How cloud management tool sets can help MSPs
To tackle today's cloud management challenges, MSPs need new software tools and strategies. Find out why cloud management tool sets should be on MSPs' radars.
Dave Sobel is host of the podcast The Business of Tech and co-host of the podcast Killing IT. In addition, he wrote Virtualization: Defined. Sobel is regarded as a leading expert in the delivery of technology services, with broad experience in both technology and business.
Today, Dave interviews Jeff Nevins, CTO of Simeon Cloud, a provider of a multi-tenant Microsoft 365 configuration management platform for MSPs. Nevins gives his take on cloud management and the MSP tool sets that are currently available.
Transcript follows below.
Dave Sobel: So, you and I connected because of a blog article you did on Toolbox. I'm including the link in the show notes and description for everybody who wants to dig into that. You paint a picture of using Azure AD [Active Directory] and Intune and completely managing an environment. Give me your perspective on that tool set right now.
Jeff Nevins: That tool set has really only come into maturity and viability, I think, in the last two years. Intune was kind of a mess before that. [Office 365] has been around the longest, but it's only recently that it has really come into its own with SharePoint Online and OneDrive and integrating right into modern device management, which is what I would consider Intune to be. And then, lastly, Azure AD, as an identity provider, really only in the last two years has become somewhat competitive with cloud-based identity providers like Okta. But [Azure AD] also [serves] businesses where you don't need a domain controller or traditional Active Directory domain anymore. Pretty much all SMBs can operate completely on those three core tool sets these days.
Sobel: I've got to point it out what's notably missing from that is the traditional 'MSP toolkit' [label]. Is that a deliberate omission on your part?
Nevins: Absolutely. I mean, Microsoft is not the best of breed, but [consider] the cost of stitching together a toolkit of all the different software you need for management and administration as an MSP, the effort of maintaining those platforms, and the integration that's required to make them all work together -- when Microsoft really doesn't care about how well those MSP tools integrate -- it's just not viable. It doesn't really make practical sense anymore, to stitch together those tools. Microsoft does a good enough job with their M365 platform that the industry is moving in the direction of a consolidated tool set that's all offered by Microsoft.
Sobel: So, I'm in agreement. I happen to think the same way. And I think Microsoft is moving that way. Help me out then by [explaining,] what's your vision for what I term cloud management, this tool set that is needed by a modern provider to solve their end customers' needs? What's your vision of cloud management?
Nevins: A lot of different vendors have done a really great job of building usable platforms and intuitive platforms. Microsoft has not yet. Learning Intune is a beast. Understanding how to evolve from an on-premises Active Directory to being cloud first in Azure Active Directory is a really steep learning curve. And moving to O365 for productivity and communication [is] probably the easiest, but still, it's a paradigm shift in how people are used to interacting.
So, Microsoft is not there yet from a usability and intuitiveness [perspective], but they're moving in the right direction, at a Microsoft pace, and eventually they will get there.
Gaps in cloud management tool sets
Sobel: So, what's the gap? I mean, you're working in this space, [and] you're trying to deliver a toolkit here. What do you think? What's needed? What's the requirements list that a modern provider needs right now that is not being delivered upon?
Nevins: Honestly, I think it's about automation and scale of management. So, if you look at Lighthouse, Microsoft knows that they have a pretty large gap in this area. But Lighthouse is really an administration portal, with the ability to administer multiple tenants at scale. It doesn't really address the core gap, which is the ability to manage multiple tenants at scale and have all your tenants under one umbrella of management -- not just a single pane of glass to view all of them.
So, if you have, as an MSP, 100 tenants that you're maintaining, you have to, one, spend a lot of time setting up those tenants and make sure you followed all 200 steps correctly in order to get them in the right state. And, two, when you learn something and you change your best practices of how you set up a tenant, if you're being disciplined about it, you go back and you retrofit all the tenants that you brought under management before that. And then, after that, you hope that you keep them all consistent afterwards and keep them up to date. Or if you're not disciplined, you just sort of let it go and then it bites you later when that tenant gets hacked. So, to be able to manage those tenants at scale is really the direction Microsoft needs to go, and it's what the Simeon tool set that my company develops is targeted at addressing.
Why building on Microsoft is the only option
Sobel: I'm also going to address that this conversation, the way you're talking about it, is very Microsoft focused. This is Azure, and this is Intune. Is that intentional? Is there viability elsewhere? Or is Microsoft really the only way to go on this?
Nevins: So, this goes back to the stitching together of tool sets. Aside from the cost, Microsoft doesn't care about being friendly to integrations with vendors. They say they're friendly with Okta, but the truth is that if you bring Okta into the mix as an identity provider, in the identity provider space, it makes Azure AD and O365 less functional. So, Microsoft is a partner with Okta, but they're not designing their product to integrate really well with Okta.
You can't get away from the fact that companies are tied to the Office desktop. Outlook, Excel, PowerPoint -- they're never going to go away. And as long as you're paying for those tools, it's like, 'Oh, well, for an additional $8 per user, per month, you get modern device management, you get an identity provider, you get the full O365 suite.' There's just no way to financially justify the diversity of tool sets anymore.
I just went through an exercise with a client where they were using Symantec Endpoint Encryption for device encryption, they were using a self-service password reset tool, they were using remote wipe software, they were using remote administration software, they were using Active Directory and Group Policy, they were using an agent that you install for additional device controls -- and none of them worked well together. And they cost $500,000 a year in licensing. At that point, when you're already paying $500,000 a year for Microsoft 365 Enterprise licenses, it just doesn't make sense anymore.
So, long answer. Microsoft, they're not the best of breed still, but they're the people to invest in right now because it just doesn't make sense to bring in all the other vendors anymore.
Sobel: I'm going to play with that premise for a second. On the show, I talk a lot about platforms and building yourself on a platform, and how we've moved from, say, [the] Windows [platform] to the productivity layer being the platform you're building your business on. So, I'm going to poke at this for a moment. I'm going to give you two different examples. We'll talk about each one. The first is: Okay, well, why not Google Workspace? Why couldn't you build at that level? What's your take on that?
Nevins: So, Google is great. They do what they do very well. But Google Workspace is just not ever -- maybe they'll do something [and] I shouldn't say 'not ever' -- but they're just not in the business of competing with businesses in the Office space. Google Sheets, for some companies, [is] a replacement for Excel, but I'd say for 95% of companies that I work with, it's just not a suitable replacement. And as long as people are anchored to that core Microsoft Office workspace, it just doesn't make sense to also use Google Docs or Google Sheets or Gmail if you're using the Office desktop, because the Office desktop integrates so well with everything in the Microsoft ecosystem.
Sobel: Okay. Fair answer. So, then I'm going to plug in another module into this. So, let's assume you're now Microsoft, but what we want to do instead is build on, say, a Salesforce-Slack combination. What does that look like in your world?
Nevins: Salesforce is an interesting thing, because Microsoft's competitive offering is Dynamics. They have Dynamics in the cloud, and they're really plugging that with Microsoft Dataverse, which is really built now on top of Dynamics and Power BI. And they're making progress there, but Dynamics is not what I would call a mature CRM, even though it's been around for so long. So, I guess it's mature, but it's still not a CRM I would recommend to someone unless they've got a really strong connection to using Dynamics already.
On the other hand, Slack, I think, is a great example, where Microsoft has Teams. And Slack has a lot of nice features, and Slack users often pooh-pooh on Teams. But to use Slack for your enterprise when you already have Teams just doesn't make sense for a lot of people, because the integrations with the O365 suite [are] all sort of added onto the Slack platform. They're all add-ons, and not all of them work that great.
IaaS vs. SaaS in cloud management
Sobel: I wanted to get your take on that, the argument of that. So, I'm going to pivot a little bit, and we've both talked about this now as kind of 'cloud management.' And in a way, we've mixed two terms. And I want to poke at that a little bit and get some clarification.
As we talk about cloud management, in particular the tools that you're working on, as well as the need that you've addressed, both from an Azure AD and an Intune perspective, as well as referencing Microsoft 365, we've intermixed what is, traditionally, infrastructure as a service [IaaS] and software as a service [SaaS]. So, that IaaS and the SaaS -- which is it? Is it both? Is it one, or the other? What does this space need? And are we mixing two important things?
Nevins: We're definitely mixing two important things. I think that it's SaaS first, or what I would call PaaS [platform as a service] first, because a lot of these things are sort of a mix of a platform and pure software. So, whereas O365 is pure software, Azure AD is very much a platform. But there's still a need for infrastructure as a service for a lot of companies. So, the way I look at it is you start with that core tool set of Azure AD, Intune and O365, and you take what was traditionally file shares, and you move them to OneDrive and to Azure storage, et cetera.
But there's still things that just don't really play well in that purely SaaS, PaaS space. For example, SQL servers. Not everything is ready to be moved to Azure SQL. And you have to be ready, as an MSP, to support that hybrid environment where you really want to get off premises and you need the Microsoft 365 suite but you're also going to use the infrastructure-as-a-service offerings to stand up SQL servers or special file shares for QuickBooks -- things where it just doesn't fit well yet into the PaaS, SaaS space.
Adding other vendors to management suites
Sobel: We talked about the space [and] we talked about the acronyms, but the solutions we've been focusing on still remain very Microsoft. Where do you see the need going when I want to introduce those other ones? So, the moment I add some other vendor, it becomes a much larger problem. How do you add that to the management suite, from a vision perspective?
Nevins: First and foremost, it's not there today. So, if you look at what I think [is] the most basic example of that, [it is] patch management. So, Intune can deliver all your software, just like you could with Group Policy back in the day. Keeping that software up to date on your endpoints is not something Intune does yet. So, you see a couple of vendors in this space that have built solutions centered around Intune, but they're really not there yet from a maturity perspective.
And so, this is, to your point, where you get into sort of stitching those solutions together to come up with a management solution. And so, it's not pretty, to be honest. A lot of these patch management solutions, they're duplicative, they're expensive, and you still -- basically, you have to use them, because Microsoft just doesn't have something in that space yet.
What needs to change?
Sobel: So, you're working on solving this problem. You're giving this a lot of thought. I'm going to now give you the last thought of where we're going to go. I'm going to give you my magic wand, and I'm going to say, 'You get to make one big change that starts unlocking this potential.' What would that magic wand use be?
Nevins: Sure. So, for me, it goes back to that scale of management, that assurance of consistency, and the ability to rapidly add new tenants and services to your tool set. So, focus less on maintaining your tenants and focus more on scaling your business. So, that is the space that Simeon is in. And the way it accomplishes that is by offering the kind of rich maturity that exists in cloud automation for infrastructure in the Microsoft 365 space.
So, I've worked in cloud engineering for a long time [with] a heavy focus on automation, and there's all these tool sets that exist in that space for scale, ease, centralization of management. You've got Terraform, Pulumi, ARM templates, CloudFormation, Chef, Ansible. You just go on and on and on. And the MSP space and the network administration space just has really not reaped the benefits of the infrastructure/configuration-as-code tool sets that infrastructure and software has benefited from. And all the offerings that are out there still are very much GUI-centric. It's an administration tool, and that's about it. And it's really not in the best interest of the MSP industry to dumb everything down that way.
The benefits of configuration as code and automation are what Simeon is built around. And so, by having configuration as code, you can deploy and configure your tenants at scale with the click of a button. And you can keep them consistent, you can monitor them, [and] you can back them up and restore them. You really get that full benefit of managing your tenant's configuration in a repository.
Sobel: So, what's held the development back? If this is the obvious need, why haven't those tools come to this space, in your mind?
Nevins: That's a really interesting question. Why do vendors keep focusing on making friendly administration tools and not management tools? And I think the answer there is that these automation tool sets often have a very steep learning curve and they're often implemented by professional services or consulting companies, not by MSPs. So, quite frankly, it's just not user-friendly enough. And so, that is where Simeon tries to bridge the gap. It's based on a foundation of configuration as code and automation, but it has a friendlier user interface on top of it to lessen the learning curve about managing things using infrastructure or configuration as code.
Sobel: Are you looking at this and saying, 'These tools are going to disrupt and replace the other ones?' Or are they augmenting [them]? Or is it both? What's your take on how this is going to go?
Nevins: I hope it's Simeon but, in general, these kinds of infrastructure, configuration-as-code-first tools, I think, are going to replace the administration tools, because in order to have that kind of automation, you have to start with the foundation of infrastructure and configuration as code. And these tools that are administration focused, Lighthouse included, are built the opposite way around, and they're UI-first and then they're scalable-second. And so, as long as they're just trying to sort of strap on automation as an extra feature, they're never really going to have a full-fledged, rich offering to fully manage your tenants using configuration as code.
About the author:
Dave Sobel is the host of the podcast The Business of Tech, co-host of the podcast Killing IT and authored the book Virtualization: Defined. Sobel is regarded as a leading expert in the delivery of technology services, with broad experience in both technology and business. He owned and operated an IT solution provider and MSP for more than a decade, and has worked for vendors such as Level Platforms, GFI, LOGICnow and SolarWinds, leading community, event, marketing and product strategies, as well as M&A activities. Sobel has received multiple industry recognitions, including CRN Channel Chief, CRN UK A-List, Channel Futures Circle of Excellence winner, Channel Pro's 20/20 Visionaries and MSPmentor 250.