This content is part of the Essential Guide: Windows Server 2016 release broadens reach across IT spectrum
Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Information technology adoption: CIO Ted Ross discusses LA's strategy

Listen to this podcast

Ted Ross, Los Angeles CIO, discusses enterprise technology refresh against the backdrop of developments such as Windows Server 2016, containerization and cloud computing.

Part of any CIO's charter is managing information technology adoption and devising a technology refresh strategy. IT vendors contribute to the challenge with each successive generation of hardware and the ever-quickening pace of software development.

As for the latter, the arrival of Windows Server 2016 stands as one of the more prominent examples. The software, which became generally available in October 2016, harbors some interesting twists and turns for technology managers. Support for Docker containers and a transition from per-processor to per-core licensing rank high on the list of notable changes to be found in the latest version of Microsoft's server operating system.

But for CIOs, the process of information technology adoption isn't strictly about the new product at hand. Any upgrade takes place within a much broader context that includes factors such as potentially troublesome legacy systems, IT budget constraints and alternative deployment models such as cloud computing. A technology refreshment strategy must take all those considerations into account along with an organization's overarching business objectives.

To talk about the challenges of information technology adoption, searchCIO spoke with Ted Ross, general manager and CIO for the city of Los Angeles. The city's data center runs Windows, Linux and even IBM's AIX. In addition to on-premises gear, Los Angeles is also adopting the cloud in areas from websites to emergency services. We queried Ross on the challenges of enterprise technology refresh, the emergence of containerization and the benefits of cloud computing.

(This transcript has been edited for clarity and brevity.)

We're interested in learning about Windows Server 16, especially in the broader context of enterprise information technology adoption. What do you see as the key adoption issues an organization like yours faces when you're bringing in newer versions of products like Windows Server?

Ted Ross: It's actually a very fascinating question and it really comes down to our strategic approach as a large government organization. We want to gain the benefits of new releases [and] stay on top of the security perspective, but we also have to juggle all these different legacy applications and we have to move along a lot of baggage. So we watch ... release blogs. We watch for issues and fixes. We start by checking with our vendors. We have a lot of off-the-shelf tools, development tools, monitoring tools. We look for compatibility. We look for certification examples and when we feel that the new release is solid enough, stable enough and addresses any major security risk factors, then we start to make the migration to move onto it.

So you have to have a standard approach for conducting enterprise software upgrades. How does it work?

We want to gain the benefits of new releases [and] stay on top of the security perspective, but we also have to juggle all these different legacy applications.

Ross: We would not think of ourselves as leading edge, but never want to be behind the curve. So we try to kind of balance that out and in a lot of ways it's what you'd expect from a government IT team. When a version is solid enough, then we'll go ahead and stop implementing the previous version. We will only implement the new version. We will put off new installs, will avoid changes in development environments and any disruption to existing projects and users. We will go ahead and put together a project plan because we need to make a mass migration. We want to minimize disruption for our stakeholders. We'll do full regression testing of our applications. We'll make sure that we're compatible. We'll mitigate any compatibility issues and then we'll go ahead and prioritize environments and start migrating them on over.

And we know it's a balance. It's a balance in waiting long enough to ensure that it's solid and stable enough for us to make the move, but not waiting too long so that we're implementing old versions and we're just getting stuck in the cycle of getting off of burning platforms.

How long does a process like that generally take?

Ross: Anywhere between six months and a year, depending on the version we're jumping to and compatibility issues we'll run into. Some things can move quite quickly, but some other aspects can move slower. We saw this with [Windows] XP, we saw this with Windows Server 2003. We don't want to be that organization that built something out and it's very difficult to maintain and we find ourselves in a crisis. So we've been much more aggressive [in] front-loading the effort to ensure that we can do a much faster turnaround. Because sometimes enterprise IT shops are really good at building something, but really bad at keeping it current. We don't want to be there.

In the case of Windows Server 2016, there are some interesting wrinkles one of which is the transition from per-processor to per-core licensing. How do you see that impacting adoption?

Ross: I would say, in some ways one of the only potential benefits of having a legacy environment is that we're not appropriately structured or set up with maintenance. It causes us to have to do mandatory upgrade projects that can help discount licensing changes. We're in the course of moving a lot up into the cloud right now. It gives us the ability to negotiate enterprise agreements for Software Assurance and other aspects that can help us kind of mitigate future licensing cost issues ... and allow us to ensure that we have periodic platform pricing resets. Government has budgets that are set 12 to 18 months in advance, so spikes in licensing or platforming costs cannot be easily addressed and that's highly problematic. So everything we can do to try to set agreements to address future upgrade needs, and prioritize [them] in contract negotiations, allows us to kind of move these things en mass.

Microsoft is making moves in the developer space -- support for Docker containers in Windows Server 2016 being one example. Is that of any interest to you?

Ross: Certainly Docker, and containerization, is interesting to us and we're keeping an eye on it. Believe it or not, government budgets really haven't fully come out of the 2008 Great Recession. We still feel a lot of that impact, so we're not exactly where we want to be when it comes to investment. However, the ability for us to be able to simplify the creation and management of a large number of systems in a limited number of physical machines, or to provide better, more reliable performance or redundancy without worrying about uniformity of environment, is game changing. We watch it very closely, but I can't say at this point that we expect to have rapid adoption.

As containers make their way into the organization at some point, what would be the main benefit? Just taking virtualization to the next level, getting more density?

Ross: I think there's certainly an element of that. Uniformity of environments is a very big issue. We've got Linux, we've got Windows, we've got old AIX, we're even moving applications off of a mainframe. So we're very aggressively working ... toward those goals. For us, containerization and portability are set to become a very important conversation. It allows us to really take a hybrid cloud approach so that we can maximize on-prem versus cloud infrastructure and know when to put a workload in one versus the other.

You mentioned in previous call that Azure is something you're working with now. Is that the future? Do you see more workloads heading to Azure?

Ross: We absolutely see more workloads [moving] to Azure and AWS (Amazon Web Services). Cloud infrastructure is a game changer for us in many ways. It provides consistent budgeting. It helps to mitigate the impact on staff resources. So as city budgets, as government budgets come back, they often come back in specific areas. It's much more difficult to hire new employees, but one may be able to get a subscription budget. Having that balance assists us quite a bit -- allowing us to stay current with patching [and] security is important. It minimizes physical space in the requirements of our data center, which we have and we're modernizing, and it certainly goes far in the direction of disaster recovery. Government has realized that there is no time that government is more relied upon than during an emergency. And so we find cloud infrastructure to be a key component when it comes to disaster recovery -- so not having to deal with hardware ... having better or more efficient ways to utilize limited staff and knowledge base, having agility and flexibility on projects to be able to spin up workloads and pull them back down again. They really all play into our space and we think that those are certainly game changers when it comes to changing the way we provision.

What kind of resources do you run in the cloud right now?

Ross: We started off with the 'gateway' choices -- web services, websites, etc. So our, our banner, vanguard website's up [and also] our BAVN [Business Assistance Virtual Network] system, which is a system where the city publishes [its] opportunities. We have 50,000 registered vendors in that, so it has all of our contracting and procurement information on there. We've got quite a bit of web that's up in the cloud. We've also been moving into other key areas of migrating some core applications up there, including even some innovative ones. We have an emergency operations center (EOC). In a disaster, people are looking to that EOC as we call it, to be able to help manage police, fire and other emergency processes. Instead of having a physical alternate emergency operations center that requires provisioning of equipment, addressing cooling issues, keeping the equipment tested and ready, we went ahead and spun up a small version in the cloud, so that core EOC tools, emergency management tools are available anytime, anywhere. If something happens to a beautiful primary EOC facility, we can set up an EOC anytime, anywhere with simply an internet connection through the cloud. So it's a mixture of those very clear cloud use cases as well as moving more and more of those enterprise items on there and even some innovative items like this virtual EOC.

Is that more cost effective?

Ross: Much more cost effective. We're at the point of spending around $70 a month to have a virtual EOC. Certainly when we need to activate, we'll be spending a lot more. But think of it this way, instead of me having to pay $50,000 to $75,000 in hardware and have to go through the refresh and have to send people to a remote location to be able to get their hands on and keep it running, I can for ... under $100 a month maintain a virtual EOC that's very easy to access for staff. And then when it comes time to be able to break it open in an emergency, we're still not going to be spending huge amounts of money. But even if we did, it's during an emergency [and] the city is more than willing to spend essential money. But from an ongoing operational perspective, we have very low cost insurance so to speak.

That's a huge plus for any budget-minded organization.

Ross: Yes, it is. And so we think of cloud as useful in so many key areas. We love it for the disaster recovery site. We love it for its ability to burst. We love it for the agility around it. And we love the idea that it's pay per use.

What's your thinking on cloud security?

Ross: Early when cloud infrastructure was taking adoption, there was the expression -- and it's a very apt one; I love to quote it over and over again -- it's that cloud is not a technology, but it's a business model. ... It's really virtualization that is driving the technology of the cloud, but it's a different business model. ... It changes the way you need to operate. And you can't see that any more clearly than in cybersecurity. We were used to building on-prem hardware within our firewall. Once we started to discuss the idea of moving applications out into the cloud, it caused indigestion because it was not a model we were used to. And so our cyber folks, our data center folks had to operate differently to leverage cloud in a secure way. And I think some large organizations [are] not willing to make that investment or they are slow to make that investment and maybe they're concerned on how to make that pivot. But for organizations that do understand what the cloud has to offer and can make the pivot to leveraging it in a secure manner, they're reaping the benefits that everyone's discussing around cloud infrastructure.

So ... the challenge, and the opportunity, is for enterprise organizations [that] already have large on-prem footprints to be able to make that migration to the cloud, to be able to set the right models. ... I think the beauty of it is there are still certain benefits around on prem, so the hybrid model, I think, makes perfect sense. It allows you to gain the benefits of cloud infrastructure. It allows you to gain the benefits of on-premises infrastructure and, with portability, you can move between the two, based on cost, based on use case. And I think, ultimately, having those capabilities and having those options is what makes the modern IT data center very effective.

Anything else you'd like to mention?

Ross: It's interesting. We're more and more moving to the point where, as an enterprise organization, we build bigger and bigger footprints. And it raises more and more of a challenge, especially if you're in an organization that isn't as strong as it should be in budgeting the refresh of previous technology. There's no such thing as a free puppy. If someone handed you a free puppy, you're [still] going to have to raise the puppy, feed the puppy [and] care for the puppy. And we have all these applications out there, legacy and new ones, that could be those free puppy incidents. So it's very important for us to think through and in a very successful way kind of crack the nut on how to manage and maintain what we already have. And that involves, of course, migration policies and that's above and beyond the fact that there's new functionality, new capabilities that we should be taking advantage of. It's the tightrope walk that I think the modern CIO needs to do.

Next Steps

Gain insight into group policy administration on Windows Server 2016

Learn more about Azure Site Recovery

Read about state government procurement reform