>>Hey everyone. Welcome to the cubes presentation of the AWS startup showcase. This is season two, episode four, where we continue to talk with the AWS ecosystem partners, this topic, cybersecurity protect and detect against threats. I'm your host, Lisa Martin. I've got a new guest with me. Ryan Ferris joins me the VP of products and engineering at Anisha. Ryan. Welcome to the program. Great to have you. >>Thank you so much for having me. >>So let's dig right in. Why are software vendors turning to Anisha to help them address and access the nearly for over 200 billion market public sector, federal market for cloud services? What is that key event? >>Yeah, it's it. If you know anything about FedRAMP and if you've looked into it, it takes a long time to achieve Fedra. So when customers kind of go into this cold and they're from Mars and they're like, what is bed? They usually find that it's an 18 month journey, maybe a 24 month journey. And so Anisha helps shorten that journey with lower costs and faster time to market. So if you're waiting for our revenue stream from say a government entity, we can get you there faster and get you to a, a state of Fedra certified in a shorter time period. And that's the value problem. >>Faster time to value is critical for organizations. So let's look at this journey as you talked about it, what does the path to compliance look like for specifically for AWS customers with a nation and without help us understand the value add? >>Yeah. So if you're doing it without Angen or if you're just kind of doing it yourself, which some customers choose to do, then they have to go on that journey and kind of learn about three primary things. One thing is how do I just write the entire package? Like there there's a thing called an SSP or a, a system security plan. And that thing is maybe seven or 800 pages long. And you have to offer that all by yourself so you can get help with that or not. That's sort of the academic and, and, and tech writing piece of it. There's another piece of it around what does my environment look like? So as I am ruling out this Fedra solution, what are each piece in my environment that needs to be compliant with Fedra? And it's a voluminous amount of things can be either a dozen or maybe up to a hundred things that you have to tweak and change. So there's a technical deployment store here as well. And then the third thing is keeping you compliant in your AWS environment after you've achieved kind of that readiness state. So the journey does not stop once you achieve Fedra, ATO, it goes on and on and on, and Anisha helps customers kind of maintain and keep them there in that fully compliance state after achieving ATO, >>What's the timeframe for AWS customers in terms of going, alright, we realize we're going on this journey. It's challenging. We need An's help. What's the timeframe to get them actually certified. >>Yeah. We look at the timeframe between the moment you deploy and the moment you start writing about that tech, that Fedra package and when you're audit ready, and in the best case scenario, that could be a few months, right? But you're always, your mileage may vary based on kind of your application readiness and how ready you are to pursue that journey. So the fastest happy path is a few months to audit, audit an audit ready state, but then you have, you kinda have to go through a process whereby you're in the queue for Fedra. And that can kind of take maybe an extra few months, but it really is that that three month accelerated timeframe in the best case scenario, >>Got it. Three months accelerated timeframe. Are there other compliance standards that besides Fedra that you help organizations get compliance with? >>Right. So it's a great question. So FedRAMP in and of itself is just really hard to get to. It's just so many things that you have to do, but if you get to that state, it's based off of a standard called missed 853 specifically rev four, that's kind of a mouthful, but once you achieve that state, there's basically 325 controls that come along with fed moderate. And that buys you a lot of leverage in leeway in mapping and sort of crosswalking to other compliance levels. So if you achieve that state, you buy a lot of, kind of goodness with things that map to either PCI or even HIPAA or SOC two. And, and so you, you kind of get a big benefit and sort of a big bang for your buck by having achieved that, that state for Fedra. >>So from an AWS customer, talk to me about, obviously we talked about the time to value the speed with which you enable organizations to achieve compliance and, and readiness. What what's in it for me in terms of working with a nation as an AWS customer. >>Yeah. For, so for AWS specifically our stack, well, we have kind of two versions of our stack. One is meant for Azure and it's kind of cookie cutter and meant for folks that have an entrenched Azure footprint. The other is it's the majority of our market it's folks that want to in accelerator footprint in AWS. So what's in it for you is that Anan kind of presents something that looks pretty similar to a landing zone, but it's a little bit more peppered with complexity and with tuned configurations. So if you're an AWS customer and let's see you've had an environment for the last 5, 6, 7 years, we help you kind of take that environment and enhance it and become FedRAMP ready in a much faster state. And we are leveraging and utilizing a lot of native AWS core services like ECR, for example, is one we're just starting to lean into AWS inspector for bone scans, those types of things. And then kind of when you get up to that audit, ready state and through ATO, we aggregate a lot of that vulnerability information and vulnerability scanning information into a parable readable, actionable format. And most of those things, those gatherings of data are AWS specific functions that we kind of piggyback on. So we're heavily into cloud trail and, and quite heavy into kind of using the things that are already at our fingertips just by deploying into AWS. >>Yeah. Leveraging what they already are familiar with kind of meeting the customers where they are. I think these days is such an important factor to help organizations make the changes as quickly and dynamically as they need to. >>That's right. Yeah. That's perfect. Yeah. A lot of customers, you know, when, when they start on the journey, they kind of, they, they sort of uncover the, uncover the details around, well, I have an application and this application has existed for six or seven years. How do I get this thing FedRAMP ready? And what does onboarding mean to your stack? We try to make that specific step as easy as possible. So when I'm on the phone with prospects and I'm talking to 'em about embarking on a journey, I kind of get them to a mental model where they treat their application VPC or their application environment as sort of a, and we deploy a separate VPC into their, into their cloud account. And then we peer that information. It's kind of getting into the mechanics a little bit, but we try to make it as easy as possible to start doing the things that we're obliged to do for FedRAMP, for their application, like bone scans and, and operationalization of logging and things like that. And then we pull that information into our AIAN managed BPC. And I think once customers really start to understand and sort of synthesize that mental model, then they kind of have this Baha moment. They're like, oh, okay. Now I, now I really understand how your platform can accelerate this journey into a period that is no more than say two or three months of onboarding >>No more than two or three months. That's, that's a nice kind of guarantee for organizations who are you typically engaging with? Is it the CISO level or are there other folks involved in this conversation? >>Yeah, I, the CISO is probably the best persona to engage with, but it so varies from customer to customer and you never really know who's really gonna, oftentimes it's the CEO or, or sometimes it's a champion that might be the CFO or someone that's incentivized to really start getting market share for federal customers that they don't have access to. That might even be a VP of engineering that we're, that we're conversing with. But most often I think the CISO is central because the CISO of course wants to give in details of what does the staff consist of and exactly how are you helping me with this big burden of continuous monitoring that fed Fedra makes me do. And, and where, where do you fit in that story? So it's usually the CSO, >>Usually the CSO, but some of the other personas that you mentioned sounds like it's definitely a C level or at least a, an executive level conversation. >>It is. Yeah. I'll try to divide that a little bit from my persona. Like I, I run engineering and product. I'm usually dealing with a rather talking to and engaging with the CSO, but the folks that cut the check are either either the CEO or the CFO that really want to widen that kind of revenue stream that they don't have access to. And they're the real decision making personas in this deal. Now, after the decision decision is made, then, you know, they're vetting through VPs of engineering or engineering leaders or the CSO. So like the, the folks that pull the purse strings are usually, you know, the ones that are cutting the check to make this investment that is usually the CSO or rather CEO and the CFO. >>Got it. Okay. So if I'm an AWS customer and I'm on this journey for fed re certification, I've, I've been on it for a while. How do I know it's time to raise my hand or pick up the phone and call Anisha? >>Yeah. You know, some customers that we speak with have already tried to do it and maybe they've failed. Maybe they've been like 12 or 14 months into the journey. And they've said things like, we just don't know how to put the package together, or maybe they've engaged with the third party auditor. And the third party auditor has said, sorry, you guys need to go back to the drawing board or maybe they've missed a good percentage of the technical requirements and they need some consultation and advice or a cookie cutter approach. So it kind of, every journey is different when we are engaging. Sometimes folks are just coming in completely cold or maybe they failed. But the more interesting ones, and I think when we can look a little bit more like heroes are the ones that have tried it, and then a year later they come back, they come back to an, and they want that accelerated goodness. >>Do you have a favorite customer story that you think really articulates the value either from a customer who came in cold or a customer who came in after trying it on their own or with another partner for a year that you think really demonstrates the value that AIAN delivers? >>Yeah. There is a customer story that's sort of top of mind and it's, I think the guy primarily stuck in what tooling I'll anonymize the customer, but this customer kind of chose the wrong level of tooling as they embarked on their journey. And by tooling, I mean, let me get a little bit more specific here. You can't just choose any vulnerability scanner, for instance, if it's a SAS product, or if it's sending data or requests outside of your Fedra boundary, then you're gonna run into trouble. And this reference customer, or this prospect at the time kind of had a lot of friction there. So as they were bumping up against that three Pao deadline, they realized they had a lot of work to do. And we simplified that, that part of the journey substantially for them by essentially selecting and spoon feeding them and, and sort of accelerating that part of the deployment and technical journey for them. And they were very delighted by that part of it. >>When you're talking with customers who are in, in a state of, of change and fluxes, who isn't these days, we've seen the acceleration of digital transformation considerably over the last couple of years. How do you talk with them about a nation as an enabler of their digital transformation overall? >>Yeah. Digital transformation. It's a, it's a broad word. Isn't it like for, for customers that are moving from an on-prem world into the cloud world, you have this great opportunity to kind of start from scratch. And so for Anisha, we are deploying and maybe not start from scratch, but when you're moving from an on-prem environment into the cloud, your footprint, you have this really nice opportunity to embrace more of AWS core services and to kind of rebuild things, kind of make your architecture drastically improved, or like look different to be more supportable and like less operational overhead. And so when an nation presents itself as sort of this platform in a walled garden environment, some customers have this aha moment that like, if you're gonna move either a portion of your environment or a specific application to the cloud, AIAN really helps you establish that security within that boundary and that footprint in a, in a much more accelerated fashion, then if you were selecting each part of your security infrastructure and then trying to implement it by hand, and that's kind of where we shine. >>Got it. We talked about the personas that you're typically engaging with depending on the organization, but how do you help enterprise companies who say Anisha, we wanna improve DevOps efficiency. We wanna get our applications secure that are running on AWS and those that we may wanna move to AWS in the future. >>Yeah. This gets into futures a little bit, but part of our roadmap, a little bit of a, a kind of a look around the corner for our roadmap is that since we know so much about the FedRAMP environment and FedRAMP moderate and the standard called this 853, it's a really powerful security view. And it's also a really powerful compliance view. So, you know, as I was saying before that, if you achieve a lot of depth and excellence in nest 853, it buys you a lot of kind of crosswalk and applicability for SOC two and HIPAA and PCI. So for DevOps organizations and for just engineering organizations that want more pre-pro insight, there's no reason why you can't just deploy our platform and our stack in a pre fraud environment to get that security signaling such that you can catch things early and prevent maybe spillage or leakage or security issues to go into production. So one of the things that we're doing on a roadmap is a, a feature that we call compliance insights, whereby we present a frame of missed 853 RAV4 that you can deploy into any environment. And that particularly helps the DevOps role by saying, well, if I just, for example, exposed an S3 bucket to world, then I can catch that configuration, that compliance product and catch it, trap it and fix before it leaks out to. >>So you talked a little bit about kind of some of the things that are coming up on a, on the product side, what's next for Anisha, as we look at we're rounding out calendar year 22 coming into 2023, there's still so much change in the market. We've got to embrace that. What's next for the company. What can we expect from the VP of products and engineering? >>Yeah, I think in two, two big areas here, we're gonna double down on our Fedra offering offering, and just continuously improve it and improve it. We're pretty tempted to lean in more heavily to CMMC. We hear a lot about CMMC kind of on the periphery, but we just haven't quite felt the market pressure to really go after that. But there's definitely something there. And I would anticipate some offering that maps to that specific compliance that, that compliance framework. And then in the enterprise, we just month after month, we discuss more about how we can create more flexibility in our platform, such that commercial customers can get more of that goodness, and sort of more of that consolidation and time to market, particularly for small and mid-sized customers. So we'll be releasing more of those pieces of functionality in 2023 as well. >>So the commercial folks be on the lookout for that. >>Yes, absolutely. That's a huge untapped market for us. We're super excited about it and we'll be a little cagey on in our plans until we kind of get through this early availability period and then probably make a bigger splash in the first half of 2023. >>That sounds appropriate. Where can the audience go to learn more about what you guys are doing and maybe get ahead on some of those teaser that you just mentioned? >>Yeah. I think our marketing folks will push out more data sheets and marketing material on what's to come. And if you ever wanted to be part of this early availability program that I just discussed, or that I mentioned, you can always go to anan.com and ping us, and we'd be happy to have a conversation with you and we'll lift up the hood and allow you to look under there for, and just carry on the conversation around what's to come. >>All right, getting a peek of what's under the hood. That's always exciting, Ryan, thank you for joining me on this program. AWS startup showcase. We appreciate your time, your insights and a peek into what's going on at Anisha. >>Awesome. It was a pleasure. Thank you so much. >>Likewise. We wanna thank you for watching the AWS startup showcase for Ryan Ferris. I'm Lisa Martin stick right here on the, for great content coming your way. Take care.

>> Announcer: Live from the Computer History Museum in Mountain View, California. It's theCUBE covering DevNet Create, 2018, brought to you by Cisco. (techy music playing) >> Okay, welcome back, everyone. We're live here in Mountain View, California, in the heart of Silicon Valley for Cisco's DevNet Create. This is their new developer outreach kind of cloud, devops conference, different than DevNet their core, Cisco Networking Developer Conference is kind of an extension, kind of forging new ground. Of course theCUBE's covering, we love devops, we love cloud. I'm John Furrier with Lauren Cooney, my cohost today. Our next guest is Alex Ellis, project founder of OpenFaas, F-A-A-S, function as a service. That's serverless, that's Kubernetes, that's container madness. You name it, that's the cool, important trend, thanks for joining us. >> Yeah, thanks for having me, it's great to be here. >> So, talk about the founding of the project. So, you're the founder of the project-- >> Alex: Yeah. >> And you now work for VmWare, so let's just get this-- >> Yeah. >> On the record, so-- >> Alex: Yeah, I think this is-- >> Take a minute to explain. >> This is important just to set a bit of context now. I started this project from the lens of working with AWS Lambda as a Docker captain. I was writing these Alexa skills and I found that I had to hack in a web editor and click upload, or I had to write a zip file, put dependencies on my laptop, and upload that to the cloud every time I changed it. It just didn't feel right because I was so bought into containers. It's the same everywhere, there's no more, "It works on my machine." >> John: You're going backwards. >> Right? (laughing) So, I put a POC together for Docker Swarm and nobody had done it at that point, and it got really popular. I got to Docker Concourse Hacks Contest and presented to 4,000 people in the closing keynote, and I kind of thought it would just blossom overnight, it would explode, but it didn't happen, and actually, the months... We're going back 14 now, I grew a community and spent most of my time growing the community and extending the project. Now, that has been really fruitful. It's led to over 11,000 stars on GitHub, 91 individual contributors, and much, much more. It's been a really rich experience, but at the same time-- >> So, rather than going big rocket ship you kind of went, hunkered down and got a kernel of core people together. >> Alex: Yeah. >> Kind of set the DNA, what is the DNA of this project if you had to describe it? >> Yeah, so I think at the heart of it it's serverless functions made simple for Docker and Kubernetes. >> Great, and so how does Amazon play into this? You were using Amazon cloud? >> Yeah, I was using AWS and I was using Lambda, and that flow was not what I was used to in the enterprise. It wasn't what I was used to as a Docker captain. You know, I wanted a finite image that I could scan for vulnerabilities. >> John: Yeah. >> I could check off and promote through an environment. >> John: Yeah. >> Couldn't do it, so that was what OpenFaas aimed to do, was to make those serverless functions easy with Docker as a runtime. >> Well, congratulations, it's a lot of hard work. First, building a community's very difficult, and certainly one that's relevant. Cool and relevant, I would say, is serverless and functions. We'll certainly be seeing that now at the uptake. Still early on, but people are working on it. So, then now, let's forward to today. You work for VMWare, so-- >> Alex: Yeah. >> How did they get involved, are you shipping the project to VMWare, do they own it? Do you maintain the independence? What's the relationship between VMWare, yourself, and the project, if you can talk about that. >> Yeah, I think that's a great question. So, I got to the point where I had demands on my time around the clock. I couldn't rest, open source project, weekends, nights, the lot. >> John: You need the beer money, too, by the way. >> Right, yeah. >> You need some beer money. >> And I was working at ADP and just doing all of this in my own time, and then had a number of different options that came up and people saying, "Look, how are you going to sustain this, "how are you going to keep doing what you love?" You know, you should be working on it full time. One of the options that came up was from VMWare to work in the Open Source Technology Center. It's relatively new-- >> John: Mm-hmm. >> And the mission of the OSTC is to show VMWare as a good citizen in the community and to contribute back to meaningful projects, right, that relate to their products. >> Yeah, and they have good leadership, too, at VMWare. A lot of people don't know that. We did a couple CUBE interviews with them last year, and there is a group inside VMWare that just does that, not with the tentacles of VMWare and Dell Technologies in there. It's an independent group. >> Alex: Yeah. >> They probably go to some meetings and do some debrief, but for the most part it's kind of decoupled from VMWare, right. >> Yeah, right. So, the mission is not necessarily to make money and to produce products. It's to contribute to open source. Help with inbound so when we need to consume a project in a product, and outbound when we want to make the world a better place. >> So, I'm not going to put words in VMWare's mouth, but I will speculate covering VMWare since theCUBE started. We've been to every VMWorld and everyone knows we've got the good presence there, but if I'm VMWare I'm like, "Hey, you know what, we just "did a deal with Amazon, our enterprise "group is not so cloud savvy." I mean, the enterprise, there are operators, not true cloud native, but they're bridging that gap. The world of cloud native and enterprise is coming together. Does this project fit into that spot? Is that kind of where they saw it? Did I get that right or what was their interest other than doing-- >> Alex: Yeah. >> Helping the world out and solving world peace in the open source community. >> Yeah, so the mission of OSTC is slightly different. It's to contribute back to meaningful projects and to have this presence in the community. You know, I think OpenFaas is particularly attractive because it has such a broad community. There's people all around the world that are contributing to it, very active. For VMWare it makes a lot of sense because it runs natively on Kubernetes or Docker Swarm, and it's gained a lot of traction, people are using it. >> John: Mm-hmm. >> I had a call with BT Research before I came out and they said, "We've been using it for seven months. "We absolutely love it, it's transforming "how we're doing our microservices," and so I think that's part of it, as well as already have kind of a lead. Already have a lot of momentum with this project. >> So, are you looking to, you know, I know that the organization that you work for is really focused on driving this outbound, right? >> Alex: Yeah, yeah. >> Is VMWare using this internally as well? >> So, I think there's been a number of people who've shown an interest. You can think, "Right, there's a problem "we could solve with this," and I'm just getting my feet under the table, but really my mission is to make serverless functions simple to build this community-- >> Lauren: Mm-hmm. >> And to have something that people can turn to as an alternative. So, one of the things that I did in the talk yesterday was, "How do you explain OpenFaas to your boss," and one of the points there was to unlock your data. >> Lauren: Mm-hmm. >> And I think we talked about this briefly before, now with controversies recently about data and who owns it, what's happening with it, I think it's even more relevant that-- >> John: Yeah. >> You can have full control over the whole stack if you want-- >> John: Yeah. >> Or use a product like Microsoft AKS, their Kubernetes service-- >> Lauren: Mm-hmm. >> Or GKE and actually treat OpenFaas like a very thin layer of automation. >> Lauren: Really, okay. >> Or go full stack and have everything under your control. >> I mean, that's a great conversation to have, too, because obviously you're kind of referring to the Facebook situation. Zuckerberg's testifying it front of Senate yesterday, Congress today, and it's funny because watching him talk to senators in the US, they really don't know how stuff works, and so if you think about what Facebook does... I mean, granted they took some liberties. They're not the perfect citizen, they got slapped. They took it to the woodshed, if you will, but their mission is to use the data, and this is where cloud native's interesting and I think I want to get your reaction to this, you need to use the data, not treat it as a siloed, fenced in data warehouse. That model's old, right-- >> Alex: Yeah. >> It's now horizontal and scalable. Data's got to move and you've got to have data to make other things happen. That's the way these services are working. >> Yeah. >> So, it's really important to have addressability of the data and you know, GDPR takes an attempt at, you know, kind of hand waving that simple argument away. I'm not really a big fan of that, personally, but the role of data's super important. You've got to make it pervasive, so the challenge is how do you manage those controls. Is that an opportunity for functions? What's your reaction to that whole paradigm of data? >> Yeah, so we're talking about anonymous usage data, like Facebook situation or-- >> Just data in general... Oh, no, just data in general, if I'm an application and I have data-- >> Alex: Yeah. >> That I'm generating, same development of service-- >> Alex: Yeah. >> I need, you might want to leverage that data. So, I'm going to have to have a mechanism for you to share that data to make your service better-- >> Alex: Yeah. >> Because data makes data, you know-- >> Alex: Yeah. >> The alchemy side of it is interesting, but then there's all... You get trapped in regulation, licensing, it can be destructive. >> Yes, so as an engineer, and as an open source engineer, you find people that have no clue about what an MIT license is to a GPL or why you'd use one or the other. I think there's a lot we can do to educate the wider community and help them to learn the basics of these issues. When I was at university we had a course on ethics and legal issues and licensing, and I heard on the radio earlier on the Uber that they're starting to try and up the level of that again, and I think it really needs to start at a ground level. We need to educate people about these issues so that they're aware of how to handle the data. I mean, if you look at common tools like Docker and VS Code and Atom, popular editors, they collect anonymous usage statistics and you have to opt out. You know, should OpenFaas collect data as well, because it can be super helpful for us to know the right thing to do. >> Yeah. >> And when you come to open source you get no feedback until somebody wants support from you and it has to be done yesterday for free. >> Yeah, yeah, yeah. >> And so, yeah, getting data can be super powerful. >> Well, Alex, you bring up a great point. I think this is something that's worthy of an ongoing conversation. I think it will be, too, because GPL, Apache license, all these licenses were built when open source was a Tier 2 citizen, so the whole idea of these-- >> Alex: Yeah. >> Licenses was to create a robust sharing economy of code, and you know, with the certain nuances of those licenses. But just like stacks get updated and modernized with what we've seen the containers and now Kubernetes is serverless, the stack is changing and modernizing. The licenses have to, as well, so I think this is something that... I don't, I think it's kind of like we've got to get on it. (laughing) It's like I think we should just, this is a work area. It's not necessarily... It's game changing if you don't do it, right, because it could-- >> Yeah. >> It could flip it either way. So, to me that's my opinion. >> Well, I think you're under MIT, correct, is that-- >> So, it's under MIT right now. >> Lauren: Okay. >> One of the things that I didn't realize when I started the project is if you want to get into a big foundation like the Cloud Native Computing Foundation you need an Apache 2.0 license, and the main difference is that it offers some protections around patent claims, but it's basically-- >> Lauren: Okay. >> Compatible, so it is a minefield, and it's-- >> Lauren: So, that's just for the CNCF? >> Right, and the Apache Foundation, obviously as well. >> Lauren: Yes. >> And probably many others follow suit because I think it, we talk about the-- >> John: It's the dual source, it's the dual source. >> A refresh... >> John: Yeah, yeah. >> Right, it's a compatible license, it seems to help a lot of people. >> Lauren: Mm-hmm. >> That's a huge issue because you could be well down the road with committing code and then the lawyers will make you take it out. >> Right, so that's why organizations like the Open Source Program Office exist within VMWare, to help these issues and to monitor and do compliance. They may use software like Black Duck to check stuff-- >> Lauren: Yep, mm-hmm. >> Automatically because you don't want to be doing checks on your aircraft once it's in the air. >> Lauren: Mm-hmm. >> John: Yeah. >> You want to sort out everything out on the ground. >> You'll be grounding your fleet, that's for sure-- >> Right. >> When it comes to that, how do you handle that with licensing? How do you guys handle that when people contribute? >> Yeah. >> Are they aware of the license or they don't understand the implications? >> So, with OpenFaas we follow a model very similar to the Linux kernel, which is a sign off developer certificate of origin. What you're saying is I'm allowed to give you this code, I'm allowed for this to be a part of the project and I wrote it, I originated it. >> Lauren: Mm-hmm. >> And that's pretty much a good balance between a full contributor license agreement and nothing at all. >> John: Yeah. >> Lauren: Mm-hmm. >> But look, there's a lot of projects in this space right now. I don't know if you've noticed that, Kubernetes serverless projects. >> Yeah, I mean, it's a lot of really interesting, it's why I like this show here. I think what Cisco's smart to do here at DevNet Create is identify the network programmability, which really takes devops, expands the aperture of what devops is, so-- >> Alex: Yeah. >> You know, as you got new applications coming online some developers want nothing to do with the infrastructure. Kubernetes has got a much more active and more prominent role with layer seven primitives, for instance, or-- >> Alex: Yeah. >> Managing things down to the network layer. You're talking about policy services inside services on the fly, so this is really a big, a good thing, in my opinion. So, you know, I think, Kubernetes, most people look at as a kind of generic orchestration, but I think there's so much more there. >> Alex: Yeah. >> I think that to me is attracting some really rockstar developers. >> Yeah, well I think, you know, the fact that you are open, you're under the MIT license, which I am a fan of-- >> Alex: Yeah. >> And you know, it is, you're on a very successful trajectory in terms of, you know, what you're building and who's engaged and the fact that VMWare is behind you means that they're going to put some money into it, hopefully, and help you guys along as it works, but it is also a project that is not... You know, it doesn't have folks just from VMWare. >> Alex: Yeah. >> It's really, really diverse in terms of who's committing the code. So, I think there's a lot of things that are really going for you. Now, who do you see, you mentioned competitors... >> Alex: Yeah. >> So, can you talk a little bit about what the ecosystem there looks like? >> Yeah, so there's a number of projects that I think have made some really good decisions about their architecture and their implementation. They all vary quite subtly, and one of the questions I get asked a lot is, you know, how is this different from X, cubeless nucleo, and if you look at the CNCF landscape there used to be a very small section with OpenFaas, Lambda, and a couple of others. It's now so big it has its own PDF just about serverless, and I think that's super confusing for people. So, part of what we're trying to do is make that simple and say, "Look, there may be many options. "Here's OpenFaas, here's how it works. "You can get it deployed in 60 seconds. "You can have any binary or any programming language "you want and it will scale up over Kubernetes." We'll just make a really deep integration, give you everything you'd expect, really nice developer experience. >> Lauren: That's great. >> What are some of the use cases you see right now, low hanging fruit for developers that want to come in and get involved in the project? Have you guys identified any low hanging fruit use cases? >> So, what I've seen, and I talked about this a bit yesterday in the talk, is three big use cases, really. The first one was Anisha Keshavan at University of Washington. >> Lauren: Mm-hmm. >> Now, she's doing a lot of data science with neuroinformatics, medical images. She's able to take scans of brains and give them to people like you and me, who don't know anything about medical science. We just draw around the lesions and we train her model, and then she makes it competitive like a game, gamefies it, you get more points, but actually, what we're doing is making the world a better place by training her medical imaging database. >> Lauren: Mm-hmm. >> She'll then use that as an OpenFaas function to test real images as part of her postdoctorate. >> So, she's crowd sourcing, wisdom of crowds. >> Alex: Right. >> Collect some intelligence for her research. >> Now, one of the other things that I think's really cool is in the community we built out a project with two 17 year olds. Two 17 year olds built a really cool project, and when I think back to when I was 15, 16, I was playing with something like PHP on Windows Lamp Stack. You know, I had to do everything myself. >> John: Yeah. >> They got, like, this scaffolding built up and they could just go to the tenth story and just keep adding on. >> John: Yeah, yeah. >> And they didn't have to worry about managing this infrastructure at all. >> Or architecture, foundation architecture. >> Alex: Right, right. >> Yeah, and that's exactly the reason why you want to do that. >> So, they wrote some small blocks of Python that we found this machine learning code that could convert a black and white image to color, wrapped it in a box and said, "There's a function," then dropped it into OpenFaas and started feeding tweets in, and that was pretty much it. >> John: Yeah. >> Now we have @ColorizeBot, a bit of a strange spelling but you'll find it on Twitter, and it's been in Le Monde newspaper, all round the world. It was pronounced at CubeCon as well, and it's just a super interesting way of showing how you can take something very complex, right, and democratize it. >> Yeah, we'd love to get those people working for theCUBE and put the little cube box and throw all the tweets in there. >> Alex: Right, yeah. >> Alex, thanks for coming on, congratulations. What's next on your project, tell us what's going on, what's next for you, what are you guys conquering next? >> So, I'm really focused on growing the team and community. We've got an open recruitment position open right now and a small team that's building internally. I think the more people we can get contributing on a regular basis the more support there's going to be for the community, the more people are going to want to use this Actually had 26 people join a call last week. "How to contribute to OpenFaas," that was the name of it. >> Lauren: Mm-hmm. >> Around the world, and the best part for me was where we got to the testimonies and I had people just sharing their tips and experiences. How rewarding it is to contribute something bigger, something that you as a developer will actually want to use. >> Yeah, and the value opportunities, to extract value out of the group-- >> Yeah. >> It's phenomenal, functions as a service. Super relevant in cloud and devops as the middleware, if you want to call it that, expands more capabilities in devops are coming. It's theCUBE coverage here at DevNet Create. We'll be back with more live coverage here in Silicon Valley in Mountain View, California, after this short break. (techy music playing)