Tribune Media CIO David Giambruno got the rare opportunity to build IT for a $2 billion company from the ground up after the Tribune Company was split in two in 2014. With that opportunity, he took full advantage of two modern concepts: the software-defined data center and cloud computing.
Giambruno also saw how traditional enterprise vendors struggle to fit they licensing to the more flexible approaches of a software-driven data center -- but also how some trendy platforms like OpenStack don't always do better than established technologies.
The split created Tribune Publishing and Tribune Media, the latter being the largest independent broadcasting company with 42 TV stations, a movie studio, and divisions involved in everything from sports metadata to real estate. Giambruno lives in Raleigh, North Carolina, and has offices in Raleigh, New York, and Chicago.
Network World Editor in Chief John Dix recently talked to Giambruno about what is possible when you're given a blank sheet of paper. Perhaps not surprisingly, the answer resembles the fabled software-defined data center. What follows in an edited version of their conversation.
Dix: It must have been a monumental job to divvy up a company while it was still in flight, so to speak.
Giambruno: When you're splitting a company you have to keep it running, so there was a decision made that Publishing was going to keep all of the legacy [gear] and we would have a transition services agreement to support us in the interim. Then essentially I got to build greenfield. I had to consolidate all our stuff from 54 data centers into something new. There are very few times in your career you're totally unencumbered, so I looked around and said, "What can we do?"
We knew we had to build the traditional back end to support the services side of IT -- DNS, email, all of that stuff no one ever sees. There's no cosmic joy to back-end systems. Everybody just expects them to work, like electricity.
To visualize the job of splitting the company I used a grilled-cheese-sandwich metaphor: It looks nice and neat, but when you cut it and pull it apart, you get all the gooey, messy stuff. Every corner-cutting, field-expedient fix from the last 30 years comes back to haunt you. The only downside of the metaphor was getting the picture for the PowerPoint. My eight-year-old daughter and I had to make five grilled cheese sandwiches to get the right shot, and I had to eat them all.
But the fun was figuring out how we were going to build that next-generation platform. How were we going to keep costs down, how were we going to automate it and avoid boxing ourselves in? Technically, that meant building a platform that could adapt, consume, scale, eject, and execute with predictable precision using cloud, containers, XaaS, and whatever Silicon Valley throws out for the next several years. Financially, it meant disconnecting capability and cost. If I want to add five things, I don't want to have to pay five bucks, I want to pay two bucks.
So we decided to build a private cloud, because we had only five months to split everything. The first target was to get to 90-percent virtualized, up from 60 percent, so we could move everything. And one of the first things we did was a bake-off between VMware and OpenStack. We had 26 people doing OpenStack (because it was cool) and four people working on VMware. The goal was to get 1,000 servers running inside of a month. At the end of the first week, the VMware team was done and dusted. At the end of the month, the OpenStack people still had nothing. Choice made.
So we started the process of lighting up the VMware and migrating our applications. Essentially, we were running two horses. One being the infrastructure and all their services, and second moving all the applications. The team building the entire infrastructure back end was only nine people. That was it. I'm incredibly proud of them.
I presume you were migrating to an x86 hardware environment?
All x86. No mainframes, AS/400s, etc. I have Wintel platforms, and I only have five physical servers that don't run virtualized. Otherwise, we're running roughly 1,200 servers on 79 physical hosts.
When we were getting ready for the network, one vendor quoted me $1.5 million to do my core. We ended up going with NSX from VMware and $70,000 worth of Juniper in the core because, with NSX, I can use much less-expensive stackable hardware because much of the intelligence for logical redundancy is sitting in software. Juniper also has the best XML parser.
And if I understand it right, one of the reasons you could consolidate so much of your compute resources was because you offloaded some workloads to the cloud?
Right. I don't have PeopleSoft Financials or PeopleSoft HR anymore. Those are 800-pound gorillas and we replaced them with Workday Financials and Workday HR, which are SaaS services, and Anaplan for budgeting and FP&A [financial planning and analysis]. So that huge erg of horsepower that took up a chunk of the data center is no longer onsite. In raw numbers, about 80 percent of our applications are still on-prem, and 20 percent are in the cloud, but in a compute sense we're about 50/50.
Literally, this is like a $2 billion startup, or restart. And we did the whole thing in five months. Management's assignment to me was to build a "frictionless enterprise," which is a very succinct and clear goal. The power in that vision is the focus it enables me to give my team.
People say, "Wow. You did all this?" But it is like Captain Kirk and the Star Trek's Kobayashi Maru test. I say, "Yeah, but I cheated." It's just what is possible now. I did not have the baggage from a legacy enterprise, and I had clear purpose of mission. The outcome was like going from the Flintstones to the Jetsons.
We set up the environment, got everything running and ready by the end of May 2014. We went live August 4, moved all apps, and collapsed 54 data centers onto seven racks with nine help-desk calls. It's one of these funny visuals because we're a pretty big company. You walk into my data center and expect to see rows and rows of stuff; [but] it's literally seven racks. I have to take people in and show them, saying, "Really, that's it … my data center that got caught in the dryer."
The magic to me of an internal cloud is all my data is in a single place. All the other benefits pale compared to the ability to have all my data in one place and to copy it at will anywhere, giving me what I call "indiscriminate compute." So, as we put in our API layer, it makes it really easy to move information in and out, to control that information. We're still going through the whole microsegmentation piece, but the ability to wrap our data with a common security profile and push that out externally changes the operating metaphors.
I use the term "indiscriminate compute," but it is really compute, storage, and the network -- being able to move and extend that anywhere the business needs while knowing where it is, what it's doing, and who has access, so it still stands up to an audit.
If I want to take my internal servers and go to Amazon Web Services or Azure or some other provider down the road, we'll be able to do that. We've already pushed some stuff to AWS as a test. We just don't have a need right now for public cloud because we have capacity and because of latency problems in public clouds. That's quickly going away, but it's still there. I always joke, "Bandwidth is cheap, but latency is priceless."
Going back to NSX, did you discover anything along the way that NSX couldn't do?
In the beginning, the hardest part was not the technology, it was the ecosystem. It's fairly young, and the hardest part was getting other vendors to offer virtual instances of their physical hardware. Everybody talks about virtual appliances, but it's a big shift. "I've been creating physical boxes forever and now you just want me to give you a piece of software?" It is a total frame-of-reference shift for the suppliers and their business and revenue models.
We even had problems just getting SKUs. So, you really have to work on the ecosystem. That was really the only frustration. The technology itself worked. But we got to walk into it [, not run]. We weren't lighting up 50,000 nodes. We slowly lit stuff up, we learned, we got better at it. I highly recommend the "crawl, walk, run" approach ... but it is eminently doable.
You do need the right people. I am blessed with an awesome team that loves the challenge and has that one key quality: curiosity. Curiosity has to be fostered, and that comes down to leadership and supporting your team.
We're all about simplicity. I call it the Southwest of computing. Southwest Airlines uses one type of airplane, so it has one set of mechanics and one set of parts. So what I strive for is getting really good at a set of technology, owning it, and wielding it to get the most out of it we possibly can. Wield the technology.
I don't worry about vendor lock-in because my threat is binary. What I mean by that is, if you make us really, really mad, we'll just take everything and rip it out and replace it. We work very hard at getting really good relationships with our vendors. But if it goes bad it's divorce court. You're not going to lose 10 percent of my business -- it's all gone.
So that's the way I approach it because I think simplicity wins in the long run. Workday is similar in that everybody runs on the same version. It's like an apartment building where you get the same floor plan. You can change your paint and your sink, but pretty much everything else is the same. We just went through a Workday 25 upgrade -- and I'm used to SAP and Oracle upgrades that take months of prep, lots of money, and lots of consultants. This was a team of eight, two weeks, a four-hour upgrade, you're done. You go, "Wow. That was easy."
The same metaphor applies to infrastructure now. We're still bound by applications, but it is really about how you wield the tech. It is how do you disconnect the cost and become scalable and run those things that need to be run in the background without anyone getting sticker shock from cost or effort at every change. The best compliment I get from the management team is they don't have to think about me.
Give us some perspective on how you're benefiting here in the new world.
Before we split the company in half, we had 585-ish people in IT, so you would assume I would end up with 200 to 300 people. I am running everything -- infrastructure, apps, support, and development -- with 43 people. Even better, I didn't have to fire anyone. Only 25 people transitioned from the combined company to Tribune Media.
But the thing I look at most is business alignment, and I look at it really simply: It is your ability to do more with less. I am not revenue-generating, but it doesn't mean we can't be innovative and engaging. My team uses technology to give the business a competitive advantage: speed. The more I can focus my team on delivering projects, the better the business is.
I still need the "bump-in-the-night, worst-case-scenario team," but the paradigm shift keeps reducing operational risk and enabling my team to work on business projects. This is quantified in the number of projects we deliver. The new capabilities enable us to get the infrastructure out of the way so we can do more.
In 2014, I believe we got a little over 140 projects done. Year to date, we've crushed it with over 245. And these are massive projects. We've built an entire back end for a company. We've built shared services to big data, we've built all this stuff. We've taken the infrastructure out of the way so everything becomes easier. One of the best examples is the speed at which we deployed Workday Financials. We had the fastest go-live ever for a company our size.
What you see is people getting more done faster, and that changes people's frame of reference about what can be done and how long it takes. One of our team's rallying cries is "Everything begins and ends with an IP address." That combines with my team's penchant for automation.
Mike Cannella, one of our cloud engineers, worked with InfoBlox and VMware to create an awesome integration. Now it's literally a click of a button to automate VM provisioning, birth to death. Click, and a VM gets an IP address that's entered in the DNS (depending on its naming standard; so, production, dev, test), it gets a life span, and it gets an owner. If it's a test box, the owners start getting nagged at 75 days to see if they still need it, and if they don't respond it just gets deleted at 90 days. This is where the operating metaphor of a software-defined data center shines.
How are you handling storage?
Storage is in major flux. One of my Cloud Engineers is really awesome in storage, Ben Gent, and he gave me this PowerPoint titled, "How do I fire myself?" That obviously took a certain degree of courage, but it reflects the new operating possibilities in storage.