NetApp - Dave's Blog

NetApp shipped its first product 15 months after incorporating. We had a total of eight full time employees (three engineers), and we had raised $1.6 million. By the time we had become profitable and gone public, we had raised a grand total of $13 million.

Compare that with what more recent network storage starts-ups have raised so far:

BlueArc	$157 million
3PAR	$153 million
ONStore	$79 million
LeftHand Networks	$75 million
Panasas	$68 million
Yotta Yotta	$66 million
Zambeel	$66 million
EqualLogic	$52 million

(Consistent data was hard to find. Two useful sources were Storage Search and Byte and Switch.)

What is the message here? Were the first three engineers at NetApp (James, Byron and myself) all super-geniuses? Were the folks at BlueArc, 3PAR and the rest all idiots?

I don't think so. I think that the amount of money it takes to ship a new product says a lot about the maturity of a market. These numbers say that that the network storage market is much more mature and difficult to enter today than when NetApp started.

An engineer who joined NetApp from Zambeel told me that his time there was frustrating because every time they were about to ship product, NetApp would ship another release and Zambeel's marketing folks would add all of our new features to their requirements list.

On the one hand, you could argue that was bad planning on their part. NetApp was seven years old when Zambeel started - they should have predicted we would ship more stuff. On the other hand, NetApp had it easy. When we started, there was no such thing as a "storage appliance" and there was little competition for low-end file servers, our initial target market. See my entry on disruptive technology. NAS was a classic disruptive technology. It started as a low-end niche, where nobody else was playing, and moved up over time. The initial competition was Sun workstations configured as NFS servers, but Sun wasn't focused on low-end NFS. Auspex was selling much larger, more expensive NFS servers. And EMC was way up in the enterprise mainframe space.

I'm not saying it is impossible for a new storage system startup to be successful. My point is that the bar for entry is much, much higher today than it was when NetApp started, and that makes storage system startups an expensive bet.

I do believe it is a mistake for startups to take direct aim at companies like NetApp and EMC. They should identify a low-competition niche to get started in. BlueArc, in particular, screwed up by targeting "enterprise NAS" as its initial target market. NetApp already owned that space, with EMC a strong second. Strategically, both EqualLogic and Lefthand Networks made a much better choice by targeting IP SANs based on iSCSI. Since iSCSI is new, there are no entrenched players. Even so, both EMC and NetApp are selling way more iSCSI storage than either Lefthand or EqualLogic. So even though I prefer their strategy to BlueArc's, it remains to be seen whether they'll be successful.

One of my goals for my blog is to maintain honesty and neutrality. Still, I can't restrain myself from quoting Roger Bonine's blog:

We have been Network Appliance users for about five years now. The NetApp filers are relatively expensive, but almost bulletproof. We have never had a service outage since the filers were installed. The filer technology is impressive as well, but those aren't the things that impress me the most. Network Appliance has the best service and support of any company that I have ever dealt with, in any industry - bar none.

Consider this. The filers "phone home" to NetApp support whenever there is a component failure. NetApp immediately sends us a replacement part by overnight mail. It's not uncommon for us to arrive at work for the morning and have a drive or fan waiting for us when we didn't even realize that there was a problem. Also, if we need to talk to a NetApp engineer, we can go to the support website and initiate a live chat session in a matter of seconds.

Honesty compels me to admit that I omitted the part in Roger's blog about a NetApp component failure where the next-day delivery didn't work out. (Once an engineer, always an engineer.)

In his book The Discipline of Market Leaders, Michael Treacy describes his model of how companies win. Treacy argues that to be successful, every company must choose one of three "value disciplines". The three disciplines are:

Operational Excellence - "best price with least inconvenience"

Examples include Wal-Mart, McDonald's and Dell. These companies don't focus on delivering the best possible product, or having the closest relationship with their customers. They win by being very efficient at delivering standard products at the best price.

Product Leadership - "innovation that delivers the best products"

Examples include Sony and Microsoft. These companies win by delivering new products with new features. (Think Sony Walkman here, not Sony's rootkit DRM fiasco.)

Customer Intimacy - "deep customer relationships for customized results"


Examples include Nordstrom's and IBM. These companies win by understanding their customers deeply and delivering exactly what they need, often in a customized way.

Treacy has some rules for winning. Rule #1 is that every company must choose one discipline to excel in. Rule #2 is that companies must also be "good enough" at the other two disciplines, where good enough depends on how well their competitors do.

NetApp is a product leadership company. Our primary focus is to deliver products that solve problems nobody else can. We focus on innovation with technology like iSCSI, RAID-DP and SnapVault, and with acquisitions like Spinnaker, Alacritus and Decru.

Still, Rule #2 says that we also have to be good at the other value disciplines. Over the past five years or so, as we've focused increasingly on supporting high-end enterprise customers, and started competing more against EMC, we've made large investments in "customer intimacy", so it's good to hear that NetApp Global Services understands Roger and his business well enough to keep him happy.

Interestingly, in his comments about service, one of the things that Roger mentions is NetApp's "phone home" capability, which is actually a product feature. Even when it comes to improving customer intimacy, we use product innovation as a tool for success.

After my blog entry on iSCSI, I got a message from Guy Harris:

"You somehow managed to avoid using the word "disruptive" in that entry; was that intentional? :-)"

Guy knows me well. He's one of the first engineers we hired at NetApp, and he's making fun of my obsession with the concept of "disruptive technology" (see The Innovator's Dilemma by Clayton Christensen). Christensen focuses on what happens when a low-end technology gets increasingly better over time, and eventually attacks a completely different market.

The computer industry is full of examples. UNIX started in the workstation market, but eventually became good enough to compete in the server market against VAXes and mainframes. Windows/Intel started in the business desktop market, but later became good enough to compete against UNIX in the engineering workstation market, and later still in the server market. In each example, the low-end technology started in one market, but eventually became good enough to disrupt a higher-end technology in a different market.

People who haven't read Christensen's book often misunderstand this idea, and simply use the English definition of disruptive: "causing confusion and disorder". A technology is never disruptive when it is first introduced. It either succeeds in some market or it doesn't. It only becomes disruptive later, if it becomes good enough to succeed in a completely different market that has higher requirements than the one where it started.

Why does this difference matter? The point is that a disruptive technology already has a stronghold in its low-end market by the time it starts competing against a new high-end market. Honda's first successful product in the US was a dirt bike. It didn't compete against any existing products. By the time Honda competed against motorcycles (Harley), and later cars (GM, Ford, Chrysler), it already dominated the dirt-bike market which was difficult for those other companies to attack. If Honda had simply competed head-to-head against Harley and GM, starting from scratch, it would have been crushed.

Or imagine if Microsoft and Intel had gone head-to-head against mainframes when they first started shipping. By the time a technology becomes disruptive, it's already had many years of success in its own separate market. It is precisely this track-record of success that makes it so dangerous! The sales channels, the partnerships, the customer relationships that it has developed make it difficult to kill, and give it a platform from which to attack the higher end market.

So is iSCSI a disruptive technology?

I would argue that it isn't old enough to be disruptive. Disruptive technologies already have years of success in a separate market, and iSCSI doesn't have that!

If it turns out that iSCSI and Fibre Channel simply go head-to-head, fighting over the same business from the same customers, then iSCSI is not disruptive. In the plain English meaning, it may be disruptive to Brocade and McData and EMC, but it won't be disruptive in Christensen's sense.

On the other hand, if iSCSI establishes itself as the leader in a separate market - a market for much lower-end networked storage where Fibre Channel just can't compete - then a few years down the road it may have an opportunity to become disruptive.

Only time will tell.

Lately NetApp has been talking a lot about data security. That's a natural follow-on to our Decru acquisition, but data security is much broader than Decru. In fact, it is broader than NetApp, because any comprehensive solution requires components from multiple vendors.

No single approach can secure your data. The threats are too diverse. Comprehensive security requires solutions in three key areas: Perimeter Security, People Security and Data Security.

Of course NetApp has products in all three categories, but rather than digging into that, I'd like to step back and look at the bigger picture. What do these three areas involve, and how do they fit together?

Perimeter Security

Perimeter security is all about keeping bad guys out of your data center with technology like firewalls, anti-virus and web filtering.

Folks who are really paranoid talk about air gap security (physically isolated networks), and TEMPEST security (protection against electromagnetic leakage). These are spook issues, but in normal business environments perimeter security is mostly about networking equipment and tools to process the data that flows through network protocols.

People Security (Authentication, Authorization and Auditing or AAA)

People security is all about "Joe":
• Authentication: Is this really Joe? Yes, that's his password or thumbprint.
• Authorization: What is Joe allowed to do? He's a backup admin with access to all data.
• Auditing: What has Joe done lately? Last Sunday he did a full backup.

One hot topic in authentication today is using biometric data like thumbprints. I understand that some biometric systems will continue to recognize a severed thumb for up to 24 hours, if it is kept properly moist.

Data Integrity (protecting data at rest)

Data integrity is about protecting data at rest on disks and tapes - keeping data safe, keeping it secret, and ensuring that you can delete it when you need to. The key technologies are replication (to ensure access) and encryption (to ensure secrecy and deletion).

One reason data security is hard is that so many people have legitimate access to disks and tapes - everyone from the backup administrator, to the janitor in the data center, to the UPS person who delivers the tapes to Iron Mountain, to the clerk at Iron Mountain who stores the tape in the warehouse.

The key point is that without solutions in all three areas, your data isn't safe. Perimeter security is a great start, but doesn't protect against insiders. Encryption doesn't help if the wrong people are authorized to get the keys.

A big problem in data security today is that most people take too narrow a view. We need to broaden our customers' thinking, not just about NetApp's own solutions, but to help them understand solutions from folks like Symantec, Microsoft, Cisco, CA, McAfee, Trend Micro, WebWasher, Acopia, Juniper, Neopath, Websense, and so on.

I spent the week at the Storage Networking World (SNW), conference in Orlando and I noticed three big themes. I plan to write an entry on each, but first I'll introduce the set:

Theme #1: Continuous Data Protection (CDP)

I can't find solid agreement on exactly what CDP means, but it is part of a set of related technologies, all interesting. They include disk-to-disk backup and archiving, virtual tape libraries, snapshots and write-logging. CDP is the hot term, though, so anyone with any of these technologies calls whatever they do "CDP".

Theme #2: Crypto-Compression

Companies are using "crypto-hashes" as a way of compressing data in a surprising variety of applications: some are compressing backups; some are compressing primary storage; some are compression wide-area network traffic; some are compressing specific network protocols. I think that crypto-compression is going to turn out to be a fundamental advance in computer science.

Theme #3: Virtualization

Virtualization is "hot" again. Several years ago virtualization got hot, but then nobody delivered anything, so virtualization became taboo. Now it's gaining ground again.

The first two themes show most strongly on the vendor exhibition floor - especially among the startups. The third theme shows up more strongly when you listen to the big vendors talk.

The acronym “CDP” (continuous data protection) was on more signs at Storage Networking World than any other technical term. Everyone claims to have it, yet no two vendors agree what it means. In situations like this, a good way to cut through the confusion is to ask: What is the business problem?

For CDP, the business problem is this:

Nightly backups to tape just aren’t good enough. The backup itself takes too long, doing a restore takes too long, and you always end up restoring to data as it was in the middle of the night even though you might prefer the data as it was at 2:37 p.m.

In defining CDP, there are two main camps: the “strict technical definition camp” and the “broad business definition camp”.

The strict technical camp argues that CDP is a technology in which every single disk write is logged to separate storage. This allows you to recover data as it was at any instant in time. Older data may be pruned, because saving every write consumes lots of space. You might have access to any instant in time over the last three days, but only hourly points or daily points before that.

The broad business camp argues that CDP is any technology that solves the business problems – that lets you eliminate the backup window, recover data quickly, and allow recovery from many different times during the day. Some in this camp would argue that disk-to-disk backup with snapshots would qualify as CDP, as long as you can have many snapshots per day and keep them as long as you need. Others would argue that VTL (virtual tape libraries built from disk) qualify, because with VTL you can backup more quickly and do it more often. (This way of thinking pisses off people in the strict technical camp. “That’s not CDP!”)

Roughly speaking, the strict technology camp consists of startups that are developing the write-logging technology (e.g. Mendocino and Revivio), while the broad business camp consists of more established companies who believe they have other technologies that address these business issues (e.g. Microsoft and NetApp)

I’ve been living on snapshot-based storage since fall of 1992, when James and I first switched our home directories to a NetApp filer. My experience is that hourly snapshots have always been sufficient to save my bacon. Occasionally I have wanted to see a file as it was at 2:37 p.m, instead of going back to 2:00 p.m, but that’s been rare. Usually hourly snapshots were plenty good, and way cheaper in both capacity and performance than logging every write.

In my view, the important point is not the definition of CDP – the important question is what it takes to solve these business problems. When are snapshots the best solution? (Snapshots how often? Hourly? Every minute?) Where does resolution down to the millisecond add additional business value? How much are customers willing to pay for that extra value?

As usual, Plato said it best 2500 years ago: “Why should we dispute about names when we have realities of such importance to consider?”