Plug Storage Push Service

Despite the bold, entrepreneurial impulses driving most corporate initiatives, doing business isn't really about taking risks. It's about managing risk. Whether the decision involves opening a new branch, acquiring a competitor, launching a new product, or bringing on a new CEO, companies understand that risk can't be completely eliminated. And, they know that companies unwilling to assume risk remain stagnant.

However, while thriving companies accept a certain amount of risk in pushing business objectives forward, they tend to think of risk primarily as a consequence of extending the enterprise beyond the four walls of the organization. Security breaches come from "out there." Shaky product launches stem from unpredictable market fluctuations ... "out there."

That way of thinking often holds true when it comes to risks to the IT infrastructure. The hacker who breaks into the organization's proprietary database is lurking "out there." The disaster that could bring down the data center - the earthquake, the terrorist attack, the power outage - will occur "out there." Granted, most companies understand the need to also look internally at their data protection policies and procedures. But, those efforts are often reductive and shortsighted - focused on such knee-jerk activities as adding disk drives to servers or sending backup tapes off-site. Often missing is a thorough, granular examination of internal processes and systems potentially threatening application availability. That's why, to supplement hardware and software sales, VARs and integrators should consider selling data protection assessment and management services.

And, that's exactly the approach taken by $125 million Adexis, the storage division of Cranel, Inc. Headquartered in Columbus, OH, with regional offices spanning coast to coast, this storage solutions provider focuses exclusively on data management, protection, and availability. It offers only what it considers to be best-of-breed hardware and software, as well as design, integration, and implementation services. Additionally, 24/7 technical support is provided by its sister division, Versitec. Revenue from any of those arms is driven primarily by Adexis' ability to help clients identify and mitigate risk, including risk percolating within the company's current storage practices. For Adexis, the key to selling storage solutions comes in giving its clients information about their existing infrastructure - information they can use to set their own data protection priorities.

Backup Vulnerability: Take Stock, Take Action
The sales cycle for Adexis starts with an in-depth assessment of the customer's storage environment. It ends (or perhaps continues indefinitely), in most cases, with a phased solutions rollout. The phased approach targets a company's application availability by separating (and delaying) "wish list" application security items from those marked "clear and present danger." Along the way, Adexis may sell storage hardware, in addition to services, but that revenue is merely a byproduct of the risk assessment process. A hardware sale is not a foregone conclusion Adexis makes about every client from the outset of the relationship. "We don't go into the client's site with the intention of selling more hardware," says Adexis CTO Michael Cush. "We go in to figure out what they have, how they're using it, and whether or not their current storage environment is putting critical business applications at risk. For each problem or potential problem we identify, we offer a solution. Not all risk mitigation strategies require immediate hardware purchases. Of course, most do over time."

A huge piece of the initial risk assessment involves studying the client's current data protection capabilities. Adexis brings in automated discovery tools to determine, for example, how much storage capacity is in the current environment, how much is being utilized, by which applications, for what purposes, and whether or not stale data is being backed up over and over again. To identify points of vulnerability - i.e. potential causes of application downtime, Adexis will even run a mock data recovery drill using whatever process the client has in place for backup/restore. It might discover, for instance, that, although the company is replicating its data from site A to site B, the secondary, disaster recovery site fails when Adexis tests its ability to restore live production data.

Some of the vulnerable spots Adexis discovers can be categorized as human resource problems. Industry analyst firm Gartner estimates that as much as 40% of application downtime can be attributed to human-related causes: labor spread too thin, poor training, actual human error. Says Cush, "At one customer site, operators were manually removing tapes from the library and not running a re-inventory process on the library and backup software. As a result, tape drives were failing because both the library and the backup software were not able to recognize the location of the tapes. The operators simply hadn't been trained properly."

Hardware Headaches Push Service Revenue
Frequently showing up during Adexis' assessments are hardware incompatibility issues. Because they don't always know which devices will work in which environments, companies can unwittingly set themselves up for problems. As more companies adopt SAN (storage area network) technologies, in particular, these potential problem areas multiply. "A company may have a grand plan for consolidating their servers and storage on a SAN. But, then we come in and discover that there is no longer an HBA [host bus adapter] available for the platform they plan to use," says Cush. "People overlook these sorts of things all the time. We try to show customers it's the details that get you - the $2 components."

According to Cush, problem areas in the hardware arena can also stem from clients' tendency to trust vendors to pay attention to all of a deployment's technical requirements. The problem is exacerbated in heterogeneous storage environments - increasingly common in medium and large enterprises. "Manufacturers don't always have the right skill sets to deal with integrating their products in environments where complementary - or even competing - solutions exist," says Cush. For instance, Adexis helped one customer integrate a new NAS (network attached storage) solution with its enterprise backup and recovery solution. The customer had purchased the NAS solution from a manufacturer that didn't consider the company's backup and recovery strategy. "We commonly bail out customers that have been myopic in looking at their technology needs," says Cush. "The customer bought technology X, but neither they nor the vendor of technology X understood the bigger picture that technology X would have to fit into - now and down the road."

Sell Storage In Stages
Adexis knows that overturning stones to reveal potential application vulnerability is fraught with risk - to Adexis. That's because application availability can be a potentially contentious subject among the various data-hungry constituents within a company. So, as it interviews various stakeholders within a company - from line-of-business managers to C-level executives - Adexis makes sure it sidesteps any political land mines that could be set by the risk assessment process. What Adexis does not do, for instance, is decide for the client which utilization policies to set for each application or which applications should be supported with high availability. "If you ask the business leaders responsible for particular applications, they'll all say their apps need to be up 24/7 with no downtime," says Cush. Instead, Adexis asks questions about uptime requirements, presents data showing how close the current environment is to supporting those requirements, and outlines viable options for addressing current inadequacies. "When we present our findings, we don't say, 'You must do this; you must do that,'" says Cush. "For each item, we say, 'Here's a problem; here's the risk; here's a potential solution.' We may discover, for example, that certain files aren't being backed up at all, but it's up to the client to determine if that constitutes a risk worth spending money to mitigate."

Since few companies can afford to give top-shelf IT support to all apps, Adexis nudges them toward making their own distinctions about where pain can be tolerated and where it can't. To help customers place their applications along a pain-severity continuum, Adexis asks customers to consider several factors: 1) the service level requirements for each application; 2) which applications are, in fact, mission-critical; 3) how much it will cost if a critical application goes down; 4) how long they can wait for the application to come back up after a disaster; and 5) how much data they are willing to lose in the event of a disaster.

Once the company has prioritized its applications based on its answers to those questions, Adexis then helps the company put together a road map for bringing on technologies and/or services required to mitigate risk for various apps. "Once you help companies see the true pain they may be facing, you can help them map the cost of avoiding that pain back to particular technologies," says Cush. "For example, a particular business unit may be claiming that it can't tolerate its critical app being down for more than two hours per year. But, that two-hour number doesn't mean much until you show that it's costing the company $10,000 per minute for that app to be down. Only then can the CIO or CFO make an informed purchasing decision about any additional storage needs for supporting that application. You really have to get customers to put a dollar figure on downtime."