we’re really good at that, what about the problems that don’t get solved quickly because it’s not an obvious -- there’s a single component failure, or there’s a piece of hardware down somewhere; now you have to go investigate. And, when you investigate, today, most organizations are still using the old kind of old-fashioned picks and shovels. Their system administrators are grepping through files, they’re logging into multiple servers, looking through directories of information, and before you know it, you’ve got a handful of people involved, spending a lot of time on solving the problem, and you’re losing time and money in your business because your systems have been impacted in some way. And by putting these two together in an integrated solution, you can really come full circle from the alerting, and the monitoring, to the deeper level investigation and back.

Dana Gardner: So I suppose the goal is to go from being reactive to active and then proactive.

Michael Baum: Yes. I think that’s a good way of thinking about it. And specifically, what we have developed so far is a joint solution that we call "Splunk for Unicenter NSM." It’s an integration module that has two pieces. The first piece is a integration at the user level with the NSM product, where you can launch a Splunk search on any of the components that you see in the NSM console. The second part is, we have tied into the Event API underneath Unicenter. And we are streaming events from the Event Database inside of Unicenter into the Splunk world so that they can be indexed and searched and navigated along with all of the other data that you might want to index with Splunk.

Dana Gardner: Interesting. Mell, tell me about how you view this combined solution working? Is this something that you will be bringing to installations -- existing installations of Unicenter? Is this something that will be a module that they can easily add in? How will people who are long term Unicenter users, avail themselves of this opportunity?

Mell Estrada: Well, the folks at Splunk will host the module. We will communicate with the press release initially, and to other channels and will then be demonstrating this at Interop that the capability now exists to use a world-class management infrastructure that manages networking systems in the IT infrastructure -- Unicenter, and combine it with a capability that exists within Splunk Professional to do a variety of really intense, almost forensic analytical queries on information that CA is compiling via Unicenter and stores within our management database, as well as the other things that Splunk provides in terms of looking at the data that it collects from other technologies to make the inferences as to what could be contributing towards either a sporadic problem, or something that has a residual pattern that you can connect by looking at and interrogating log files and other complex -- or other sources of information to basically provide that visibility, that you don’t have to manually go through reams and reams of log files.

Dana Gardner: Interesting. Now you have a global install base, you have a high growth pattern in Asia-Pacific right now. Can you give us a sense of what level of penetration you expect for this and are there folks at -- within your install base that you think should be super mindful for this? That is to say, there’s a level of low-lying fruit in terms of applicability of this combined solution?

Mell Estrada: Well we certainly feel that with the penetration that CA has with Unicenter -- and we’re talking about thousands and thousands of clients worldwide. We have clients really in all regions of the world, and we primarily look at four regions; North America, Asia, or what we call "EMEA", Asia-Pacific and Latin America. We’re seeing a great deal of desire to have these type of automation that are making the IT people much more efficient. So obviously the larger and more complex the environment are natural takers for this type of technology, organizations that have really complex or mission critical with a real emphasis on service availability -- and that’s really any organization. So, potentially the pool that we have within CA with the thousands of Unicenter NSM clients that we have worldwide, any one of them could really be a good prospect for this solution in this integration. And so, with the technology that Splunk has, organizations that are trying to automate the processing and the analysis of log files and other types of information that Splunk can provide, we see these as being markets that, that we will both go towards, because we have the integration, we have the forward thinking appreciation that this type of integration is really what client -- is going to get clients to the next level of being much more proactive in managing and optimizing the data center.

Dana Gardner: Right. Now I did a blog and podcast not too long ago on Splunk Base, a Wiki based knowledge repository that spins off from the findings that Splunk enables in the solutions that users in the field are then able to provide and expound on and continue to work and benefit from. Have you looked at Splunk Base and is this something that you think will appeal to your install base with the Unicenter global penetration?

Mell Estrada: Yes we do; the integration that we have with Splunk today and the -- its the driver for the integration with NSM, is the Splunk Professional. However -- and I am sure Michael will tell you that the technology can work, the integration module can work with -- potentially with Splunk Base as well, but as far as we are concerned, the integration that we are certifying is with Splunk Professional and the module, and Michael will be able to articulate a bit more -- could potentially be expanded to have Splunk Base be part of a continual value add.

Dana Gardner: Yeah, we think with that number of installations, that the number problems that can be provided through an open source like Wiki repository of shared knowledge would be extremely powerful -- you know realistic.

Michael Baum: Well, certainly; for Unicenter itself, which is a product that needs to be managed, certainly its useful to apply the notion of Splunk Base and intelligence about managing the Unicenter product itself but Unicenter -- the particular product we are talking about here, the NSM product collects all kinds of data, right, there is all sorts of things that they are able to drive into their event database. So, you could imagine very deep connection with Splunk Base where you are looking at some data that’s coming across an SNMP port; maybe it’s a type of MIB information from a device -- you have never seen it before, you don’t really understand what it is. Well, there are probably a couple of thousand people around the world that know what it is and if they have taken the opportunity document that in the Wiki on Splunk Base, its something you can have direct access to.

Mell Estrada: That’s a good point; where we think that we are adding value is providing the capabilities because of the community that Splunk has built, and is building. The opportunity to have the IT administrator, the IT support staff, having a very-very robust base of where they can get assistance and information from; either their own expertise and experience, as well as information that is available through the community that using the Splunk technology.

Dana Gardner: Right. Now you are all announcing this at Interop, which is May 1st 2006; that would be announcing the module in a relationship. Can you give us a sense of the roadmap, what will you be building on, and tid-bits as to what further enhancements or functionality we can expect in the coming months?

Michael Baum: Well, I think the first thing that we want to do is, get this solution in the hands of people that are using Unicenter NSM and would be good prospects for using Splunk or are already using Splunk. We have looked at the tens of thousands of people that have downloaded Splunk over the last couple of months, and some of them choose to come back to our site and register to use our community services, One of the questions we asked them is, what kind of a networking systems management product are you using? And there is a very good percentage of them that are using Unicenter NSM, and that’s one of the reasons why we were so excited to hook up Mel and with CA. It’s just seemed to make a lot of sense that we had good customers in common here and helping them use the two solutions together just makes sense. In terms of where we go from here, I think there are tremendous number of opportunities to further levels of integration. We’ve talked about one, which is Splunk Base. Another very interesting one for me is, CA is into the configuration management database market with Unicenter. And when you think about the wealth of information that exists in a configuration management database, the ability to search across that information and relate it through indexing, back to the events that are occurring within your environment as your machines are operating is a pretty powerful set of data and the interaction to get your hands on when you are trying to troubleshoot complex problems.

Mell Estrada: If I may expand upon that, unique to CA is this whole notion around the configuration or the management database -- what we call CAMDB, which is quite different from the configuration management database. Our interpretation of what we call the MBD, the Management Database really allows through the architecture that we built into our technologies to allow the objects that we discover to have a lot more richness in terms of what attributes does that particular object, or that asset have? Does it have information that could be populated in the networking systems management tool? Does it have information that could be populated in an asset management solution or for software delivery, for asset management, for remote control? Does it have components that are related to security? Does it have components that are related to storage? And because CA does play in all of these areas in Enterprise Systems Management and Business Service Optimization and storage, and security, we can provide a lot more richness about the things that we discover and therefore, a lot more information that we could feed in -- basically, leverage the Splunk technology to have those indexed on. And that’s all part of our unique architecture that we are leveraging with the r11 release and in technologies that we have with Splunk integrated today. So, we are very, very excited as to where our technologies can go; and we are going to be working with Splunk and with our mutual clients to see how they would like to take this technology because we are going to be very market driven -- and we have been and we continue to be, where we think we are bringing interesting and exciting technology that helps the organizations to use our technologies in a much more efficient manner.

Michael Baum: I think that’s a really good point. When we started out with Splunk a couple of years ago, I think a lot of us used to think about the primary IT data being generated by all these services, applications and devices being log files. And what we have discovered largely, as Mell said by being market driven and being led by the nose by our customers is, IT data exists in so many different places and forms that its not just about files on disk, its traffic coming across UDP and TCP network ports; its audit tables sitting in a database that can be accessible to things like ODBC, and there is really just a tremendous amount of data that’s being generated. So, the ability to harness that and listen to the way our customers want to harness that is incredibly powerful. I think back to when I was back at InfoSeek, it was fascinating to think about the things that people might do with the search engine, but we had really very small number of ideas about what you do with the search engine and it was the whole community of worldwide web users that found the millions of different things you could use a search engine for in the web.

Dana Gardner: So, you put the tool in the hands of those in need and let their creative juices flow.

Michael Baum: That’s the idea.

Dana Gardner: Right. Well great, just quickly, one -- because we’re just about out of time, but is this available now? Can you tell us something about cost and how people have both from the Splunk side of things and the CA Unicenter NSM side will be able to acquire it?

Michael Baum: Obviously the CA Unicenter NSM product is available from CA at ca.com and the Splunk Professional and the Splunk for Unicenter NSM product are available at splunk.com.

Mell Estrada: And these are all immediately available.

Dana Gardner: Generally available as of May 1, 2006.

Michael Baum: Right.

Dana Gardner: Great. Gentlemen I want to thank you for taking part in this sponsored podcast. This is Dana Gardner Principal Analyst at Interarbor Solutions, we have been talking about a mash up if you will, between Splunk and CA Unicenter NSM with Mell Estrada, who is a Business Manager -- actually let me get that right; Mel, you are the Senior Business Manager, Product Manager for the Enterprise Systems Management Business Unit at CA and Michael you are a Chief Executive Splunker at Splunk. Thanks guys.

Mell Estrada: You are certainly welcome.

Michael Baum: Thanks Dana.

Total Duration: 31 minutes.