(intro music) >> Narrator: "theCUBE's" live coverage is made possible by funding from Dell Technologies, creating technologies that drive human progress. (gentle music) >> Hey everyone, welcome back to "theCUBE," the leader in live and emerging tech coverage. As you well know, we are live at MWC23 in Barcelona, Spain. Lisa Martin with Dave Nicholson. Day three of our coverage, as you know, 'cause you've been watching the first two days. A lot of conversations about ecosystem, a lot about disruption in the telco industry. We're going to be talking about Open RAN. You've heard some of those great conversations, the complexities, the opportunities. Two guests join Dave and me. Abdullah Abuzaid, Technical Product Manager at Dell, and Gil Hellmann, VP Telecom Solutions Engineering and Architecture at Wind River. Welcome to the program guys. >> Thank you. >> Nice to be here. >> Let's talk a little bit about Dell and Wind River. We'll each ask you both the same question, and talk to us about how you're working together to really address the complexities that organizations are having when they're considering moving from a closed environment to an open environment. >> Definitely. Thank you for hosting us. By end of the day, the relationship between Dell and Wind River is not a new. We've been collaborating in the open ecosystem for long a time enough. And that's one of the, our partnership is a result of this collaboration where we've been trying to make more efficient operation in the ecosystem. The open environment ecosystem, it has the plus and a concern. The plus of simplicity, choice of multiple vendors, and then the concern of complexity managing these vendors. Especially if we look at examples for the Open RAN ecosystem, dealing with multiple vendors, trying to align them. It bring a lot of operational complexity and TCO challenges for our customers, from this outcome where we build our partnership with Wind River in order to help our customer to simplify, or run deployment, operation, and lifecycle management and sustain it. >> And who are the customers, by the way? >> Mainly the CSP customers who are targeting Open RAN and Virtual RAN deployments. That digital transformation moving towards unified cloud environment, or a seamless cloud experience from Core to RAN, these are the customers we are working with them. >> You'll give us your perspective, your thoughts on the partnership, and the capabilities that you're enabling, the CSPs with that. >> Sure. It's actually started last year here in Barcelona, when we set together, and started to look at the, you know, the industry, the adoption of Open RAN, and the challenges. And Open RAN brings a lot of possibilities and benefit, but it does bring a lot of challenges of reintegrating what you desegregate. In the past, you purchase everything from one vendor, they provide the whole solution. Now you open it, you have different layers. So if you're looking at Open RAN, you have, I like to look at it as three major layers, the management, application, and the infrastructure. And we're starting to look what are the challenges. And the challenges of integration, of complexity, knowledge that operator has with cloud infrastructure. And this is where we basically, Dell and Winder River set together and say, "How can we ease this? "How we can make it simpler?" And we decided to partner and bring a joint infrastructure solution to market, that's not only integrated at a lab at the factory level, but it basically comes with complete lifecycle management from the day zero deployment, through the day two operation, everything done through location, through Dell supported, working out of the box. So basically taking this whole infrastructure layer integration pain out, de-risking everything, and then continuing from there to work with the ecosystem vendor to reintegrate, validate the application, on top of this infrastructure. >> So what is the, what is the Wind River secret sauce in this, in this mix, for folks who aren't familiar with what Wind River does? >> Yes, absolutely. So Wind River, for many, many don't know, we're in business since 1981. So over 40 years. We specialize high performance, high reliability infrastructure. We touch every aspect of your day and your life. From the airplane that you fly, the cars, the medical equipment. And if we go into the telco, most of the telco equipment that it's not virtualized, not throughout the fight today, using our operating system. So from all the leading equipment manufacturers and even the smaller one. And as the world started to go into desegregation in cloud, Wind River started to look at this and say, "Okay, everything is evolving. Instead of a device that included the application, the hardware, everything fused together, it's now being decomposed. So instead of providing the operating environment to develop and deploy the application to the device manufacturer, now we're providing it basically to build the cloud. So to oversimplify, I call it a cloud OS, okay. It's a lot more than OS, it's an operating environment. But we took basically our experience, the same experience that, you know, we used in all those years with the telco equipment manufacturer, and brought it into the cloud. So we're basically providing solution to build an on-premises scalable cloud from the core all the way to the far edge, that doesn't compromise reliability, doesn't compromise performance, and address all the telco needs. >> So I, Abdullah, maybe you can a answer this. >> Yeah. >> What is the, what does the go-to-market motion look like, considering that you have two separate companies that can address customers directly, separately. What does that, what does that look like if you're approaching a possible customer who is, who's knocking on the door? >> How does that work? >> Exactly. And this effort is a Dell turnkey sales service offering, or solution offering to our customers. Where Dell, in collaboration with Wind River, we proactively validate, integrate, and productize the solution as engineered system, knock door on our customer who are trying to transform to Open RAN or open ecosystem. We can help you to go through that seamless experience, by pre-validating with whatever workload you want to introduce, enable zero touch provisioning, and during the day one deployment, and ensure we have sustainable lifecycle management throughout the lifecycle of the product in, in operate, in operational network, as well as having a unified single call of support from Dell side. >> Okay. So I was just going to ask you about support. So I'm a CSP, I have the solution, I go to Dell for support. >> Exactly. >> Okay. So start with Dell, and level one, level two. And if there are complex issues related to the cloud core itself, then Wind River will be on our back supporting us. >> Talk a little bit about a cust, a CSP example that is, is using the technology, and some of the outcomes that they're able to achieve. I'd love to get both of your perspectives on that. >> Vodafone is a great example. We're here in Barcelona. Vodafone is the first ora network in Europe, and it's using our joint solution. >> What are some of the, the outcomes that it's helping them to achieve? >> Faster time to market. As you see, they already started to deploy the ORAN in commercial network, and very successful in the trials that they did last year. We're also not stopping there. We're evolving, working with them together to improve like stuff around energy efficiency. So continue to optimize. So the outcome, it's just simplifying it, and you know, ready to go. Using experience that we have, Wind River is powering the first basically virtualized RAN 5G network in the world. This is with Verizon. We're at the very large scale. We started this deployment in late '20 and '19, the first site. And then through 2020 to 2022, we basically rolled in large scale. We have a lot of experience learning from it, which what we brought into the table when we partnered with Dell. A lot of experience from how you deploy at scale. Many sites from a central location, updates, upgrade. So the whole day two operation, and this is coming to bearing the solution that basically Vodafone is deploying now, and which allowed them... If I, if I look at my engagement with Verizon, started years before we started. And it took quite some time until we got stuff running. And if you look at the Vodafone time schedule, was significantly compressed compared to the Verizon first deployment. And I can tell you that there are other service providers that were announced here by KDI, for example. It's another one moving even faster. So it's accelerating the whole movement to Ora. >> We've heard a lot of acceleration talk this week. I'd love to get your perspective, Abdullah, talking about, you know, you, you just mentioned two huge names in Telco, Vodafone and Verizon. >> Yep. >> Talk a little bit about Dell's commitment to helping telecommunications companies really advance, accelerate innovation so that all of us on the other end have this thing that just works wherever we are 24 by 7. >> Not exactly. And this, we go back to the challenges in Open ecosystem. Managing multiple vendors at the same time, is a challenge for our customers. And that's why we are trying to simplify their life cycle by have, by being a trusted partner, working with our customer through all the journey. We started with Dish in their 5G deployment. Also with Vodafone. We're finding the right partners working with them proactively before getting into, in front of the customer to, we've done our homework, we are ready to simplify the process for you to go for it. If you look at the RAN in particular, we are talking with the 5g. We have ran the simplification, but they still have on the other side, limited resources and skillset can support it. So, bringing a pro, ahead of time engineer system, with a zero touch of provisioning enablement, and sustainable life cycle management, it lead to the faster time to market deployment, TCO savings, improved margins for our customers, and faster business revenue for their end users. >> Solid outcomes. >> And, and what you just just described, justifies the pain associated with disaggregating and reintegrating, which is the way that Gill referenced it, which I think is great because you're not, you're not, you're not re-aggregating, (laughs) you're reintegrating, and you're creating something that's better. >> Exactly. >> Moving forward. Otherwise, why would you do it? >> Exactly. And if you look at it, the player in the ecosystem, you have the vendors, you have the service integrators, you have the automation enablers, but kind of they are talking in silos. Everyone, this is my raci, this is what I'm responsible for. I, I'm not able, I don't want to get into something else while we are going the extra mile by working proactively in that ecosystem to... Let's bring brains together, find out what's one plus one can bring three for our customers, so we make it end-to-end seamless experience, not only on the technical part, but also on the business aspect side of it. >> So, so the partnership, it's about reducing the pen. I will say eliminating it. So this is the, the core of it. And you mentioned getting better coverage for your phone. I do want to point out that the phones are great, but if you look at the premises of a 5G network, it's to enable a lot more things that will touch your life that are beyond the consumer and the phone. Stuff like connected vehicles. So for example, something as simple as collision avoidance, the ability for the car that goes in front of you to be able to see what's happening and broadcast this information to the car behind that have no ability to see it. And basically affect our life in a way that makes our driving safer. And for this, you need a ultra low, reliable low latency communication. You need a 5G network. >> I'm glad you brought that up, because you know, we think about, "Well we just have to be connected all the time." But those are some of the emerging technologies that are going to be potentially lifesaving, and, and really life transforming that you guys are helping to enable. So, really great stuff there, but so much promise coming down the road. What's next for Dell and Wind River? And, and when you're in conversations with prospective CSP's, what is the superpower that you deliver together? I'd love to get both of your perspectives. >> So, if you look at it, number one, customers look at it, last savings and their day-to-day operation. In 5G nature, we are talking the introduction of ORAN. This is still picking up. But there is a mutualization and densification of ORAN. And this is where we're talking on monetizing my deployment. Then the third phase, we're talking sustainability and advanced service introduction. Where I want to move not only ORAN, I want to bring the edge at the same side, I want to define the advanced use cases of edge, where it enables me with this pre-work being done to deliver more services and better SLA services. By end of the day, 5G as a girl mentioned earlier, is not about a good better phone coverage, or a better speed robot, but what customized SLA's I can deliver. So it enables me to deliver different business streams to my end users. >> Yeah. >> So yeah. I will say there are two pens. One, it's the technology side. So for an example, energy efficiency. It's a very big pin point. And sustainability. So we work a lot around this, and basically to advance this. So if you look at the integrated solution today, it's very highly optimized for resource consumption. But to be able to more dynamically be able to change your power profile without compromising the SLA. So this is one side. The other side, it's about all those applications that will come to the 5G network to make our life better. It's about integrating, validating, certifying those applications. So, it's not just easy to deploy an ORAN network, but it's easy to deploy those applications. >> I'd be curious to get your perspective on the question of ROI in this, in this space. Specifically with the sort of the macro headwinds (clears throat) the economies of the world are facing right now, if you accept that. What does the ROI timeline look like when you're talking about moving towards ORAN, adopting VRAN, an amazing, you know, a plethora of new services that can be delivered, but will these operators have the appetite to take that, make that investment and take on that risk based upon the ROI time horizon? Any thoughts on that? >> Yeah. So if you look at the early days or ORAN introduction in particular, most of the entrepreneurs of ORAN and Virtual RAN ran into the challenges of not only the complexity of open ecosystem, but the integration, is like the redos of the work. And that's where we are trying to address it via pre-engineered system or building an engineer system proactively before getting it to the customers. Per our result or outcomes we get, we are talking about 30 to 50% savings on the optics. We are talking 110 ROI for our customers, simply because we are reducing the redos, the time spent to discover and explore. Because we've done that rework ahead of time, we found the optimization issues. Just for example, any customer can buy the same components from any multiple vendors, but how I can bring them together and give, deliver for me the best performance that I can fully utilize, that's, that's where it brings the value for our customer, and accelerate the deployment and the operation of the network. >> Do you have anything to add before we close in the next 30 seconds? >> Yeah. Yeah. (laughs) >> Absolutely. I would say, we start to see the data coming from two years of operation at scale. And the data supports performance. It's the same or better than traditional system. And the cost of operation, it's as good or better than traditional. Unfortunately, I can't provide more specific data. But the point is, when something is unknown in the beginning, of course you're more afraid, you take more conservative approach. Now the data starts to flow. And from here, the intention needs to go even better. So more efficiency, so cost less than traditional system, both to operate as well as to build up. But it's definitely the data that we have today says, the, ORAN system is at part, at the minimum. >> So, definite ROI there. Guys, thank you so much for joining Dave and me talking about how you're helping organizations not just address the complexities of moving from close to open, but to your point, eliminating them. We appreciate your time and, and your insights. >> Thank you. >> All right. For our guests and for Dave Nicholson, I'm Lisa Martin. You're watching "theCUBE," the leader in live and emerging tech coverage. Live from MWC23. We'll be back after a short break. (outro music)

>>Hey everyone, it's Vegas. Welcome back. We know you've been watching all day. We appreciate that. We always love being able to bring you some great content on the Cube Live from AWS Reinvented 22. Lisa Martin here with Paul Gill. And Paul, we've had such a great event. We've, I think we've done nearly 70 interviews since we started on the Cube on >>Monday night. I believe we just hit 70. Yeah, we just hit 70. You must feel like you've done half of >>Them. I really do. But we've been having great conversations. There's so much innovation going on at aws. Nothing slowed them down during the pandemic. We love also talking about the innovation, the flywheel that is their partner ecosystem. We're gonna have a great conversation about that >>Next. And as we've said, going back to day one, the energy of the show is remarkable. And here we are, we're getting late in the afternoon on day two, and there's just as much activity, just as much energy out there as, as the beginning of the first day. I have no doubt day three will be the >>Same. I agree. There's been no slowdown. We've got two guests here. We're gonna have a great conversation. Chuck Kubota joins us, senior Director of Cloud Services, GTM at Red Hat. Great to have you on the program. And Ted Stanton, global head of Sales, red Hat at IBM at aws. Welcome. >>Thanks for having us. >>How's the show going so far for you guys? >>It's a blur. Is it? Oh my gosh. >>Don't they all >>Blur? Well, yes, yes. I actually like last year a bit better. It was half the size. Yeah. And a lot easier to get around, but this is back to normal, so >>It is back to normal. Yeah. And and Ted, we're hearing north of 50,000 in-person attendees. I heard a, something I think was published. I heard the second hand over like 300,000 online attendees. This is maybe the biggest one we ever had. >>Yeah, yeah, I would agree. And frankly, it's my first time here, so I am massively impressed with the overall show, the meeting with partners, the meeting with customers, the announcements that were made, just fantastic. And >>If you remember back to two years ago, there were a lot of questions about whether in-person conferences would ever return and the volume that we used to see them. And that appears to be >>The case. I think we, I think we've answered, I think AWS has answered that for us, which I'm very pleased to see. Talk about some of those announcements. Ted. There's been so much that that's always one of the things we know and love about re men is there's slew of announcements. You were saying this morning, Paul, and then keynote, you lost, you stopped counting after I >>Lost 15, I lost count for 15. I think it was over 30 announcements this morning alone >>Where IBM and Red Hat are concern. What are some of the things that you are excited about in terms of some of the news, the innovation, and where the partnership is going? >>Well, definitely where the partnership is going, and I think even as we're speaking right now, is a keynote going on with Aruba, talking about some of the partners and the way in which we support partners and the new technologies and the new abilities for partners to take advantage of these technologies to frankly delight our customers is really what most excites me. >>Chuck, what about you? What's going on with Red Hat? You've been there a long time. Sales, everything, picking up customers, massively transforming. What are some of the things that you're seeing and that you're excited >>About? Yeah, I mean, first of all, you know, as customers have, you know, years ago discovered it's not competitively advantageous to manage their own data centers in most cases. So they would like to, you know, give that responsibility to Amazon. We're seeing them move further up the stack, right? So that would be more beyond the operating system, the application platforms like OpenShift. And now we have a managed application platform built on OpenShift called Red Out OpenShift service on AWS or Rosa. And then we're even further going up the stack with that with, we just announced this week that red out OpenShift data science is available in the AWS marketplace, runs on Rosa, helps break the land speed record to getting those data models out there that are so important to make, you know, help organizations become more, much more data driven to remain competitive themselves. >>So talk about Rosa and how it differs from previous iterations of, of OpenShift. I mean, you had, you had an online version of OpenShift several years ago. What's different about Rosa? >>Yeah, so the old OpenShift online that was several years old, right? For one thing, wasn't a joint partnership between Amazon and Red Hat. So we work together, right? Very closely on this, which is great. Also, the awesome thing about Rosa, you know, if you think about like OpenShift for, for, as a matter of fact, Amazon is the number one cloud that OpenShift runs on, right? So a lot of those customers want to take advantage of their committed spins, their EDPs, they want one bill. And so Rosa comes through the one bill comes through the marketplace, right? Which is, which is totally awesome. Not only that or financially backing OpenShift with a 99.95% financially backed sla, right? We didn't have that before either, right? >>When you say financially backed sla, >>What do you mean? That means that if we drop below 99.95% of availability, we're gonna give you some money back, right? So we're really, you know, for lack of better words, putting our money where our mouth is. Absolutely right. >>And, and some of the key reasons that we even work together to build Rosa was frankly we've had a mirror of customers and virtually every single region, every single industry been using OpenShift on AWS for years, right? And we listened to them, they wanted a more managed version of it and we worked very closely together. And what's really great about Rosa too is we built some really fantastic integrations with some of the AWS native services like API gateway, Amazon rds, private link, right? To make it very simple and easy for customers to get started. We talked a little bit about the marketplace, but it's also available just on the AWS console, right? So customers can get started in a pay as you go fashion start to use it. And if they wanna move into a more commitment, more of a set schedule of payments, they can move into a marketplace private offer. >>Chuck, talk about, how about Rosen? How is unlocking the power of technology like containers Kubernetes for customers while dialing down some of the complexity that's >>There? Yeah, I mean if you think about, you know, kind of what we did, you know, earlier on, right? If you think about like virtualization, how it dialed down the complexity of having to get something rack, get a blade rack, stack cable and cooled every time you wanted to deploy new application, right? So what we do is we, our message is this, we want developers to focus on what matters most. And that's build, deploy, and running applications. Most of our customers are not in the business of building app platforms. They're not in the business of building platforms like banks, I, you know, financials, right? Government, et cetera. Right? So what we do is we allow those developers that are, enable those developers that know Java and Node and springing and what have you, just to keep writing what they know. And then, you know, I don't wanna get too technical here, but get pushed through way and, and OpenShift takes care of the rest, builds it for them, runs it through a pipeline, a CICD pipeline, goes through all the testing and quality gates and things like that, deploys it, auto wires it up, you know, to monitoring which is what you need. >>And we have all kinds of other, you know, higher order services and an ecosystem around that. And oh, by the way, also plugging into and taking advantage of the services like rds, right? If you're gonna write an application, a tradition, a cloud native application on Amazon, you're probably going to wanna run it in Rosa and consuming one of those databases, right? Like RDS or Aurora, what have you. >>And I, and I would say it's not even just the customers. We have a variety of ecosystem partners, both of our partners leveraging it as well. We have solos built their executive management system that they go ahead and turn and sell to their customers, streamlines data and collects data from a variety of different sources. They decided, you know, it's better to run that on top of Rosa than manage OpenShift themselves. We've seen IBM restack a lot of their software, you know, to run on top of Rose, take advantage of that capabilities. So lots of partners as well as customers are taking advantage of fully managed stack of that OpenShift that that turnkey capabilities that it provides >>For, for OpenShift customers who wanna move to Rose, is that gonna be a one button migration? Is that gonna be, can they run both environments simultaneously and migrate over time? What kind of tools are you giving them? >>We have quite, we have quite a few migration tools such as conveyor, right? That's one of our projects, part of our migration application toolkit, right? And you know, with those, there's also partners like Trilio, right? Who can help move, you know, applications back 'em up. In fact, we're working on a pretty cool joint go to market with that right now. But generally speaking, the OpenShift experience that the customers that we have know and love and those who have never used OpenShift either are coming to it as well via Rosa, right? The experience is primarily the same. You don't have to really retrain your people, right? If anything, there's a reduction in operational cost. We increase developer productivity cuz we manage so much of the stack for you. We have SRE site reliability engineers that are backing the platform that proactively get ahead of anything that may go wrong. So maybe you don't even notice if something went wrong, wrong. And then also reactively fixing it if it comes to that, right? So, you know, all those kind of things that your customers are having to do on their own or hire a contractor, a consultant, what have to do Now we benefit from a managed offering in the cloud, right? In Amazon, right? And your developers still have that great experience too, like to say, you know, again, break the land speed record to prod. >>I >>Like that. And, and I would actually say migrations from OpenShift are on premise. OpenShift to Rosa maybe only represents about a third of the customers we have. About another third of the customers is frankly existing AWS customers. Maybe they're doing Kubernetes, do it, the, you know, do it themselves. We're struggling with some of the management of that. And so actually started to lean on top of using Rosa as a better platform to actually build upon their applications. And another third, we have quite a few customers that were frankly new OpenShift customers, new Red Hat customers and new AWS customers that were looking to build that next cloud native application. Lots of in the startup space that I've actually chosen to go with Rosa. >>It's funny you mention that because the largest Rosa consumer is new to OpenShift. Oh wow. Right. That's pretty, that's pretty powerful, right? It's not just for existing OpenShift customers, existing OpenShift. If you're running OpenShift, you know, on EC two, right. Self-managed, there's really no better way to run it than Rosa. You know, I think about whether this is the 10th year, 10 year anniversary of re right? Right. Yep. This is also the 10 year anniversary of OpenShift. Yeah, right. I think it one oh came out about sometime around a week, 10 years ago, right? When I came over to Red Hat in 2015. You know, if you, if you know your Kubernetes history was at July 25th, I think was when Kubernetes ga, July 25th, 2015 is when it g you have >>A good >>Memory. Well I remember those days back then, right? Those were fun, right? The, we had a, a large customer roll out on OpenShift three, which is our OpenShift RE based on Kubernetes. And where do you think they ran Amazon, right? Naturally. So, you know, as you move forward and, and, and OpenShift V four came out, the, reduces the operational complexity and becomes even more powerful through our operator framework and things like that. Now they revolved up to Rosa, right? And again, to help those customers focus on what matters most. And that's the applications, not the containers, not those underlying implementation and technical details while critically important, are not necessarily core to the business to most of our customers. >>Tremendous amount of innovation in OpenShift in a decade, >>Pardon me? >>Tremendous amount of innovation in OpenShift in the >>Last decade. Oh absolutely. And, and and tons more to come like every day. Right. I think what you're gonna see more of is, you know, as Kubernetes becomes more, more and more of the plumbing, you know, I call 'em productive abstractions on top of it, as you mentioned earlier, unlocking the power of these technologies while minimizing, even hiding the complexity of them so that you can just move fast Yeah. And safely move fast. >>I wanna be sure we get to, to marketplaces because you have been, red Hat has made, has really stepped up as commitment to the AWS marketplace. Why are you doing that now and how are, how are the marketplaces evolving as a channel for you? >>Well, cuz our customers want us to be there, right? I mean we, we, we are customer centric, customer first approach. Our customers want to buy through the marketplace. If you're an Amazon, if you're an Amazon customer, it's really easy for you to go procure software through the marketplace and have, instead of having to call up Red Hat and get on paper and write a second check, right? One stop shop one bill. Right? That is very, very attractive to our customers. Not only that, it opens up other ways to buy, you know, Ted mentioned earlier, you know, pay as you go buy the drink pricing using exactly what you need right now. Right? You know, AWS pioneered that, right? That provides that elasticity, you know, one of the core tenants at aws, AWS cloud, right? And we weren't able to get that with the traditional self-managed on Red Hat paper subscriptions. >>Talk a little bit about the go to market, what's, you talked about Ted, the kind of the three tenants of, of customer types. But talk a little bit about the gtm, the joint go to market, the joint engineering, so we get an understanding of how customers engage multiple options. >>Yeah, I mean, so if you think about go to market, you know, and the way I think of it is it's the intersection of a few areas, right? So the product and the product experience that we work together has to be so good that a customer or user, actually many start talk, talking about users now cuz it's self-service has a more than likely chance of getting their application to prod without ever talking to a person. Which is historically not what a lot of enterprise software companies are able to do, right? So that's one of those biggest things we do. We want customers to just be successful, turn it on, get going, be productive, right? At the same time we wanna to position the product in such a way that's differentiating that you can't get that experience anywhere else. And then part of that is ensuring that the education and enablement of our customers and our partners as such that they use the platform the right way to get as much value out of as possible. >>All backed by, you know, a very smart field that ensures that the customer get is making the right decision. A customer success org, this is attached to my org now that we can go on site and team with our customers to make sure that they get their first workloads up as quickly as possible, by the way, on our date, our, our dime. And then SRE and CEA backing that up with support and operational integrity to ensure that the service is always up and available so you can sleep, sleep, sleep well at night. Right? Right. One of our PMs of, of of Rosa, he says, what does he say? He says, Rosa allows organizations, enables organizations to go from 24 7 operations to nine to five innovation. Right? And that's powerful. That's how our customers remain more competitive running on Rosa with aws, >>When you're in customer conversations and you have 30 seconds, what are the key differentiators of the solution that you go boom, boom, boom, and they just go, I get it. >>Well, I mean, my 32nd elevator pitch, I think I've already said, I'll say it again. And that is OpenShift allows you to focus on your applications, build, deploy, and run applications while unlocking the power of the technologies like containers and Kubernetes and hiding or minimizing those complexities. So you can do as fast as possible. >>Mic drop Ted, question for you? Sure. Here we are at the, this is the, I leave the 11th reinvent, 10th anniversary, 11th event. You've been in the industry a long time. What is your biggest takeaway from what's been announced and discussed so far at Reinvent 22, where the AWS and and its partner ecosystem is concerned? If you had 30 seconds or if you had a bumper sticker to put on your DeLorean, what would you say? >>I would say we're continuing to innovate on behalf of our customers, but making sure we bring all of our partners and ecosystems along in that innovation. >>Yeah. I love the customer obsession on both sides there. Great work guides. Congrats on the 10th anniversary of OpenShift and so much evolution, the customer obsession is really clear for both of you guys. We appreciate your time. You're gonna have to come back now. Absolutely. Absolutely. Thank you. All right. Thank you so much for joining us. For our guests and for Paul Gillin. I'm Lisa Martin. You're watching The Cube, the leader in live enterprise and emerging tech coverage.

(bright upbeat music) >> Hey, friends. Welcome back to theCUBE's Live coverage of AWS re:Invent 2022 in Sin City. We are so excited to be here with tens of thousands of people. This is our third day of coverage, really the second full day of the show, but we started Monday night. You're going to get wall-to-wall coverage on theCUBE. You probably know that because you've been watching. I'm Lisa Martin and I'm here with Paul Gill. Paul, this is great. We have had such great conversations. We've been talking a lot about data. Every company is a data company, has to be a data company. We've been talking about developers, the developer experience, and how that's so influential in business decisions for businesses in every industry. >> And it's a key element of what's going on here on the floor at re:Invent is developers, the theme of developers just permeates the show. Lots and lots of boots here devoted to DevOps and Agile approaches. And certainly that is one of the things that the Cloud enables is your team to rethink the way they develop software, and that's what we're going to talk about next. >> That is what we're going to talk about next. We have two guests from Split. split.io is the URL if you want to check it out. Chris Demars joins us Developer advocate. Chris, great to have you and PaaS, VP of Engineering guys thank you so much for joining us on the program. >> Thank you for having us. >> Thank you for having us. >> Talk to us Pierre, we'll start with you. For the audience that might not know Split what does the company do? What's the value in it for customers? What are you all about? >> Sure. So in very simple terms, for those who are familiar, we do feature flags, feature management and experimentation. And essentially that two essential feature of the Agile transformation as you were mentioning and elements that really helps getting as much art we can from the team in term of productivity and in term of impact. And we basically help with those elements. And so that's a very short... >> 'Excellent, very nice. Chris, you were saying before we went live you do a lot of speaking at conferences, you're often in front of large audiences. As the developer advocate, what are some of the key requirements you're hearing from the developer community that organizations need to be encompassing? >> I think community is key. Like community is at the forefront of developer advocacy and developer relations. Like you want to go where the developers are and developers want to hear those stories in those personalized pieces of the puzzle. And when you're able to talk about modern Web and software technology and loop in product with that and still keep talking about those things and bring that to them, like that is on top of the list when it comes to developer advocacy and being embedded within the developer community. >> Lisa: Yeah. >> Tell us about feature flags, because I would assume that for our viewers who are not developers, who are not familiar with Agile technologies, the Agile approaches that might be, may be a new term, what are feature flags? How do you use them? >> Sure, I can start with that. So feature flag is a tool that you embed in your code that allows you to control the activation of your code essentially. And that's allows you to really validate things in a much better and solve way and also attach measurement to it. So, when you're writing your new feature, you just put essentially an if statement around it, if my feature flag is on, then I actually do all those things with soft, then I don't do any of those things and then within our platform, then you can control the activation. Do you want to turn it on for yourself just to try it out? Do you want your QA team to start validating it? Do you want 5% of your users 10%? And start seeing how they interacting with the product. That's what feature flag is. >> It's an amazing piece of any part of the stack, right? 'Cause I'm a Web accessibility and an UI specialist and being able to control the UI with a feature flag and being able to turn on and off those features based on percentage, locale, all of those things. It's very, very powerful. >> What are some of the scenarios which you would use feature flags? You have been testing? >> Yeah, yeah. We actually, you can imagine we use it for pretty much everything. So, as Chris was saying, in the front-end, everything you want to change, you basically can validate and attach measurements. So you can do AB testing, so you can see the impact, you can see if there is a change in performance. We use it also for a lot of backend services and changes and a lot of even infrastructure changes where we can control the traffic and where it goes. So we can validate that things are operating the way that they should before we fully done the market I think. >> 'It can be as small as, you know having a checkout button here and then writing an AB test and running an experiment and moving that checkout button somewhere else because then you can get conversion rates and see which one performed better to a certain amount of people and whatever performed better, that's the feature you would go with. >> Chris, talk about the value of the impact in feature flags for the developer from a developer experience perspective, a productivity perspective. >> So I think that having that feature and being able to write that UI, let's say that you have a checkout button, right? And there's specific content there's verbiage on that checkout button. And then let's say that another team within the organization wants to change that because the conversion is different. You can make those changes, still have it in production and then have it tested. So you don't have to cut specific branches or like test URLs to give to QA, you can do all of that behind that flag. And then once everything is good to go, push it out there and then based on those metrics and that data, see which one performs better and then that's the one that you would go with. >> One of the things with feature flag and it goes to like our main theme of 'What a Release, What a Relief' is that it gives autonomy to the teams and to the developers, enable them to move independently from others. So the deployment can go but their code is not activated until they decide to. And so, they are not impeding anybody else. It makes releases a lot safer, a lot simpler and it gives a lot more speed to everybody because when you do releases with five teams, 10 teams, pushing the code at the same time, you have such a high-risk of breaking something that it's you know... So it's a huge effort and it requires a lot of attention from a lot of people. If anything happens, all those teams needs to investigate. When you decouple all those things, the deployments are essentially not doing anything per se until every individual team activate those things independently. So if anything goes wrong, only them are affected and they don't have to depend on anybody else to get their thing out. So it really helps them making their life a lot safer and gives them a lot more speed because they have autonomy. >> So, why come to re:Invent? What do you get with this audience that you don't get elsewhere? >> Why to re:Invent? I think like re:Invent in the Cloud and AWS is a lot about getting speed to companies to build better product and faster. And essentially like the tool we provide and the technology and the platform we provide is really at the heart of that in itself. And so that's why we feel we have really great conversation with all the people on the floor. >> 'the people who have the right mindset for adopting... >> For me, it's very much community and networking, I love developer community and just community in general is my lifeblood. That's why I travel so much and I talk about these things and I'm with people and if it's not about the products, the story and the story is what gets people. That's why I love being here and being with my team and it's amazing. >> And what is that story? If you had an elevator pitch to give, what would you tell me? >> Hoo, if you were in a late release or deploy at night. I've been there, I'm sure you've been there, it doesn't matter what you're doing. We don't want be up until two, three in the morning doing those things, right? Our product helps alleviate those stresses. And you talking about accessibility, what I do, you know, a big piece of that are hidden impairments like anxiety will stress and anxiety go hand in hand and you want to alleviate that all across the board for everybody involved. >> As you see organizations shift Agile technologies and to parallel development and continuous release cycles, what are some of the biggest barriers they encounter in changing that mindset? >> Ooh, what do you think? >> It depends on where they are in the organization. The Agile transformation is a journey and it's also a change of mindset, it's a change of process. So depending on where they are then they might have some areas where they need a little bit more effort in those directions. What we see is that feature flag just the control of the layout. It's usually something that's fairly easily adopted. Thinking about measurement and attaching measurement to it is often something that requires a little bit more thinking. Like engineers are not really used to thinking about AB testing. It feels like more of a product management thing but AB testing is important also for performance informations like errors and all those things. There is a lot of risk management to be done. We do that through monitoring with APMs, but with feature flag and with Split, you can do that at a feature level and it really gives a great insight. And that's usually something that takes a little bit more digestion from the developers to really get their mind around it and get to it. But there's a lot of value to it. >> I'm looking at the split I/O website and I like the tagline shorten time from code to customer. As customers in any industry, as consumers, we have this expectation that we can get whatever we want anytime 24 by 7 and it's going to be a relevant experience. So it sounds to me like from a speed perspective, there's a lot of business impact that Split can help organizations make from getting releases faster, getting cut faster time-to-market, delivering what customers expect because we all expect real-time these days. Nobody wants to wait. >> Yeah, that's right. Yeah, I think that has to do with the going back to the decoupling of things that, you know... Not having to go through so many teams to have it tested and getting away from all the meetings about meetings to review the metrics, right? We all love meetings about meetings. >> No. (laughs loudly) >> Right, exactly, exactly. So being able to take that away and being able to push all of that stuff into production, getting it tested while it's in production and then being able to turn those features on, it's already there without having to do another deployment. And I think, like that's really powerful to me at least. >> Does your solution have value at the security level as well? >> Yes. So that's one of the particularity on the way we do things is like the way you control the feature flag, you have kind of two ways of doing it. Either the piece of code, the SDKs that we provide, the library we provide, you that you put in your code could come back to our platform and check. The way we do it is we send the rules back to the SDK so the whole evaluation is local. The evaluation is extremely fast and it's very secure because it's all happening within your environment. You never have to share any information, no PI whatsoever, contrary it to some of the other tools that you might find on the market. >> So the theme of the booth is 'What a Release, What a Relief'. What are some of the things that you're hearing as you're engaging folks on the show floor this week? >> Oh, what is Aura Photography and can I take a picture of. (everyone laughs loudly) I think just a lot of the stresses of... They're like the release cycle and you know, having to go through so many teams. I feel like that's a common theme that I've heard of. >> Yeah, we see a number of teams organization that still have like really big deployments with like a lot of teams basically coming together, pushing the code together, and there's a lot of pain in it. It's like, it's a huge effort by huge teams. You get 10, 20 people that have to have watch over it at always weird hours, and I think there is a lot of pain to that and that resonate a lot with people. And when we talk about monitoring at the future level, that also helps a lot. Like I was part of organizations before where we had a dedicated staff engineer to just monitor and fix performance on a daily basis because it's such a huge problem and it affects so much the performance of the company. And so essentially, you have this person that tries to look at is a performance being degraded today with the deployment of yesterday and what went out yesterday and you have so many things that went out. It's so hard to control. With what we provide, we tell you exactly which feature flag is responsible for the degradation. And so, you don't need that person to focus on that anymore. And you can focus on delivering value a lot better. >> I think it also might take away the need for extensive release notebooks and playbooks, right? 'Cause when you do bring all those teams together, it's certain people that are in that meeting and there's a PDF saying, all right, we check this off the list, we check this off the list. I think that might alleviate some of that overhead as well. >> Streamlining processes, process efficiencies, workforce productivity improvements, big impact. >> And that gets code quicker to the user. >> You talk about decoupling deploy from release. What do you mean by that? What's the value? >> So the deployment in my definition is essentially getting the code out to production. The release is activating the code in production. And often people do both of those things at the same time, right? But there's a huge risk when you do that because if anything goes wrong, now you need to revert everything which is not a short operation often and takes a lot of effort. And so now, if you can basically push your code to production but separate the activation of it, the release of it, then it goes a lot faster. It's a lot. You have a lot of autonomy and decoupling and if anything goes wrong, it's the click of a button and it's off. So like there's a lot of safety that comes with it and we know that any outages as a high cost for all the companies. So it's like, if you can reduce the outage to like five seconds... >> Right. >> It's a lot better than basically several hours. >> Can you talk about the value out of Split versus DIY and where are most of your customers in this process? Do they have a bunch of tools, a bunch of processes, a bunch of teams, and you're really helping them consolidate streamline? >> The one thing I hear a lot is we rolled our own AB testing and feature flagging system, but some of the issues I've seen and I've heard are that they don't have all those metrics or they have to work with a specific data team to get those metrics. And then you go back to having those meetings about meetings... >> Lisa: Dependencies. >> Right, you have a data team that's putting together a report that is then presented to you and then that's got to be presented to a stakeholder and then that stakeholder makes a decision whether to turn on feature A or feature B, right? Our product from my understanding is we have those metrics already built in and you can have that at your disposal. >> Yeah, the other thing I would add to that is like we see a number of people, they start on the feature flag journey just because they have a high risk thing that they need to put out. So they do the minimal thing to basically control it somehow, but it works only in one part of the stacks. They can't basically leverage it anywhere else and it's very limited in capability so that it just serve the purpose that was needed at that time. They don't have a dedicated team to manage it. So it just there, but it's very constrained and it's not supported effectively. The other thing is like for those companies is like they have a question to ask themselves. It's like do they want to invest resources in managing that kind of tool or is it not so core to their business that they want essentially to have vendor deal with it at a much lower price and they would have to invest resources for them to support it, and... >> Sounds like feature flags are kind of a team building. Have you have a team building dimension to them? >> Yeah. >> Yeah. >> It takes a team for sure. >> Yeah, and then once you add like AB testing and the feature flag, it's the collaboration between product management and engineering. It can go even further. Like two executives like to basically, you know, view the impact, understand the impact. So it goes from the control to the risk management to the product and to the impact and measuring the flow of delivery and the communication around it. >> Here we are at re:Invent, so many thousands of people as I mentioned, we're on the second full-day of the event. What have you heard from AWS that really excites you about being in their ecosystem? Any news in particular that jumps out at you that really speaks to improving that developer experience as if we've heard a lot of focus on the developer? >> Chris: Yeah, I haven't heard much, have you? >> So, I arrived yesterday, I haven't followed yet all the announcement, I'm just like, >> there's so many- >> on the news, yeah, yeah. >> So I'm on the booth at the same time. >> I stopped counting at 15 during the Keynote this morning. >> Many of them just can't keep up, there's so much happening at one time's so much. >> This event is a can of content, can of news re:Invent. It is hard. But yesterday they were spent so much time talking about data and how... And I always think every company today has to be a data company, have to be a software company, we were just talking with Capital One and they think of themselves as a technology company that does banking. And sometimes, I'll talk with retailers that think of themselves as technology companies that do retail and they love that but that's what companies like Split have to enable these days. It's companies to become technology companies, deliver code faster to customer because the customer's demanding it. We're not going to want less stuff slower. >> Yeah, I mean it's so essential I think for me like I joined Split because of that premises. Like every company now is a software company and every company has really to compete in innovation. You know all those banks, Capital One like we see it a lot in the financial industry where our message resonates extremely strongly is really in a high-competitive environment and they have to be innovative and innovation comes when people have speed and autonomy. And if you basically provide that to teams and the tools to basically get some signals and some quick feedback loop, that's how you get innovation. Like you can't decide what to build but you can basically provide the tools to enable them to think about. >> Right, you can experiment more flexibly right, faster. >> And developers have to be empowered, right? >> Yes. >> I think that's the probably one of the number one messages I've heard at all the shows we've done this year. How influential the developer is in the direction of the business. >> Autonomy and empowerment are two main factors 'cause I'm a front end developer at heart and I want to work on cool stuff and we're doing cool stuff. Like we are doing cool stuff. We can't talk about all of it, right? But I think we're doing a lot of cool things at Split and I'm really stoked to be a part of the team and grow developer relations, grow developer advocacy and be along for the journey. >> Yeah, I love that. Last question for both of you, same question. If you had a bumper sticker and you were going to put it on a fancy shiny new car, car of your choice about Split, what would it say? Pierre I'll start with you then Chris. >> Bumper sticker. >> On the spot question. >> On the question, (everyone laughs happily) I mean the easy answer is probably written on my t-shirt. Like, you know, 'What a Release, What a Relief'. I think that the first step for teams is like, you can have a message that's very like even further, you know, the Agile transformation is a journey and I basically tell people, you need to first crawl, walk and run and I think the 'What a Release, What a Relief' is a good step to like getting to the working. And I think like that would be the first bumper sticker before I get to the further one about AP testing and innovative. >> Love it. Chris, what would your bumper sticker say? >> It would say Split software, feature flags for the masses. Hard stop. >> Mic drop. >> Done. >> Awesome guys, thank you so much for joining Paul and me on the program. It's been outstanding introducing Split to our audience, what you do, how you're impacting the developer experience and ultimately, the business and the end customer on the backend who just wants things to work. We appreciate your insights, we appreciate your time. >> Thanks so much for having us. >> Appreciate it. >> Our pleasure. For our guests and Paul Gillin, I'm Lisa Martin. You're watching theCUBE, which you know is the leader in live enterprise and emerging tech coverage. (bright upbeat music)

>>Hey everyone, and welcome back to The Cube's live coverage of AWS Reinvented 2022 Live from the Venetian Expo in Las Vegas. We're happy to be back. This is first full day of coverage over here last night. We've got three full days of coverage in addition to last night, and there's about 50,000 people here. This event is ready, people are ready to be back, which is so exciting. Lisa Martin here with Paul Gill and Paul, it's great to be back in person. Great to be hosting with you >>And likewise with you, Lisa. I think the first time we hosted again, >>It is our first time exactly. >>And we come here to the biggest event that the cube ever does during the year. >>It's the Super Bowl of the >>Cube. It's it's elbow to elbow out there. It's, it's, it's full tackle football, totally on the, on the floor of reinvent. And very exciting. This, you know, I've been to a lot of conferences going back 40 years, long as I can remember. Been going to tech conferences. This one, the, the intensity, the excitement around this is really unusual. People are jazzed, they're excited to be here, and that's great to see, particularly coming back from two years of isolation. >>Absolutely. The energy is so palpable. Even yesterday, evening, afternoon when I was walking in, you just feel it with all the people here. You know, we talk to so many different companies on the Q Paul. Every company these days has to be a data company. The most important thing about data is making sure that it's backed up and it's protected, that it's secure, that it can be recovered if anything happens. So we're gonna be having a great conversation next about data resiliency with one of our alumni. >>And that would be Rick Scott, Rick, excuse me, Rick Scott, >>Rick Clark. Rick Clark, say Rick Scott, cloud sales Veritas. Rick, welcome back >>To the program. Thank you. Thank you so much. It's a pleasure being here, you know, thank you so much. You're definitely very excited to myself and 40,000 of my closest cousins and friends all in one place. Yep. Or I could possibly go wrong, right? So >>Yeah, absolutely nothing. So, Rick, so Veritas has made some exciting announcements. Talk to us about some of the new things that you've >>Unveiled. Yeah, we've been, we've been incredibly busy and, you know, the journey that we've been on, one of the big announcement that we made about three or four weeks ago is the introduction, really, of a brand new cloud native data management platform that we call Veritas Alta. And this is a journey that we've been on for the better part of seven years. We actually started it with our, our flex appliances. We continued, that was a containerization of our traditional net backup business in, into a highly secured appliance that was loved by our customers. And we continued that theme and that investment into what we call a scale out and scale up form factor appliance as well, what we called flex scale. And then we continued on that investment theme, basically spending over a billion dollars over that seven year journey in our cloud native. And we call that basically the Veritas altar platform with our cloud native platform. And I think if you really look at what that is, it truly is a data management platform. And I emphasize the term cloud native. And so our traditional technologies around data protection, obviously application resiliency and digital compliance or data compliance and governance. We are the only, the first and only company in the world to provide really a cloud optimized, cloud native platform, really, that addresses that. So it's been fun, it's been a fun journey. >>Talk a little bit about the customer experience. I see over 85% of the Fortune 100 trust Veritas with their data management. That's >>A big number. Yeah. Yeah. It's, it is incredible actually. And it really comes back to the Veritas older platform. We sort of built that with, with four tenants in mind, all driving back to this very similar to AWS's customer obsession. Everything we do each and every day of our waiting moments is a Veritas employee is really surrounds the customer. So it starts with the customer experience on how do they find us to, how do they procure our solutions through things like AWS marketplace and how do they deploy it? And the second thing is around really cost optimization, as we know, you know, to, to say that companies are going through a digital transformation and moving workloads to the cloud. I mean, I've got customers that literally were 20% in cloud a year ago and 80% a year later, we've never seen that kind of velocity. >>And so we've doubled down on this notion of cost optimization. You can only do that with these huge investments that I talked about. And so we're a very profitable company. We've been around, got a great heritage of over 30 years, and we've really taken those investments in r and d to provide that sort of cloud native technology to ultimately make it elastic. And so everything from will spin up and spin down services to optimize the cloud bill for our customers, but we'll also provide the greatest workload support. You know, obviously on-prem workloads are very different from cloud workloads and it's almost like turning the clock back 20 years to see all of those new systems. There's no standard API like s and MP on the network. And so we have to talk to every single PAs service, every single DB PAs, and we capture that information and protect it. So it's really has been a phenomenal journey. It's been great. >>You said this, that that al represents a shift from clouds from flex scale to cloud native. What is the difference there? >>The, the main difference really is we took, you know, obviously our traditional product that you've known for many media years, net backup. It's got, you know, tens of millions of lines of code in that. And we knew if we lifted and shifted it up into the cloud, into an I AEs infrastructure, it's just not, it obviously would perform extremely well, but it wasn't cost optimized for our customer. It was too expensive to to run. And so what we did is we rewrote with microservices and containerization, Kubernetes huge parts of that particular product to really optimize it for the cloud. And not only have we done it for that technology, what we now call alter data protection, but we've done it across our entire port portfolio. That was really the main change that we made as part of this particular transition. And >>What have you done to prepare customers for that shift? Is this gonna be a, a drop in simple upgrade for them? >>Absolutely. Yeah. In fact, one of the things that we introduced is we, we invest still very heavily with regards to our OnPrem solutions. We're certainly not abandoning, we're still innovating. There's a lot of data still OnPrem that needs to move to the cloud. And so we have a unique advantage of all of the different workload supports that we provide OnPrem. We continue that expansion into the cloud. So we, we create it as part of the Veritas AL Vision, a technology, we call it AL view. So it's a single painter glass across both OnPrem and cloud for our customers. And so now they can actually see all of their data protection, all our application availability, single collect, all through that single unified interface, which is really game changing in the industry for us. >>It's game changing for customers too, because customers have what generally six to seven different backup technologies in their environment that they're having to individually manage and provision. So the, the workforce productivity improvements I can imagine are, are huge with Veritas. >>Yeah. You you nailed it, right? You must have seen my script, but Absolutely. I mean, I look at the analogy of, you think about the airlines, what's one of the first things airlines do with efficiency? South Southwest Airlines was the best example, a standardized on the 7 37, right? And so all of their pilots, all of their mechanics, all know how to operate the 7 37. So we are doing the same thing with enterprise data protection. So whether you're OnPrem at the edge or in the cloud or even multi-cloud, we can provide that single painter glass. We've done it for our customers for 30 plus years. We'll continue to do it for another 30 something years. And so it's really the first time with Veritas altar that, that we're, we're coming out with something that we've invested for so long and put, put such a huge investment on that can create those changes and that compelling solution for our customers. So as you can see, we're pretty pumped and excited about it. >>Yes, I can >>Use the term data management to describe Alta, and I want to ask about that term because I hear it a lot these days. Data management used to be database, now data management is being applied to all kinds of different functions across the spectrum. How do you define data management in Veritas >>Perspective? Yeah, there's a, we, we see it as really three main pillars across the environment. So one is protection, and we'll talk a little bit about this notion of ransomware is probably the number one use case. So the ability to take the most complex and the biggest, most vast applications. SAP is an example with hundreds of different moving parts to it and being able to protect that. The second is application resiliency. If, if you look at the cloud, there's this notion of, of responsibility, shared responsibility in the cloud. You've heard it, right? Yep. Every single one of the cloud service providers, certainly AWS has up on their website, this is what we protect, here's the demarcation line, the line in the sand, and you, the customer are responsible for that other level. And so we've had a technology, you previously knew it as InfoScale, we now call it alter application resiliency. >>And it can provide availability zone to availability zone, real time replication, high availability of your mission critical applications, right? So not only do we do the traditional backups, but we can also provide application resiliency for mission critical. And then the third thing really from a data management standpoint is all around governance and compliance. You know, ac a lot of our customers need to keep data for five, 10 years or forever. They're audited. There's regulations and different geographies around the world. And, and those regulations require them to be able to really take control of their cloud, take control of their data. And so we have a whole portfolio of solutions under that data compliance, data government. So back to your, your question Paul, it's really the integration and the intersection of those three main pillars. We're not a one trick pony. We've been at this for a long time, and they're not just new products that we invented a couple of months ago and brought to market. They're tried and tested with eight 80,000 customers and the most complex early solutions on the planet that we've been supporting. >>I gotta ask you, you know, we talked about those three pillars and you talked about the shared responsibility model. And think of that where you mentioned aws, Salesforce, Microsoft 365, Google workspace, whatnot. Are you finding that most customers aren't aware of that and haven't been protecting those workloads and then come to you and saying, Hey guys, guess what, this is what this is what they're responsible for. The data is >>You Yeah, I, it's, it's our probably biggest challenge is, is one of awareness, you know, with the cloud, I mean, how many times have you spoken to someone? You just put it in the cloud. Your applications, like the cloud providers like aws, they'll protect everything. Nothing will ever go down. And it's kind like if you, unless your house was ever broken into, you're probably not gonna install that burglar alarm or that fire alarm, right? Hopefully that won't be an event that you guys have to suffer through. So yeah, it's definitely, it wasn't till the last year or so the cloud service providers really published jointly as to where is their responsibility, right? So a great example is an attack vector for a lot of corporations is their SAS applications. So, you know, whether it it's your traditional SA applications that is available that's available on the web to their customers as a sas. >>And so it's certainly available to the bad actors. They're gonna, where there's, there's gonna be a point they're gonna try to get in. And so no matter what your resiliency plan is, at the end of the day, you really need to protect it. And protection isn't just, for example, with M 365 having a snapshot or a recycle bin, that's just not good enough. And so we actually have some pretty compelling technology, what we call ALTA SAS protection, which covers the, pretty much the, the gamut of the major SAS technologies to protect those and make it available for our customers. So yeah, certainly it's a big part of it is awareness. Yeah. >>Well, I understand that the shared responsibility model, I, I realize there's a lot of confusion about that still, but in the SaaS world that's somewhat different. The responsibility of the SaaS provider for protecting data is somewhat different. How, how should, what should customers know about that? >>I think, you know, the, the related to that, if, if you look at OnPrem, you know, approximately 35 to 40% of OnPrem enterprise data is protected. It's kind of in a long traditional problem. Everyone's aware of it. You know, I remember going to a presentation from IBM 20 something years ago, and someone held their push hand up in the room about the dis drives and says, you need to back it up. And the IBM sales guy said, no, IBM dis drives never crash. Right? And so fast forward to here we are today, things have changed. So we're going through almost a similar sort of changes and culture in the cloud. 8% of the data in the cloud is protected today, 8%. That's incredible. Meaning >>That there is independent backup devoted >>To that data in some cases, not at all. And something many cases, the customer just assumes that it's in the cloud, therefore it's always available. I never have to worry about protecting it, right? And so that's a big problem that we're obviously trying to, trying to solve. And we do that all under the umbrella of ransomware. That's a huge theme, huge investment that, that Veritas does with regards to providing that resiliency for our >>Customers. Ransomware is scary. It is becoming so prolific. The bad actors have access to technologies. Obviously companies are fighting them, but now ransomware has evolved into, no longer are we gonna get hit, it's when, yeah, it's how often it's what's the damage going to be. So the ability to help customers recover from ransomware, that resiliency is table stakes for businesses in any industry these days. Does that, that one of the primary pain points that your customers are coming to you with? >>It's the number one pain point. Yeah, it's, it's incredible. I mean, there's not a single briefing that our teams are doing customer meetings where that term ransomware doesn't come up as, as their number one use case. Just to give you something, a couple of statistics. There's a ransomware attack attack that happens 11 times a second right around the globe. And this isn't just, you know, minor stuff, right? I've got friends that are, you know, executives of large company that have been hit that have that some, you know, multimillion dollar ransom attack. So our, our play on this is, when you think about it, is data protection is the last line of defense. Yes. And so if they break through, it's not a case, Lisa, as you mentioned, if it's a case of when Yeah. And so it's gonna happen. So one of the most important things is knowing how do you know you have a gold copy, a clean copy, and you can recover at speed in some cases. >>We're talking about tens of thousands of systems to do that at speed. That's in our dna. We've been doing it for many, many years. And we spoke through a lot of the cyber insurance companies on this particular topic as well. And what really came back from that is that they're actually now demanding things like immutable storage, malware detection, air gaping, right? Anomaly detection is sort of core technologies tick the box that they literally won't ensure you unless you have those core components. And so what we've done is we've doubled down on that investment. We use AI in ML technologies, particularly around the anomaly detection. One of the, the, the unique and ne differentiators that Verto provides is a ransomware resiliency scorecard. Imagine the ability to save uran a corporation. We can come in and run our analytics on your environment and kind of give you a grade, right? Wouldn't you prefer that than waiting for the event to take place to see where your vulnerability really is? And so these are some of the advantages that we can actually provide for our customers, really, really >>To help. Just a final quick question. There is a, a common perception, I believe that ransomware is an on premise problem. In fact, it is also a cloud problem. Is that not right? >>Oh, absolutely. I I think that probably the biggest attack vector is in the cloud. If it's, if it's OnPrem, you've certainly got a certain line of defense that's trying to break through. But, you know, you're in the open world there. Obviously with SAS applications in the cloud, it's not a case of if, but when, and it's, and it's gonna continue to get, you know, more and more prevalent within corporations. There's always gonna be those attack factors that they find the, the flash wounds that they can attack to break through. What we are concentrating on is that resiliency, that ability for customers to recover at speed. We've done that with our traditional appliances from our heritage OnPrem. We continue to do that with regard to resiliency at speed with our customers in the cloud, with partners like aws >>For sure. Almost done. Give me your 30 seconds on AWS and Veritas. >>We've had a partnership for the better part of 10 years. It's incredible when you think about aws, where they released the elastic compute back in 2006, right? We've been delivering data protection, a data management solutions for, for the better part of 30 years, right? So, so we're, we're Junos in our space. We're the leader in, in data protection and enterprise data protection. We were on-prem. We, we continue to be in the cloud as AWS was with the cloud service provided. So the synergies are incredible. About 80 to 85% of our, our joint customers are the same. We take core unique superpowers of aws, like AWS outposts and AWS Glacier Instant retrieval, for example, those core technologies and incorporate them into our products as we go to Mark. And so we released a core technology a few months ago, we call it ultra recovery vault. And it's an air gap, a mutable storage, worm storage, right Once, right? You can't change it even when the bad actors try to get in. They're independent from the customer's tenant and aws. So we manage it as a managed backup service for our customers. Got it. And so our customers are using that to really help them with their ransomware. So it's been a tremendous partnership with AWS >>Standing 10 years of accounting. Last question for you, Rick. You got a billboard on the 1 0 1 in Santa Clara, right? By the fancy Verto >>1 0 1? >>Yeah. Right. Well, there's no traffic. What does that billboard say? What's that bumper sticker about? Vertus, >>I think, I think the billboard would say, welcome to the new Veritas. This is not your grandfather's old mobile. We've done a phenomenal job in, in the last, particularly the last three or four years, to really reinvent ourselves in the cloud and the investments that we made are really paying off for our customers today. So I'm excited to be part of this journey and excited to talk to you guys today. >>Love it. Not your grandfather's Veritas. Rick, thank you so much for joining Paula, me on the forgot talking about what you guys are doing, how you're helping customers, really established that cyber of resiliency, which is absolutely critical these days. We appreciate your >>Time. My pleasure. Thank you so much. >>All right, for our guest and Paul Gilland, I'm Lisa Martin, you're watching the Queue, which as you know is the leader in live enterprise and emerging check coverage.

(upbeat music) >> Welcome back. We're here at Supercomputing 22 in Dallas. My name's Paul Gill, I'm your host. With me, Dave Nicholson, my co-host. And one thing that struck me about this conference arriving here, was the number of universities that are exhibiting here. I mean, big, big exhibits from universities. Never seen that at a conference before. And one of those universities is Indiana University. Our two guests, Dave Jent, who's the AVP of Networks at Indiana University, Aaron Neal, Deputy CIO at Indiana University. Welcome, thanks for joining us. >> Thank you for having us. >> Thank you. >> I've always thought that the CIO job at a university has got to be the toughest CIO job there is, because you're managing this sprawling network, people are doing all kinds of different things on it. You've got to secure it. You've got to make it performant. And it just seems to be a big challenge. Talk about the network at Indiana University and what you have done particularly since the pandemic, how that has affected the architecture of your network. And what you do to maintain the levels of performance and security that you need. >> On the network side one of the things we've done is, kept in close contact with what the incoming students are looking for. It's a different environment than it was then 10 years ago when a student would come, maybe they had a phone, maybe they had one laptop. Today they're coming with multiple phones, multiple laptops, gaming devices. And the expectation that they have to come on a campus and plug all that stuff in causes lots of problems for us, in managing just the security aspect of it, the capacity, the IP space required to manage six, seven devices per student when you have 35,000 students on campus, has always been a challenge. And keeping ahead of that knowing what students are going to come in with, has been interesting. During the pandemic the campus was closed for a bit of time. What we found was our biggest challenge was keeping up with the number of people who wanted to VPN to campus. We had to buy additional VPN licenses so they could do their work, authenticate to the network. We doubled, maybe even tripled our our VPN license count. And that has settled down now that we're back on campus. But again, they came back with a vengeance. More gaming devices, more things to be connected, and into an environment that was a couple years old, that we hadn't done much with. We had gone through a pretty good size network deployment of new hardware to try to get ready for them. And it's worked well, but it's always challenging to keep up with students. >> Aaron, I want to ask you about security because that really is one of your key areas of focus. And you're collaborating with counties, local municipalities, as well as other educational institutions. How's your security strategy evolving in light of some of the vulnerabilities of VPNs that became obvious during the pandemic, and this kind of perfusion of new devices that that Dave was talking about? >> Yeah, so one of the things that we we did several years ago was establish what we call OmniSOC, which is a shared security operations center in collaboration with other institutions as well as research centers across the United States and in Indiana. And really what that is, is we took the lessons that we've learned and the capabilities that we've had within the institution and looked to partner with those key institutions to bring that data in-house, utilize our staff such that we can look for security threats and share that information across the the other institutions so that we can give each of those areas a heads up and work with those institutions to address any kind of vulnerabilities that might be out there. One of the other things that you mentioned is, we're partnering with Purdue in the Indiana Office of Technology on a grant to actually work with municipalities, county governments, to really assess their posture as it relates to security in those areas. It's a great opportunity for us to work together as institutions as well as work with the state in general to increase our posture as it relates to security. >> Dave, what brings IU to Supercomputing 2022? >> We've been here for a long time. And I think one of the things that we're always interested in is, what's next? What's new? There's so many, there's network vendors, software vendors, hardware vendors, high performance computing suppliers. What is out there that we're interested in? IU runs a large Cray system in Indiana called Big Red 200. And with any system you procure it, you get it running, you operate it, and your next goal is to upgrade it. And what's out there that we might be interested? That I think why we come to IU. We also like to showcase what we do at IU. If you come by the booth you'll see the OmniSOC, there's some video on that. The GlobalNOC, which I manage, which supports a lot of the RNE institutions in the country. We talk about that. Being able to have a place for people to come and see us. If you stand by the booth long enough people come and find you, and want to talk about a project they have, or a collaboration they'd like to partner with. We had a guy come by a while ago wanting a job. Those are all good things having a big booth can do for you. >> Well, so on that subject, in each of your areas of expertise and your purview are you kind of interleaved with the academic side of things on campus? Do you include students? I mean, I would think it would be a great source of cheap labor for you at least. Or is there kind of a wall between what you guys are responsible for and what students? >> Absolutely we try to support faculty and students as much as we can. And just to go back a little bit on the OmniSOC discussion. One of the things that we provide is internships for each of the universities that we work with. They have to sponsor at least three students every year and make that financial commitment. We bring them on site for three weeks. They learn us alongside the other analysts, information security analysts and work in a real world environment and gain those skills to be able to go back to their institutions and do an additional work there. So it's a great program for us to work with students. I think the other thing that we do is we provide obviously the infrastructure that enable our faculty members to do the research that they need to do. Whether that's through Big Red 200, our Supercomputer or just kind of the everyday infrastructure that allows them to do what they need to do. We have an environment on premise called our Intelligent Infrastructure, that we provide managed access to hardware and storage resources in a way that we know it's secure and they can utilize that environment to do virtually anything that they need in a server environment. >> Dave, I want to get back to the GigaPOP, which you mentioned earlier you're the managing director of the Indiana GigaPOP. What exactly is it? >> Well, the GigaPOP and there are a number of GigaPOP around the country. It was really the aggregation facility for Indiana and all of the universities in Indiana to connect to outside resources. GigaPOP has connections to internet too, the commodity internet, Esnet, the Big Ten or the BTAA a network in Chicago. It's a way for all universities in Indiana to connect to a single source to allow them to connect nationally to research organizations. >> And what are the benefits of having this collaboration of university. >> If you could think of a researcher at Indiana wants to do something with a researcher in Wisconsin, they both connect to their research networks in Wisconsin and Indiana, and they have essentially direct connection. There's no commodity internet, there's no throttling of of capacity. Both networks and the interconnects because we use internet too, are essentially UNT throttled access for the researchers to do anything they need to do. It's secure, it's fast, easy to use, in fact, so easy they don't even know that they're using it. It just we manage the networks and organize the networks in a way configure them that's the path of least resistance and that's the path traffic will take. And that's nationally. There are lots of these that are interconnected in various ways. I do want to get back to the labor point, just for a moment. (laughs) Because... >> You're here to claim you're not violating any labor laws. Is that what you're going to be? >> I'm here to hopefully hire, get more people to be interested to coming to IU. >> Stop by the booth. >> It's a great place to work. >> Exactly. >> We hire lots of interns and in the network space hiring really experienced network engineers, really hard to do, hard to attract people. And these days when you can work from anywhere, you don't have to be any place to work for anybody. We try to attract as many students as we can. And really we're exposing 'em to an environment that exists in very few places. Tens of thousands of wireless access points, big fast networks, interconnections and national international networks. We support the Noah network which supports satellite systems and secure traffic. It really is a very unique experience and you can come to IU, spend lots of years there and never see the same thing twice. We think we have an environment that's really a good way for people to come out of college, graduate school, work for some number of years and hopefully stay at IU, but if not, leave and get a good job and talk well about IU. In fact, the wireless network today here at SC was installed and is managed by a person who manages our campus network wireless, James Dickerson. That's the kind of opportunity we can provide people at IU. >> Aaron, I'd like to ask, you hear a lot about everything moving to the cloud these days, but in the HPC world I don't think that move is happening as quickly as it is in some areas. In fact, there's a good argument some workloads should never move to the cloud. You're having to balance these decisions. Where are you on the thinking of what belongs in the data center and what belongs in the cloud? >> I think our approach has really been specific to what the needs are. As an institution, we've not pushed all our chips in on the cloud, whether it be for high performance computing or otherwise. It's really looking at what the specific need is and addressing it with the proper solution. We made an investment several years ago in a data center internally, and we're leveraging that through the intelligent infrastructure that I spoke about. But really it's addressing what the specific need is and finding the specific solution, rather than going all in in one direction or another. I dunno if Jet Stream is something that you would like to bring up as well. >> By having our own data center and having our own facilities we're able to compete for NSF grants and work on projects that provide shared resources for the research community. Just dream is a project that does that. Without a data center and without the ability to work on large projects, we don't have any of that. If you don't have that then you're dependent on someone else. We like to say that, what we are proud of is the people come to IU and ask us if they can partner on our projects. Without a data center and those resources we are the ones who have to go out and say can we partner on your project? We'd like to be the leaders of that in that space. >> I wanted to kind of double click on something you mentioned. Couple of things. Historically IU has been I'm sure closely associated with Chicago. You think of what are students thinking of doing when they graduate? Maybe they're going to go home, but the sort of center of gravity it's like Chicago. You mentioned talking about, especially post pandemic, the idea that you can live anywhere. Not everybody wants to live in Manhattan or Santa Clara. And of course, technology over decades has given us the ability to do things remotely and IU is plugged into the globe, doesn't matter where you are. But have you seen either during or post pandemic 'cause we're really in the early stages of this. Are you seeing that? Are you seeing people say, Hey, thinking about their family, where do I want to live? Where do I want to raise my family? I'm in academia and no, I don't want to live in Manhattan. Hey, we can go to IU and we're plugged into the globe. And then students in California we see this, there's some schools on the central coast where people loved living there when they were in college but there was no economic opportunity there. Are you seeing a shift, are basically houses in Bloomington becoming unaffordable because people are saying, you know what, I'm going to stay here. What does that look like? >> I mean, for our group there are a lot of people who do work from home, have chosen to stay in Bloomington. We have had some people who for various reasons want to leave. We want to retain them, so we allow them to work remotely. And that has turned into a tool for recruiting. The kid that graduates from Caltech. Doesn't want to stay in Caltech in California, we have an opportunity now he can move to wherever between here and there and we can hire him do work. We love to have people come to Indiana. We think it is a unique experience, Bloomington, Indianapolis are great places. But I think the reality is, we're not going to get everybody to come live, be a Hoosier, how do we get them to come and work at IU? In some ways disappointing when we don't have buildings full of people, but 40 paying Zoom or teams window, not kind the same thing. But I think this is what we're going to have to figure out, how do we make this kind of environment work. >> Last question here, give you a chance to put in a plug for Indiana University. For those those data scientists those researchers who may be open to working somewhere else, why would they come to Indiana University? What's different about what you do from what every other academic institution does, Aaron? >> Yeah, I think a lot of what we just talked about today in terms of from a network's perspective, that were plugged in globally. I think if you look beyond the networks I think there are tremendous opportunities for folks to come to Bloomington and experience some bleeding edge technology and to work with some very talented people. I've been amazed, I've been at IU for 20 years and as I look at our peers across higher ed, well, I don't want to say they're not doing as well I do want brag at how well we're doing in terms of organizationally addressing things like security in a centralized way that really puts us in a better position. We're just doing a lot of things that I think some of our peers are catching up to and have been catching up to over the last 10, 12 years. >> And I think to sure scale of IU goes unnoticed at times. IU has the largest medical school in the country. One of the largest nursing schools in the country. And people just kind of overlook some of that. Maybe we need to do a better job of talking about it. But for those who are aware there are a lot of opportunities in life sciences, healthcare, the social sciences. IU has the largest logistics program in the world. We teach more languages than anybody else in the world. The varying kinds of things you can get involved with at IU including networks, I think pretty unparalleled. >> Well, making the case for high performance computing in the Hoosier State. Aaron, Dave, thanks very much for joining you making a great case. >> Thank you. >> Thank you. >> We'll be back right after this short message. This is theCUBE. (upbeat music)

(bright music) >> Welcome back everyone. theCube's live coverage here. Day two, of two sets, three days of theCube coverage here at VMware Explore. This is our 12th year covering VMware's annual conference, formerly called VM World. I'm John Furrier, with Dave Vellante. We'd love seeing the progress and we've got great security comes Tom Gill, senior vices, president general manager, networking and advanced security business group at VMware. Great to see you. Thanks for coming on. >> Thanks. for having me. >> Yeah, really happy we could have you on. >> I think this is my sixth edition on the theCube. Do I get frequent flyer points or anything? >> Yeah. >> You first get the VIP badge. We'll make that happen. You can start getting credits. >> Okay, there we go. >> We won't interrupt you. Seriously, you got a great story in security here. The security story is kind of embedded everywhere, so it's not called out and blown up and talked specifically about on stage. It's kind of in all the narratives in the VM World for this year. But you guys have an amazing security story. So let's just step back and to set context. Tell us the security story for what's going on here at VMware and what that means to this supercloud, multi-cloud and ongoing innovation with VMware. >> Yeah, sure thing. So probably the first thing I'll point out is that security's not just built in at VMware. It's built differently. So, we're not just taking existing security controls and cut and pasting them into our software. But we can do things because of our platform, because of the virtualization layer that you really can't do with other security tools. And where we're very, very focused is what we call lateral security or East-West movement of an attacker. 'Cause frankly, that's the name of the game these days. Attackers, you've got to assume that they're already in your network. Already assume that they're there. Then how do we make it hard for them to get to the stuff that you really want? Which is the data that they're going after. And that's where we really should. >> All right. So we've been talking a lot, coming into VMware Explore, and here, the event. About two things. Security, as a state. >> Yeah. >> I'm secure right now. >> Yeah. >> Or I think I'm secure right now, even though someone might be in my network or in my environment. To the notion of being defensible. >> Yeah. >> Meaning I have to defend and be ready at a moment's notice to attack, fight, push back, red team, blue team. Whatever you're going to call it. But something's happening. I got to be able to defend. >> Yeah. So what you're talking about is the principle of Zero Trust. When I first started doing security, the model was we have a perimeter. And everything on one side of the perimeter is dirty, ugly, old internet. And everything on this side, known good, trusted. What could possibly go wrong. And I think we've seen that no matter how good you make that perimeter, bad guys find a way in. So Zero Trust says, you know what? Let's just assume they're already in. Let's assume they're there. How do we make it hard for them to move around within the infrastructure and get to the really valuable assets? 'Cause for example, if they bust into your laptop, you click on a link and they get code running on your machine. They might find some interesting things on your machine. But they're not going to find 250 million credit cards. >> Right. >> Or the script of a new movie or the super secret aircraft plans. That lives in a database somewhere. And so it's that movement from your laptop to that database. That's where the damage is done and that's where VMware shines. >> So if they don't have the right to get to that database, they're not in. >> And it's not even just the right. So they're so clever and so sneaky that they'll steal a credential off your machine, go to another machine, steal a credential off of that. So, it's like they have the key to unlock each one of these doors. And we've gotten good enough where we can look at that lateral movement, even though it has a credential and a key, we're like wait a minute. That's not a real CIS Admin making a change. That's ransomware. And that's where you. >> You have to earn your way in. >> That's right. That's right. Yeah. >> And we're all kinds of configuration errors. But also some user problems. I've heard one story where there's so many passwords and username and passwords and systems that the bad guys scour, the dark web for passwords that have been exposed. >> Correct. >> And go test them against different accounts. Oh one hit over here. >> Correct. >> And people don't change their passwords all the time. >> Correct. >> That's a known vector. >> Just the idea that users are going to be perfect and never make a mistake. How long have we been doing this? Humans are the weakest link. So people are going to make mistakes. Attackers are going to be in. Here's another way of thinking about it. Remember log4j? Remember that whole fiasco? Remember that was at Christmas time. That was nine months ago. And whoever came up with that vulnerability, they basically had a skeleton key that could access every network on the planet. I don't know if a single customer that said, "Oh yeah, I wasn't impacted by log4j." So here's some organized entity had access to every network on the planet. What was the big breach? What was that movie script that got stolen? So there wasn't one, right? We haven't heard anything. So the point is, the goal of attackers is to get in and stay in. Imagine someone breaks into your house, steals your laptop and runs. That's a breach. Imagine someone breaks into your house and stays for nine months. It's untenable, in the real world, right? >> Right. >> We don't know in there, hiding in the closet. >> They're still in. >> They're watching everything. >> Hiding in your closet, exactly. >> Moving around, nibbling on your cookies. >> Drinking your beer. >> Yeah. >> So let's talk about how this translates into the new reality of cloud-native. Because now you hear about automated pentesting is a new hot thing right now. You got antivirus on data is hot within APIs, for instance. >> Yeah. >> API security. So all kinds of new hot areas. Cloud-native is very iterative. You know, you can't do a pentest every week. >> Right. >> You got to do it every second. >> So this is where it's going. It's not so much simulation. It's actually real testing. >> Right. Right. >> How do you view that? How does that fit into this? 'cause that seems like a good direction to me. >> Yeah. If it's right in, and you were talking to my buddy, Ahjay, earlier about what VMware can do to help our customers build cloud native applications with Tanzu. My team is focused on how do we secure those applications? So where VMware wants to be the best in the world is securing these applications from within. Looking at the individual piece parts and how they talk to each other and figuring out, wait a minute, that should never happen. By almost having an x-ray machine on the innards of the application. So we do it for both for VMs and for container based applications. So traditional apps are VM based. Modern apps are container based. And we have a slightly different insertion mechanism. It's the same idea. So for VMs, we do it with a hypervisor with NSX. We see all the inner workings. In a container world we have this thing called a service mesh that lets us look at each little snippet of code and how they talk to each other. And once you can see that stuff, then you can actually apply. It's almost like common sense logic of like, wait a minute. This API is giving back credit card numbers and it gives five an hour. All of a sudden, it's now asking for 20,000 or a million credit cards. That doesn't make any sense. The anomalies stick out like a sore thumb. If you can see them. At VMware, our unique focus in the infrastructure is that we can see each one of these little transactions and understand the conversation. That's what makes us so good at that East-West or lateral security. >> You don't belong in this room, get out or that that's some weird call from an in memory database, something over here. >> Exactly. Where other security solutions won't even see that. It's not like there algorithms aren't as good as ours or better or worse. It's the access to the data. We see the inner plumbing of the app and therefore we can protect the app from. >> And there's another dimension that I want to get in the table here. 'Cause to my knowledge only AWS, Google, I believe Microsoft and Alibaba and VMware have this. >> Correct >> It's Nitro. The equivalent of a Nitro. >> Yes. >> Project Monterey. >> Yeah. >> That's unique. It's the future of computing architectures. Everybody needs a Nitro. I've written about this. >> Yeah. >> Right. So explain your version. >> Yeah. >> It's now real. >> Yeah. >> It's now in the market, right? >> Yeah. >> Or soon will be. >> Here's our mission. >> Salient aspects. >> Yeah. Here's our mission of VMware. Is that we want to make every one of our enterprise customers. We want their private cloud to be as nimble, as agile, as efficient as the public cloud. >> And secure. >> And secure. In fact, I'll argue, we can make it actually more secure because we're thinking about putting security everywhere in this infrastructure. Not just on the edges of it. Okay. How do we go on that journey? As you pointed out, the public cloud providers realized five years ago that the right way to build computers was not just a CPU and a graphics process unit, GPU. But there's this third thing that the industry's calling a DPU, data processing unit. And so there's kind of three pieces of a computer. And the DPU is sometimes called a Smartnic. It's the network interface card. It does all that network handling and analytics and it takes it off the CPU. So they've been building and deploying those systems themselves. That's what Nitro is. And so we have been working with the major Silicon vendors to bring that architecture to everybody. So with vSphere 8, we have the ability to take the network processing, that East-West inspection I talked about, take it off of the CPU and put it into this dedicated processing element called the DPU and free up the CPU to run the applications that Ahjay and team are building. >> So no performance degradation at all? >> Correct. To CPU offload. >> So even the opposite, right? I mean you're running it basically Bare Metal speeds. >> Yes, yes and yes. >> And you're also isolating the storage from the security, the management, and. >> There's an isolation angle to this, which is that firewall, that we're putting everywhere. Not just that the perimeter, but we put it in each little piece of the server is running when it runs on one of these DPUs it's a different memory space. So even if an attacker gets to root in the OS, they it's very, very, never say never, but it's very difficult. >> So who has access to that resource? >> Pretty much just the infrastructure layer, the cloud provider. So it's Amazon, Google, Microsoft, and the enterprise. >> Application can't get in. >> Can't get in there. Cause you would've to literally bridge from one memory space to another. Never say never, but it would be very. >> But it hasn't earned the trust to get. >> It's more than barbwire. It's multiple walls. >> Yes. And it's like an air gap. It puts an air gap in the server itself so that if the server is compromised, it's not going to get into the network. Really powerful. >> What's the big thing that you're seeing with this supercloud transition. We're seeing multi-cloud and this new, not just SaaS hosted on the cloud. >> Yeah. >> You're seeing a much different dynamic of, combination of large scale CapEx, cloud-native, and then now cloud-native drills on premises and edge. Kind of changing what a cloud looks like if the cloud's on a cloud. >> Yeah. >> So we're the customer, I'm building on a cloud and I have on premise stuff. So, I'm getting scale CapEx relief from the hyperscalers. >> I think there's an important nuance on what you're talking about. Which is in the early days of the cloud customers. Remember those first skepticism? Oh, it'll never work. Oh, that's consumer grade. Oh, that's not really going to work. Oh some people realize. >> It's not secure. >> Yeah. It's not secure. >> That one's like, no, no, no it's secure. It works. And it's good. So then there was this sort of over rush. Let's put everything on the cloud. And I had a lot of customers that took VM based applications said, I'm going to move those onto the cloud. You got to take them all apart, put them on the cloud and put them all back together again. And little tiny details like changing an IP address. It's actually much harder than it looks. So my argument is, for existing workloads for VM based workloads, we are VMware. We're so good at running VM based workloads. And now we run them on anybody's cloud. So whether it's your east coast data center, your west coast data center, Amazon, Google, Microsoft, Alibaba, IBM keep going. We pretty much every. >> And the benefit of the customer is what. >> You can literally VMotion and just pick it up and move it from private to public, public to private, private to public, Back and forth. >> Remember when we called Vmotion BS, years ago? >> Yeah. Yeah. >> VMotion is powerful. >> We were very skeptical. We're like, that'll never happen. I mean we were. This supposed to be pat ourselves on the back. >> Well because alchemy. It seems like what you can't possibly do that. And now we do it across clouds. So it's not quite VMotion, but it's the same idea. You can just move these things over. I have one customer that had a production data center in the Ukraine. Things got super tense, super fast and they had to go from their private cloud data center in the Ukraine, to a public cloud data center out of harm's way. They did it over a weekend. 48 hours. If you've ever migrated a data center, that's usually six months. Right. And a lot of heartburn and a lot of angst. Boop. They just drag and dropped and moved it on over. That's the power of what we call the cloud operating model. And you can only do this when all your infrastructures defined in software. If you're relying on hardware, load balancers, hardware, firewalls, you can't move those. They're like a boat anchor. You're stuck with them. And by the way, they're really, really expensive. And by the way, they eat a lot of power. So that was an architecture from the 90's. In the cloud operating model your data center. And this comes back to what you were talking about is just racks and racks of X86 with these magic DPUs, or smart nics, to make any individual node go blisteringly fast and do all the functions that you used to do in network appliances. >> We just had Ahjay taking us to school, and everyone else to school on applications, middleware, abstraction layer. And Kit Culbert was also talking about this across cloud. We're talking supercloud, super pass. If this continues to happen, which we would think it will happen. What does the security posture look like? It feels to me, and again, this is your wheelhouse. If supercloud happens with this kind of past layer where there's vMotioning going on. All kinds of spanning applications and data across environments. >> Yeah. Assume there's an operating system working on behind the scenes. >> Right. >> What's the security posture in all this? >> Yeah. So remember my narrative about the bad guys are getting in and they're moving around and they're so sneaky that they're using legitimate pathways. The only way to stop that stuff, is you've got to understand it at what we call Layer 7. At the application layer. Trying to do security to the infrastructure layer. It was interesting 20 years ago, kind of less interesting 10 years ago. And now it's becoming irrelevant because the infrastructure is oftentimes not even visible. It's buried in some cloud provider. So Layer 7 understanding, application awareness, understanding the APIs and reading the content. That's the name of the game in security. That's what we've been focused on. Nothing to do with the infrastructure. >> And where's the progress bar on that paradigm. One to ten. Ten being everyone's doing it. >> Right now. Well, okay. So we as a vendor can do this today. All the stuff I talked about, reading APIs, understanding the individual services looking at, Hey, wait a minute this credit card anomalies, that's all shipping production code. Where is it in customer adoption life cycle? Early days 10%. So there's a whole lot of headroom for people to understand, Hey, I can put these controls in place. They're software based. They don't require appliances. It's Layer 7, so it has contextual awareness and it's works on every single cloud. >> We talked about the pandemic being an accelerator. It really was a catalyst to really rethink. Remember we used to talk about Pat as a security do over. He's like, yes, if it's the last thing I do, I'm going to fix security. Well, he decided to go try to fix Intel instead. >> He's getting some help from the government. >> But it seems like CISOs have totally rethought their security strategy. And at least in part, as a function of the pandemic. >> When I started at VMware four years ago, Pat sat me down in his office and he said to me what he said to you, which is like, "Tom," he said, "I feel like we have fundamentally changed servers. We fundamentally change storage. We fundamentally change networking. The last piece of the puzzle of security. I want you to go fundamentally change it." And I'll argue that the work that we're doing with this horizontal security, understanding the lateral movement. East- West inspection. It fundamentally changes how security works. It's got nothing to do with firewalls. It's got nothing to do with Endpoint. It's a unique capability that VMware is uniquely suited to deliver on. And so Pat, thanks for the mission. We delivered it and it's available now. >> Those WET web applications firewall for instance are around, I mean. But to your point, the perimeter's gone. >> Exactly. >> And so you got to get, there's no perimeter. so it's a surface area problem. >> Correct. And access. And entry. >> Correct. >> They're entering here easy from some manual error, or misconfiguration or bad password that shouldn't be there. They're in. >> Think about it this way. You put the front door of your house, you put a big strong door and a big lock. That's a firewall. Bad guys come in the window. >> And then the windows open. With a ladder. >> Oh my God. Cause it's hot, bad user behavior trumps good security every time. >> And then they move around room to room. We're the room to room people. We see each little piece of the thing. Wait, that shouldn't happen. Right. >> I want to get you a question that we've been seeing and maybe we're early on this or it might be just a false data point. A lot of CSOs and we're talking to are, and people in industry in the customer environment are looking at CISOs and CSOs, two roles. Chief information security officer, and then chief security officer. Amazon, actually Steven Schmidt is now CSO at Reinforce. They actually called that out. And the interesting point that he made, we had some other situations that verified this, is that physical security is now tied to online, to your point about the service area. If I get a password, I still got the keys to the physical goods too. >> Right. So physical security, whether it's warehouse for them or store or retail. Digital is coming in there. >> Yeah. So is there a CISO anymore? Is it just CSO? What's the role? Or are there two roles you see that evolving? Or is that just circumstance. >> I think it's just one. And I think that the stakes are incredibly high in security. Just look at the impact that these security attacks are having on. Companies get taken down. Equifax market cap was cut 80% with a security breach. So security's gone from being sort of a nuisance to being something that can impact your whole kind of business operation. And then there's a whole nother domain where politics get involved. It determines the fate of nations. I know that sounds grand, but it's true. And so companies care so much about it they're looking for one leader, one throat to choke. One person that's going to lead security in the virtual domain, in the physical domain, in the cyber domain, in the actual. >> I mean, you mention that, but I mean, you look at Ukraine. I mean that cyber is a component of that war. I mean, it's very clear. I mean, that's new. We've never seen. this. >> And in my opinion, the stuff that we see happening in the Ukraine is small potatoes compared to what could happen. >> Yeah. >> So the US, we have a policy of strategic deterrence. Where we develop some of the most sophisticated cyber weapons in the world. We don't use them. And we hope never to use them. Because our adversaries, who could do stuff like, I don't know, wipe out every bank account in North America. Or turn off the lights in New York City. They know that if they were to do something like that, we could do something back. >> This is the red line conversation I want to go there. So, I had this discussion with Robert Gates in 2016 and he said, "We have a lot more to lose." Which is really your point. >> So this brand. >> I agree that there's to have freedom and liberty, you got to strike back with divorce. And that's been our way to balance things out. But with cyber, the red line, people are already in banks. So they're are operating below the red line line. Red line meaning before we know you're in there. So do we move the red line down because, hey, Sony got hacked. The movie. Because they don't have their own militia. >> Yeah. >> If their were physical troops on the shores of LA breaking into the file cabinets. The government would've intervened. >> I agree with you that it creates tension for us in the US because our adversaries don't have the clear delineation between public and private sector. Here you're very, very clear if you're working for the government. Or you work for an private entity. There's no ambiguity on that. >> Collaboration, Tom, and the vendor community. I mean, we've seen efforts to try to. >> That's a good question. >> Monetize private data and private reports. >> So at VMware, I'm very proud of the security capabilities we've built. But we also partner with people that I think of as direct competitors. We've got firewall vendors and Endpoint vendors that we work with and integrate. And so coopetition is something that exists. It's hard. Because when you have these kind of competing. So, could we do more? Of course we probably could. But I do think we've done a fair amount of cooperation, data sharing, product integration, et cetera. And as the threats get worse, you'll probably see us continue to do more. >> And the government is going to trying to force that too. >> And the government also drives standards. So let's talk about crypto. Okay. So there's a new form of encryption coming out called processing quantum. >> Quantum. Quantum computers have the potential to crack any crypto cipher we have today. That's bad. Okay. That's not good at all because our whole system is built around these private communications. So the industry is having conversations about crypto agility. How can we put in place the ability to rapidly iterate the ciphers in encryption. So, when the day quantum becomes available, we can change them and stay ahead of these quantum people. >> Well, didn't NIST just put out a quantum proof algo that's being tested right now by the community? >> There's a lot of work around that. Correct. And NIST is taking the lead on this, but Google's working on it. VMware's working on it. We're very, very active in how do we keep ahead of the attackers and the bad guys? Because this quantum thing is a, it's an x-ray machine. It's like a dilithium crystal that can power a whole ship. It's a really, really, really powerful tool. >> Bad things will happen. >> Bad things could happen. >> Well, Tom, great to have you on the theCube. Thanks for coming on. Take the last minute to just give a plug for what's going on for you here at VMWorld this year, just VMware Explore this year. >> Yeah. We announced a bunch of exciting things. We announced enhancements to our NSX family, with our advanced load balancer. With our edge firewall. And they're all in service of one thing, which is helping our customers make their private cloud like the public cloud. So I like to say 0, 0, 0. If you are in the cloud operating model, you have zero proprietary appliances. You have zero tickets to launch a workload. You have zero network taps and Zero Trust built into everything you do. And that's what we're working on. Pushing that further and further. >> Tom Gill, senior vices president, head of the networking at VMware. Thanks for coming on. We do appreciate it. >> Thanks for having us. >> Always getting the security data. That's killer data and security of the two ops that get the most conversations around DevOps and Cloud Native. This is The theCube bringing you all the action here in San Francisco for VMware Explore 2022. I'm John Furrier with Dave Vellante. Thanks for watching. (bright music)

>>Okay, welcome back to everyone. Cube's live coverage of VMware Explorer, 2022. I'm John fur, host of the cube. Two sets three days of live coverage. Dave Ante's here. Lisa Martin, Dave Nicholson, all host of the cube 12 interviews today, just we're with Rocklin and rolling, getting down to the end of the show. As we wind down and look back and look at the future. We've got Steven Jones. Here's the general manager of the VMware cloud on AWS. He's with Amazon web service. Steven Jones. Welcome to the cube. >>Thanks John. >>Welcome back cube alumni. I've been on many times going back to 2015. Yeah. >>Pleasure to be here. Great >>To see you again. Thanks for coming on. Obviously 10 years at AWS, what a ride is that's been, come on. That's fantastic. Tell me it's been crazy. >>Wow. Learned a lot of stuff along the way, right? I mean, we, we, we knew that there was a lot of opportunity, right? Customers wanting the agility and flexibility of, of the cloud and, and we, we still think it's early days, right? I mean, you'll hear Andy say that animals say that, but it really is. Right. If you look at even just the amount of spend that's being spent on, on clouds, it's in the billions, right. And the amount of, of spend in it is still in the trillion. So there's, there's a long way to go and customers are pushing us hard. Obviously >>It's been interesting a lot going on with VM. We're obviously around with them, obviously changing the strategy with their, their third generation and their narrative. Obviously the Broadcom thing is going on around them. And 10 years at abs, we've been, we've been, this'll be our ninth year, no 10th year at reinvent coming up for us. So, but it's 10 years of everything at Amazon, 10 years of S three, 10 years of C two. So if you look at the, the marks of time, now, the history books are starting to be written about Amazon web services. You know, it's about 10 years of full throttle cube hyperscaler in action. I mean, I'm talking about real growth, like >>Hardcore, for sure. I'll give you just one anecdote. So when I first joined, I think we had maybe two EC two instances back in the day and the maximum amount of memory you could conversion into one of these machines was I think 128 gig of Ram fast forward to today. You literally can get a machine with 24 terabytes of Ram just in insane amounts. Right? My, my son who's a gamer tells me he's got 16 gig in his, in his PC. You need to, he thinks that's a lot. >>Yeah. >>That's >>Excited about that. That's not even on his graphics card. I mean, he's, I know it's coming next. The GPU, I mean, just all >>The it's like, right? >>I mean, all the hardware innovation that you guys have done, I mean, look at every it's changed. Everyone's changed their strategy to copy AWS nitro, Dave ante. And I talk about this all the time, especially with James Hamilton and the team over there, Peter DeSantos, these guys have, are constantly going at the atoms and innovating at the, at the level. I mean that, that's how hardcore it is over there right now. I mean, and the advances on the Silicon graviton performance wise is crazy. I mean, so what does that enabling? So given that's continuing, you guys are continuing to do great work there on the CapEx side, we think that's enabling another set of new net new applications because we're starting to see new things emerge. We saw snowflake come on, customer of AWS refactor, the data warehouse, they call it a data cloud. You're starting to see Goldman Sachs. You see capital one, you see enterprise customers building on top of AWS and building a cloud business without spending the CapEx >>Is exactly right. And Ziggy mentioned graviton. So graviton is one of our fastest growing compute families now. And you know, you mentioned a couple of ISVs and partners of ours who are leaning in heavily on porting their own software. Every event Adam announced that we're working with SAP to, to help them port their HANA cloud, which is a, a database of service offering HANA flagship to graviton as well. So it's, it's definitely changing. >>And I think, you know, one of the, and we're gonna circle back to VMware is kind of a point to this. This conversation is that, is that if you look at the trends, right, okay. VMware really tried hard to do cloud and they had a good shot at it V cloud air, but it just, they didn't have the momentum that you guys had at AWS. We saw a lot, lot of other stragglers try to do cloud. They fell off the road, OpenStack, HP, and the list goes on and on. I don't wanna get into that, but the point is, as you guys become more powerful and you're open, right? So you have open ecosystem, you have people now coming back, taking advantage and refactoring and picking up where they left off. VMware was the one of the first companies that actually said, you know what pat Gelsinger said? And I was there, let's clear up the positioning. Let's go all in with AWS. That's >>Right >>At that time, 2016. >>Yeah. This was new for us, for >>Sure. And then now that's set the standard. Now everybody else is kind of doing it. Where is the VMware cloud relationship right now? How is that going out? State's worked. >>It's working well very well. It's I mean, we're celebrating, I think we made the announcement what, five years ago at this conference. Yeah. 2016. So, I mean, it's, it's been a tremendous ride. The best part are the customers who were coming and adopting and proving to us that our vision back then was the right vision. And, and, and what's been different. I think about this relationship. And it was new for us was that we, we purposely went after a jointly engineered solution. This wasn't a, we've got a, a customer or a partner that's just going to run and build something on us. This is something where we both bring muscle and we actually build a, a joint offering together. Talk about, about the main difference. >>Yeah. And that, and that's been working, but now here at this show, if you look at, if you squint through the multi-cloud thing, which is like just, I think positioning for, you know, what could happen in, in a post broad Broadcom world, the cloud native has traction they're Tansu where, where customers were leaning in. So their enterprise customer is what I call the classic. It, you know, mainstream enterprise, which you guys have been doing a lot of business with. They're now thinking, okay, I'm gonna go on continu, accelerate on, in the public cloud, but I'm gonna have hybrid on premise as well. You guys have that solution. Now they're gonna need cloud native. And we were speculating that VMware is probably not gonna be able to get 'em all of it. And, and that there's a lot more cloud native options as customers want more cloud native. How do you see that piece on Amazon side? Because there's a lot of benefits between the VMware cloud on AWS and the services that you guys have natively in your cloud. So we see customers really taking advantage of the AWS goodness, as well as expanding the cloud side at VMware cloud on AWS. >>Yeah. There's probably two ways I would look at this. Right? So, so one is the combination of VMware cloud on AWS. And then both native services just generally brings more options to customers. And so typically what we're seeing now is customers are just able to move much faster, especially as it comes to data center, evacuations, migrating all their assets, right? So it used to be that, and still some customers they're like, I I've gotta think through my entire portfolio of applications and decide what to refactor. And the only way I can move it to cloud is to actually refactor it into some net new application, more and more. We're actually seeing customers. They've got their assets. A lot of them are still on premises in a VMware state, right. They can move those super quick and then modernize those. And so I think where you'll see VMware and AWS very aligned is on this, this idea of migrate. Now you need to get the benefits of TCO and, and the agility that comes with being in the cloud and then modernize. We took a step further, which is, and I think VMware would agree here too, but all of the, the myriad of services, I think it's 200 plus now AWS native services are for use right alongside any that a customer wants to run in VMware. And so we have examples of customers that are doing just, >>And that's, that's how you guys see the native and, and VMware cloud integrating in. Yeah, that's, that's important because this, I mean, if I always joke about, you know, we've been here 12 years listening in the hallways and stuff, you know, on the bus to the event last night, walking the parties and whatnot, listening in the streets, there's kind of two conversations that rise right to the top. And I wanna get your reaction to this Steven, because this seems to be representative of this demographic here at VMware conference, there's conversations around ransomware and storage and D dub and recovery. It's all, a lot of those happen. Yeah. Clearly a big crowd here that care about, you know, Veeam and NetApp and storage and like making sure stuff's secure and air gapped. And a lot of that kind of, I call nerdy conversations and then the other one is, okay, I gotta get the cloud story. >>Right. So there's kind of the operational security. And then there's like, okay, what's my path to true cloud. I need to get this moving. I need to have better applications. My company is the application now not it serves some sort of back office function. Yeah. It's like, my company is completely using technology as its business. So the app is the business. So that means everything's technology driven, not departmental siloed. So there's a, that's what I call the true cloud conversation. How do you, how do you see that evolving because VMware customers are now going there. And I won't say, I won't say they're behind, but they're certainly going there faster than ever before. >>I think, I think, I mean, it's an interesting con it's an interesting way to put it and I, I would completely agree. I think it's, it's very clear that I think a lot of customer companies are actually being disrupted. Right. And they have to move fast and reinvent themselves. You said the app is now becoming the company. Right. I mean, if, if you look at where not too many years back, there were, you know, big companies like Netflix that were born in the cloud. Right. Airbnb they're disruptors. >>There's, that's the >>App, right? That's the app. Yeah. So I, I would exactly agree. And, and that's who other companies are competing with. And so they have to move quickly. You talked about some, some technology that allows them to do that, right? So this week we announced the general availability of a NetApp on tap solution. It's been available on AWS for some time as a fully managed FSX storage solution. But now customers can actually leverage it with, with VMC. Now, why is that important? Well, there's tens of thousands of customers running VMware. On-premises still, there's thousands of them that are actually using NetApp filers, right? NetApp, NetApp filers, and the same enterprise features like replication. D do you were talking about and Snapp and clone. Those types of things can be done. Now within the V VMware state on AWS, what's even better is they can actually move faster. So consider replicating all this, you know, petabytes and petabytes of data that are in these S from on-premises into AWS, this, this NetApp service, and then connected connecting that up to the BMC option. So it just allows customers much, much. >>You guys, you guys have always been customer focus. Every time I sat down with the Andy jazzy and then last year with Adam, same thing we worked back from, I know it's kind of a canned answer on some of the questions from media, but, but they do really care. I've had those conversations. You guys do work backwards from the customer, actually have documents called working backwards. But one of the things that I observed, we talked about here yesterday on the cube was the observations of reinvent versus say, VM world. Now explore is VM world's ecosystem was very partner-centric in the sense of the partners needed to rely on VMware. And the customers came here for both more of the partners, not so much VMware in the sense there wasn't as much, many, many announcements can compare that to the past, say eight years of reinvent, where there's so much Amazon action going on the partners, I won't say take as a second, has a backseat to Amazon, but the, the attendees go there generally for what's going on with AWS, because there's always new stuff coming out. >>And it's, it's amazing. But this year it starts to see that there's an overlap or, or change between like the VMware ecosystem. And now Amazon there's, a lot of our interviews are like, they're on both ecosystems. They're at Amazon's show they're here. So you start to see what I call the naturalization of partners. You guys are continuing to grow, and you'll probably still have thousands of announcements at the event this year, as you always do, but the partners are much more part of the AWS equation, not just we're leasing all these new services and, and oh, for sure. Look at us, look at Amazon. We're growing. Cause you guys were building out and look, the growth has been great. But now as you guys get to this next level, the partners are integral to the ecosystem. How do you look at that? How has Amazon thinking about that? I know there's been some, some, a lot of active reorgs around AWS around solving this problem or no solve the problem, addressing the need and this next level of growth. What's your reaction to >>That? Well, I mean, it's, it's a, it's a good point. So I have to be honest with you, John. I, I, I spent eight of my 10 years so far at AWS within the partner organization. So partners are very near and dear to my heart. We've got tens of thousands of partners and you are you're right. You're starting to see some overlap now between the VMware partner ecosystem and what we've built now in AWS and partners are big >>By the way, you sell out every reinvent. So it's, you have a lot of partners. I'm not suggesting that you, that there's no partner network there, but >>Partners are critical. I mean, absolutely naturally we want a relationship with a customer, but in order to scale the way we need to do to meet the, the needs of customers, we need partners. Right. We, we can't, we can't interact with every single customer as much as we would like to. Right. And so partners have long built teams and expertise that, that caters to even niche workloads or opportunity areas. And, and we love partners >>For that. Yeah. I know you guys do. And also we'll point out just to kind of give props to you guys on the partner side, you don't, you keep that top of the stack open on Amazon. You've done some stuff for end to end where customers want all Amazon, but for the most part, you let competition come in, even on, so you guys are definitely partner friendly. I'm just observing more the maturization of partners within the reinvent ecosystem, cuz we're there every year. I mean, it's, I mean, first of all, they're all buzzing. I mean, it's not like there's no action. There's a lot of customers there it's sold out as big numbers, but it just seems that the partners are much more integrated into the value proposition of at a AWS because of the, the rising tide and, and now their enablement, cuz now they're part of the, of the value proposition. Even more than ever before >>They, they really are. And they, and they're building a lot of capabilities and services on us. And so their customers are our customers. And like you say, it's rising tide, right. We, we all do better together. >>Okay. So let's talk about the VMware cloud here. What's the update here in terms of the show, what's your, what's your main focus cuz a lot of people here are doing, doing sessions. What's been some of the con content that you guys are producing here. >>Yeah. So the best part obviously is a always the customer conversations to partner conversations. So a, a lot of, a lot of sessions there, we did keynote yesterday in Ryan and I, where we talked about a number of announcements that are, I think pretty material now to the offering a joint announcement with NetApp yesterday as well around the storage solution I was talking about. And then some, some really good technical deep dives on how the offering works. Customers are still interested in like how, how do I take what I've got on premises and easily move into AWS and technology like HSX H CX solution with VMware makes it really easy without having to re IP applications. I mean, you know, it is super difficult sometimes to, to move an application. If you've got figure out where all the firewall rules are and re iPing those, those things source. But yeah, it's, it's been fantastic. >>A lot of migrations to the cloud too. A lot of cloud action, new cloud action. You guys have probably seen an uptake on services right on the native side. >>Yes. Yes. For sure. So maybe I just outlined some of the, some of the assets we made this week. So absolutely >>Go ahead. >>We, we announced a new instance family as a, a major workhorse underneath the VMware cloud offering called I, I, you mentioned nitro earlier, this is on, based on our latest generation of nitro, which allows us to offer as you know, bare metal instances, which is, which is what VMware actually VMware was our first partnership and customer that I would say actually drove us to really get Nira done and out the door. And we've continued to iterate on that. And so this I four, I instance, it's based on the, the latest Intel isolate processor with more than double the Ram double the compute, a whopping 75 gigabytes per second network. So it's a real powerhouse. The cool thing is that with the, with the NetApp storage solution that we, we discussed, we're now disaggregating the need to provision, compute and storage at the same time. It used to be, if you wanted to add more storage to your VSAN array, that was on a V VMware cloud. Yeah. You'd add another note. You might not need more compute for memory. You'd have to add another note. And so now customers can simply start adding chunks of storage. And so this opens up customers. I had a customer come to me yesterday and said, there's no reason for us not to move. Now. We were waiting for something that like this, that allowed us to move our data heavy workloads yeah. Into VMware cloud. It's >>Like, it's like the, the alignment. You mentioned alignment earlier. You know, I would say that VMware customers are lined up now almost perfectly with the hybrid story that's that's seamless or somewhat seems it's never truly seamless. But if you look at like what Deepak's doing with Kubernetes and open source, you, you guys have that there talking that big here, you got vs a eight vSphere, eight out it's all cloud native. So that's lined up with what you guys are doing on your services and the horsepower. They have their stuff, you have yours that works better together. So it seems like it's more lined up than ever before. What's your take on that? Do you agree? And, and if so, what folks watching here that are VMware customers, what's, what's the motivation now to go faster? >>Look, it is, it is absolutely lined up. We are, as, as I mentioned earlier, we are jointly engineering and developing this thing together. And so that includes not just the nuts and bolts underneath, but kind of the vision of where it's going. And so we're, we're collectively bringing in customer feedback. >>What is that vision real quick? >>So that vision has to actually help an under help meet even the most demanding customer workloads. Okay. So you've got customer workloads that are still locked in on premises. And why is that? Well, it used to be, there was big for data and migration, right? And the speed. And so we continue to iterate this and that again is a joint thing. Instead of say, VMware, just building on AWS, it really is a, a tight partnership. >>Yeah. The lift and shift is a, an easy thing to do. And, and, and by the way, that could be a hassle too. But I hear most people say the reason holding us back on the workloads is it's just a lot of work, a hassle making it easier is what they want. And you guys are doing that. >>We are doing that. Absolutely. And by the way, we've got not just engineering teams, but we've got customer support teams on both sides working together. We also have flexible commercial options, right? If a customer wants to buy from AWS because they've negotiated some kind of deal with us, they can do that. They wanna buy from VMware for a similar reason. They could buy from VMware. So are >>They in the marketplace? >>They are in the market. There, there are some things in the marketplace. So you talked about Tansu, there's a Tansu offering in the marketplace. So yes. Customers can >>Contract. Yeah. Marketplaces. I'm telling you that's very disruptive. I'm Billy bullish on the market AIOS marketplace. I think that's gonna be a transformative way. People have what they procure and fully agree, deploy and how, and channel relationships are gonna shift. I think that's gonna be a disruptive enabler to the partner equation and, and we haven't even seen it yet. We're gonna be up there in September for their inaugural event. I think it's a small group, but we're gonna be documenting that. So even final question for you, what's next for you? What's on the agenda. You got reinvent right around the corner. Your P ones are done. Right? I know. Assuming all that, I turn that general joke. That's an internal Amazon joke. FYI. You've got your plan. What's next for the world. Obviously they're gonna go this, take this, explore global. No matter what happens with Broadcom, this is gonna be a growth wave with hybrid. What's next for you and your team with AWS and VMware's relationship? >>Yeah. So both of us are hyper focused on adding additional options, both from a, an instance compute perspective. You know, VMware announced some, some, some additional offerings that we've got. We've got a fully complete, like, so they're, they announce things like VMware flex compute V VMware flex storage. You mentioned earlier, there was a conversation around ransomware. There's a new ransomware based offering. So we're hyper focused on rounding out, continuing to round out the offering and giving customers even more choice >>Real quick. Jonathan made me think about the ransomware we were at reinforce Steven Schmidtz now the CSO. Now you got a CSO. AJ's the CSO. You got a whole focus, huge emphasis on security right now. I know you always have, but now it's much more public. It's PO more positive, I think, than some of the other events I've been to. It's been more Lum and doom. What's the security tie in here with VMware. Can you share a little bit real quick on the security piece update around this relationship? >>Yeah, you bet. So as you know, security for us is job zero. Like you don't have anything of security. And so what are the things that, that we're excited about specifically with VMware is, is the latest offering that, that we put together and it's called this, this ransomware offering. And it's, it's a little bit different than other ransomware. I mean, a lot of people have ransomware offerings today, just >>Air gap. >>Right, right, right. Exactly. No, that's easy. No, this one is different. So on the back end, so within VMC, there's this, this option where CU we can be to be taking iterative snapshots of a customer environment. Now, if an event were to occur, right. And a customer is like, I have to know if I'm compromised, we can actually spin up super easy. This is cloud. Remember? Yeah. We can spin up a, a copy of this environment, throw a switch, pick a snapshot with NSX. So VMware NSX firewall it off and then use some custom tooling from VMware to actually see if it's been compromised or not. And then iterate through that until you actually know you're clean. And that's different than just tools that do maybe a >>Little bit of scam. We had Tom gills on yesterday and, and one of the things Dave ante had to leave is taking the sun to college is last one in the house and B nester now, but Tom Gill was on. We were talking about how good their security story is ware. And they really weren't showboating it as much as they could have here. I thought they could have done a better job, but this is an example of kind of them really leaning in with you guys. That's the key part of the relationship. >>Yeah, it really is. And I think this is something is materially different than what you can get elsewhere. And it's exciting for, >>Okay. Now the, the real question I want to know is what's your plans for AWS reinvent the blockbuster end of the year, Amazon surf show that gets bigger and bigger. I know it's still hybrid now, but it's looking be hybrid, but people are back in person last year. You guys were the first event really come back and still had massive numbers. AWS summit, New York at 19,000. I heard last week in Chicago, big numbers. So we're expecting reinvent to be pretty large this year. What are you, what are you gonna do there? What's your role there? >>We are expecting, well, I'll be there. I cover multiple businesses. Obviously. We're, we're planning on some additional announcements, obviously in the VMware space as well. And one of the other businesses I run is around SAP. And you should look for some things there as well. Yeah. Really looking forward to reinvent, except for the fact that it's right after Thanksgiving. But I think it >>Always ruins my, I always get an article out. I like, why are you we're having, we're having Thanksgiving dinner. I gotta write this article. It's gotta get Adam, Adam. Leski exclusive. We, every year we do a, a CEO sit down with Andy was the CEO and then now Adam. But yeah, it's a great event to me. I think it sets the tone. And it's gonna be very interesting to see the big clouds are coming to the big cloud. You guys, and you guys are now called hyperscalers. Now, multiple words. It's interesting. You guys are providing the CapEx goodness for everybody else now. And that relationship seems to be the new, the new industry standard of you guys provide the enablement and then everyone you get paid, cuz it's a service. A whole nother level of cloud is emerging in the partner network, GSI other companies. Yeah. >>Yeah. I mean we're really scaling. I mean we continue to iterate and release regions at a fast clip. We just announced support for VMware in Hong Kong. Yeah. So now we're up to 21 regions for this service, >>The sovereign clouds right around the corner. Let's we'll talk about that soon. Steven. Thanks for coming. I know you gotta go. Thank you for your valuable time. Coming in. Put Steven Jones. Who's the general manager of the VMware cloud on AWS business. Four AWS here inside the cube day. Three of cube coverage. I'm John furrier. Thanks for watching. We'll be right back.

>>Welcome back everyone Cube's live coverage here. Day two, two sets, three days of cube coverage here at VMware Explorer. This is our 12th year covering VMware's annual conference, formally called world I'm Jean Dave ante. We'd love seeing the progress and we've got great security comes Tom Gill, senior rights, president general manager, networking and advanced security business group at VMware. Great to see you. Thanks for coming on. Thanks >>For having me. Yeah, really happy we could have you on, you know, I think, I think this is my sixth edition on the cube. Like, do I get freaking flyer points or anything? >>Yeah, you get first get the VIP badge. We'll make that happen. You can start getting credits. >>Okay. There we go. >>We won't interrupt you. No, seriously, you got a great story in security here. The security story is kind of embedded everywhere, so it's not like called out and, and blown up and talked specifically about on stage. It's kind of in all the narratives in, in the VM world for this year. Yeah. But you guys have an amazing security story. So let's just step back into set context. Tell us the security story for what's going on here at VMware and what that means to this super cloud multi-cloud and ongoing innovation with VMware. Yeah, >>Sure thing. So, so probably the first thing I'll point out is that, that security's not just built in at VMware it's built differently, right? So we're not just taking existing security controls and cut and pasting them into, into our software. But we can do things because of our platform because of the virtualization layer that you really can't do with other security tools and where we're very, very focused is what we call lateral security or east west movement of an attacker. Cuz frankly, that's the name of the game these days. Right? Attackers, you gotta assume that they're already in your network. Okay. Already assume that they're there, then how do we make it hard for them to get to what the, the stuff that you really want, which is the data that they're, they're going after. Right. And that's where we, >>We really should. All right. So we've been talking a lot coming into world VMware Explorer and here the event about two things security as a state. Yeah. I'm secure right now. Yeah. Or I, I think I'm secure right now, even though someone might be in my network or in my environment to the notion of being defensible. Yeah. Meaning I have to defend and be ready at a moment's notice to attack, fight, push back red team, blue team, whatever you're gonna call it, but something's happening. I gotta be a to defend. Yeah. >>So you, what you're talking about is the principle of zero trust. So the, the, when we, when I first started doing security, the model was we have a perimeter and everything on one side of the perimeter is dirty, ugly, old internet and everything on this side known good, trusted what could possibly go wrong. And I think we've seen that no matter how good you make that perimeter, bad guys find a way in. So zero trust says, you know what? Let's just assume they're already in. Let's assume they're there. How do we make it hard for them to move around within the infrastructure and get to the really valuable assets? Cuz for example, if they bust into your laptop, you click on a link and they get code running on your machine. They might find some interesting things on your machine, but they're not gonna find 250 million credit cards. Right. Or the, the script of a new movie or the super secret aircraft plans, right. That lives in a database somewhere. And so it's that movement from your laptop to that database. That's where the damage is done. Yeah. And that's where VMware shines. If they don't >>Have the right to get to that database, they're >>Not >>In and it's not even just the right, like, so they're so clever. And so sneaky that they'll steal a credential off your machine, go to another machine, steal a credential off of that. So it's like they have the key to unlock each one of these doors and we've gotten good enough where we can look at that lateral movement, even though it has a credential and a key where like, wait a minute, that's not a real CIS admin making a change. That's ransomware. Yeah. Right. And that's, that's where we, you have to earn your way in. That's right. That's >>Right. Yeah. And we're all, there's all kinds of configuration errors. But also some, some I'll just user problems. I've heard one story where there's so many passwords and username and passwords and systems that the bad guy's scour, the dark web for passwords that have been exposed. Correct. And go test them against different accounts. Oh one hit over here. Correct. And people don't change their passwords all the time. Correct? Correct. That's a known, known vector. We, >>We just, the idea that users are gonna be perfect and never make mistake. Like how long have we been doing this? Like humans with the weakest link. Right. So, so, so people are gonna make mistakes. Attackers are gonna be in here's another way of thinking about it. Remember log for J. Remember that whole ago, remember that was a Christmas time. That was nine months ago. And whoever came up with that, that vulnerability, they basically had a skeleton key that could access every network on the planet. I don't know if a single customer that was said, oh yeah, I wasn't impacted by log for J. So seers, some organized entity had access to every network on the planet. What was the big breach? What was that movie script that got stolen? So there wasn't one. Right? We haven't heard anything. So the point is the goal of attackers is to get in and stay in. Imagine someone breaks into your house, steals your laptop and runs. That's a breach. Imagine someone breaks into your house and stays for nine months. Like it's untenable, the real world. Right, right. >>We don't even go in there. They're still in there >>Watching your closet. Exactly. Moving around, nibbling on your ni line, your cookies. You know what I mean? Drinking your beer. >>Yeah. So, so let's talk about how this translates into the new reality of cloud native, because now know you hear about, you know, automated pen testing is a, a new hot thing right now you got antivirus on data. Yeah. Is hot is hot within APIs, for instance. Yeah. API security. So all kinds of new hot areas, cloud native is very iterative. You know, you, you can't do a pen test every week. Right. You gotta do it every second. Right. So this is where it's going. It's not so much simulation. It's actually real testing. Right. Right. How do you view that? How does that fit into this? Cuz that seems like a good direction to me. >>Yeah. It, it, it fits right in. And you were talking to my buddy AJ earlier about what VMware can do to help our customers build cloud native applications with, with Zu, my team is focused on how do we secure those applications? So where VMware wants to be the best in the world is securing these applications from within looking at the individual piece parts and how they talk to each other and figuring out, wait a minute. That, that, that, that, that should never happen by like almost having an x-ray machine on the ins of the application. So we do it for both for VMs and for container based applications. So traditional apps are VM based. Modern apps are container based and we, and we have a slightly different insertion mechanism. It's the same idea. So for VMs, we do it with the hypervisor, with NSX, we see all the inner workings in a container world. >>We have this thing called a service me that lets us look at each little snippet of code and how they talk to each other. And once you can see that stuff, then you can actually apply. It's almost like common sense logic of like, wait a minute. You know, this API is giving back credit card numbers and it gives five an hour. All of a sudden, it's now asking for 20,000 or a million credit card that doesn't make any sense. Right? The anomalies stick out like a sore thumb. If you can see them. And VMware, our unique focus in the infrastructure is that we can see each one of these little transactions and understand the conversation. That's what makes us so good at that east west or lateral >>Security. Yeah. You don't belong in this room, get out or that that's right. Some weird call from an in-memory database, something over >>Here. Exactly. Where other, other security solutions won't even see that. Right. It's not like there algorithms aren't as good as ours or, or better or worse. It's that, it's the access to the data. We see the, the, the, the inner plumbing of the app. And therefore we can protect >>The app from, and there's another dimension that I wanna get in the table here, cuz to my knowledge only AWS, Google, I, I believe Microsoft and Alibaba and VMware have this, it nitro the equivalent of a nitro. Yes. Project Monterey. Yeah. That's unique. It's the future of computing architectures. Everybody needs a nitro. I've I've written about this. Yeah. Right. So explain your version. Yeah. Project. It's now real. It's now in the market right. Or soon will be. Yeah. Here. Here's our mission salient aspects. Yeah. >>Here's our mission of VMware is that we wanna make every one of our enterprise customers. We want their private cloud to be as nimble, as agile, as efficient as the public cloud >>And secure >>And secure. In fact, I'll argue, we can make it actually more secure because we're thinking about putting security everywhere in this infrastructure. Right. Not just on the edges of it. So, so, so, okay. How do we go on that journey? As you pointed out, the public cloud providers realized, you know, five years ago that the right way to build computers was not just a CPU and a GPU graphics process, unit GPU, but there's this third thing that the industry's calling a DPU data processing unit. So there's kind of three pieces of a computer. And the DPU is sometimes called a smart Nick it's the network interface card. It does all that network handling and analytics and it takes it off the CPU. So they've been building and deploying those systems themselves. That's what nitro is. And so we have been working with the major Silicon vendors to bring that architecture to everybody. So, so with vSphere eight, we have the ability to take the network processing that east west inspection. I talked about, take it off of the CPU and put it into this dedicated processing element called the DPU and free up the CPU to run the applications that AJ and team are building. >>So no performance degradation at all, correct. >>To CPU >>Offload. So even the opposite, right? I mean you're running it basically bare metal speeds. >>Yes, yes. And yes. >>And, and, and you're also isolating the, the storage right from the, from the, the, the security, the management. And >>There's an isolation angle to this, which is that firewall that we're putting everywhere. Not just that the perimeter, we put it in each little piece of the server is running when it runs on one of these DPU, it's a different memory space. So even if, if an attacker gets to root in the OS, they it's very, very, never say never, but it's very difficult. >>So who has access to that? That, that resource >>Pretty much just the infrastructure layer, the cloud provider. So it's Google Microsoft, you know, and the enterprise, the >>Application can't get in, >>Can't get in there. Cause it, you would've to literally bridge from one memory space to another, never say never, but it would be very, very, >>It hasn't earned the trust >>To get it's more than Bob wire. It's, it's, it's multiple walls and, and >>It's like an air gap. It puts an air gap in the server itself so that if the server's compromised, it's not gonna get into the network really powerful. >>What's the big thing that you're seeing with this super cloud transition we're seeing, we're seeing, you know, multicloud and this new, not just SAS hosted on the cloud. Yeah. You're seeing a much different dynamic of combination of large scale CapEx, cloud native. And then now cloud native develops on premises and edge kind of changing what a cloud looks like if the cloud's on a cloud. So rubber customer, I'm building on a cloud and I have on-prem stuff. So I'm getting scale CapEx relief from the, from the cap, from the hyperscalers. >>I, I think there's an important nuance on what you're talking about, which is, is in the early days of the cloud customers. Remember those first skepticism? Oh, it'll never work. Oh, that's consumer grade. Oh, that's not really gonna work. And some people realize >>It's not secure. Yeah. >>It, it's not secure that one's like, no, no, no, it's secure. It works. And it, and it's good. So then there was this sort of over rush. Like let's put everything on the cloud. And I had a lot of customers that took VM based applications said, I'm gonna move those onto the cloud. You gotta take 'em all apart, put 'em on the cloud and put 'em all back together again. And little tiny details, like changing an IP address. It's actually much harder than it looks. So my argument is for existing workloads for VM based workloads, we are VMware. We're so good at running VM based workloads. And now we run them on anybody's cloud. So whether it's your east coast data center, your west coast data center, Amazon, Google, Microsoft, Alibaba, IBM keep going. Right. We pretty much every, and >>The benefit of the customer is what you >>Can literally vMotion and just pick it up and move it from private to public public, to private, private, to public, public, back and forth. >>Remember when we called VMO BS years ago. Yeah, yeah, yeah. >>We were really, skeptic is >>Powerful. We were very skeptical. We're like, that'll never happen. I mean, we were, I mean, it's supposed to be pat ourselves on the back. We, well, >>Because it's alchemy, it seems like what you can't possibly do that. Right. And so, so, so, and now we do it across clouds, right? So we can, you know, it's not quite VMO, but it's the same idea. You can just move these things over. I have one customer that had a production data center in the Ukraine, things got super tense, super fast, and they had to go from their private cloud data center in the Ukraine to a public cloud data center outta harm's way. They did it over a weekend, 48 hours. If you've ever migrated data, that's usually six months, right? And a lot of heartburn and a lot of angst, boom. They just drag and drop, moved it on over. That's the power of what we call the cloud operating model. And you can only do this when all your infrastructure's defined in software. >>If you're relying on hardware, load, balancers, hardware, firewalls, you can't move those. They're like a boat anchor. You're stuck with them. And by the way, really, really expensive. And by the way, they eat a lot of power, right? So that was an architecture from the nineties in the cloud operating model, your data center. And this goes back to what you were talking about is just racks and racks of X 86 with these magic DPU or smart necks to make any individual node go blisteringly fast and do all the functions that you used to do in network appliances. >>We just said, AJ taking us to school and everyone else to school on applications, middleware abstraction layer. Yeah. And kit Culver was also talking about this across cloud. We're talking super cloud, super pass. If this continues to happen, which we would think it will happen. What does the security posture look like? It has. It feels to me. And again, this is, this is your wheelhouse. If super cloud happens with this kind of past layer where there's B motioning going on, all kinds of yeah. Spanning applications and data. Yeah. Across environments. Yeah. Assume there's an operating system working on behind the scenes. Right. What's the security posture in all this. Yeah. >>So remember my narrative about like VA guys are getting in and they're moving around and they're so sneaky that they're using legitimate pathways. The only way to stop that stuff is you've gotta understand it at what, you know, we call layer seven at the application layer the in, you know, trying to do security, the infrastructure layer. It was interesting 20 years ago, kind of less interesting 10 years ago. And now it's becoming irrelevant because the infrastructure is oftentimes not even visible, right. It's buried in some cloud provider. So layer seven, understanding, application awareness, understanding the APIs and reading the content. That's the name of the game in security. That's what we've been focused on. Right. Nothing to do with >>The infras. And where's the progress bar on that, that paradigm early one at the 10, 10 being everyone's doing it >>Right now. Well, okay. So we, as a vendor can do this today. All the stuff I talked about about reading APIs, understanding the, the individual services looking at, Hey, wait a minute. This credit card anomalies, that's all shipping production code. Where is it in customer adoption life cycle, early days, 10%. So, so there's a whole lot of headroom. We, for people to understand, Hey, I can put these controls in place. There's software based. They don't require appliances. It's layer seven. So it has contextual awareness and it's works on every single cloud. >>You know, we talk about the pandemic. Being an accelerator really was a catalyst to really rethink. Remember we used to talk about pat his security a do over. He's like, yes, if it's the last thing I'm due, I'm gonna fix security. Well, he decided to go try to fix Intel instead, but, >>But, but he's getting some help from the government, >>But it seems like, you know, CISOs have totally rethought, you know, their security strategy. And, and at least in part is a function of the pandemic. >>When I started at VMware four years ago, pat sat me down in his office and he said to me what he said to you, which is like Tom, he said, I feel like we have fundamentally changed servers. We fundamentally changed storage. We fundamentally changed networking. The last piece of the puzzle of security. I want you to go fundamentally change it. And I'll argue that the work that we're doing with this, this horizontal security understanding the lateral movement east west inspection, it fundamentally changes how security works. It's got nothing to do with firewalls. It's got nothing to do with endpoint. It's a unique capability that VMware is uniquely suited to deliver on. And so pat, thanks for the mission. We delivered it and available >>Those, those wet like web applications firewall for instance are, are around. I mean, but to your point, the perimeter's gone. Exactly. And so you gotta get, there's no perimeter. So it's a surface area problem. Correct. And access and entry, correct. They're entering here easy from some manual error or misconfiguration or bad password that shouldn't be there. They're >>In. Think about it this way. You put the front door of your house, you put a big strong door and a big lock. That's a firewall bad guys, come in the window. Right. And >>Then the window's open and the window with a ladder room. Oh my >>God. Cause it's hot, bad user behavior. Trump's good security >>Every time. And then they move around room to room. We're the room to room people. Yeah. We see each little piece of the thing. Wait, that shouldn't happen. Right. >>I wanna get you a question that we've been seeing and maybe we're early on this, or it might be just a, a false data point. A lot of CSOs and we're talking to are, and people in industry in the customer environment are looking at CSOs and CSOs, two roles, chief information security officer, and then chief security officer Amazon, actually, Steven Schmidt is now CSO at reinforced. They actually called that out. Yeah. And the, and the interesting point that he made, we've had some other situations that verified. This is that physical security is now tied to online to your point about the service area. If I get a password, I still at the keys to the physical goods too. Right. Right. So physical security, whether it's warehouse for them is, or store or retail digital is coming in there. Yeah. So is there a CSO anymore? Is it just CSO? What's the role or are there two roles you see that evolving or is that just, >>Well, >>I circumstance, >>I, I think it's just one. And I think that, that, you know, the stakes are incredibly high in security. Just look at the impact that these security attacks are having on it. It, you know, companies get taken down, Equifax market cap was cut, you know, 80% with a security breach. So security's gone from being sort of a nuisance to being something that can impact your whole kind of business operation. And then there's a whole nother domain where politics get involved. Right. It determines the fate of nations. I know that sounds grand, but it's true. Yeah. And so, so, so companies care so much about it. They're looking for one liter, one throat to choke, you know, one person that's gonna lead security in the virtual domain, in the physical domain, in the cyber domain, in, in, you know, in the actual, well, it is, >>I mean, you mentioned that, but I mean, mean you look at Ukraine. I mean the, the, that, that, that cyber is a component of that war. I mean, that's very clear. I mean, that's, that's new, we've never seen >>This. And in my opinion, the stuff that we see happening in the Ukraine is small potatoes compared to what could happen. Yeah, yeah. Right. So the us, we have a policy of, of strategic deterrents where we develop some of the most sophisticated cyber weapons in the world. We don't use them and we hope never to use them because the, the, our adversaries who could do stuff like, oh, I don't know, wipe out every bank account in north America, or turn off the lights in New York city. They know that if they were to do something like that, we could do something back. >>I, this discuss, >>This is the red line conversation I wanna go there. So >>I had this discussion with Robert Gates in 2016 and he said, we have a lot more to lose, which is really >>Your point. So this brand, so I agree that there's the, to have freedom and Liberty, you gotta strike back with divorce and that's been our way to, to balance things out. Yeah. But with cyber, the red line, people are already in banks. So they're addresses are operating below the red line, red line, meaning before we know you're in there. So do we move the red line down because Hey, Sony got hacked the movie because they don't have their own militia. Yeah. If they were physical troops on the shores of LA breaking into the file cabinets. Yeah. The government would've intervened. >>I, I, I agree with you that it creates, it creates tension for us in the us because our, our adversaries don't have the clear delineation between public and private sector here. You're very, very clear if you're working for the government or you work for an private entity, there's no ambiguity on that. And so, so we have different missions in each department. Other countries will use the same cyber capabilities to steal intellectual, you know, a car design as they would to, you know, penetrate a military network. And that creates a huge hazard for us on the us. Cause we don't know how to respond. Yeah. Is that a civil issue? Is that a, a, a military issue? And so, so it creates policy ambiguity. I still love the clarity of separation of, you know, sort of the various branches of government separation of government from, >>But that, but, but bureau on multinational corporation, you then have to, your cyber is a defensible. You have to build the defenses >>A hundred percent. And I will also say that even though there's a clear D mark between government and private sector, there's an awful lot of cooperation. So, so our CSO, Alex toshe is actively involved in the whole intelligence community. He's on boards and standards and we're sharing because we have a common objective, right? We're all working together to fight these bad guys. And that's one of the things I love about cyber is that that even direct competitors, two big banks that are rivals on the street are working together to share security information and, and private, is >>There enough? Is collaboration Tom in the vendor community? I mean, we've seen efforts to try to, that's a good question, monetize private data, you know? Yeah. And private reports and, >>And, you know, like, so at VMware, we, we, I'm very proud of the security capabilities we've built, but we also partner with people that I think of as direct competitors, we've got firewall vendors and endpoint vendors that we work with and integrate. And so cooperation is something that exists. It's hard, you know, because when you have these kind of competing, you know, so could we do more? Of course we probably could, but I do think we've done a fair amount of cooperation, data sharing, product integration, et cetera, you know, and, you know, as the threats get worse, you'll probably see us continue to do more. >>And the governments is gonna trying to force that too. >>And, and the government also drives standards. So let's talk about crypto. Okay. So there's a new form of encryption coming out called quantum processing, calling out. Yeah. Yeah. Quantum, quantum computers have the potential to crack any crypto cipher we have today. That's bad. Okay. Right. That's not good at all because our whole system is built around these private communications. So, so the industry is having conversations about crypto agility. How can we put in place the ability to rapidly iterate the ciphers in encryption? So when the day quantum becomes available, we can change them and stay ahead of these quantum people. Well, >>Didn't this just put out a quantum proof algo that's being tested right now by the, the community. >>There's a lot of work around that. Correct. And, and, and this is taking the lead on this, but you know, Google's working on it, VMware's working on it. We're very, very active in how do we keep ahead of the attackers and the bad guys? Because this quantum thing is like a, it's a, it's a x-ray machine. You know, it's like, it's like a, a, a di lithium crystal that can power a whole ship. Right. It's a really, really, really powerful >>Tool. It's bad. Things will happen. >>Bad things could happen. >>Well, Tom, great to have you on the cube. Thanks for coming. Take the last minute to just give a plug for what's going on for you here at world this year, VMware explore this year. Yeah. >>We announced a bunch of exciting things. We announced enhancements to our, our NSX family, with our advanced load balancer, with our edge firewall. And they're all in service of one thing, which is helping our customers make their private cloud like the public cloud. So I like to say 0, 0, 0. If you are in the cloud operating model, you have zero proprietary appliances. You have zero tickets to launch a workload. You have zero network taps and zero trust built into everything you do. And that's, that's what we're working on and pushing that further and further. >>Tom Gill, senior vices president head of the networking at VMware. Thanks for coming up for you. Appreciate >>It. Yes. Thanks for having guys >>Always getting the security data. That's killer data and security of the two ops that get the most conversations around dev ops and cloud native. This is the queue bringing you all the action here in San Francisco for VMware. Explore 2022. I'm John furrier with Dave, Alan. Thanks for watching.

[Music] hello everyone welcome back to the live coverage here in monaco for the monaco crypto summit i'm john furrier host of thecube uh we have a great great guest lineup here already in nine interviews small gathering of the influencers and the people making it happen powered by digital bits sponsored by digital bits presented by digital bits of course a lot happening around decentralization web 3 the metaverse we've got a a powerhouse influencer on the qb ryan gills the founder of openmeta been in the issue for a while ryan great to see you thanks for coming on great to be here thank you you know one of the things that we were observing earlier conversations is you have young and old coming together the best and brightest right now in the front line it's been there for a couple years you know get some hype cycles going on but that's normal in these early growth markets but still true north star is in play that is democratize remove the intermediaries create immutable power to the people the same kind of theme has been drum beating on now come the metaverse wave which is the nfts now the meta verses you know at the beginning of this next wave yeah this is where we're at right now what are you working on tell us what's what's open meta working on yeah i mean so there is a reason for all of this right i think we go through all these different cycles and there's an economic incentive engine and it's designed in because people really like making money but there's a deeper reason for it all and the words the buzzwords the terms they change based off of different cycles this one is a metaverse i just saw it a little early you know so i recognized the importance of an open metaverse probably in 2017 and really decided to dedicate 10 years to that um so we're very early into that decade and we're starting to see more of a movement building and uh you know i've catalyzed a lot of that from from the beginning and making sure that while everything moves to a closed corporate side of things there's also an equal bottom-up approach which i think is just more important and more interesting well first of all i want to give you a lot of props for seeing it early and recognizing the impact and potential collateral damage of not not having open and i was joking earlier about the facebook little snafu with the the exercise app and ftc getting involved and you know i kind of common new york times guy comment online like hey i remember aol wanted to monopolize dial up internet and look the open web obviously changed all that they went to sign an extinction not the same comparable here but you know everyone wants to have their own little walled guard and they feel comfortable first-party data the data business so balancing the benefit of data and all the ip that could come into whether it's a visualization or platform it has to be open without open then you're going to have fragmentation you're going to have all kinds of perverse incentives how does the metaverse continue with such big players like meta themselves x that new name for facebook you know big bully tons of cash you know looking to you know get their sins forgiven um so to speak i mean you got google probably will come in apple's right around the corner amazon you get the whales out there how do is it proprietary is walled garden the new proprietary how do you view all that because it's it's still early and so there's a lot of change can happen well it's an interesting story that's really playing out in three acts right we had the first act which was really truly open right there was this idea that the internet is for the end user this is all just networking and then web 2 came and we got a lot of really great business models from it and it got closed up you know and now as we enter this sort of third act we have the opportunity to learn from both of those right and so i think web 3 needs to go back to the values of web one with the lessons in hindsight of web 2. and all of the winners from web 2 are clearly going to want to keep winning in web 3. so you can probably guess every single company and corporation on earth will move into this i think most governments will move into it as well and um but they're not the ones that are leading it the ones that are leading it are are just it's a culture of people it's a movement that's building and accumulating over time you know it's weird it's uh the whole web 2 thing is the history is interesting because you know when i started my podcasting company in 2004 there's only like three of us you know the dave weiner me evan williams and jack dorsey and we thought and the blogging just was getting going and the dream was democratization at the time mainstream media was the enemy and then now blogs are media so and then all sudden it like maybe it was the 2008 area with the that recession it stopped and then like facebook came in obviously twitter was formed from the death of odio podcasting company so the moment in time in history was a glimmic glimmer of hope well we went under my company went under we all went under but then that ended and then you had the era of twitter facebook linkedin reddit was still around so it kind of stopped where did it where did it pick up was it the ethereum bitcoin and ethereum brought that back where'd the open come back well it's a generational thing if you if you go back to like you know apple as a startup they were trying to take down ibm right it was always there's always the bigger thing that was that we we're trying to sort of unbundle or unpackage because they have too much power they have too much influence and now you know facebook and apple and these big tech companies they are that on on the planet and they're doing it bigger than it's ever been done but when they were startups they existed to try to take that from a bigger company so i think you know it's not an it's not a fact that like facebook or zuckerberg is is the villain here it's just the fact that we're reaching peak centralization anything past this point it becomes more and more unhealthy right and an open metaverse is just a way to build a solution instead of more of a problem and i think if we do just allow corporations to build and own them on the metaverse these problems will get bigger and larger more significant they will touch more people on earth and we know what that looks like so why not try something different so what's the playbook what's the current architecture of the open meta verse that you see and how do people get involved is there protocols to be developed is there new things that are needed how does the architecture layout take us through that your mindset vision on that and then how can people get involved yeah so the the entity structure of what i do is a company called crucible out of the uk um but i i found out very quickly that just a purely for-profit closed company a commercial company won't achieve this objective there's limitations to that so i run a dao as well out of switzerland it's called open meta we actually we named it this six months before facebook changed their name and so this is just the track we're on right and what we develop is a protocol uh we believe that the internet built by game developers is how you define the metaverse and that protocol is in the dao it is in the dow it's that's crucial crucible protocol open meta okay you can think of crucible as labs okay no we're building we're building everything so incubator kind of r d kind of thing exactly yeah and i'm making the choice to develop things and open them up create public goods out of them harness things that are more of a bottom-up approach you know and what we're developing is the emergence protocol which is basically defining the interface between the wallets and the game engines right so you have unity and unreal which all the game developers are sort of building with and we have built software that drops into those game engines to map ownership between the wallet and the experience in the game so integration layer basically between the wallet kind of how stripe is viewed from a software developer's campaign exactly but done on open rails and being done for a skill set of world building that is coming and game developers are the best suited for this world building and i like to own what i built yeah i don't like other people to own what i build and i think there's an entire generation that's that's really how do you feel about the owning and sharing component is that where you see the scale coming into play here i can own it and scale it through the relationship of the open rails yeah i mean i think the truth is that the open metaverse will be a smaller network than even one corporate virtual world for a while because these companies have billions of people right yeah every room you've ever been in on earth people are using two or three of facebook's products right they just have that adoption but they don't have trust they don't have passion they don't have the movement that you see in web3 they don't have the talent the level of creative talent those people care about owning what they create on the on what can someone get involved with question is that developer is that a sponsor what do people do to get involved with do you and your team and to make it bigger i mean it shouldn't be too small so if this tracks you can assume it gets bigger if you care about an open metaverse you have a seat at the table if you become a member of the dao you have a voice at the table you can make decisions with us we are building developing technology that can be used openly so if you're a game developer and you use unity or unreal we will open the beta this month later and then we move directly into what's called a game jam so a global hackathon for game developers where we just go through a giant exploration of what is possible i mean you think about gaming i always said the early adopters of all technology and the old web one was porn and that was because they were they were agnostic of vendor pitches or whatever is it made money they've worked we don't tell them we've always been first we don't tolerate vaporware gaming is now the new area where it is so the audience doesn't want vapor they want it to work they want technology to be solid they want community so it's now the new arbiter so gaming is the pretext to metaverse clearly gaming is swallowing all of media and probably most of the world and this game mechanics under the hood and all kinds of underlying stuff now how does that shape the developer community so like take the classic software developer may not be a game developer how do they translate over you seeing crossover from the software developers that are out there to be game developers what's your take on that it's an interesting question because i come to a lot of these events and the entire web 3 movement is web developers it's in the name yeah right and we have a whole wave of exploration and nfts being sold of people who really love games they're they're players they're gamers and they're fans of games but they are not in the skill set of game development this is a whole discipline yeah it's a whole expertise right you have to understand ik retargeting rigging bone meshes and mapping of all of that stuff and environment building and rendering and all these things it's it's a stacked skill set and we haven't gone through any exploration yet with them that is the next cycle that we're going to and that's what i've spent the last three or four years preparing for yeah and getting the low code is going to be good i was saying earlier to the young gun we had on his name was um oscar belly he's argo versus he's 25 years old he's like he made a quote i'm too old to get into esports like 22 old 25 come on i'd love to be in esports i was commenting that there could be someone sitting next to us in the metaverse here on tv on our digital tv program in the future that's going to be possible the first party citizenship between physical experience absolutely and meta versus these cameras all are a layer in which you can blend the two yeah so that that's that's going to be coming sooner and it's really more of the innovation around these engines to make it look real and have someone actually moving their body not like a stick figure yes or a lego block this is where most people have overlooked because what you have is you have two worlds you have web 3 web developers who see this opportunity and are really going for it and then you have game developers who are resistant to it for the most part they have not acclimated to this but the game developers are more of the keys to it because they understand how to build worlds yeah they do they understand how to build they know what success looks like they know what success looks like if you if you talk about the metaverse with anyone the most you'll hear is ready player one yeah maybe snow crash but those things feel like games yeah right so the metaverse and gaming are so why are game developers um like holding back is because they're like ah it's too not ready yet i'm two more elite or is it more this is you know this is an episode on its own yeah um i'm actually a part of a documentary if you go to youtube and you say why gamers hate nfts there's a two-part documentary about an hour long that robin schmidt from the defiant did and it's really a very good deep dive into this but i think we're just in a moment in time right now if you remember henry ford when he he produced the car everybody wanted faster horses yeah they didn't understand the cultural shift that was happening they just wanted an incremental improvement right and you can't say that right now because it sounds arrogant but i do believe that this is a moment in time and i think once we get through this cultural shift it will be much more clear why it's important it's not pure speculation yeah it's not clout it's not purely money there's something happening that's important for humanity yeah and if we don't do it openly it will be more of a problem yeah i totally agree with you on that silent impact is number one and people some people just don't see it because it's around the corner visionaries do like yourselves we do my objective over the next say three to six months is to identify which game developers see the value in web 3 and are leaning into it because we've built technology that solves interoperability between engines mapping ownership from wallets all the sort of blueprints that are needed in order for a game developer to build this way we've developed that we just need to identify where are they right because the loudest voices are the ones that are pushing back against this yeah and if you're not on twitter you don't see how many people really see this opportunity and i talked to epic and unity and nvidia and they all agree that this is where the future is going but the one question mark is who wants it where are they you know it's interesting i talked to lauren besel earlier she's from the music background we were talking about open source and how music i found that is not open it's proprietary i was talking about when i was in college i used to deal software you'd be like what do you mean deal well at t source code was proprietary and that started the linux movement in the 80s that became a systems revolution and then open source then just started to accelerate now people like it's free software is like not a big deal everyone knows it's what it was never proprietary but we were fighting the big proprietary code bases you mentioned that earlier is there a proprietary thing for music well not really because it's licensed rights right so in the metaverse who's the proprietary is it the walled garden is the is it is it the gamers so is it the consoles is it the investment that these gaming companies have in the software itself so i find that that open source vibe is very much circulating around your world actually open maps in the word open but open source software has a trajectory you know foundations contributors community building same kind of mindset music not so much because no one's it's not direct comparable but i think here it's interesting the gaming culture could be that that proprietary ibm the the state the playstation the xbox you know if you dive into the modding community right the modding community has sort of been this like gray area of of gaming and they will modify games that already exist but they do it with the values of open source they do it with composability and there's been a few breakthroughs counter-strike is a mod right some of the largest games of all time came from mods of other games look at quake had a comeback i played first multiplayer doom when it came out in the 90s and that was all mod based exactly yeah quake and quake was better but you know i remember the first time on a 1.5 cable mode and playing with my friends remember vividly now the graphics weren't that good but that was mod it's mod so then you go i mean and then you go into these other subcultures like dungeons and dragons which was considered to be such a nerdy thing but it's just a deeply human thing it's a narrative building collective experience like these are all the bottom-up type approaches modding uh world building so you're going to connect so i'm just kind of thinking out loud here you're going to connect the open concept of source with open meta bring game developers and software drills together create a fabric of a baseline somewhat somewhat collected platform tooling and components and let it just sell form see what happens better self form that's your imposing composability is much faster yeah than a closed system and you got what are your current building blocks you have now you have the wallet and you have so we built an sdk on both unity and unreal okay as a part of a system that is a protocol that plugs into those two engines and we have an inventory service we have an avatar system we basically kind of leaned into this idea of a persona being the next step after a pfp so so folks that are out there girls and boys who are sitting there playing games they could build their own game on this thing absolutely this is the opportunity for them entrepreneurs to circumvent the system and go directly with open meta and build their own open environment like i said before i i like to own the things i built i've had that entrepreneurial lesson but i don't think in the future you should be so okay with other companies or other intermediaries owning you and what you build i think i mean opportunity to build value yeah and i think i think your point the mod culture is not so much going to be the answer it's what that was like the the the the dynamic of modding yes is developing yes and then therefore you get the benefit of sovereign identity yeah you get the benefit of unbanking that's not the way we market this but those are benefits that come along with it and it allows you to live a different life and may the better product win yeah i mean that's what you're enabling yeah ryan thanks so much for coming on real final question what's going on here why are we here in monaco what's going on this is the inaugural event presented by digital bits why are we here monaco crypto summit i'm here uh some friends of mine brittany kaiser and and lauren bissell invited me here yeah i've known al for for a number of years and i'm just here to support awesome congratulations and uh we'll keep in touch we'll follow up on the open meta great story we love it thanks for coming on okay cube coverage continues here live in monaco i'm john furrier and all the action here on the monaco crypto summit love the dame come back next year it'll be great back with more coverage to wrap up here on the ground then the yacht club event we're going to go right there as well that's in a few hours so we're going to be right back [Music] you

>>The cube presents Koon and cloud native con Europe, 2022, brought to you by red hat, the cloud native computing foundation and its ecosystem partners. >>Welcome to Valencia Spain and CubeCon cloud native con Europe, 2022 I'm cube Townsend, along with Paul Gill, senior editor, enterprise architecture at Silicon angle. We are talking to some incredible folks this week, continuing the conversation around enabling developers to do their work. Paul you've said that this conference is about developers. What are you finding key as a theme running throughout the show >>That that developers really need a whole set of special tools. You know, it's not the end user, the end user tools, the end user access controls the authentication it's developers need a need their own to live their in their own environment. They need their own workflow tools, their own collaboration and their own security. And that's where teleport comes in. >>So speaking of teleport, we have Michael fork, chief marking our officer at teleport new world role for you. First, tell me about how long have you been at teleport now >>Going on seven or eight months now, >>Seven or eight months in this fast moving market. I'm I'm going to tell you a painful experience I've had in this new world. We've built applications. We've moved fast audits come in. The auditors have come in and they said, you know what, who authorized this change to the cluster? And we'll go into the change ticket and say, this person authorized the changes and the change ticket. And then they'll ask for trace back. Okay. Show me the change. What do it mean? Show you the changes. It just happened. >>Yeah. Check, check GitHub. >>Yeah, check GI, get, see, we, we, we, we said we were gonna make the changes, the change happen. That's not enough. What are CU, how are you helping customers solve this access control and audit problem? >>Yeah, that's a great question. There're kind of, there're kind of two, two sides to the puzzle. And actually I think that the intro hits it. Well, you you've talked about kind of developer experience needing needing tools to more efficiently do the job as a practitioner. And you're coming at it from kind of a security and compliance angle. And there's a tension between both of those teams. It's like, you know, there's, there's a tension between dev and ops before we created DevOps. There's also a tension between kind of security teams and developers. So we've created dev SecOps. What that means is you need an easy way for developers to get access, access to the resources they needed through their jobs. That's, you know, Linux hosts and databases and Kubernetes clusters and, you know, monitoring dashboards and managing all of those credentials is quite cumbersome. If I need to access a dozen systems, then you know, I'm using SSH keys to access this. >>I have admin credentials for my database. I I'm going through a VPN to access an internal dashboard, teleport, consolidates, all of that access into a single login via your identity provider, Okta active directory, but then on the security and compliance side, we make it really easy for that compliance officer. When they say, show me that change, we have all of the audit logs. That's that show exactly what changes Keith made when he logged into, into that system. And in fact, one of the booths behind here is talking about E B P F a modern way to get that kind of kernel level grade granularity. We build all of that observability into teleport to make the security and compliance teams happy. And the engineering teams a lot more productive. >>Where do the, the access control tools like Okta, you mentioned fall short. I mean, why, why is there a need for your level of, of control at the control plane? >>Yeah. When you, when you start to talk about authorization, authentication, audit at the infrastructure level, each of these technologies has its own way of managing what kind of in, in the jargon often and Ze, right? Authentication authorization. So you have SSH for, for Linux. Kubernetes has its own way of doing authorization. All of the database providers have their own way and it's quite complicated, right? It's, it's much different. So, you know, if I'm gonna access office 365 or I'm gonna a access Salesforce, right. I'm really talking about the HTTP protocol. It's relatively trivial to implement single sign on for web-based applications. But when we start talking about things that are happening at the Linux kernel level, or with Kubernetes, it's quite complicated to build those integrations. And that's where teleport extends what you have with your IDP. So for instance, Okta, lots of our customers use Okta as their identity provider, but then teleport takes those roles and applies them and enforces them at the actual infrastructure level. >>So if I'm a lay developer, I'm looking at this thinking, you know, I, I have service mesh, I've implemented link D SEO or something to that level. And I also have Ansible and Ansible has security, etcetera. What, what role, or how does that integrate to all together from a big picture perspective? >>Yeah. So >>What, one of the, kind of the meta themes at teleport is we, we like to, we like to say that we are fighting complexity cuz as we build new technologies, we tend to run the new tech on top of the old tech. Whereas for instance, when you buy a new car, you typically don't, you know, hook the old car to the back and then pull it around with you. Right? We, we replace old technology with new technology, but in infrastructure that doesn't happen as often. And so you end up with kind of layers of complexity with one protocol sitting on top of another protocol on top of another protocol. And what teleport does is for the access control plane, we, we kind of replace the legacy ways of doing authentication authorization and audit with a new modern experience. But we allow you to continue to use the existing tools. >>So we don't replace, for instance, you know, your configuration management system, you can keep using Ansible or, or salt or Jenkins, but teleport now is gonna give those, those scripts or those pipelines in identity that you can define. What, what should Ansible be able to do? Right? If, cuz people are worried about supply chain attacks, if a, if a vulnerable dependency gets introduced into your supply chain pipeline and your kind of Ansible playbook goes crazy and starts deploying that vulnerability everywhere, that's probably something you wanna limit with teleport. You can limit that with an identity, but you can still use the tools that you're, that you're used to. >>So how do I guarantee something like an ex-employee doesn't come in and, and initiate Ansible script that was sitting in the background just waiting to happen until, you know, they left. >>Yeah. Great question. It's there's kind of the, the, the great resignation that's happening. We did a survey where actually we asked the question kind of, you know, can you guarantee that X employees can no longer access your infrastructure? And shockingly like 89% of companies could not guarantee that it's like, wow, that's like that should, that should be a headline somewhere. And we actually just learned that there are on the dark web, there are people that are targeting current employees of Netflix and Uber and trying to buy credentials of those employees to the infrastructure. So it's a big problem with teleport. We solve this in a really easy, transparent way for developers. Everything that we do is based on short lift certificates. So unlike a SSH key, which exists until you decommission it, shortlist certificates by, by default expire. And if you don't reissue them based on a new login based on the identity, then, then you can't do anything. So even a stolen credential kind of the it's value decreases dramatically over time. >>So that statistic or four out of five companies can't guarantee X employees can't access infrastructure. Why is simply removing the employee from the, you know, from the L app or directory decommissioning their login credentials. Why is that not sufficient? >>Well, it, it depends on if everything is integrated into your identity provider and because of the complexities of accessing infrastructure, we know that developers are creative people. And by, by kind of by definition, they're able to create systems to make their lives easier. So one thing that we see developers doing is kind of copying an SSH key to a local notepad on, on their computer. So they essentially can take that credential out of a vault. They can put it somewhere that's easier for them to access. And if you're not rotating that credential, then I can also, you know, copy it to a, to a personal device as well. Same thing for shared admin credentials. So the, the, the issue is that those credentials are not completely managed in a unified way that enables the developer to not go around the system in order to make their lives easier. >>But rather to actually use the system, there's a, there's a market called privilege access management that a lot of enterprises are using to kind of manage credentials for their developers, but it's notoriously disruptive to developer workflows. And so developers kind of go around the system in order to make their jobs easier. What teleport does is we obviate the need to go around the system, cuz the simplest thing is just to come in in the morning, log in one time to my identity provider. And now I have access to all of my servers, all of my databases, all of my Kubernetes clusters with a short lift certificate, that's completely transparent. And does >>This apply to, to your, both your local and your cloud accounts? >>Yes. Yes, exactly. >>So as a security company, what's driving the increase in security breaches. Is it the lack of developer hygiene? Is it this ex-employee great resignation bill. Is it external intruders? What's driving security breaches today. >>Yes. >>It's you know, it's, it's all of those things. I think if I had to put, give you a one word answer, I would say complexity. The systems that we are building are just massively complex, right? Look at how many vendors there are at this show in order to make Kubernetes easy to use, to do what its promises. It's just, we're building very complex systems. When you build complex systems, there's a lot of back doors, we call it kind of a tax surface. And that's why for every new thing that we introduce, we also need to think about how do we remove old layers of the stack so that we can simplify so that we can consolidate and take advantage of the power of something like Kubernetes without introducing security vulnerabilities. >>One of the problems or challenges with security solutions is, you know, you there's this complexity versus flexibility knob that you, you need to be careful of. What's the deployment experience in integration experience for deploying teleport. >>Yeah, it's it, we built it to be cloud native to feel like any other kind of cloud native or Kubernetes like solution. So you basically, you deploy it using helm chart, you deploy it using containers and we take care of all of the auto configuration and auto update. So that it's just, it's, it's part of your stack and you manage it using the same automation that you use to manage everything else. That's a, that's a big kind of installation and developer experience. Part of it. If it's complex to use, then not only are developers not gonna use it. Operations teams are not gonna want to have to deal with it. And then you're left with doing things the old way, which is very unsatisfactory for everybody. >>How does Kubernetes change the security equation? Are there vulnerabilities? It introduces to the, to the stack that maybe companies aren't aware of >>Almost by definition. Yes. Kind of any new technology is gonna introduce new security vulnerabilities. That's the that's that is the result of the complexity, which is, there are things that you just don't know when you introduce new components. I think kind of all of the supply chain vulnerabilities are our way of looking at that, which is we have, you know, Kubernetes is itself built on a lot of dependencies. Those dependencies themselves could have security vulnerabilities. You might have a package that's maintained by one kind of hobbyist developer, but that's actually deployed across hundreds of thousands of applications across, across the internet. So again, it's about one understanding that that complexity exists and then saying, is there a way that we can kind of layer on a solution that provides a common layer to let us kind of avoid that complexity and say, okay, every critical action needs to be authorized with an identity that way if it's automated or if it's human, I have that level of assurance that a hacked Ansible pipeline is not going to be able to introduce vulnerabilities across my entire infrastructure. >>So one of the challenges for CIOs and CTOs, it's the lack of developer resources and another resulting pain point that compounds that issue is rework due to security audits is teleport a source of truth that when a auditor comes in to audit a, a, a, a C I C D pipeline that the developer or, or operations team can just say, Hey, here's, self-service get what you need. And come back to us with any questions or is there a second set of tools we have to use to get that audit and compliance reporting? >>Yeah, it's teleport can be that single source of truth. We can also integrate with your other systems so you can export all of the, what we call access logs. So every, every behavior that took place, every query that was run on a database, every, you know, curl command that was run on a Lennox, host, teleport is creating a log of that. And so you can go in and you can filter and you can view those, those actions within teleport. But we also integrate with other systems that, that people are using, you have its Splunk or Datadog or whatever other tool chain it's really important that we integrate, but you can also use teleport as that single source. So >>You can work with the observability suites that are now being >>Installed. Yeah, there, the, the wonderful thing about kind of an ecosystem like Kubernetes is there's a lot of standardization. You can pick your preferred tool, but under the hood, the protocols for taking a log and putting it in another system are standardized. And so we can integrate with any of the tools that developers are already using. >>So how big is teleport when I'm thinking about a, from a couple of things big as in what's the footprint and then from a developer operations team overhead, is this kind of a set and forget it, how much care feed and maintenance does it >>Need? So it's very lightweight. We basically have kind of two components. There's the, the access proxy that sits in front of your infrastructure. And that's what enables us to, you know, regardless of the complexity that sits across your multi data center footprint, your traditional applications, running on windows, your, your, your modern applications running on, you know, Linux and Kubernetes, we provide seamless access to all of that. And then there's an agent that runs on all of your hosts. And this is the part that can be deployed using yo helm or any other kind of cloud native deployment methodology that enables us to do the, the granular application level audit. For instance, what queries are actually being run on CockroachDB or on, on Postgres, you know, what, what CIS calls are running on Linnux kernel, very lightweight automation can be used to install, manage, upgrade all of it. And so from an operations perspective, kind of bringing in teleport shouldn't be any more complicated than running any application on a container. That's, that's the design goal and what we built for our customers. >>If I'm in a hybrid environment, I'm transitioning, I'm making the migration to teleport. Is this a team? Is this a solution that sits only on the Kubernetes cloud native side? Or is this something that I can trans transition to initially, and then migrate all of my applications to, as I transition to cloud native? >>Yeah. We, there are kind of, no, there are no cloud native dependencies for teleport. Meaning if you are, you're a hundred percent windows shop, then we support for instance, RDP. That's the way in which windows handles room access. If you have some applications that are running on Linux, we can support that as well. If you've got kind of the, you know, the complete opposite in the spectrum, you're doing everything, cloud native containers, Kubernetes, everything. We also support that. >>Well, Michael, I really appreciate you stopping by and sharing the teleport story. Security is becoming an obvious pain point for cloud native and container management. And teleport has a really good story around ensuring compliance and security from Licia Spain. I'm Keith towns, along with Paul Gillon and you're watching the cue, the, the leader, not the, the leader two, the high take tech coverage.

>>The cube presents, Coon and cloud native con Europe 22, brought to you by the cloud native computing foundation. >>Welcome to the cube coverage of CubeCon 2022 EU. I'm here with my cohost Paul Gill. Please work with you, Keith. Nice to work with you, Paul. And we have our first two guests. The cube is hot. I'm telling you we are having interviews before the start of even the show floor I have with me. We gotta start with the customers first enterprise architect, a non-con Aon con. Welcome to the show. >>Thank you so >>Much. Cube time cube time. First now you're at cube alumni. Yep. <laugh> and, and, uh, has Havani CEO. Arai welcome back. Nice to, >>Uh, >>Talk to you again today. So we're talking all things Kubernetes and we're super excited to talk to MoneyGram about their journey to Kubernetes. First question I have for Anon. Talk to us about what your pre Kubernetes landscape looked like. >>Yeah, certainly. Uh, Keith, so, um, we had a, uh, you know, a traditional mix of legacy applications and modern applications. Uh, you know, a few years ago we made the decision to move to a microservices architecture. Um, and this was all happening while we were still on prem. Right? So your traditional VMs, um, and you know, we started 20, 30 microservices, but with the microservices packing, you know, you quickly expand to hundreds of microservices. Um, and we started getting to that stage where managing them without sort of an orchestration platform, uh, and just as traditional VMs was getting to be really challenging, right. Uh, especially from a day two operational, uh, you know, you can manage 10, 15 microservices, but when you start having 50 and so forth, um, all those concerns around, uh, you know, high availability, operational performance. Um, so we started looking at some open source projects, you know, spring cloud. Uh, we are predominantly a Java, um, shop. So we looked at the spring cloud projects. Uh, they give you a number, uh, you know, of initiatives, um, for doing some of those, um, management and what we realized again, to manage those components, um, without sort of a platform was really challenging. So that, that kind of led us to sort of Kubernetes where, um, along with our journey cloud, uh, it was the platform that could help us with a lot of those management operational concerns. >>So as you talk about some of those challenges, pre Kubernetes, what were some of the operational issues that you folks experienced? >>Yeah. You know, uh, certain things like auto scaling is, is number one, right? I mean, that's a fundamental concept of cloud native, right. Is, um, how do you auto scale VMs? Right. Uh, you can put in some old methods and stuff, but, uh, it was really hard to do that automatically. Right. So, uh, Kubernetes with like HPA gives you those out of the box, right? Provided you set the right policies. Uh, you can have auto scaling, uh, where it can scale up and scale back. So we were doing that manually. Right. So before, uh, you know, MoneyGram, obviously, you know, holiday season, people are sending more money mother's day. Um, our ops team would go in basically manually scale, uh, VMs. Right. So we'd go from four instances to maybe eight instances. Right. Uh, but, but that entailed outages. Right. Um, and just to plan around doing that manually and then sort of scale them back was a lot of overhead, a lot of administration overhead. Right. So, uh, we wanted something that could help us do that automatically right. In a, in an efficient, uh, unintrusive way. So, so, you know, that was one of the things, uh, monitoring, um, and, and management, uh, operations, you know, just kind of visibility into how those applications were during, what were the status of your, um, workloads was also a challenge, right. Uh, to do that. >>So, cause see, I gotta ask the question. If someone would've came to me with that problem, I'd just say, you know, what, go to the plug, the cloud, what, how does, uh, your group help solve some of these challenges? What do you guys do? >>Yeah. What, what do we do? So here's my perspective on the market as it's playing out. So I see a bifurcation happening in the Kubernetes space, but there's the Kubernetes run time. So Amazon is EKS Azure as EKS, you know, there's enough of these available. They're not managed services. They're actually really good, frankly. Right? In fact, retail customers, if you're an Amazon, why would you spin up your own? Just use EK. It's awesome. But then there's an operational layer that is needed to run Kubernetes. Uh, my perspective is that, you know, 50,000 enterprises are adopting Kubernetes over the next five to 10 years. And they're all gonna go through the same exact journey and they're all gonna end up, you know, potentially making the same mistake, which is, they're gonna assume that Kubernetes is easy. <laugh> they're gonna say, well, this is not hard. I got this up and running on my laptop. >>This is so easy. No worries. Right. I can do key gas, but then, okay. Can you consistently spin up these things? Can you scale them consistently? Do you have the right blueprints in place? Do you have the right access management in place? Do you have the right policies in place? Can you deploy applications consistently? Do you have monitoring and visibility into those things? Do your developers have access to when they need it? Do you have the right networking layer in place? Do you have the right chargebacks in place? Remember you have multiple teams and by the way, nobody has a single cluster. So you gotta do this across multiple clusters. And some of them have multiple clouds, not because they wanna be multiple clouds because, but sometimes you buy a company and they happen to be in Azure. How many dashboards do you have now across all the open source technologies that you have identified to solve these problems? >>This is where pain lies. So I think that Kubernetes is fundamentally a solve problem. Like our friends at AWS and Azure they've solved this problem. It's like a KSKS et cetera, GK for that matter. They're they're great. And you should use them and don't even think about spinning up Q B and a best clusters. Don't do it. Use the platforms that exist and commensurately on premises. OpenShift is pretty awesome, right? If you like it, use it. But then when it comes to the operations layer, right, that's where today we end up investing in a DevOps team and then an SRE organization that need to become experts in Kubernetes. And that is not tenable, right? Can you let's say unlimited capital unlimited budgets. Can you hire 20 people to do Kubernetes today? >>If you could find them, if >>You can find 'em right. So even if you could, the point is that see, five years ago, when your competitors were not doing Kubernetes, it was a competitive advantage to go build a team to do Kubernetes. So you could move faster today. You know, there's a high chance that your competitors are already buying from a Rafa or somebody like Rafa. So now it's better to take these really, really sharp engineers and have them work on things that make the company money, writing operations for Kubernetes. This is a commodity. Now >>How confident are you that the cloud providers won't get in and do what you do and put you out of business? >>Yeah, I mean, absolutely. I think, I mean, in fact, I, I had a conversation with somebody from HBS this morning and I was telling them, I don't think you have a choice. You have to do this right. Competition is not a bad thing. Right? This, the, >>If we are the only company in a space, this is not a space, right. The bet we are making is that every enterprise has, you know, they have an on-prem strategy. They have at least a handful of, everybody's got at least two clouds that they're thinking about. Everybody starts with one cloud and then they have some other cloud that they're also thinking about, um, for them to only rely on one cloud's tools to solve for on-prem plus that second cloud, they potentially, they may have, that's a tough thing to do. Um, and at the same time we as a vendor, I mean the only real reason why startups survive is because you have technology that is truly differentiated, right. Otherwise, right. I mean, you gotta build something that is materially. Interesting. Right. We seem to have, sorry, go ahead. >>No, I was gonna ask you, you actually had me thinking about something, a non yes. MoneyGram big, well known company, a startup, adding, working in a space with Google, VMware, all the biggest names. What brought you to Rafi to solve this operational challenge? >>Yeah. Good question. So when we started out sort of in our Kubernetes, um, you know, we had heard about EKS, uh, and, and we are an AWS shop. So, uh, that was the most natural path. And, and we looked at, um, EKS and, and used that to, you know, create our clusters. Um, but then we realized very quickly that yes, toe's point AWS manages the control plane for you. It gives you the high availability. So you're not managing those components, which is some really heavy lifting. Right. Uh, but then what about all the other things like, you know, centralized dashboard, what about, we need to provision, uh, Kubernetes clusters on multi-cloud right. We have other clouds that we use, uh, or also on prem. Right. Um, how do you do some of that stuff? Right. Um, we, we also, at that time were looking at, uh, other, uh, tools also. >>And I had, I remember come up with an MVP list that we needed to have in place for day one or day two, uh, operations, right. To before we even launch any single applications into production. Um, and my ops team looked at that list. Um, and literally there was only one or two items that they could check, check off with S you know, they they've got the control plane, they've got the cluster provision, but what about all those other components? Uh, and some of that kind of led us down the path of, uh, you know, looking at, Hey, what's out there in this space. And, and we realized pretty quickly that there weren't too many, there were some large providers and capabilities like Antos, but we felt that it was, uh, a little too much for what we were trying to do. You know, at that point in time, we wanted to scale slowly. We wanted to minimize our footprint. Um, and, and Rafa seemed to sort of, uh, was, was a nice mix, uh, you know, uh, from all those different angles, how >>Was, how was the situation affecting your developer experience? >>So, um, so that's a really good question also. So operations was one aspect of, to it, right? The other part is the application development, right? We've got, uh, you know, Moneygrams when a lot of organizations have a plethora of technologies, right? From, from Java to.net to no GS, what have you, right. Um, now as you start saying, okay, now we're going cloud native, and we're gonna start deploying to Kubernetes. Um, there's a fair amount of overhead because a tech stack, all of a sudden goes from, you know, just being Java or just being.net to things like Docker, right? All these container orchestration and deployment concerns, Kubernetes, uh, deployment artifacts, right. I gotta write all this YAML, uh, as my developer say, YAML, hell right. <laugh>, uh, I gotta learn Docker files. I need to figure out, um, a package manager like helm, uh, on top of learning all the Kubernetes artifacts. >>Right. So, um, initially we went with sort of, okay, you know, we can just train our developers. Right. Um, and that was wrong. Right. I mean, you can't assume that everyone is gonna sort of learn all these deployment concerns, uh, and we'll adopt them. Right. Um, uh, there's a lot of stuff that's outside of their sort of core dev domain, uh, that you're putting all this burden on them. Right. So, um, we could not rely on them and to be sort of cube cuddle experts, right. That that's a fair amount, overhead learning curve there. Um, so Rafa again, from their dashboard perspective, right? So the managed cube cuddle gives you that easy access for devs, right. Where they can go and monitor the status of their workloads. Um, they can, they don't have to figure out, you know, configuring all these tools locally just to get it to work. >>Uh, we did some things from a DevOps perspective to basically streamline and automate that process. But then also office order came in and helped us out, uh, on kind of that providing that dashboard. They don't have to worry. They can basically get on through single sign on and have visibility into the status of their deployment. Uh, they can do troubleshooting diagnostics all through a single pane of glass. Right. Which was a key key item. Uh, initially before Rafa, we were doing that command line. Right. And again, just getting some of the tools configured was, was huge. Right. Took us days just to get that. And then the learning curve for development teams, right? Oh, now you gotta, you got the tools now you gotta figure out how to use it. Right. Um, so >>See, talk to me about the, the cloud native infrastructure. When I look at that entire landscaping number, I'm just overwhelmed by it. As a customer, I look at it, I'm like, I, I don't know where to start I'm sure. Or not, you, you folks looked at it and said, wow, there's so many solutions. How do you engage with the ecosystem? You have to be at some level opinionated, but flexible enough to, uh, meet every customer's needs. How, how do you approach that? >>Yeah. So it's a, it's a really tough problem to solve because, so, so the thing about abstraction layers, you know, we all know how that plays out, right? So abstraction layers are fundamentally never the right answer because they will never catch up. Right. Because you're trying to write and layer on top. So then we had to solve the problem, which was, well, we can't be an abstraction layer, but then at the same time, we need to provide some sort of, sort of like centralization standardization. Right. So, so we sort of have this, the following dissonance in our platform, which is actually really important to solve the problem. So we think of a, of a stack as sort of four things. There's the, there's the Kubernetes layer infrastructure layer, um, and EKS is different from ES and it's okay. Mm-hmm <affirmative>, if we try to now bring them all together and make them behave as one, our customers are gonna suffer because there are features in ESS that I really want. >>But then if you write an AB obsession layer, I'm not gonna get 'em so not. Okay. So treat them as individual things. And we logic that we now curate. So every time S for example, goes from 1 22 to 1 23, rewrite a new product, just so my customer can press a button and upgrade these clusters. Similarly, we do this fors, we do this for GK. We it's a really, really hard job, but that's the job. We gotta do it on top of that, you have these things called. Add-ons like my network policy, my access management policy, my et cetera. Right. These things are all actually the same. So whether I'm Anek or a Ks, I want the same access for Keith versus a none. Right. So then those components are sort of the same across doesn't matter how many clusters does money clouds on top of that? You have applications. And when it comes to the developer, in fact, I do the following demo a lot of times because people ask the question, right? Mean, I, I, I, people say things like, I wanna run the same Kubernetes distribution everywhere, because this is like Linux, actually, it's not. So I, I do a demo where I spin up a access to an OpenShift cluster and an EKS cluster and an AKs cluster. And I say, log in, show me which one is, which they're all the same. >>So Anan get, put, make that real for me, I'm sure after this amount of time, developers groups have come to you with things that are snowflakes and you, and as a enterprise architect, you have to make it work within your framework. How has working with RAI made that possible? >>Yeah. So, um, you know, I think one of the very common concerns is right. The whole deployment, right. Uh, toe's point, right. Is you are from an, from a deployment perspective. Uh, it's still using helm. It's still using some of the same tooling, um, right. But, um, how do you Rafa gives us, uh, some tools, you know, they have a, a command line, art cuddle API that essentially we use. Um, we wanted parody, um, across all our different environments, different clusters, you know, it doesn't matter where you're running. Um, so that gives us basically a consistent API for deployment. Um, we've also had, um, challenges, uh, with just some of the tooling in general, that we worked with RA actually to actually extend their, our cuddle API for us, so that we have a better deployment experience for our developers. So, >>Uh Huie how long does this opportunity exist for you? At some point, do the cloud providers figure this out or does the open source community figure out how to do what you've done and, and this opportunity is gone. >>So, so I think back to a platform that I, I think very highly of, which is a highly off, which has been around a long time and continues to live vCenter, I think vCenter is awesome. And it's, it's beautiful. VMware did an incredible job. Uh, what is the job? Its job is to manage VMs, right? But then it's for access. It's also storage. It's also networking and a sex, right? All these things got done because to solve a real problem, you have to think about all the things that come together to solve, help you solve that problem from an operations perspective. Right? My view is that this market needs essentially a vCenter, but for Kubernetes, right. Um, and that is a very broad problem, right. And it's gonna spend, it's not about a cloud, right? I mean, every cloud should build this. I mean, why would they not? It makes sense, Anto success, right. Everybody should have one. But then, you know, the clarity in thinking that the Rafa team seems to have exhibited till date seems to merit an independent company. In my opinion, I think like, I mean, from a technical perspective, this products awesome. Right? I mean, you know, we seem to have, you know, no real competition when it comes to this broad breadth of capabilities, will it last, we'll see, right. I mean, I keep doing Q shows, right? So every year you can ask me that question again. Well, you're >>You make a good point though. I mean, you're up against VMware, you're up against Google. They're both trying to do sort of the same thing you're doing. What's why are you succeeding? >>Maybe it's focus. Maybe it's because of the right experience. I think startups only in hindsight, can one tell why a startup was successful? In all honesty. I, I, I've been in a one or two service in the past. Um, and there's a lot of luck to this. There's a lot of timing to this. I think this timing for a com product like this is perfect. Like three, four years ago, nobody would've cared. Like honestly, nobody would've cared. This is the right time to have a product like this in the market because so many enterprises are now thinking of modernization. And because everybody's doing this, this is like the boots storm problem in HCI. Everybody's doing it. But there's only so many people in the industry who actually understand this problem. So they can't even hire the people. And the CTO said, I gotta go. I don't have the people. I can't fill the, the seats. And then they look for solutions and we are that solution that we're gonna get embedded. And when you have infrastructure software like this embedded in your solution, we're gonna be around with the assuming, obviously we don't score up, right. We're gonna be around with these companies for some time. We're gonna have strong partners for the long term. >>Well, vCenter for Kubernetes, I love to end on that note, intriguing conversation. We could go on forever on this topic, cuz there's a lot of work to do. I think, uh, I don't think this will over be a solve problem for the Kubernetes of cloud native solution. So I think there's a lot of opportunity in that space. Hi, thank you for rejoining the cube. I non con welcome becoming a cube alum. <laugh> I awesome. Thank you. Get your much your profile on the, on the Ken's. Website's really cool from Valencia Spain. I'm Keith Townsend, along with my whole Paul Gillon and you're watching the cube, the leader in high tech coverage.

(upbeat music) >> Welcome back. We're winding down theCUBE's coverage of Red Hat Summit 2022. We're here at the Seaport in Boston. It's been two days of a little different Red Hat Summit. We're used to eight, 9,000 people. It's much smaller event this year, fewer developers or actually in terms of the mix, a lot more suits this year, which is kind of interesting to see that evolution and a big virtual audience. And I love the way, the keynotes we've noticed are a lot tighter. They're pithy, on time, they're not keeping us in the hall for three hours. So we appreciate that kind of catering to the virtual audience. Dave Vellante here with my co-host, Paul Gillin. As to say things are winding down, there was an analyst event here today, that's ended, but luckily we have Jim Mercer here as a research director at IDC. He's going to share maybe some of the learnings from that event today and this event overall, we're going to talk about DevSecOps. And Kirsten Newcomer is director of security, product management and hybrid platforms at Red Hat. Folks, welcome. >> Thank you. >> Thank you. >> Great to see you. >> Great to be here. >> Security's everywhere, right? You and I have spoken about the supply chain hacks, we've done some sort of interesting work around that and reporting around that. I feel like SolarWinds created a new awareness. You see these moments, it's Stuxnet, or WannaCry and now is SolarWinds very insidious, but security, Red Hat, it's everywhere in your portfolio. Maybe talk about the strategy. >> Sure, absolutely. We feel strongly that it's really important that security be something that is managed in a holistic way present throughout the application stack, starting with the operating system and also throughout the life cycle, which is partly where DevSecOps comes in. So Red Hat has kind of had a long history here, right? Think SELinux and Red Hat Enterprise Linux for mandatory access control. That's been a key component of securing containers in a Kubernetes environment. SELinux has demonstrated the ability to prevent or mitigate container escapes to the file system. And we just have continued to work up the stack as we go, our acquisition of stack rocks a little over a year ago, now known as Red Hat Advanced Cluster Security, gives us the opportunity to really deliver on that DevSecOps component. So Kubernetes native security solution with the ability to both help shift security left for the developers by integrating in the supply chain, but also providing a SecOps perspective for the operations and the security team and feeding information between the two to really try and do that closed infinity loop and then an additional investment more recently in sigstore and some technologies. >> Interesting. >> Yeah, is interesting. >> Go ahead. >> But Shift Left, explain to people what you mean by Shift Left for people might not be familiar with that term. >> Fair enough. For many, many years, right, IT security has been something that's largely been part of an operations environment and not something that developers tended to need to be engaged in with the exception of say source code static analysis tools. We started to see vulnerability management tools get added, but even then they tend to come after the application has been built. And I even ran a few years ago, I ran into a customer who said my security team won't let me get this information early. So Shift Left is all about making sure that there are security gates in the app dev process and information provided to the developer as early as possible. In fact, even in the IDE, Red Hat code ready dependency analytics does that, so that the developers are part of the solution and don't have to wait and get their apps stalled just before it's ready to go into deployment. >> Thank you. You've also been advocating for supply chain security, software supply chain. First of all, explain what a software supply chain is and then, what is unique about the security needs of that environment? >> Sure. And the SolarWinds example, as Dave said, really kind of has raised awareness around this. So just like we use the term supply chain, most people given kind of what's been happening with the pandemic, they've started hearing that term a lot more than they used to, right? So there's a supply chain to get your groceries, to the grocery store, food to the grocery store. There's a supply chain for manufacturing, where do the parts come for the laptops that we're all using, right? And where do they get assembled? Software has a supply chain also, right? So for years and even more so now, developers have been including open source components into the applications they build. So some of the supplies for the applications, the components of those applications, they can come from anywhere in the world. They can come from a wide range of open source projects. Developers are adding their custom code to that. All of this needs to be built together, delivered together and so when we think about a supply chain and the SolarWinds hack, right, there are a couple of elements of supply chain security that are particularly key. The executive order from May of last year, I think was partly in direct response to the SolarWinds hack. And it calls out that we need a software bill of materials. Now again, in manufacturing that's something folks are used to, I actually had the opportunity to contribute to the software package data exchange format, SPDX when it was first started, I've lost track of when that was. But an S-bomb is all about saying, what are all of those components that I'm delivering in my solution? It might be an application layer. It might be the host operating system layer, but at every layer. And if I know what's in what I'm delivering, I have the opportunity to learn more information about those components to track where does Log4Shell, right? When the Log4j or Spring4Shell, which followed shortly thereafter. When those hit, how do I find out which solutions that I'm running have the vulnerable components in them and where are they? The software bill of materials helps with that but you also have to know where, right. And that's the Ops side. I feel like I missed a piece of your question. >> No, it's not a silver bullet though, to your point and Log4j very widely used, but let's bring Jim into the conversation. So Jim, we've been talking about some of these trends, what's your focus area of research? What are you seeing as some of the mega trends in this space? >> I mean, I focus in DevOps and DevSecOps and it's interesting just talking about trends. Kirsten was mentioning the open source and if you look back five, six, seven years ago and you went to any major financial institution, you asked them if they use an open source. Oh, no. >> True. >> We don't use that, right. We wrote it all here. It's all from our developers-- >> Witchcraft. >> Yeah, right, exactly. But the reality is, they probably use a little open source back then but they didn't realize it. >> It's exactly true. >> However, today, not only are they not on versed to open source, they're seeking it out, right. So we have survey data that kind of indicates... A survey that was run kind of in late 2021 that shows that 70% of those who responded said that within the next two years 90% of their applications will be made up of open source. In other words, the content of an application, 10% will be written by themselves and 90% will come from other sources. So we're seeing these more kind of composite applications. Not, everybody's kind of, if you will, at that 90%, but applications are much more composite than they were before. So I'm pulling in pieces, but I'm taking the innovation of the community. So I not only have the innovation of my developers, but I can expand that. I can take the innovation to the community and bring that in and do things much quicker. I can also not have my developers worry about things that, maybe just kind of common stuff that's out there that might have already been written. In other words, just focus on the business logic, don't focus on, how to get orders or how to move widgets and those types of things that everybody does 'cause that's out there in open source. I'll just take that, right. I'll take it, somebody's perfected it, better than I'll ever do. I'll take that in and then I'll just focus and build my business logic on top of that. So open source has been a boom for growth. And I think we've heard a little bit of that (Kirsten laughs) in the last two days-- >> In the Keynotes. >> From Red Hat, right. But talking about the software bill of materials, and then you think about now I taking all that stuff in, I have my first level open source that I took in, it's called it component A. But behind component A is all these transitive dependencies. In other words, open source also uses open source, right? So there's this kind of this, if you will, web or nest, if you want to call it that, of transitive dependencies that need to be understood. And if I have five, six layers deep, I have a vulnerability in another component and I'm over here. Well, guess what? I picked up that vulnerability, right. Even though I didn't explicitly go for that component. So that's where understanding that software bill of materials is really important. I like to explain it as, during the pandemic, we've all experienced, there was all this contact tracing. It was a term where all came to mind. The software bill of materials is like the contact tracing for your open source, right. >> Good analogy. >> Anything that I've come in contact with, just because I came in contact with it, even though I didn't explicitly go looking for COVID, if you will, I got it, right. So in the same regard, that's how I do the contact tracing for my software. >> That 90% figure is really striking. 90% open source use is really striking, considering that it wasn't that long ago that one of the wraps on open source was it's insecure because anybody can see the code, therefore anybody can see the vulnerabilities. What changed? >> I'll say that, what changed is kind of first, the understanding that I can leapfrog and innovate with open source, right? There's more open source content out there. So as organizations had to digitally transform themselves and we've all heard the terminology around, well, hey, with the pandemic, we've leapfrog up five years of digital transformation or something along those lines, right? Open source is part of what helps those teams to do that type of leapfrog and do that type of innovation. You had to develop all of that natively, it just takes too long, or you might not have the talent to do it, right. And to find that talent to do it. So it kind of gives you that benefit. The interesting thing about what you mentioned there was, now we're hearing about all these vulnerabilities, right, in open source, that we need to contend with because the bad guys realize that I'm taking a lot of open source and they're saying, geez, that's a great way to get myself into applications. If I get myself into this one open source component, I'll get into thousands or more applications. So it's a fast path into the supply chain. And that's why it's so important that you understand where your vulnerabilities are in the software-- >> I think the visibility cuts two ways though. So when people say, it's insecure because it's visible. In fact, actually the visibility helps with security. The reality that I can go see the code, that there is a community working on finding and fixing vulnerabilities in that code. Whereas in code that is not open source it's a little bit more security by obscurity, which isn't really security. And there could well be vulnerabilities that a good hacker is going to find, but are not disclosed. So one of the other things we feel strongly about at Red Hat, frankly, is if there is a CVE that affects our code, we disclose that publicly, we have a public CVE database. And it's actually really important to us that we share that, we think we share way more information about issues in our code than most other users or consumers of open source and we work that through the broad community as well. And then also for our enterprise customers, if an issue needs to be fixed, we don't just fix it in the most recent version of the open source. We will backport that fix. And one of the challenges, if you're only addressing the most recent version, that may not be well tested, it might have other bugs, it might have other issues. When we backport a security vulnerability fix, we're able to do that to a stable version, give the customers the benefit of all the testing and use that's gone on while also fixing. >> Kirsten, can you talk about the announcements 'cause everybody's wondering, okay, now what do I do about this? What technology is there to help me? Obviously this framework, you got to follow the right processes, skill sets, all that, not to dismiss that, that's the most important part, but the announcements that you made at Red Hat Summit and how does the StackRox acquisition fit into those? >> Sure. So in particular, if we stick with DevSecOps a minute, but again, I'll do. Again for me, DevSecOps is the full life cycle and many people think of it as just that Shift Left piece. But for me, it's the whole thing. So StackRox ACS has had the ability to integrate into the CI/CD pipeline before we bought them. That continues. They don't just assess for vulnerabilities, but also for application misconfigurations, excess proof requests and helm charts, deployment YAML. So kind of the big, there are two sort of major things in the DevSecOps angle of the announcement or the supply chain angle of the announcement, which is the investment that we've been making in sigstore, signing, getting integrity of the components, the elements you're deploying is important. I have been asked for years about the ability to sign container images. The reality is that the signing technology and Red Hat signs everything we ship and always have, but the signing technology wasn't designed to be used in a CI/CD pipeline and sigstore is explicitly designed for that use case to make it easy for developers, as well as you can back it with full CO, you can back it with an OIDC based signing, keyless signing, throw away the key. Or if you want that enterprise CA, you can have that backing there too. >> And you can establish that as a protocol where you must. >> You can, right. So our pattern-- >> So that would've helped with SolarWinds. >> Absolutely. >> Because they were putting in malware and then taking it out, seeing what happened. My question was, could sigstore help? I always evaluate now everything and I'm not a security expert, but would this have helped with SolarWinds? A lot of times the answer is no. >> It's a combination. So a combination of sigstore integrated with Tekton Chains. So we ship Tekton, which is a Kubernetes supply chain pipeline. As OpenShift pipelines, we added chains to that. Chains allows you to attest every step in your pipeline. And you're doing that attestation by signing those steps so that you can validate that those steps have not changed. And in fact, the folks at SolarWinds are using Tekton Chains. They did a great talk in October at KubeCon North America on the changes they've made to their supply chain. So they're using both Tekton Chains and sigstore as part of their updated pipeline. Our pattern will allow our customers to deploy OpenShift, advanced cluster manager, advanced cluster security and Quay with security gates in place. And that include a pipeline built on Tekton with Tekton Chains there to sign those steps in the pipeline to enable signing of the code that's moving through that pipeline to store that signature in Quay and to validate the image signature upon deployment with advanced cluster security. >> So Jim, your perspective on this, Red Hat's, I mean, you care about security, security's everywhere, but you're not a security company. You follow security companies. There's like far too many of them. CISOs all say my number one challenge is lack of talent, but I have all these tools to deal with. You see new emerging companies that are doing pretty well. And then you see a company that's highly respected, like an Okta screw up the communications on a pretty benign hack. Actually, when you peel the onion on that, it's just this mess (chuckles) and it doesn't seem like it's going to get any simpler. Maybe the answer is companies like Red Hat kind of absorbing that and taking care of it. What do you see there? I mean, maybe it's great for business 'cause you've got so many companies. >> There's a lot of companies and there's certainly a lot of innovation out there and unique ways to make security easier, right. I mean, one of the keys here is to be able to make security easier for developers, right. One of the challenges with adopting DevSecOps is if DevSecOps creates a lot of friction in the process, it's hard to really... I can do it once, but I can't keep doing that and get the same kind of velocity. So I need to take the friction out of the process. And one of the challenges a lot of organizations have, and I've heard this from the development side, but I've also heard it from the InfoSec side, right. Because I take inquiry for people on InfoSec, and they're like, how do I get these developers to do what I want? And part of the challenge they have is like, I got these teams using these tools. I got those teams using those tools. And it's a similar challenge that we saw on DevOps where there's just too many, if you will, too many dang tools, right. So that is a challenge for organizations is, they're trying to kind of normalize the tools. Interestingly, we did a survey, I think around last August or something. And one of the questions was around, where do you want your security? Where do you want to get your DevSecOps security from, do you want to get it from individual vendors? Or do you want to get it from like, your platforms that you're using and deploying changes in Kubernetes. >> Great question. What did they say? >> The majority of them, they're hoping they can get it built into the platform. That's really what they want. And you see a lot of the security vendors are trying to build security platforms. Like we're not just assess tool, we're desk, we're this, whatever. And they're building platforms to kind of be that end-to-end security platform, trying to solve that problem, right, to make it easier to kind of consume the product overall, without a bunch of individual tools along the way. But certainly tool sprawl is definitely a challenge out there. Just one other point around the sigstore stuff which I love. Because that goes back to the supply chain and talking about digital providence, right. Understanding where things... How do I validate that what I gave you is what you thought it was, right. And what I like about it with Tekton Chains is because there's a couple things. Well, first of all, I don't want to just sign things after I built the binary. Well, I mean, I do want to sign it, but I want to just sign things once, right. Because all through the process, I think of it as a manufacturing plant, right. I'm making automobiles. If I check the quality of the automobile at one stage and I don't check it to the other, things have changed, right. How do I know that I did something wasn't compromised, right. So with sigstore kind of tied in with Tekton Chains, kind of gives me that view. And the other aspect I like it about is, this kind of transparency in the log, right-- >> The report component. >> Exactly. So I can see what was going on. So there is some this kind of like public scrutiny, like if something bad happened, you could go back and see what happened there and it wasn't as you were expected. >> As with most discussions on this topic, we could go for an hour because it's really important. And thank you guys for coming on and sharing your perspectives, the data. >> Our pleasure. >> And keep up the good work. Kirsten, it's on you. >> Thanks so much. >> The IDC survey said it, they want it in platforms. You're up. >> (laughs) That's right. >> All right. Good luck to both you. >> Thank you both so much. >> All right. And thank you for watching. We're back to wrap right after this short break. This is Dave Vellante for Paul Gill. You're watching theCUBE. (upbeat music)

>> We're back at the Seaport in Boston. Dave Vellante and Paul Gill. You're watching The Cubes coverage of Red Hat Summit, 2022. A little different this year, a smaller venue. Maybe a thousand people. Love the keynotes, compressed. Big virtual audience. So we're happy to be coming to you live, face to face. It's been a while since we've had these, for a lot of folks, this is their first in person event. You know, it's kind of weird getting used to that, but I think in the next few months, it's going to become the new, sort of quasi abnormal. Francis Chow is here. He's the Vice President and GM of In-Vehicle OS and Edge at Red Hat. Francis, welcome. That's the most interesting title we've had all week. So thanks for coming here. >> Thank you, Dave. Thank you, Paul, for having me here. >> So The Edge, I mean The Edge is, we heard about the International Space Station. We heard about ski boots, of course In-Vehicle. What's the Edge to you? >> Well, to me Edge actually could mean many different things, right? The way we look at Edge is, there is the traditional enterprise Edge, where this is the second tier, third tier data centers that this extension from your core, the network and your centralized data center, right to remote locations. And then there are like Telco Edge, right? where we know about the 5G network, right Where you deploy bay stations and which would have a different size of requirements right. Of traditional enterprise edge networks. And then there are Operational Edge where we see the line of business operating on those locations, right? Things like manufacturing for oil rigs, retail store, right? So very wide variety of Edge that are doing OT type of technology, and then last but not least there is the customer on or kind of device edge where we now putting things into things like cars, as you said, like ski booth, and have that interaction with the end consumers. >> Is this why? I mean, there's a lot of excitement at Red. I could tell among the Red hat people about this GM deal here is this why that's so exciting to them? This really encompasses sort of all of those variants of the edge in automotive, in automobile experience. Doesn't it? >> I think why this is exciting to the industry and also to us is that if you look at traditionally how automotive has designed, right the way the architect vehicle today has many subsystems, they are all purpose viewed, very tight cut, coupled with hardware and software. And it's very difficult to reuse, right? So their cause of development is high. The time to develop is long and adding to that there is a lengthy safety certification process which also kind of make it hard. Because every time you make a change in the system you have to re-certify it again. >> Right. >> And typically it takes about six to 12 months to do so. Every time you make a change. So very lengthy passes, which is important because we want to ensure occupants are safe in a vehicle. Now what we bring to the table, which I think is super exciting is we bring this platform approach. Now you can use a consistent platform that is open and you can actually now run multiple doming applications on the same platform which means automakers can reuse components across model years and brands. That will lower the development cost. Now I think one of the key things that we bring to the table is that we introduce a new safety certification approach called Continuous Safety Certification. We actually announced that in our summit last year with the intent, "Hey, we're going to deliver this functional certified Linux platform" Which is the first four Linux. And the way we do it is we work with our partner Excedr to try to define that approach. And at the high level the idea really is to automate that certification process just like how we automate software development. Right, we are adding that monitoring capabilities with functional safety related artifacts in our CI three pipeline. And we are able to aim to cut back that kind of certification time to a fraction of what is needed today. So what we can do, I think with this collaboration with GM, is help them get faster time to market, and then lower development costs. Now, adding to that, if you think about a modern Linux platform, you can update it over the air, right? This is the capability that we are working with GM as well. Now what customers can expect now, right for future vehicle is there will be updates on apps and services, just like your cell phone, right. Which makes your car more capable over time and more relevant for the long term. >> So there's some assumptions you're making at the edge. First of all, you described a spectrum retail store which you know, to me, okay, it's Edge, but you can take an X-86 box or a hyper converged infrastructure throw it in there. And there's some opportunities to do some stuff in real time, but it's kind of an extension natural extension of IT. Whereas in vehicle you got to make some assumptions spotty connectivity to do software download and you can't do truck rolls at the far edge, right? None of that is okay, and so there's some assumptions there and as you say, your role is to compress the time to market, but also deliver a better consumer >> Absolutely. >> Experience, so what can we expect? You started to talk about the future of in vehicle, you know, or EVs, if you will, what should we expect as consumers? You, you're saying over the year software we're seeing that with some of the EV makers, for sure. But what's the future look like? >> I think what consumers can expect is really over a period of time, right? A similar experience, like what you have with your mobile mobile device, right? If you look back 15, 20 years, right? You buy a phone, right? That's the feature that you have with your phone, right? No update, it is what it is right, for the lifetime of the product which is pretty much what you have now, if you buy a vehicle, right. You have those features capabilities and you allow it for the lifetime of the vehicle. >> Sometimes you have to drive in for a maintenance, a service to get a software update. >> We can talk about that too right. But as we make the systems, update-able right you can now expect more frequent and seamless update of both the operating system and the application services that sit on top of that. Right, so I think right in the future consumers can expect more capable vehicles after you purchase it because new developmental software can now be done with an update over the air. >> I assume this relationship with GM is not exclusive. Are you talking with other automakers as well? >> We are talking to auto makers, other auto makers. What we working with GM is really a product that could work for the industry, right? This is actually what we both believe in is the right thing to do right? As we are able to standardize how we approach the infrastructure. I think this is a good thing for the whole industry to help accelerate innovation for the entire industry. >> Well which is sort of natural next question. Are we heading toward an open automotive platform? Like we have an open banking platform in that industry. Do you see the possibility that there could be a single platform that all or most of the auto makers will work on? >> I wouldn't use the word single, but I definitely would use the word open. Right? Our goal is to build this open platform, right. Because we believe in open source, right. We believe in community, right. If we make it open, we have more contributors to come in and help to make the system better in a way faster. And actually like you said, right. Improve the quality, right, better. Right, so that the chance of recall is now lower with, with this approach. >> You're using validated patterns as part of this initiative. Is that right? And what is a validated pattern? How is it different from a reference architecture? Is it just kind of a new name for reference architecture? or what value does it bring to the relation? >> For automotive right, we don't have a validated pattern yet but they can broadly kind of speak about what that is. >> Yeah. >> And how we see that evolve over time. So validated pattern basically is a combination of Red Hat products, multiple Red Hat products and partner products. And we usually build it for specific use case. And then we put those components together run rigorous tests to validate it that's it going to work, so that it becomes more repeatable and deployable for those particular edge use cases. Now we do work with our partners to make it happen, right. Because in the end, right we want to make a solution that is about 80% of the way and allow our partners to kind of add more value and their secret sauce on top and deploy it. Right, and I'll give you kind of one example, right You just have the interview with the Veterans Affairs team, right. One of our patents, right? The Medical Diagnosis Pattern, right. Actually we work with them in the early development stage of that. Right, what it does is to help make assessments on pneumonia with chest X rates, right. So it's a fully automated data pipeline. We get the chest x-ray from an object store use AIML to diagnose whether there's new pneumonia. And then I'll put that in a dashboard automated with the validated pattern. >> So you're not using them today, but can we expect that in the future? It sounds like >> Yes absolutely it's in the works, yes. >> It would be a perfect vertical. >> How do you believe your work with GM? I mean, has implications across Red hat? It seems like there are things you're going to be doing with GM that could affect other parts of your own product portfolio. >> Oh, absolutely. I think this actually is, it's a pivotal moment for Red Hat and the automotive industry. And I think broadly speaking for any safety conscious industry, right. As we create this Proof-point right that we can build a Linux system that is optimized for footprint performance, realtime capabilities, and be able to certify it for safety. Right I think all the adjacent industry, right. You think about transportation, healthcare, right. Industry that have tight safety requirements. It's just opened up the aperture for us to adjust those markets in the future. >> So we talked about a lot about the consumerization of IT over the last decade. Many of us feel as though that what's going on at the Edge, the innovations that are going on at the Edge realtime AI inferencing, you know, streaming data ARM, the innovations that ARM and others are performing certainly in video until we heard today, this notion of, you know, no touch, zero touch provisioning that a lot of these innovations are actually going to find their way into the enterprise. Kind of a follow on fault of what you were just talking about. And there's probably some future disruptions coming. You can almost guarantee that, I mean, 15 years or so we get that kind of disruption. How are you thinking about that? >> Well, I think you company, right. Some of the Edge innovation, right. You're going to kind of bring back to enterprise over time. Right but the one thing that you talk about zero touch provisioning right. Is critical right? You think about edge deployments. You're going to have to deal with a very diverse set of environments on how deployments are happen. Right think about like tail code based stations, right. You have somewhere between 75,000 to 100,000 base stations in the US for each provider right. How do you deploy it? Right, if you let's say you push one update or you want the provision system. So what we bring to the table in the latest open shift release is that, hey we make provisioning zero touch right, meaning you can actually do that without any menu intervention. >> Yeah, so I think the Edge is going to raise the bar for the enterprise, I guess is my premise there. >> Absolutely. >> So Francis, thanks so much for coming on The Cube. It's great to see you and congratulations on the collaboration. It's a exciting area for you guys. >> Thank you again, Dave and Paul. >> Our pleasure, all right keep it right there. After this quick break, we'll be back. Paul Gill and Dave Vellante you're watching The Cubes coverage Red Hat Summit 2022 live from the Boston Seaport. Be right back.

>>To the Seaport in Boston, Massachusetts, everybody's buzzing. The Bruins are playing tonight. They tied it up. The Celtics tied it up last night. We're excited. We don't talk about the red Sox. Red Sox are getting struggles, but you know, we have good distractions. Paul goer is here. He's the president and chief executive officer at red hat and also a Boston fan of great to see, of course, you too. >>Nice to see you guys, you know, it's been a, it's been a while. >><laugh> yeah, we saw you, you know, online and virtually for a couple of years there, but, uh, you know, we've been doing red hat summit for a long, long time. Yeah, of course we were talking earlier. It's just much more intimate, kind of a VIP event, a few more suit jackets here. You know, I got my tie on, so I don't get too much grief. I usually get grief when I wear a tie of red hat summit, but it's a different format this year. Compressed keynotes. Your keynote was great. The new normal, sometimes we call it the new abnormal <laugh>, uh, but you know, how do you feel? >>I, I, I, I feel great. First of all, you know, combination today, virtual audience in, in house audience here today. I think we're gonna see a lot of that in the future. I mean, we designed the event around that and I, I think it, I think it played pretty well. Kudos, kudos to our team. You're right. It's, it's, it's a bit more intimate even the way it was set up, but those are the conversations we like having with our customers and our partners, much more partner centric, uh, as well right now, as well. >>You know, we were talking about, you know, hybrid cloud. It was kind of, you know, it was a good marketing term. And, but now it's, it's, it's become the real thing. I've said many times the, the definition of cloud is changing. It's expanding it's no, the cloud is no longer this remote set of services, you know, somewhere up in the cloud, it's on prem connecting to a cloud across clouds, out to the edge and you need capabilities that work everywhere. And that's what red hat did. The market's just swimming toward you. >>Yeah. I mean, you look at it, you know, I was, uh, you know, if you look at it, you know, the clouds are powerful unto themselves, right? The clouds are powerful unto themselves. They're all different. Right? And that that's, I mean, hardware vendors were, were similar, but different, same thing. You need that connective tissue across, across the whole thing. I mean, as I said, in my keynote today, I remember talking to some of our CIOs and customers 10 years ago and they said, we're going 90% of our apps tomorrow to one cloud. And we knew that wasn't practical because of course the clouds are built from Linux. So we knew it was underneath the hood and, and what's happened. It's taken some time, but as they started to get into that, they started to see, well, maybe one cloud's more suited for one application than the other, these apps. You may have to keep on premise, but you know, what really exploded at the, the, the hybrid thing, the edge. Now they're putting things at the edge, the GM announcement tell you, I know you're gonna talk to Francis. Yeah, yeah. Later. I mean, that's, that's a mini data center in, in every cloud, but that's still under the purview of the CIO, you know? So, so, so that's what hybrid's all about is tying all those pieces together, cuz it got more powerful, but it also more complex. >>You mentioned being the connective tissue, but we don't hear as much talk about multi-cloud seems to me, as we used to this conference has been all about hybrid cloud. You don't really talk about multi-cloud. How important is that to the red hat strategy, being that consistent layer? >>It's probably my mistake or our mistake because multi's more prevalent and more important than just hybrid alone. I mean, hybrid hybrid started from on-premise to one part to any one particular cloud. That was the, the first thought of hybrid. But as I said, as, as, as um, some of the cloud providers became so big, um, every, every CIO I talked to, whether they know whether they know it or not most do are in a multi environment for a whole bunch of reasons, right. You know, one cloud provider might be better in a different part of the world. And another one cloud provider might have a better service than another. Some just don't like to be stuck to one it's it's really hybrid multi. We should, we should train ourselves to every time we say hybrid, say multi, because that's really, that's really what it is. It, I think that happened overnight with, with Microsoft, you know, with Microsoft they've, they've, they've really grown over the last few years, so has Amazon for that matter. But Microsoft really coming up is what really made it a, a high, a multi world. >>Microsoft's remarkable what, what they're doing. But I, I, I have a different thinking on this. I, I heard Chuck Whitten last week at, at the Dell conference he used, he said used the phrase a multicloud, uh, by default versus multi-cloud by design. And I thought that was pretty interesting because I've said that multi-cloud is largely multi-vendor, you know? And so hybrid has implications, right? We, we bring and a shesh came up with a new term today. Metacloud I use Supercloud I like Metacloud better because something's happening, Paul. It feels like there's this layer abstraction layer that the underlying complexity is hidden. Think about OpenShift. Yeah. I could buy, I could get OpenShift for free. Yeah. I mean, I could, and I could cobble together and stitch together at 13, 15 dozens of different services and replicate, but I don't, I don't want that complexity. I want you to hide that complexity. I want, I'd rather spend money on your R and D than my engineering. So something's changing. It feels like >>You buy that. I totally buy that. I mean, you know, I, I, I'm gonna try to not make this sound like a marketing thing because it's not, not fair enough. Right. I mean, I'm engineer at heart, you know that, so, >>Okay. >>I really look to what we're trying to do is we're building a hybrid multi cloud. I mean that we, I look at us as a cloud provider spanning the hybrid multi all the way out to the edge world, but we don't have the data centers in the back. Like the cloud providers do in and by that is you're seeing our products being consumed more like cloud services because that's what our customers are demanding. Our, our products now can be bought out of the various marketplaces, et cetera. You're seeing different business models from us. So, uh, you're seeing, uh, committed spend, for example, like the cloud providers where a customer will buy so much up front and sort of just work it down. You're seeing different models on how they're consumed, consumption, based pricing. These, these are all things that came from the cloud providers and customers buying like that. >>They now want that across their entire environment. They don't wanna buy differently on premise or in one cloud and they don't wanna develop differently. They don't wanna operate differently. They don't wanna have to secure it differently. Security's the biggest thing with, with our, with our customers, because hybrid's powerful, but you no longer have the, you know, your security per perimeter, no longer the walls of your data center. You know, you're, you're responsible as a CIO. You're responsible for every app. Yeah. No matter where it's running, if that's the break in point, you're responsible for that. So that's why we've done things like, you know, we cried stack rocks. We've, we've built it into the container Kubernetes platform that spans those various footprints because you no longer can just do perimeter security because the perimeter is, is very, very, very large right now >>Diffuse. One of the thing on the multi-cloud hyper skills, I, I, red hat's never been defensive about public cloud. You, I think you look at the a hundred billion dollars a year in CapEx spend that's a gift to the industry. Not only the entire it industry, but, but the financial services companies and healthcare companies, they can build their own hybrid clouds. Metacloud super clouds taking advantage of that, but they still need that connective tissue. And that's where >>We products come in. We welcome our customers to go to, to the public cloud. Um, uh, look, it's it's. I said a long time ago, we said a long time it was gonna be a hybrid. Well, I should have said multi anybody said hybrid, then it's gonna be a hybrid world. It is. And it doesn't matter if it's a 20, 80, 80, 20, 40, 60, 60, 40. It's not gonna be a hundred percent anywhere. Yeah. And, and so in that, in that definition, it's a hybrid multi world. >>I wanna change the tune a little bit because I've been covering IBM for 40 years and seen a lot of acquisitions and see how they work. And usually it follows the same path. There's a commitment to leaving the acquire company alone. And then over time that fades, the company just becomes absorbed. Same thing with red hat. It seems like they're very much committed to, to, to leaving you alone. At least they said that upon the acquisition, have they followed through on that promise? >>I have to tell you IBM has followed through on every commitment they've made, made to us. I mean, I, I owe it, I owe a lot of it to Arvin. Um, he was the architect of the deal, right. Um, we've known each other for a long time. Um, he's a great guy. Um, he, uh, he, he believes in it. It's not, he's not just doing it that way because he thinks, um, something bad will happen if he doesn't, he's doing it that way. Cuz he believes in that our ecosystem is what made us. I mean, I mean, even here it's about the partners in the ecosystem. If you look at what made REL people think what made red hat as a company was support, right. Support's really important. Small piece of the value proposition life cycle supports certainly their life cycle a 10 year life cycle just came out of a, a, a customer conference asking about the life cycle and could we extend it to 15 years? You know? Um, the ecosystem is probably the most important part of, of, of, of the, of the overall value proposition. And Arvin knows in IBM knows that, you know, we have to be neutral to be able to do everything the same for all of our ecosystem partners. Some that are IBM's competitors, even. So, >>So we were noticing this morning, I mean, aside from a brief mention of power PC and the IBM logo during, at one point, there was no mention of IBM during the keynote sessions this morning. Is that intentional? Or is that just >>No, no, it it's, it's not intentional. I mean, I think that's part of, we have our strategy to drive and we're, we're driving our, our strategy. We, we, we IBM great partner. We look at them as a partner just as we do our, our many other partners and we won't, you know, we wouldn't, we wouldn't do something with our products, um, for I with IBM that we wouldn't offer to our, our entire ecosystem. >>But there is a difference now, right? I don't know these numbers. Exactly. You would know though, but, but pre 2019 acquisition red hat was just, I think north of 3 billion in revenue growing at maybe 12% a year. Something like that, AR I mean, we hear on the earnings calls, 21% growth. I think he's publicly said you're north of 5 billion or now I don't know how much of that consulting gets thrown in. IBM likes to, you know, IBM math, but still it's a much bigger business. And, and I wonder if you could share with us, obviously you can't dig into the numbers, but have you hired more people? I would imagine. I mean, sure. Like what's been different from that standpoint in terms of the accelerant to your >>Business. Yeah. We've been on the same hiring cycle percentage wise as, as we, we always were. I mean, I think the best way to characterize the relationship and where they've helped is, um, Arvin, Arvin will say, IBM can be opinionated on red hat, but not the other way around <laugh>. So, so what that, what that means is they had a lot of, they had, they had a container based Linux platform. Yeah, right, right. They, they had all their, they were their way of moving to the cloud was that when we came in, they actually stopped that. And they standardized on OpenShift across all of their products. We're now the vehicle that brings the blue software products to the hybrid cloud. We are that vehicle that does it. So I think that's, that's how, that's how they, they look about it. I mean, I know, I mean in IBM consulting, I know, I know they have a great relationship with Microsoft of course. >>Right. And so, so that's, that's how to really look at it. They they're opinionated on us where we not the other way around, but that, but they're a great partner. And even if we're at two separate companies, we'd do be doing all the same things we're doing with them. Now, what they do do for us can do for us is they open a lot of doors in many cases. I mean, IBM's been around for over a hundred years. So in many cases, they're in, in, in the C-suite, we, we may be in the C suite, but we may be one layer down, one, two layers down or something. They, they can, they help us get access. And I think that's been a, a part of the growth as well as is them talking into their, into, into their >>Constituents. Their consulting's one of the FA if not the fastest growing part of their business. So that's kind of the tip of the spear for application modernization, but enough on IBM you said something in your keynote. That was really interesting to me. You said, you, you, you didn't use the word hardware Renaissance, but that my interpretation was you're expecting the next, you know, several years to be a hardware Renaissance. We, we certainly have done relationships with arm. You mentioned Nvidia and Intel. Of course, you've had relationships with Intel for a long time. And we're seeing just the spate of new hardware developments, you know, does hardware matter? I'll ask you, >>Oh, oh, I mean the edge, as I said, you're gonna see hardware innovation out in the edge, software innovation as well. You know, the interesting part about the edge is that, you know, obviously remade red hat. What we did with REL was we did a lot of engineering work to make every hardware architecture when, when it was, when, when the world was just standalone servers, we made every hardware architecture just work out of the box. Right? And we did that in such, because with an open source development model. So embedded in our psyche, in our development processes is working upstream, bringing it downstream 10 years, support all of that kind of thing. So we lit up all that hardware. Now we go out to the edge, it's a whole new, different set of hardware innovation out at the edge. We know how to do that. >>We know how to, we know how to make hardware, innovation safe for the customer. And so we're bringing full circle and you have containers embedded in, in Linux and REL right now as well. So we're actually with the edge, bringing it all full circle back to what we've been doing for 20 plus years. Um, on, on the hardware side, even as a big part of the world, goes to containers and hybrid in, in multi-cloud. So that's why we're so excited about, about, about the edge, you know, opportunity here. That's, that's a big part of where hybrid's going. >>And when you guys talk about edge, I mean, I, I know a lot of companies will talk about edge in the context of your retail location. Okay. That's fine. That's cool. That's edge or telco that that's edge. But when you talk about, um, an in vehicle operating system, right. You know, that's to me the far edge, and that's where it gets really interesting, massive volumes, different architectures, both hardware and software. And a lot of the data may stay. Maybe it doesn't even get persisted. May maybe some comes back to the club, but that's a new >>Ballgame. Well, think about it, right? I mean, you, if you listen, I think you, right. My talk this morning, how many changes are made in the Linux kernel? Right? You're running in a car now, right? From a safety perspective. You wanna update that? I mean, look, Francis talked about it. You'll talk to Francis later as well. I mean, you know, how many, how many in, in your iPhone world Francis talked about this this morning, you know, they can, they can bring you a whole new world with software updates, the same in the car, but you have to do it in such a way that you still stay with the safety protocols. You're able to back things out, things like that. So it's open source, but getting raw upstream, open source and managing itself yourself, I just, I'm sorry. It takes a lot of experience to be able to be able to do those kinds of things. So it's secure, that's insecure. And that's what that's, what's exciting about it. You look at E the telco world look where the telco world came from in the telco world. It was a hardware stack from the hardware firmware operating system, every service, whether it was 9 1, 1 or 4, 1, 1 was its own stack. Yep. In the 4g, 3g, >>4g >>Virtualized. Now, now it's all software. Yeah. Now it's all software all the way out to the cell tower. So now, so, so now you see vendors out there, right? As an application, as a container based application, running out, running in the base of a cell tower, >>Cell tower is gonna be a little mini data >>Center. Yeah, exactly. Because we're in our time here asking quickly, because you've been at red hat a long time. You, you, you, uh, architected a lot of the reason they're successful is, is your responsibility. A lot of companies have tried to duplicate the red hat model, the, the service and support model. Nobody has succeeded. Do you think anybody ever will or will red hat continue to be a unicorn in that respect? >>No, I, I, I think, I think it will. I think open source is making it into all different parts of technology. Now I have to tell you the, the reason why we were able to do it is we stayed. We stayed true to our roots. We made a decision a long time ago that we weren't gonna put a line, say everything below the line was open and above the line was closed. Sometimes it's hard sometimes to get a differentiation with the competition, it can be hard, but we've stayed true to that. And I, to this day, I think that's the thing that's made us is never a confusion on if it's open or not. So that forces us to build our business models around that as well. But >>Do you have a differentiated strategy? Talk about that. What's your what's your differentiation >>Are, are, well, I mean, with the cloud, a differentiation is that common cloud platform across I differentiate strategy from an open source perspective is to, to sort make open source consumable. And, and it's even more important now because as Linux Linux is the base of everything, there's not enough skills out there. So even, even a container platform like open source op like OpenShift, could you build your own? Certainly. Could you keep it updated? Could you keep it updated without breaking all the applications on top? Do you have an ecosystem around it? It's all of those things. It was, it was the support, the, the, the hardening the 10 year to predictability the ecosystem. That was, that was, that is the secret. I mean, we even put the secret out as open. >>Yeah, <laugh> right. Free, like a puppy, as they say. All right, Paul, thanks so much for coming back in the cubes. Great to see you face to face. Nice to see you guys get it. All right. Keep it right there. Dave Valante for Paul Gill, you're watching the cubes coverage of red hat summit, 2022 from Boston. Be right back.