All posts by Adam Shepherd

Five minutes with… Petr Janda, Pleo CTO

Adam Shepherd

14 Sep, 2021

Data is transforming virtually every industry, but arguably it’s the financial services sector that’s most heavily invested in building data-driven decision-making into its processes. For business expense management platform Pleo that’s a core strategy, and it informs much of the company’s IT investment. 

There’s a lot of investment to inform, too. The company recently broke records with a $150 million Series C funding round, the biggest in the history of its native Denmark. We asked CTO Petr Janda why data is such a priority for Pleo, and what challenges the organisation is hoping to overcome with it. 

What does your core infrastructure currently look like?

We’re leaning into a multi-cloud strategy. What that means is that we have a combination of different vendors: our core operation systems are running in Amazon Web Services, and we complement this with a data ecosystem from Google Cloud, so we’re operating across the two.

When it comes to going a step deeper, we’re staying away from bare metal, or even virtual machines: everything we deploy is containerised and managed by Kubernetes, which is standardised across all the back-end systems. That means that we offload a lot of management of the system onto cloud providers, and focus a lot more on the individual pieces of code we ship into them

On top of that, we’re very keen to make sure that we offload management of state. Anything that stores data, we ideally don’t want to host ourselves, even within our clusters. We make use of the solutions the cloud vendors have for us, be it managed Postgres databases or Google’s BigQuery. If something bad happens, we hope that these big tech companies with thousands of engineers should be able to solve it very quickly.

What’s your biggest priority within the business?

It’s the same as everyone else in the C-suite: we all focus on the customer, and how we can solve for them. For me, it’s about how we build a technology organisation that’s able to ship solutions and put products in front of the customer at a healthy pace. What I mean by that is, we can innovate as a company this year, but we have to be able to keep up a similar pace in a year or two, or three years from now. 

This, of course, is not trivial. If we focus too much on today’s world, we might be making things harder for the future. On the other hand, if you optimise too much for the future, you might be over-investing in areas where it’s not necessarily needed. We try to find a good rhythm, of innovating our current products whilst also building a long-term platform or infrastructure. At the core of that is balancing technology investments: I spend a lot of time focusing on how we design the organisation, and choosing the right initiatives to maintain this ability.

Which piece of technology would you say is most critical to achieving this?

I don’t think there’s a single piece which allows us to do that. It’s almost like, how does this system holistically work? How can we design a portfolio of services and a platform which allows us to build these products on top of that?

I guess one way to look at it is that, because we’re a financial institution, there’s quite a lot we have to do just to get the product in front of our customer. On one side, you have the parts of the platform that deliver the experience to the user, from the mobile app to a variety of web interfaces. But behind the scenes there is also a lot of infrastructure that has to integrate with the wider payment ecosystem, so we can effectively move money.

And behind all that there are additional building blocks: we have to comply with all the regulations, which are getting stricter as we go, and can differ across different markets. So there’s a lot of technology solutions and integrations we have to do to empower that. None of these pieces are crucial in isolation; solving in all these different levels is what allows us to innovate.

Do you have any preferred technology vendors that you especially invest in?

Enfuce is our payment processing provider – essentially our integration point between Pleo and the card networks, which is, of course, a central part of what we do. For anything else, we go in with an open mind. You can almost always find a solution from Amazon and Google – they have such a vast portfolio of products, servicing a very broad range of use cases. But we might also try to find more specialised vendors who have a deeper focus on the particular problem.

In a sense, we don’t really have a preference. We look at it as, okay, this is a problem, we need to solve it. Who are companies who play really well in this field? And how can we leverage that to push the product forward?

What’s the biggest IT challenge you’re currently facing?

Almost every company goes through a journey. When you’re an early-stage startup founder with, let’s say, a team of 10-15 engineers, you can get the sense of everything and manage that team as one. But as you scale beyond that point, you have to start to organise it more, and break it into smaller teams, which ship on a variety of different work streams.

That’s what Pleo has done. We have our portfolio of products, which we’re releasing to the market, and about 80 engineers, working across a number of teams. We’re now thinking more about how we can essentially create a platform on top of which all these things work.

One way you can look at it, of course, is the cloud infrastructure provided by Amazon and Google, and a layer of management on top of that, which we’ve already built inside of our team. But what I’m especially looking into is, how can we layer more reusable services on top of that, so they’re available to any team out there building Pleo’s applications?

What I see as the biggest challenge is that there’s about 13 teams running really fast, iterating and shipping to the market, and we kind of want to slot this platform under all of them as we go. There is no “let’s stop for six months, do this and then continue”. We want to find good initiatives, good technology solutions and good projects to take us towards that vision, while continuing to ship at a very fast pace, all the time. That is a big challenge for me.

Which part of your IT estate are you proudest of?

It’s hard to pick, but one thing worth mentioning, is our compliance solution, which gained us recognition from by one of the banks in Denmark – Danske Bank, I believe.

Essentially, when we onboard customers we’re required to disclose quite a lot about the client, such as the ownership structure of companies. Many fintechs handle this through partnerships and integrations with external parties, and there are a lot of great solutions out there. But doing it this way locks you a little bit into their way of thinking, and shapes the experience you can have on top of it. 

Early in Pleo, it was decided that compliance would be a key piece of our in-house tech estate. We built our own system which connects to a number of company registries, and helps us to model the compliance process and requirements into the technology stack. This then lets us build a different experience when working with the company going through onboarding.

Essentially, the idea is to minimise the work and input needed from clients, and from our employees inside Pleo. We lean into the technology, promoting the image of a company with automated data systems behind the scenes. And we believe it’s paying off, with stronger and more productised onboarding journeys. It’s definitely something we’re very happy with.  

What’s the next big project you’re planning?

This platform is a little bit of a moving target. We draw inspiration from companies like Spotify and their Backstage product, which essentially looks like an app for engineering teams, allowing you to spin up new services and infrastructure as needed. It almost feels like a product itself.

But if I had to point to one specific step we’re taking in this direction, it would probably be focusing on data. The organisation is growing very quickly, and without conscious effort we risk losing track of what is going on in the company, and how the different corners of the company relate to each other.

We see our data as the key to solving that. Data helps us to convey context from one side of the organisation to the other. We have a number of teams interacting with the customer on their journey to Pleo – from marketing, sales and customer success to the product and support teams – and we really want them to have a singular view of the customer, to provide the right data points to the relevant teams as they are interacting with the customer.

I see that as part of this overall platform – a big building block which is essentially our data ecosystem. We’re adopting this trend of a modern data stack, which essentially means building a platform which is provided as infrastructure to the rest of the organisation. The goal is to enable everyone to ingest data to the central data warehouse, which makes it interoperable, and there’s a number of discovery and quality aspects we’ve built on top of that. We basically allow a group of analysts to model the business and then distribute data back to different corners of the organisation.

If we nail this platform our teams will be able to work in a much more unified way, because they can look at the data and understand where this customer is coming from. “What just happened for them 30 seconds ago within the product, and how can I help them?”

Are you a Windows, Mac or Linux user?

My computer at home is a Mac, and I interact with Linux on our servers in one way or another. I’m trying to remember when I last used Windows… it’s probably 15 years ago, which I guess gives you the answer.

In the last ten years, what technology has made the biggest impact on the IT industry, and why?

I recall a time when I was building some systems for a customer, and I had to open an FTP terminal and move the files to the server. Looking back, it wasn’t the greatest experience. When I think of what we do today, shipping very large and complex systems relatively easily, I see it all as a massive journey. We have everything we need literally at our fingertips, and it’s powering innovation, because any company who adopts these cloud solutions has an almost endlessly scalable environment in which to operate.

If I dive one step deeper, I’m very passionate about data systems. Our cloud data warehouse, first starting with Redshift on AWS and later being pushed forward with BigQuery, feels almost like magic: I throw a lot of data in, and I start querying, and there are no indexes, no management of “how do I start today?”

I see data as the next wave, pushing the boundary of how much easier it’s becoming for companies to work without large teams of data engineers and custom pipelines between tools. That ecosystem is growing really quickly. And if you combine the cloud itself with the data aspects of solutions that are built on top of that, it’s a very interesting playground where products can be built far faster than 10 years ago.

How COVID accelerated Kreston Reeves’ agile transformation

Adam Shepherd

6 May, 2021

Much like accountants themselves, accountancy firms often have an unfair reputation for being stuffy, risk-averse and a little behind the times. The finance sector generally isn’t the first to adopt emerging technologies, often preferring to play it safe and wait until products have proven themselves before cautiously dipping a toe in. Sometimes, however, you have to jump in with both feet, and the COVID-19 pandemic has forced many organisations to jump-start their digital transformation efforts.

For London-based accountancy firm Kreston Reeves, the onset of remote working wasn’t a radical departure from the norm. The company runs eight offices throughout the UK, and has been using Citrix’s virtual desktop and application products for the best part of a decade, delivered on top of Nutanix’s hyper-converged infrastructure. This, combined with cloud services like Microsoft 365, gave the company a strong existing foundation to build on when COVID forced staff out of their offices.

“Prior to the pandemic, we were quite relaxed about people working from home,” says Kreston Reeves IT and operations director, Chris Madden, “although on a realistic day, you may have perhaps 40 people working from home and the rest would be in an office or client meetings – so you’ve probably got about a 500 versus 40 split, which is probably typical for our industry. We were moving towards an agile working model, but hadn’t quite got there. And then obviously, the pandemic struck, at which point everybody worked from home, whether they wanted to or not!”

Face time

While the company’s existing Citrix deployment meant that staff were already able to access all their usual applications while working remotely, collaboration was taken care of by a rapid rollout of Microsoft Teams, which Madden says has been invaluable for collaboration both inside and outside the business. 

“We went into the pandemic, got everybody set up, and then immediately started pushing out Microsoft Teams, particularly video conferencing, within our Citrix environment,” he explains. “That meant that people were able to carry on face to face communication, but more importantly with our clients, because [they] have an accountant they want to get advice from, and it’s a lot nicer if they can still see their accountant, even if they can’t get in the same room.”

The biggest surprise, he says, is how quickly the company has adapted to home working. If the business and its employees hadn’t been forced to change their behaviours and mindsets, he speculates that it would still be talking about how to roll remote working out.

“The only issues that we had, really, were getting everybody set up on the remote access apps to get the security codes for the two-factor authentication, and also any other apps they needed. So there was a rush to the help desk and the IT team to say ‘I need all this set up immediately’ from about 500 people, but in terms of the technology stack, it was there, it was working, and it did what it was supposed to do, which was quite a relief.”

From a hardware perspective, the shift to home working required additional investment in peripherals like headsets, webcams, docking stations and external screens, but it also gave Madden and his team the opportunity to replace the Dell Wyse thin-client devices used by many employees with laptops. The Citrix add-on for Microsoft Teams didn’t play nicely with the thin OS the company’s Wyse terminals ran on, he says, so rather than upgrading all of its thin-client devices, the company chose to pivot to laptops for all. This approach also gives the benefit of a single, consistent user experience for all its staff whether they’re at home or in the office.

Accelerated agility

This feeds into the firm’s plans for post-pandemic transformation; once things open back up, Kreston Reeves is going fully agile. The company implemented a desk-booking system earlier in the pandemic to help with risk management and social distancing for staff who had to be in the office, and plans to use that once lockdowns lift to support a hot-desking environment. 

“Hopefully, that will enable better collaboration,” says Madden; “you’ll get to know your colleagues a lot better. By giving everybody laptops and having the desks set up the same, it means you can just plug in at any old desk that you happen to be using. And so hopefully it should mean that we’re making more productive use of the space.”

Madden anticipates that this new model will involve staff working from home for roughly half the week and says that this flexibility has been a hit with staff, as it allows them to save time and money on their commute. As part of this process, Kreston Reeves has also reevaluated its use of office space, and plans to downsize its London premises.

“I think what it’s allowed us to do is look at our property footprint, what we’re using offices for, and why people want to go into an office. That’s feeding into our review of our office space and what we’re going to need for the future; so we’re looking to move our London office, and if this was done a few years ago, we’d have probably carried on with a desk per person,” he says. “Now we’re going into a location where there will be about 30% fewer desks than people.”

Another major change that COVID has enabled is the use of remote collaboration with clients. In addition to video conferencing with clients, recent regulatory changes have allowed Kreston Reeves to audit customers’ accounts remotely, rather than sending a battalion of auditors with laptops to their premises. This, Madden says, will save staff a lot of time that would previously be spent travelling up and down the country.

“I think it will bring a lot of changes, and I think it will probably mean people are more productive, probably get more out of their day. But that also means they probably get a better work-life balance, because it’s not all about working ever more hours, and because you haven’t got a commute, it’s an extra hour of work. It’s about giving that hour back and saying, well actually, we can get everything we need you to do in that time scale, and you’ve now saved yourself several hours of travel time a day, and that’s back for you.”

Looking to the future, the company has started experimenting with AI and robotic process automation technology to improve its operational efficiency, and is planning to invest more heavily in cloud services for back-office tasks. Madden explains that although the accountancy industry is still reliant on niche on-premise software products, many supporting services can be transitioned to cloud-based equivalents to take advantage of cost and availability benefits.

“I think the sector as a whole is a cautious sector, which is one of its strengths and one of its weaknesses, depending on your point of view. I do think it’s accelerated, and talking to some of my peers, there’s very much a sense that the pace of change is quicker.”

“The key thing for businesses is, how do you capture that willingness during the pandemic to move at pace and be willing to change, when you’re now back in the offices? And that’s going to be the biggest challenge for businesses, I think.”

Standard Chartered is taking 167 years of banking into the cloud

Adam Shepherd

10 Nov, 2020

The world of finance is changing fast. Where previously the industry was dominated by a clutch of major players that had been around for decades, or even centuries, the advent of cloud technology and mobile apps have allowed a swathe of new digital-only ‘challenger banks’ to spring up and start taking on the big established firms.

In order to compete in this new landscape, incumbents must modernise their offerings, and for many of them this also involves modernising their IT architecture, shifting away from on-premises data centres and monolithic applications to more agile development processes and cloud-based infrastructure.

Standard Chartered is one such incumbent; established in 1853 as the Chartered Bank of India, Australia, and China, the UK-based multinational handles a great deal of corporate and consumer banking across the APAC and EMEA regions, although it lacks a UK retail banking presence. The company is looking to shift its applications and services into the cloud in order to take advantage of the agility that this offers, and Standard Chartered’s CTO of cloud transformation Bhupen Warathe is the man in charge of making it happen.

The bank is implementing a multi-cloud, multi-region strategy, which Warathe says provides better resilience and reliability, as well as mitigating risks around where workloads are running from a geographic perspective. The company is also planning to make use of each platform’s different strengths and capabilities, and one of Standard Chartered’s two cloud providers is Microsoft Azure, chosen in part for its strong SaaS, AI and security competencies.

Around 10% of the bank’s employees have already been moved onto Microsoft 365, Warathe says, with the migration process expected to be complete by the end of next year. The company is also planning to use Azure’s AI and data analytics capabilities to offer richer insights to both staff and clients.

“They have a whole lot of great services including Power BI, and some of the big data products. We want to utilise that for better client insight,” Warathe says. “We want to generate better insights for our frontline staff and also provide much more rich analytics to our clients, both in corporate institutional banking, as well as to our retail and private banking clients.”

Some workloads will also be migrating to Azure, with the bank’s trade finance portfolio earmarked to go first. However, Standard Chartered’s multi-cloud strategy is based around balancing its workloads between Azure and a second cloud provider, the identity of which has not yet been publicly disclosed. 

“Trade finance [will] be moved to Azure; there will be other applications that will be going to the second cloud provider,” he says. “So the examples are, our payment systems will be going to the second cloud provider, and also our digital bank – or what we call virtual bank – capabilities will also be going [there]. So, in summary, we will be balancing the compute load between the two cloud providers, and that helps us.”

There will also be geographical considerations when determining which providers are used. “We are treating Hong Kong and Singapore as a pair, and if things go wrong in Hong Kong, we will switch to Singapore,” Warathe explains. “Similarly, London and Ireland is another pair in the West and we will be using cross-regional resiliency for a specific service provider. In the longer run, we would like to have switching between the cloud providers for specific workloads, but that’s not the immediate plan.”

In addition to resiliency, the multi-region strategy also addresses the bank’s data residency requirements, and Warathe cites Azure’s strong support for regional data hosting as a key feature for enabling Standard Chartered to meet its regulatory and compliance requirements. The company has 45 booking locations across 60 markets, and now that regulators are starting to open up to the use of cloud within the financial services market, Standard Chartered has begun engaging with these regulators to support its cloud rollout.

As with many cloud migrations, the bank is aiming to improve the scalability of its services as part of the project. In some of its larger Asian markets, Warathe says, Standard Chartered has seen huge growth in the volume of payments and transactions that it is processing. In particular, the coronavirus pandemic has driven a huge shift towards digital buying behaviour and e-commerce activities.

“All of those capabilities, buying behaviour from the corporate clients as well as retail clients, is going pretty much digital. And that’s where we have scalability requirements. So in some markets, we have 10 times more volume on a particular day, as compared to another day where the volume is kind of not there. And that’s where the whole scalability aspect also fits some of our needs to become a true digital bank.”

This isn’t the company’s first experience with the cloud, however. In fact, Standard Chartered has been using public cloud for the past three years, with six applications already migrated to its second unnamed provider as pilot tests.

“We already have experience and hence we’re very comfortable going big with a couple of cloud providers,” Warathe says. “We have a financial market business, which has many deployments where we need to do grid computing for risk analysis and portfolio level computations. And at peak, we have to use 10,000 vCPUs – so it’s that kind of load, that kind of compute.”

While this isn’t the first time Standard Chartered has worked with the cloud, it’s no less of a mammoth undertaking for the company, and skills are a firm priority for Warathe. The company has two main development centres in London and Singapore, and Warathe is focusing on making sure that his staff are fully trained on all of the cloud systems that the new infrastructure will need.

“We have close to 10,000 IT professionals in the bank. Cloud needs a different kind of skill set [and] we have established a very good upskilling programme with both the cloud providers. We have already trained more than a thousand people last year,” he says; “this year, we’re training another thousand individuals on cloud technologies. Things like how Kubernetes services or container services work, how some of the PaaS services and managed services are much better than what we can get from the traditional software in production.”

For Warathe, Kubernetes is pivotal to this strategy. The company’s new payment systems are going to be fully deployed using Kubernetes, he says, as will the company’s trade finance systems. There is also a lot of replatforming going on in preparation for the move, with many of the company’s core banking systems being worked on. At the same time, many newer applications, such as its digital banking products, are being developed as cloud-native applications from the word go.

“Kubernetes gives us the best scalability the industry has ever seen. It also gives us the best portability of moving the workloads between the two cloud service providers,” he says, “and that’s where wherever we have volumes, wherever we need scalability, those are the applications we are targeting for Kubernetes and container-based services.”

As you’d expect, Standard Chartered is also taking its own finances into consideration, and Warathe notes that the OpEx-based model of cloud computing offers a very attractive way for the bank to minimise its infrastructure costs, compared to making large capital investments in on-premise hardware.

“I think that [CapEx] model was quite good when we had predictable volumes, [but] when you have massive peaks and troughs, then the CapEx model doesn’t work that well. If you have a predictable volume, you can go for a 16-CPU box and maximise your dollar for five or 10 years,” he says. “But when you have a really dynamic throughput and a very varying degree of volume, then I think the CapEx model doesn’t work as well.”

“With cloud, we don’t have to buy hardware and network and switches and everything else to really put into our books and capitalise it for the next four to five years; that‘s one of the biggest advantages on the financial management side as well. And there are industry results, which show pretty good savings once we achieve a critical mass in terms of migration of workloads… initially you’ll have a bit of double bubble that means a bit of extra cost on one side, but eventually it gives you benefits on the OpEx side as well.”

How the NHS is transforming its IT to cope with coronavirus

Adam Shepherd

21 Jul, 2020

Over the past four months, businesses up and down the country have been complaining about how much the COVID-19 coronavirus pandemic and the resulting lockdowns have up-ended their normal business procedures – but if you think that’s a big adjustment, try working for the NHS.

Not only have all the same challenges affected the line-of-business staff that keep NHS trusts moving, they’ve also got to contend with the fact that keeping their clinicians and support staff operating at maximum efficiency is a literal matter of life and death.

While the government’s use of technology to combat the effects of coronavirus has been patchy at best, many NHS trusts have been upgrading and improving their own IT to make sure their staff have the best possible tools to ensure that they can fight the disease in a safe way, while still continuing to treat their non-COVID patients. 

Five years of work in five days

For Bob Beckwith, infrastructure manager of Newcastle NHS Trust, remote working is at the heart of these efforts. Like many organisations, he says, the NHS has had to rapidly adopt the technology in order to minimise the amount of face-to-face contact between members of staff, as well as between clinicians and patients. 

The trust has recently deployed Starleaf’s collaboration and videoconferencing technology throughout its sizable estate, and Beckwith says that the deployment has been a roaring success. 

“We took the approach of giving everybody a Starleaf account – use it or not,” he explains. “In terms of adoption, more people are now using it. As for the rollout, I don’t think we’ll ever be finished. The trust is so large by the time you’ve done one wing, the next wing is ready for a refresh.”

He’s not kidding, either; the Newcastle NHS Trust is one of the largest trusts in the country, with 1,800 beds and around 14,000 members of staff across 40 sites and two major hospitals. It also covers a huge range of specialisations, including cancer treatment, major trauma centres, children’s hospitals and more. Despite the scale, however, the response to the new system has been almost uniformly positive.

“I heard the expression somewhere around five years of work being done in five days, in terms of developing the product, increasing confidence in the use of it,” he says, “and I think that’s very true. There were a lot of people who I would have had a safe bet on never using video until after they retired. Now, they’re absolute converts; they can’t live without it. So this horrible thing happened and it kind of was a blessing in disguise for video conferencing … We couldn’t keep up with demand for headsets and webcams and speakers, but other than that, it was very good.”

Education, education, education

One particular problem that videoconferencing has helped to solve is education. As junior doctors and medical students come into the trust, they need to be trained – a task that is not helped by the fact you can’t have more than a small handful of people together in a room. To get around this, it has used Starleaf to let staff conduct training sessions remotely, with students able to dial in from anywhere.

“They’re just the ones I know of, because the beauty of this is IT doesn’t have to know about everything; if they want to use it for something bizarre and it works, they’re welcome to,” Beckwith explains. “They’ve done all the things you see on the news as well. They’ve had their team meetings, their team-building pub quizzes.

“It’s about keeping people together as a team. So you don’t forget what everyone looks like, I suppose!”

Starleaf wasn’t rolled out as a direct response to the challenges of coronavirus, though. It grew out of an earlier system of Polycom endpoints, which were deployed by the Northern Cancer Network (now known as the North of England Cancer Network) in cancer centres across the region. While somewhat neglected, the idea was judged to have promise, and a programme of upgrades eventually gave way to a root-and-branch replacement of all of its various components with a single provider.

Starleaf was identified as the provider of choice, and there were a number of factors that swayed the decision; security and reliability were high on the list, given the huge amount of extremely sensitive medical data the NHS handles needs to be carefully safeguarded.   

The fact that Starleaf is a British company also helped its case, as did the fact it was already on NHS Digital’s Health and Social Care Network procurement framework, which meant that many elements of the data protection impact assessment (DPIA) that a trust needs to carry out before it deploys a new technology were already addressed. “Because they’re on that they naturally ticked a lot of the boxes,” Beckwith says, “so a lot of the concerns were gone in terms of transmission of the data, storage of the data, where the actual data centres sat.”

“The other one was the licence model. Generally, if something is secure and reliable, it’s expensive, and a lot of the models from other people were per-seat. For an organisation our size with initially quite a low percentage adoption rate, it was just ridiculously expensive. Now, maybe not, because so many people are using it but at the time, it was.”

Freedom isn’t free

Another appealing way in which Starleaf differs from other videoconferencing and collaboration providers is its licensing model. As Beckwith explains, if a product is both secure and reliable, it’s normally expensive; with many of the other solutions considered being priced on a per-seat basis, the cost was prohibitively high.

Starleaf, on the other hand – much like the NHS itself – is free at the point of use. Anyone can register for an account, download the client and start holding video meetings for free, and the same applies to corporate accounts.

“Where the costs come in is around virtual meeting rooms,” Beckwith explains; “so basically, use of the bridge, use of the cloud. So as soon as you start using the bridging service, there’s obviously a cost associated with it. And there’s also the hardware cost for the room systems.”

This licensing system made Starleaf much more affordable for the trust than competing systems, but while the deployment has been a success, Beckwith says that it wasn’t without challenges. The biggest initial hurdle, he says, was bandwidth.

“We originally massively oversized the internet link that was set aside for Starleaf, but it was used up. Because of the way Starleaf works, when you max out, it reduces the call quality to try and handle the number of calls going on,” he says. “We found that, overnight almost, people were complaining about poor quality.”

Fortunately, the trust has an MPLS-style network and its provider could increase bandwidth fairly easily and quickly, albeit at an additional cost.

Training users on the new system has also proved to be something that required attention, and while some staff immediately took to it, there are always going to be holdouts who initially resist the deployment of new technology. Indeed, for Beckwith, education is probably his team’s biggest challenge.

“The technology works, we can monitor bandwidth usage and increase that relatively easily. The difficulty we have is showing people how it works,” he explains. “Quite often I’ll have comments of ‘that’s useless, it doesn’t work’. But they might not have a microphone, so they’re saying ‘they can’t hear me’. Well, yes, there are basic things like this. That’s the biggest challenge, definitely.”

While its use has understandably been scaled up dramatically in recent months, remote working isn’t a new experience for the trust, and Beckwith’s team has had processes and procedures in place to support remote workers for some time.

“If someone wants to work remotely, away from the main trust, they need a laptop, so they will be issued with a Windows 10 Trust-build laptop with all the usual policies and things,” he says. “We then use Microsoft Always On VPN to allow them to VPN back into the trust. And then we can then use our internet gateways, et cetera, to control what they’re doing. That seems to work well.” 

The trust’s IT team can also help with other hardware requests, such as a bigger screen, to provide “an office experience in their front room”.

“All we’re asking them to do is connect it to their broadband,” Beckwith says.

Every now and then I fall apart

The trust isn’t stopping with Starleaf; the organisation is currently in the process of migrating from Windows 7 to Windows 10, a project that is expected to be completed before the end of the year, and is also re-starting some of the IT upgrade and modernisation projects that had been paused due to coronavirus. Among these, one of the biggest focuses for Beckwith is the network refresh.

“You can imagine, with a network our size, it’s a big task. We’re replacing all the Wi-Fi, all the edge switches, and eventually the core as well,” he says. “That was put on hold [but] now I’m putting a few teams on it and hoping to get it done within the year. We’ve had a Cisco network ever since we’ve had a network. The wireless was about 10-15 years old, so it’s starting to creak – literally fall apart sometimes! The AP covers keep dropping off.”

The trust is heavily reinvesting in Cisco’s wireless products, Beckwith says, partly because of the popularity and versatility of wireless networking and partly because getting rid of cables is much more sanitary for clinical environments. The trust has been able to test this new networking technology in an interesting environment – one of the new Nightingale hospitals built to prevent hospitals being overwhelmed at the peak of the coronavirus crisis in spring.

“We built Nightingale Northeast and we put the new equipment in there because we had it. It’s a great testbed to see how it worked, and it’s much better,” he says. “The most noticeable [improvement] is the wireless connection speed. I think the company is just moving to 802.11n, which is a big difference if you’re just used to the old A/B/G networks.”

With successfully deployed and fully operational videoconferencing and remote working facilities helping to support Newcastle NHS Trust throughout the COVID-19 crisis, what advice does Beckwith have for those unfortunate organisations that weren’t able to set something up before the outbreak?

“As I said before, there was five years worth of development done in five days, and I think that’s very true – and it would have taken that long to get to this point where we are now,” Beckwith says. “It’s worth mentioning that [videoconferencing] is an overlay service to your network. So if your network’s poor don’t even bother trying. A lot of things are like that, I know, but videoconferencing assumes you’ve got a good network in place.”

“Definitely go for cloud-hosted,” he advises. “Make it as simple and as stripped back as possible – a lot of people just want to send an IM and video call someone. That’s it. There’s a whole load of products out there that’ll do an awful lot more [but] I wouldn’t personally bother with that: Just concentrate on the core stuff and do it now. Because this isn’t going away.”

VMware launches vSphere 7 and Tanzu container management tools

Adam Shepherd

10 Mar, 2020

VMware has announced the launch of a number of new Kubernetes-focused products, including the latest version of its vSphere platform.

Most of the new products fall under the company’s Tanzu portfolio, unveiled at last year’s VMworld

Tanzu represents VMware’s efforts to integrate Kubernetes container management – which the company is betting big on as the next significant step in enterprise applications – with its existing VM management tools. 

Three new Tanzu products are being introduced; first up, Tanzu Mission Control, a tool previewed as part of last year’s announcement which is designed to help enterprises manage multiple Kubernetes clusters across a range of environments, while centralising key functions like security, configuration management and data protection. It also allows businesses to hook VMware’s other management and monitoring tools (such as its Wavefront and CloudHealth products) into its Kubernetes workloads.

Following on from this is VMware’s new Tanzu Application Catalogue, which represents a way for customers to integrate open source components and tools from Bitnami’s catalogue into their applications in a safe and secure way, by providing a curated repository of open source products that have been verified as stable and vulnerability-free.

For organisations at the start of their container projects, Tanzu Kubernetes Grid is being introduced as a ubiquitous container runtime, combining open source Kubernetes tooling, container images and registry and lifecycle management. Described by VMware as an evolution of its strategy with Enterprise PKS (which will remain as a separate offering), the aim is to make it easier to quickly start using Kubernetes in a consistent way across multiple environments, alongside existing VMware deployments.

Speaking of which, a new version of VMware’s flagship vSphere suite is also being introduced, and it includes a range of Kubernetes-friendly features. Previously teased as Project Pacific, vSphere 7 has been ‘fundamentally modernised’, according to VMware, and re-architected to put Kubernetes management at its heart.

VMs are not being forgotten about, of course – the goal is to enable VMware admins to easily run containers and VMs concurrently. vSphere 7 has also been optimised for simplified lifecycle management, allowing enterprises to manage hundreds or thousands of instances in less time, with fewer tools, including introducing REST and JSON-based APIs for automating lifecycle management tasks.

vSphere 7 also introduces greater security through remote attestation, where a trusted host is used to verify the integrity of other hosts within the network. Elsewhere, vMotion has been improved to allow for easier migration of large VMs with minimal disruption and the Distributed Resource Scheduler now runs every minute as opposed to every five minutes.

GPU virtualisation is now on offer too, thanks to the company’s recent acquisition Bitfusion, which is being touted as a particular benefit for those looking to run workloads using machine learning.

The aforementioned tools are also being rolled into VMware Cloud Foundation 4 with Tanzu, which includes vSAN 7 for managing virtualised storage.

“Kubernetes is still hard,” VMware CEO Pat Gelsinger said. “We’re democratising Kubernetes into the industry, with the most powerful platform, the most powerful infrastructure community across multiple clouds; This for us is an important day, not just for us, but for our customers, and for the industry.”

VMware Tanzu Application Catalog, Tanzu Mission Control and Tanzu Kubernetes Grid are available now, while VMware Cloud Foundation 4 and VMware vSphere 7 are scheduled to be available by the start of May.

Microsoft, not Amazon, is going to win the cloud wars

Adam Shepherd

12 Dec, 2019

Brace yourselves, because I’m about to share a theory that may be a little unpopular: I believe it’s only a matter of time before Microsoft Azure overtakes AWS as the dominant force in the world of public cloud. 

I know that may sound crazy, and many of you are probably already reaching for the ‘close tab’ button, but hear me out. 

It’s no secret that Bezos’ cloud computing division is currently sitting pretty as market leader, having capitalised incredibly effectively on its first mover advantage while its’ rivals initial efforts stalled. By cementing its reputation as the biggest force in the cloud industry, it has attracted a number of high-profile customers, but it has struggled to make a major splash within large, established enterprises. 

You know who hasn’t, though? Microsoft.

While AWS has always been a favourite of startups and developers, Microsoft has concentrated firmly on the enterprise and met with remarkable success. To sweeten the deal, Microsoft has also been busily releasing a number of business-friendly features, such as its Azure Arc platform, which is designed to make it easier to consume and deploy its services across a large enterprise estate. In fact, any time I’ve spoken to a CIO who hasn’t yet moved to the cloud but is planning to, Azure has been a key part of their roadmap.

The stated reason for this is usually “well, it works with all of our existing systems”, which is a simple yet compelling point; if your on-prem servers are primarily running workloads like Active Directory, SQL Server and Exchange Server instances, opting for Microsoft’s cloud platform is sort of a no-brainer. Add in the fact that most large businesses are likely to be using Microsoft’s Office and Windows software (and even potentially Windows Server) and the logic becomes apparent.

More importantly, however, Microsoft has learned how to play nicely with others. Azure has always been a more open platform than most have given it credit for, but the addition in recent years of full native support for the likes of Linux and VMware show just how far it’s come. It’s making a real effort to be as flexible as possible, allowing customers to run the workloads that they want in the way they want to run them. 

This includes multi-cloud environments, which is the new hotness for businesses that want to avoid vendor lock-in and increase redundancy protection. Microsoft is more than happy to support multi-cloud deployments, if that’s what the customer wants. 

Amazon? Not so much. As we discussed on a recent episode of the IT Pro Podcast, there have been recent reports that suggest that AWS partners are banned from even using the term multi-cloud, presumably on the basis that – as the current top of the pile – giving customers the option of using multiple providers only increases the risk that they’ll ditch AWS for a better option. Note that in that scenario, the emphasis is not so much on giving customers the best possible option but on trying to hide from them the fact that other providers exist.

Amazon is undoubtedly on the cutting edge as far as tech development goes; its pioneering work on machine learningserverless computing and function as a service tools are evidence enough of that. It’s enterprise support that will determine the true winner of the cloud wars, however, and in this area, AWS is leagues behind Microsoft.

Android gets new security sandboxing features

Adam Shepherd

18 Oct, 2019

Google has brought new security features to web users on Android, with the integration of browser sandboxing capabilities to its Chrome app.

As of Chrome version 77, Android users are now protected by ‘Site Isolation’. This sandboxing feature involves isolating each browser tab from the other tabs in the session, and works by ensuring that web pages from different domains are run as separate processes, reducing the risk of side-channel attacks like the Spectre flaw.

This feature has been active on desktop instances of Chrome for some time, and the Android version is somewhat slimmed-down by comparison; in order to reduce performance overheads, Site Isolation is only enabled for password-protected sites, where users may be at risk of having their credentials stolen. This will help lessen the impact of the feature on smartphone speeds, particularly for cheaper devices with less RAM.

On desktop platforms, meanwhile, the existing sandboxing features have also been strengthened. In addition to side-channel attacks, Chrome can now defend against attacks involving a fully-compromised renderer process.

To coincide with this, the company is temporarily expanding its bug bounty programme to offer greater rewards for bugs involving Site Isolation, as well as including cross-site data disclosure attacks that involve compromised renderers.

Sandboxing is a common security measure, and refers to the process of isolating an environment from neighbouring systems in order to prevent the spread of harmful activity. Sandboxed environments are commonly used by researchers to analyse malware activity, as they allow the malware to be studied without risking the security of the rest of the network or operating system.

Pure Storage beefs up cloud support

Adam Shepherd

17 Sep, 2019

Pure Storage has today announced the general availability of new data management tools for Azure and AWS as part of its annual Accelerate conference in Austin, Texas, improving its public cloud support and further strengthening its position in the multi-cloud space.

Starting with AWS, the company has announced that its Cloud Block Store for AWS product, first revealed last year, is now generally available for all customers. The product is a wholly software-based offering, allowing customers to use the company’s Purity management software to manage their AWS storage.

The initial beta version of Cloud Block Store used EC2 compute instances with EBS as a storage layer, but the configuration has since changed. As Pure Storage vice president of strategy Matt Kixmoeller explained, the conclusion was that EBS was not reliable enough for the product’s requirements.

“As we worked closely with Amazon, what we found was that EBS didn’t have the reliability characteristics that a Tier 1 storage array needs,” he said. “In particular, there are challenges around coordinated failures, where multiple volumes can fail at once. And so we completely re-architected the backend layer to run natively on S3. S3 is Amazon’s most durable, most reliable storage tier by far – 11 nines of durability.”

“And so we use EBS as a cache to deliver high performance, but persist data on S3. And if you look at most customers, they really treat S3 as their cloud storage. So this solution becomes a way for us to bring a Tier 1 block experience to use in the Amazon cloud storage S3, that customers are most familiar with, and most trust.”

Part of the goal with the new service is to enable workloads to move seamlessly in both directions; from the cloud to the data centre, as well as from the data centre to the cloud. It uses the same management tools and APIs as Pure’s on-prem management software, as well as featuring the ability to run across two availability zones in active/active configuration.

Cloud Block Store for AWS will be available via the AWS Marketplace on either a month-to-month or a one-year contract. Customers who want something more long term can get contracts ranging from one to three years by purchasing through ‘Pure-as-a-Service’, which is a rebranded version of the company’s Evergreen Storage Service, now effectively acting as a subscription-based consumption program.

The other major cloud announcement was the availability of CloudSnap for Azure, a built-in backup mechanism for FlashArray products which lets the Purity management software seamlessly and transparently move snapshots to the public cloud. CloudSnap was initially launched last year with AWS support, but has now been expanded to Azure as well. This, Kixmoeller said, was an excellent example of Pure’s intentions to extend its tools to a multitude of different cloud providers.

“Our strategy at Pure is to absolutely deliver these services as multi-cloud,” he said. “So Cloud Block Store, we started with Amazon – that’s the natural place to start. But as we see more and more adoption, and that gets more mature, and we will of course proliferate to other clouds.”

“It’s not an easy thing for us to snap our fingers and have it available on all three clouds, because we’re doing the hard work of integrating it deeply. And so this is our first example of bringing something to a second cloud.”

As part of the show, the company also announced a capacity-driven flash-based secondary storage appliance with quad-layer cell memory, as well as a new plug-in DirectMemory module for FlashArray//X appliances offering an instant performance boost.

Now is the time to embrace remote working

Adam Shepherd

6 Sep, 2019

I’ll be honest; it’s been a little hard to concentrate on writing this month’s column. As I write, Boris Johnson and the Conservative party have lost their parliamentary majority, somehow plunging the Brexit situation into even more chaos.

This latest phase of the debacle has got me thinking about what will happen to businesses in the event of a no-deal Brexit. The potential negative impacts have been well-documented, from a shutdown of data transfers with the EU to severe delays on international shipments, but the issue that keeps playing on my mind is the strong possibility of a resulting skills crunch.

A clampdown on immigration from EU countries has been high on the list of hardcore Brexiteers’ priorities, which will likely reduce the pool of skilled tech workers entering the country. Even if European developers and specialists aren’t barred from entering the country following Brexit, and the ones already here not compelled to return home, one could hardly blame them for choosing to take their talents to a more welcoming and less chaotic nation.

A sudden lack of locally-based technology talent is a real possibility that businesses have to confront, but there are ways around it. One is to focus on upskilling or cross-skilling existing staff, but that takes time – time that organisations may not have if the impact of no deal is as sudden as some are predicting.

A better option is to embrace remote working. The fact is that, when it comes to technical roles, there’s very little need for all your staff to work out of a corporate office. Cloud infrastructure platforms and SaaS tools allow companies to manage and administrate the vast majority of their IT remotely if they so choose, and even when it comes to physical infrastructure or hands-on IT support, you only really need a small in-house team to effect physical changes, while off-site employees handle the configuration. This is even more true when it comes to developers and software engineers, who can be based anywhere in the world and still be just as effective at their jobs.

For many businesses, the biggest worry with moving to remote working is making sure staff remain connected with colleagues and managers, and continue to be engaged with the business. It’s easy for remote workers to feel isolated or ostracised if efforts aren’t made to include them, but collaboration platforms like Slack, Microsoft Teams, Dropbox, Skype and Google Hangouts are all great tools for ensuring they still feel like part of the team.

Rolling out these tools can have benefits for employees outside of IT as well, increasing productivity and efficiency, as well as allowing office-based staff to work flexibly if they want. Ensuring new systems are adopted can be a challenge, of course, but the long-term benefits are worth it.

By making use of these technologies, organisations can make sure they can recruit and retain European tech staff in the event of a no-deal Brexit, but time is of the essence. If the walls go up on 31 October and you don’t already have wheels in motion to implement remote working within your business, you’ll be on the back foot compared to rivals that do. You may be tempted to wait and see how things pan out, but let’s be honest – it’s far better to be prepared.

View From the Airport: VMworld US 2019

Adam Shepherd

30 Aug, 2019

I think it’s fairly safe to say that I picked a good year to visit VMworld US for the first time. While I’ve been to its European equivalent, this was the first year I went to the main event and it was something of a doozy.

Not only did we get a nice bit of pre-conference sizzle with the news that VMware is acquiring Carbon Black and Pivotal, but the entire show was also a festival of product updates and previews. More than anything else, it felt like a statement of intent from Gelsinger and his comrades, setting out the company’s stall for the future.

The big focus of the show – and of VMware’s main announcements – was Kubernetes. The company is betting big on the container technology as the future of application development, with plans to weave it into vSphere with Project Pacific, and use Pivotal and Bitnami’s technology to make VMware even more attractive to Kubernetes developers. Virtually every main-stage announcement featured Kubernetes in some capacity, and VMware veteran Ray O’Farrell is being put in charge of getting that side of the business (including the forthcoming Pivotal integrations) running smoothly.

All the new Kubernetes-based products – Project Pacific, Tanzu and the like – are still in tech preview with no release date in sight and, honestly, that’s probably a good thing. I’m really not sure how many of VMware’s customers are ready to start deploying containers at scale. Mind you, making Kubernetes management a core part of VMware’s capabilities may well go a long way towards encouraging adoption.

It feels like a future-proofing measure more than anything else. Gelsinger is a sharp guy and when he says that containers are the future, he’s not wrong. It may not have reached mass adoption yet, but it’s growing fast, which isn’t surprising given the technology’s proven benefits. This isn’t a pivot though; VMs aren’t going anywhere, as Gelsinger himself has been quick to point out. He notes that all the companies operating Kubernetes at scale – Google, Microsoft, Amazon, et cetera – operate them inside VMs. More to the point, it’ll be a long time yet before Kubernetes gets anywhere close to rivalling VMs in terms of the number of production workloads.

Between the new possibilities promised by Project Pacific, the increasing focus on multi-cloud infrastructures and the forthcoming integration of Carbon Black’s technology into the product line, VMware looks like a company at the absolute top of its game, cementing its dominance of the virtualisation market and paving the way for that dominance to continue long into the future. If Gelsinger, O’Farrell and the rest of the team can pull off everything they’ve promised, then customers and admins have a lot to look forward to.