>>Okay, welcome back everyone. Day three of the cube coverage here at VMware VMware Explorer, not world 12 years. The Cube's been covering VMware is end user conference this year. It's called explore previously world. We got two great guests, friends of the cube friend, cube, alumni and cloud rod, Keith Townson, principal CTO advisor, air streaming his way into world this year in a big way. Congratulations. And course James Erhard principal technology, a at tan zoo cloud ARA. He's been in cloud game for a long time. We've known each other for a long, long time, even before cloud was cloud. So great to see you guys. Thanks for coming on. >>Ah, it's a pleasure, always happy to >>Be here. So day threes are kind of like riff. I'll throw out super cloud. You guys will, will trash it. We'll debate. It'll be controversial and say this damage done by the over rotation of developer experience. We'll defend Tansu, but really the end of the game is, is that guys, we have been on the cloud thing for a long time. We're we're totally into it. And we've been saying infrastructure is code as the end state. We want to get there. Right? DevOps and infrastructure is code has always been the, the, the underlying fire burning in, in all the innovation, but it's now getting legitimately enterprised it's adopted in, in, in large scale, Amazon web services. We saw that rise. It feels we're in another level right now. And I think we're looking at this new wave coming. And I gotta say, you know, the Broadcom thing has put like an electric shock syndrome into this ecosystem cuz they don't know what's gonna happen next. So as a result, everyone's kind of gotta spring in their step a little, whether it's nervous, energy or excitement around something happening, it's all cloud native. So, you know, as VMware's got such a great investment in cloud native, but yet multi cloud's the story. Right? So, so messaging's okay. So what's happening here? Like guys let's, let's break it down. You're on the show floor of the Airstream you're on the inside, but with the seeing the industry, James will start with you what's happening this year with cloud next level and VMware's future. >>Yeah, I think the big thing that is happening is that we are beginning to see the true separation of capacity delivery from capacity consumption in computing. And what I mean by that is the, the abstractions that sort of bled between the idea of a server and the idea of an application have sort of become separated much better. And I think Kubernetes is, is the strong evidence of that. But also all of the public cloud APIs are strong evidence of that. And VMware's APIs, frankly, before that we're strong evidence of that. So I think what's, what's starting to happen now then is, is developers have really kind of pulled very far away from, from anything other than saying, I need compute, I need network. I need storage. And so now you're seeing the technologies that say, well, we've figured out how to do that at a team level, like one team can automate an application to an environment, but another team will, you know, other teams, if I have hundreds of teams or, or thousands of applications, how do I handle that? And that's what the excitement I think is right >>Now. I mean the, the developer we talking, we're going on camera before you came on camera Keith around, you know, your contr statement around the developer experience. Now we, I mean, I believe that the cloud native development environment is doing extremely well right now. You talk to, you know, look around the industry. It's, it's at an all time high and relative to euphoria, you know, sit on the beach with sunglasses. You couldn't be better if you were a developer open source, booming, everything's driving to their doorstep, self service. They're at the center of the security conversation, which shift left. Yeah. There's some things there, but it's, it's a good time. If you're a developer now is VMware gonna be changing that and, and you know, are they gonna meet the developers where they are? Are they gonna try to bring something new? So these are conversations that are super important. Now VMware has a great install base and there's developers there too. So I think I see their point, but, but you have a take on this, Keith, what's your, what's your position on this? How do the developer experience core and tangential played? >>Yeah, we're I think we're doing a disservice to the industry and I think it's hurting and, or D I think I'm gonna stand by my statement. It's damaging the in industry to, to an extent VMware >>What's damaging to the >>Industry. The focusing over focusing on developer experience developer experience is super important, but we're focusing on developer experience the, the detriment of infrastructure, the infrastructure to deliver that developer experience across the industry isn't there. So we're asking VMware, who's a infrastructure company at core to meet the developer where the developer, the developer is at today with an infrastructure that's not ready to deliver on the promise. So when we're, when NetApp is coming out with cool innovations, like adding block storage to VMC on AWS, we collectively yawn. It's an amazing innovation, but we're focused on, well, what does that mean for the developer down the road? >>It should mean nothing because if it's infrastructure's code, it should just work, right. >>It should just work, but it doesn't. Okay. >>I see the damage there. The, >>The, when you're thinking, oh, well I should be able to just simply provide Dr. Service for my on-prem service to this new block level stores, because I can do that in a enterprise today. Non-cloud, we're not there. We're not at a point where we can just write code infrastructure code and that happens. VMware needs the latitude to do that work while doing stuff like innovating on tap and we're, you know, and then I think we, we, when buyers look at what we say, and we, we say VMware, isn't meeting developers where they're at, but they're doing the hard work of normalizing across clouds. I got off a conversation with a multi-cloud customer, John, the, the, the, the unicorn we all talk about. And at the end I tried to wrap up and he said, no, no, no way. I gotta talk about vRealize. Whoa, you're the first customer I heard here talk about vRealize and, and the importance of normalizing that underlay. And we just don't give these companies in this space, the right >>Latitude. So I'm trying to, I'm trying to rock a little bit what you're saying. So from my standpoint, generically speaking, okay. If I'm a, if the developers are key to the, to the cloud native role, which I, I would say they are, then if I'm a developer and I want, and I want infrastructure as code, I'm not under the hood, I'm not getting the weeds in which some lot people love to do. I wanna just make things work. So meet me where I'm at, which means self-service, I don't care about locking someone else should figure that problem out, but I'm gonna just accelerate my velocity, making sure it's secure. And I'm moving on being creative and doing my thing, building apps. Okay. That's the kind of the generic, generic statement. So what has to happen in your mind to >>Get there? Yeah. Someone, someone has to do the dirty work of making the world move as 400, still propagate the data center. They're still H P X running SAP, E there's still, you know, 75% of the world's transactions happen through SAP. And most of that happens on bare metal. Someone needs to do the plumbing to give that infrastructure's cold world. Yeah. Someone needs to say, okay, when I want to do Dr. Between my on premises edge solution and the public cloud, someone needs to make it invisible to the Kubernetes, the, the Kubernetes consuming that, that work isn't done. Yeah. It >>Is. It's an >>Opportunity. It's on paper. >>It's an opportunity though. It's not, I mean, we're not in a bad spot. So I mean, I think what you're getting at is that there's a lot of fix a lot of gaps. All right. I want Jay, I wanna bring you in, because we had a panel at super cloud event. Chris Hoff, you know, beaker was on here. Yeah. He's always snarky, but he's building, he's been building clouds lately. So he's been getting his, his hands dirty, rolling up his sleeves. The title of panel was originally called the innovators dilemma with a question, mark, you know, haha you know, innovators, dilemma, little goof on that. Cuz you know, there's challenges and trade offs like, like he's talking about, he says we should call it the integrator's dilemma because I think a lot of people are talking about, okay, it's not as seamless as it can be or should be in the Nirvana state. >>But there's a lot of integration going on. A lot of APIs are, are key to this API security. One of the most talked about things. I mean I interviewed six companies on API security in the past couple months. So yeah. I mean I never talked to anybody about API security before this year. Yeah. APIs are critical. So these key things of cloud are being attacked. And so there's more complexity as we're getting more successful. And so, so I think this is mucking up some of the conversations, what's your read on this to make the complexity go away. You guys have the, the chaos rain here, which I actually like that Dave does too, but you know, Andy Grove once said let chaos rain and then rain in the chaos. So we're in that reign in the chaos mode. Now what's your take on what Keith was saying around. Yeah. >>So I think that the one piece of the puzzle that's missing a little bit from Keith's narrative that I think is important is it's really not just infrastructure and developers. Right? It's it's there's in fact, and, and I, I wrote a blog post about this a long time ago, right? There's there's really sort of three layers of operations that come out of the cloud model in long term and that's applications and infrastructure at the bottom and in the middle is platform and services. And so I think one of the, this is where VMware is making its play right now is in terms of providing the platform and service capability that does that integration at a lower level works with VMs works with bare metal, works with the public cloud services that are available, makes it easy to access things like database services and messaging services and things along those lines. >>It makes it easy to turn code that you write into a service that can be consumed by other applications, but ultimately creates an in environment that begins to pull away from having to know, to write code about infrastructure. Right. And so infrastructure's, code's great. But if you have a right platform, you don't have to write code about infrastructure. You can actually D declare what basic needs of the application are. And then that platform will say, okay, well I will interpret that. And that's really, that's what Kubernetes strength is. Yeah. And that's what VMware's taking advantage of with what we're doing >>With. Yeah. I remember when we first Lou Tucker and I, and I think you might have been in the room during those OpenStack days and when Kubernetes was just starting and literally just happened, the paper was written, gonna go out and a couple companies formed around it. We said that could be the interoperability layer between clouds and our, our dream at that time was Hey. And, and we, we mentioned and Stratus in our, our super cloud, but the days of spanning clouds, a dream, we thought that now look at Kubernetes. Now it's kind of become that defacto rallying moment for, I won't say middleware, but this abstraction that we've been talking about allows for right once run anywhere. I think to me, that's not nowhere in the market today. Nobody has that. Nobody has anything that could write once, read one, write once and then run on multiple clouds. >>It's more true than ever. We had one customer that just was, was using AKs for a while and then decided to try the application on EKS. And they said it took them a couple of hours to, to get through the few issues they ran into. >>Yeah. I talked to a customer who who's going from, who went from VMC on AWS to Oracle cloud on Oracle cloud's VMware solution. And he raved about now he has a inherent backup Dr. For his O CVS solution because there's a shim between the two. And >>How did he do >>That? The, there there's a solution. And this is where the white space is. James talked about in the past exists. When, when I go to a conference like Cuban, the cube will be there in, in Detroit, in, in, in about 45 days or so. I talk to platform group at the platform group. That's doing the work that VMware red had hash Corp all should be doing. I shouldn't have to build that shim while we rave and, and talk about the power Kubernetes. That's great, but Kubernetes might get me 60 to 65% of their, for the platform right now there's groups of developers within that sit in between infrastructure and sit in between application development that all they do is build platforms. There's a lot of opportunity to build that platform. VMware announced tap one, 1.3. And the thing that I'm surprised, the one on Twitter is talking about is this API discovery piece. If you've ever had to use an API and you don't know how to integrate with it or whatever, and now it, it just magically happens. The marketing at the end of developing the application. Think if you're in you're, you're in a shop that develops hundreds of applications, there's thousands or tens of thousands of APIs that have to be documented. That's beating the developer where it's at and it's also infrastructure. >>Well guys, thanks for coming on the cube. I really appreciate we're on a time deadline, which we're gonna do more. We'll follow up on a power panel after VMware Explorer. Thanks for coming on the cube. Appreciate it. No problem. See you pleasure. Yeah. Okay. We'll be back with more live coverage. You, after this short break, stay with us.

(soft music) >> Welcome back, everyone. theCube's live coverage. Day two here at VMware Explore. Our 12th year covering VMware's annual conference formally called Vmworld, now it's VMware Explore. Exploring new frontiers multi-cloud and also bearing some of the fruit from all the investments in cloud native Tanzu and others. I'm John Furrier with Dave Vellante. We have the man who's in charge of a lot of that business and a lot of stuff coming out of the oven and hitting the market. Ajay Patel, senior vice president and general manager of the modern applications and management group at VMware, basically the modern apps. >> Absolutely. >> That's Tanzu. All the good stuff. >> And Aria now. >> And Aria, the management platform, which got social graph and all kinds of graph databases. Welcome back. >> Oh, thank you so much. Thanks for having me. >> Great to see you in person, been since 2019 when you were on. So, a lot's happened since 2019 in your area. Again, things get, the way VMware does it as we all know, they announce something and then you build it and then you ship it and then you announce it. >> I don't think that's true, but okay. (laughs) >> You guys had announced a lot of cool stuff. You bought Heptio, we saw that Kubernetes investment and all the cloud native goodness around it. Bearing fruit now, what's the status? Give us the update on the modern applications of the management, obviously the areas, the big announcement here on the management side, but in general holistically, what's the update? >> I think the first update is just the speed and momentum that containers and Kubernetes are getting in the marketplace. So if you take the market context, over 70% of organizations now have Kubernetes in production, not one or two clusters, but hundreds of clusters, sometimes tens of clusters. So, to me, that is a market opportunity that's coming to fruition. Sometimes people will come and say, Ajay, aren't you late to the market? I say, no, I'm just perfectly timing it. 'Cause where does our value come in? It's enterprise readiness. We're the company that people look to when you have complexity, you have scale, you need performance, you need security, you need the robustness. And so, Tanzu is really about making modern applications real, helping you design, develop, build and run these applications. And with Aria, we're fundamentally changing the game around multicloud management. So the one-two punch of Tanzu and Aria is I'm most excited about. >> Isn't it true that most of the Kubernetes, you know, today is people pulling down open source and banging away. And now, they're looking for, you know, like you say, more of a robust management capability. >> You know, last two years when I would go to many of the largest customers, like, you know, we're doing good. We've got a DIY platform, we're building this. And then you go to the customer a year later, he's got knocked 30, 40 teams and he has Log4j happen. And all of a sudden he is like, oh, I don't want to be in the business of patching this thing or updating it. And, you know, when's the next shoe going to fall? So, that maturity curve is what I was talking about. >> Yeah. Free like a puppy. >> Ajay, you know, mentioned readiness, enterprise readiness and the timing's perfect. You kind of included, not your exact words, but I'm paraphrasing. That's a lot to do with what's going on. I mean, I'll say Cloud Native, IWS, think of the hyper scale partner, big partner and Google and even Google said it today. You know, the market world's spinning in their direction. Especially with respect to VMware. You get the relationship with the hyperscalers. Cloud's been on everyone's agenda for a long time. So, it's always been ready. But enterprise, you are customer base at VMware, very cloud savvy in the sense they know it's there, there's some dabbling, there's some endeavors in the cloud, no problem. But from a business perspective and truly transforming the VMware value proposition, is already, they're ready and it's already time now for them, like, you can see the movement. And so, can you explain the timing of that? I mean, I get enterprise readiness, so we're ready to scale all that good stuff. But the timing of product market fit is important here. >> I think when Raghu talks about that cloud first to cloud chaos, to cloud smart, that's the transition we're seeing. And what I mean by that is, they're hitting that inflection point where it's not just about a single team. One of the guys, basically I talked to the CIO, he was like, look, let's assume hypothetically I have thousand developers. Hundred can talk about microservices, maybe 50 has built a microservice and three are really good at it. So how do I get my thousand developers productive? Right? And the other CIO says, this team comes to me and says, I should be able develop directly to the public cloud. And he goes, absolutely you can do that. You don't have to come through IT. But here's the book of security and compliance that you need to enforce to get that thing in production. >> Go for it. >> Go for it. >> Good luck with that. >> So that reality of how do I scale my dev developers is turning into a developer experience problem. We now have titles which says, head of developer experience. Imagine that two years ago. We didn't talk about it. People start, hey, containers Kubernetes. I'm good to go. I can go get all the open source technology you talked about. And now they're saying no. >> And also software supply chains, another board that you're think. This is a symptom of the growth. I mean, open source is the software industry. That is, I don't think debatable. >> Right. >> Okay. That's cool. But now integration becomes vetting, trust, trusting codes. It's very interesting software time right now. >> That's right. >> And how is that impacting the cloud native momentum in your mind? Accelerating it? What inning are we in? How would you peg the progress? >> You know, on that scale of 1 to 10, I think we're halfway marked now. And that moved pretty quickly. >> It really did. >> And if you sit back today, the kinds of applications we're involved in, I have a Chicago wealth management company. We're building the next generation wealth management application. It's a fundamental refactoring of the legacy application. If you go to a prescription company, they're building a brand new prescription platform. These are not just trivial. What they're learning is the lift and shift. Doesn't work for these major applications. They're having to refactor them which is the modernization. >> So how specifically, are they putting some kind of abstraction layer on that? Are they actually gutting it and rewriting it? >> There's always going to be brownfield. Remember the old days of SOA? >> Yeah, yeah. >> They are putting APIs in front of their main systems. They're not rewriting the core banking or the core platform, but the user experience, the business logic, the AIML capability to bring intelligence in the platform. It's surrounding the capability to make it much more intuitive, much more usable, much more declarative. That's where things are going. And so I'm seeing this mix of integration all over again. Showing my age now. But, you know, the new EAI so is now microservices and messaging and events with the same patterns. But again, being much more accelerated with cloud native services. >> And it is to the point, it's accelerated today. They're not having to freeze the code for six months or nine months and that which would kill the whole recipe for failure. So they're able to now to fast track their modernization. They have to prioritize 'cause they got limited resources. But how are you guys coming up to that? >> But the practice is changing as well, right? Well, the old days, it was 12, 18 months cycle or anything software. If you heard the CVS CIO, Rohan. >> Yeah. >> Three months where they started to engage with us in getting an app in production, right? If you look at the COVID, 10 days to get kind of a new application for getting small loans going with Pfizer, right? These are dramatically short term, but it's not rewriting the entire app. It's just putting these newer experiences, newer capability in front with newer modern developer practices. And they're saying, I need to do it not just once, but for 100, 200, 5,000 members. JPMC has 50,000 developers. Fifty thousand. They're not a bank anymore. >> We just have thousands of apps. >> Exactly. >> Ajay, I want to get your thoughts on something that we've been talking about on our super cloud event. I know we had an event a couple weeks ago, you guys were one of our sponsors, VMware was. It was called super cloud where we're defining that this next gen environment's a super cloud and every company will have a super cloud capability. And underneath that is cross cloud capabilities. So, super cloud is like a super set on top of a multi-cloud. And little word play or play on words is, ecosystem partners versus partners in the ecosystem. Because if you're coming down to the integration side of things, it's about knowing what goes what, it's almost like building an OS if you're a coder or an operating systems person. You got to put the pieces together right, not just go to the directory and say, okay, who's got the cheapest price in DR or air gaping or something or some solution. So ecosystem partners are truly partners. Partners in the ecosystem are a bunch of people out on a list. How do you see that? Because the trend we're seeing is, the development process includes partners at day one. >> That's right. Not bolt-on. >> Completely agree. >> Share your thoughts on that. >> So let's look at that. The first thing I'm hearing from my customers is, they're trying to use all the public clouds as a new IS. That's the first API or contract infrastructures code IS. From then on they're saying, I want more and more portable services. And if you see the success of some of the data vendors and the messaging vendors, you're starting to see best of breed becoming part of the platform. So you are to identify which of these are truly, you know, getting market momentum and are becoming kind of defacto leaders. So, Kafka goes hand in hand with streaming. RabbitMQ from my portfolio goes with messaging. Postgres for database. So these are the, in your definition, ecosystem partners, they're foundational. In the security space, you know, Snyk is a common player in terms of scanning or Aqua and Prisma even though we have Carbon Black. Those become partners from a container security perspective. So, what's happening is the industry stabilizing a handful of critical players that are becoming multi-cloud preference of choice in this. And our job is to bring it all together in a all coordinated, orchestrated manner to give them a platform. >> I mean, you guys always had ecosystem, but I think that priority more than ever. It wasn't really your job at VMware, even, Dave, 10 years ago to say, hey, this is the strategic role that you might play one partner. It was pretty much the partners all kind of fed off the momentum of VMware. Virtualization. And there's not a lot of nuance there. There's pretty much they plug in and you got. >> So what we're doing here is, since we're not the center of the universe, unfortunately, for the application world, things like Backstage is a developer portal from Spotify that became open source. That's becoming the place where everyone wants to provide a plugin. And so we took Backstage, we said, let's provide enterprise support for Backstage. If you take a technology like, you know, what we have with Spring. Every job where developer uses Spring, how do we make it modern with Spring cloud. We work with Microsoft to launch a service with Azure Spring Enterprise for Spring. So you're starting to see us taking communities where they have momentum and bringing the ecosystem around those technologies. Cluster API for Kubernetes, for have you managed stuff. >> Yeah. >> So it's about standard. >> Because the developers are voting with their clicks and their code repos. And so you're identifying the patterns that they like. >> That's right. >> And aligning with them and connecting with them rather than trying to sell against it. >> Exactly. It's the end story with everyone. I say stop competing. So people used to think Tanzu is Kubernetes. It's really Tanzu is the modern application platform that runs on any Kubernetes. So I've changed the narrative. When Heptio was here, we were trying to be a Kubernetes player. I'm like, Kubernetes is just another dial tone. You can use mine, you can use OpenShift. So this week we announced support for OpenShift by Tanzu application platform. The values moving up, it's around outcomes. So industry standards, taking lead and solving the problem. >> You know, we had a panel at super cloud. Dave, I know you got a question. I'll get to you in a second. But the panel was the innovator's dilemma. And then during the event, one of the panelists, Chris Hoff knows VMware very well, Beaker on Twitter, said it should be called the integrators dilemma. Because the innovations here, >> How do you put it all together? >> But the integration of the, putting the piece parts together, building the thing is the innovation. >> And we come back and say, it's a secure software supply chain. It starts with great content. Did you know, I published most of the open source content on every hyperscaler through my Bitnami acquisition. So I start with great content that's curated. Then I allow you to create your own golden images. Then I have a build service that secures and so on and so forth and we bring the part. So, that opinionated solution, but batteries included but you can change it is been one of our key differentiator. We recognize the roles is going to be modular, come back and solve for it. >> So I want to understand sort of relationship Tanzu and Aria, John was talking about, you know, super cloud before we had our event. We had an earlier session where we help people understand that Aria was not, you know, vRealize renamed. >> It's rebranded. >> And reason I bring that up is because we had said it around super cloud, that one of the defining characteristics was, sorry, super PaaS, which is a specific purpose built PaaS layer designed to support your objective for multi-cloud. And speaking to a lot of people this week, there's a federated architecture, there's graph relationships, there's real time ability to ingest and analyze. That's unique. And that's IP that is purpose built for what you're doing. >> Absolutely. When I think what came out of all that learning is after 20 years of Pivotal and BA and what we learned that you still need some abstraction layer. Kubernetes is too low level. So what are the developer problems? What are the delivery problems? What are the operations and management problems? Aria solves all the operations and management problem. Tanzu solves a super PaaS problems. >> Yes. Right. >> Of providing a consistent way to build great software and the secure software supply chain to run on any infrastructure. So the combination of Tanzu and Aria complete the value chain. >> And it's different. Again, we get a lot of heat for this, but we're saying, look, we're trying to describe, it's not just IAS, PaaS, and SaaS of last decade. There's something new that's happening. And we chose the name super cloud. >> And what's the difference? It's modular. It's pluggable. It fits into the way you operate. >> Whereas PaaS was very prescriptive. If you couldn't fit, you couldn't jump down to the next level. This is very much, you can stay at the abstraction level or go lower level. >> Oh, we got to add that to the attribute. >> We're recruiting him right now. (laughs) >> We'll give you credit. >> I mean, funny all the web service's background. Look at an app server. You well knew all about app servers. Basically the company is an app. So, if you believe that, say, Capital One is an application as a company and Amazon's providing all the CapEx, >> That's it. >> Okay. And they run all their quote, old IT spend millions, billions of dollars on operating expenses that's going to translate to the top line called the income statement. So, Dave always says, oh, it's on the balance sheet, but now they're going to go to the top line. So we're seeing dynamic. Ajay, I want to get your reaction to this where the business model shift if everything's tech enabled, the company is like an app server. >> Correct. >> So therefore, the revenue that's generated from the technology, making the app work has to get recognized in the income. Okay. But Amazon's doing all, or the cloud hyperscale is doing all the heavy lifting on the CapEx. So technically it's the cloud on top of a cloud. >> Yes and no. The way I look at it, >> I call that a super cloud. >> So I like the idea of super cloud, but I think we're mixing two different constructs. One is, the cloud is a new hardware, right? In terms of dynamic, elastic, always available, et cetera. And I believe when more and more customer I talk about, there's a service catalog of infrastructure services. That's emerging. This super cloud is the next set of PaaS super PaaS services. And the management service is to use the cloud. We spend so much time as VMware building clouds, the problem seems, how do you effectively use the cloud? What problems do we solve around digital where every company is a digital company and the product is this application, as you said. So everything starts with an application. And you look at from the lens of how you run the application, what it costs the application, what impact it's driving. And I think that's the change. So I agree with you in some way. That is a digital strategy. >> And that's the company. >> That's the company. The application is the company. >> That's the t-shirt. >> And API is the currency. >> So, Ajay, first of all, we love having you in theCube 'cause you're like a masterclass in multiple dimensions. So, I want to get your thoughts on the abstraction layer. 'Cause we were also talking earlier in theCube here as well as before. But abstraction layers happen when you have major movements in markets that are game changing or major inflection points because you've reached a complexity point where it's working so great, this new thing, that's too complex to reign it in. And we were quoting Andy Grove by saying, "let chaos reign then reign in the chaos". So, all major industry moments go back 30, 40 years happen with abstractions. So the question is is that, you can't be a vendor, we've observed you can't be a vendor and be the abstraction. Like, if Cisco's running routers, they can't be the abstraction layer. They have to be the benefit of the abstraction layer. And if you're on the other side of the abstraction layer, you can't be running that either. >> I like the way you're thinking about it. Yeah. Do you agree? >> I completely agree. And, you know, I'm an old middleware guy. And when I used to say this to my CEO, he's like, no, it's not middleware, it's just a new middleware. And what's middleware, right? It's a thing between app and infrastructure. You could define it whatever we want, right? And so this is the new distributed middleware. >> It's a metaphor and it's a good one because it does a purpose. >> It's a purpose. >> It creates a separation but then you have, it's like a DMZ zone or whatever you want to call it. It's an area that things happen. >> But the difference before last time was, you could always deploy it to a thing. The thing is now the cloud. The thing is a set of services. So now it's as much of a networking problem at the application layer is as much as security problem. It's how you build software, how we design. So APIs, become part of your development. You can't think of APIs after the fact, right? When you build an API, you got to publish API because the minute you publish it and if you change it, the API's out of. So you can't have it as a documentation process. So, the way you build software, you use software consume is all about it. So to me, digital product with an API as a currency is where we're headed towards. >> Yeah, that's a great observation. Want to make a mental note of that and make that a clip. I want to get your thoughts on software development. You mentioned that, obviously software development life cycles are changing. I'll say open sources now. I mean, it's unlimited codes, supply chain issue. What's in the code, I get that verified codes going to happen. Is software development coding as much or is coding changing the notion of writing code? Or is it more glue layer you're writing. >> I think you're onto something. I call software developments composition now. My son's at Facebook or Google. They have so many libraries. So you don't no longer start with the very similar primitive, you start with building blocks, components, services, libraries, open source technology. What are you really doing? You're composing these things from multiple artifacts. And how do you make sure those artifacts are good artifacts? So someone's not sticking in security in a vulnerability into it. So, the world is moving towards composition and there are few experts who build the core components. Most of the time we're just using those to build solutions. And so, the art here is, how do you provide that set of best practices? We call them patterns or building blocks or services that you can compose to build these next generation (indistinct) >> It's interesting. >> Cooking meals. >> I agree with you a hundred percent what you're thinking. I agree about that worldview. Here's a dilemma that I'm seeing. In the security world, you've got zero trust. You know, Which is, I don't know you, I don't trust you at all. And if you're going to go down this composed, we're going to have an orchestra of players with instruments, say to speak, Dave, metaphor. That's trust involved. >> Yes. >> So you have two spectrums of issues. >> Yes. >> If software's going trust and you're seeing Docker containers getting more verifications, software supply chain, and then you got hardware I call network guys, love zero trust. Where's the balance? How do you reconcile that? Is it just decoupled? Nuance? I mean, what's the point? >> No, no. I think it all comes together. And what I mean by that is, it starts with left shifting it all the way to hands of the developers, right? So, are you starting with good content? You have providence of the stuff you're using. Are you building it correctly? So you're not introducing bad things like solar winds along the process. Are you testing it along the way of the development process? And then once in production, do you know, half the time it's configurations of where you're running the stuff versus the software itself. So you can think of the two coming together. And the network security is protecting people from going laterally once they've got in there. So, a whole security solution requires all of the above, a secure software supply chain, the way to kind of monitor and look at configuration, we call posture management or workload management and the network security of SaaS-e for zero trust. That's a hard thing. And the boundary is the application. >> All right. >> So is it earned trust model sort of over time? >> No, it's designed in, it's been a thing. >> Okay. So it's not a, >> Because it developed. >> You can bolt in afterwards. >> Because the developers are driving it. They got to know what they're doing. >> And it's changing every week. If I'm putting a new code out every week. You can't, it can be changed to something else. >> Well, you guys got guardrails. The guardrails constant is a good example. >> It stops on the configuration side, but I also need the software. So, Tanzu is all about, the secure chain is about the development side of the house. Guardrails are on the operational side of the house. >> To make sure the developers don't stop. >> That's right. >> Things will always get out there. And I find out there's a CV that I use a library, I found after the fact. >> Okay. So again, while I got here again, this is great. I want to get test this thesis. So, we've been saying on theCube, talking about the new ops, the new kind of ops that emerging. DevOps, which we believe is cloud native. So DevOps moving infrastructure's code, that's happened, it's all good. Open source is growing. DevOps is done deal. It's done deal. Developers are doing that. That ops was IT. Then don't need the server, clouds my hardware. Check. That balances. The new ops is data and security which has to match up to the velocity of the developers. Do you believe that? >> Completely. That's why we call it DevSecOps. And the Sec is where all the action is. >> And data. And data too. >> And data is about making the data available where the app meets. So the problem was, you know, we had to move the logic to where the data is or you're going to move the data where the logic is. So data fabrics are going to become more and more interesting. I'll give you a simple example. I publish content today in a service catalog. My customer's saying, but my content catalog needs to be in 300 locations. How do I get the content to each of the repos that are running in 300 location? So I have a content distribution problem. So you call it a data problem. Yes, it's about getting the right data. Whether it's simple as even content, images available for use for deployment. >> So you think when I think about the application development stack and the analytics stack, the data stack, if I can call it that, they're separate, right? Are those worlds, I mean, people say, I want to inject data and AI intelligence into apps. Those worlds have deployment? I think about the insight from the historical being projected in the operational versus they all coming together. I have a Greenplum platform, it's a great analytics platform. I have a transactional platform. Do my customers buy the same? No, they're different buyers, they're different users. But the insight from that is being now plugged in so that at real time I can ask the question. So even this information is being made available on demand. So that's where I see it. And that's most coming together, but the insight is being incorporated in the operational use. So I can say, do I give the risk score? Do I give you credit? It's based on a whole bunch of historical analytics done. And at the real time, processing is happening, but the intelligence is behind it. >> It's a mind shift for sure because the old model was, I have a database, we're good. Now you have time series database, you got graphs. Each one has a role in the overall construct of the new thing. >> But it's about at the end. How do I make use of it? Someone built a smart AI model. I don't know how it was built, but I want to apply it for that particular purpose. >> Okay. So the final question for you, at least from my standpoint is, here at VMware Explore, you have a lot of the customers and so new people coming in that we've heard about, what's their core order of operations right now? Get on the bandwagon for modern apps. How do you see their world unfolding as they go back to the ranch, their places, and go back to their boss? Okay. We got the modern application. We're on the right track boss, full steam ahead. Or what change do they make? >> I think the biggest thing I saw was with some of the branding changes well and some of the new offerings. The same leader had two teams, the VMware team and the public cloud team. And they're saying, hey, maybe VMware's going to be the answer for both. And that's the world model. That's the biggest change I'm seeing. They were only thinking of us on the left column. Now they see us as a unifying player to play across cloud native and VMware, the uniquely set up to bring it all together. That's been really exciting this week. >> All right, Ajay, great to have you on. Great perspective. Worthy of great stuff. Congratulations on the success of all that investment coming to bear. >> Thank you. >> And on the new management platform. >> Yeah. Thank you. And thanks always for giving us all the support we need. It's always great. >> All right Cube coverage here. Getting all the data, getting inside the heads, getting all the specifics and all the new trends and actually connecting the dots here on theCube. I'm John Furrier with Dave Vellante. Stay tuned for more coverage from day two. Two sets, three days, Cube at VMware Explore. We'll be right back. (gentle music)

(gentle upbeat music) >> Welcome back everyone, to "theCUBE"'s live stage performance here in Palo Alto, California at "theCUBE" Studios. I'm John Furrier with Dave Vellante, kicking off our first inaugural Supercloud event. It's an editorial event, we wanted to bring together the best in the business, the smartest, the biggest, the up-and-coming startups, venture capitalists, everybody, to weigh in on this new Supercloud trend, this structural change in the cloud computing business. We're about to run the Ecosystem Speaks, which is a bunch of pre-recorded companies that wanted to get their voices on the record, so stay tuned for the rest of the day. We'll be replaying all that content and they're going to be having some really good commentary and hear what they have to say. I had a chance to interview and so did Dave. Dave, this is our closing segment where we kind of unpack everything or kind of digest and report. So much to kind of digest from the conversations today, a wide range of commentary from Supercloud operating system to developers who are in charge to maybe it's an ops problem or maybe Oracle's a Supercloud. I mean, that was debated. So so much discussion, lot to unpack. What was your favorite moments? >> Well, before I get to that, I think, I go back to something that happened at re:Invent last year. Nick Sturiale came up, Steve Mullaney from Aviatrix; we're going to hear from him shortly in the Ecosystem Speaks. Nick Sturiale's VC said "it's happening"! And what he was talking about is this ecosystem is exploding. They're building infrastructure or capabilities on top of the CapEx infrastructure. So, I think it is happening. I think we confirmed today that Supercloud is a thing. It's a very immature thing. And I think the other thing, John is that, it seems to me that the further you go up the stack, the weaker the business case gets for doing Supercloud. We heard from Marianna Tessel, it's like, "Eh, you know, we can- it was easier to just do it all on one cloud." This is a point that, Adrian Cockcroft just made on the panel and so I think that when you break out the pieces of the stack, I think very clearly the infrastructure layer, what we heard from Confluent and HashiCorp, and certainly VMware, there's a real problem there. There's a real need at the infrastructure layer and then even at the data layer, I think Benoit Dageville did a great job of- You know, I was peppering him with all my questions, which I basically was going through, the Supercloud definition and they ticked the box on pretty much every one of 'em as did, by the way Ali Ghodsi you know, the big difference there is the philosophy of Republicans and Democrats- got open versus closed, not to apply that to either one side, but you know what I mean! >> And the similarities are probably greater than differences. >> Berkely, I would probably put them on the- >> Yeah, we'll put them on the Democrat side we'll make Snowflake the Republicans. But so- but as we say there's a lot of similarities as well in terms of what their objectives are. So, I mean, I thought it was a great program and a really good start to, you know, an industry- You brought up the point about the industry consortium, asked Kit Colbert- >> Yep. >> If he thought that was something that was viable and what'd they say? That hyperscale should lead it? >> Yeah, they said hyperscale should lead it and there also should be an industry consortium to get the voices out there. And I think VMware is very humble in how they're putting out their white paper because I think they know that they can't do it all and that they do not have a great track record relative to cloud. And I think, but they have a great track record of loyal installed base ops people using VMware vSphere all the time. >> Yeah. >> So I think they need a catapult moment where they can catapult to the cloud native which they've been working on for years under Raghu and the team. So the question on VMware is in the light of Broadcom, okay, acquisition of VMware, this is an opportunity or it might not be an opportunity or it might be a spin-out or something, I just think VMware's got way too much engineering culture to be ignored, Dave. And I think- well, I'm going to watch this very closely because they can pull off some sort of rallying moment. I think they could. And then you hear the upstarts like Platform9, Rafay Systems and others they're all like, "Yes, we need to unify behind something. There needs to be some sort of standard". You know, we heard the argument of you know, more standards bodies type thing. So, it's interesting, maybe "theCUBE" could be that but we're going to certainly keep the conversation going. >> I thought one of the most memorable statements was Vittorio who said we- for VMware, we want our cake, we want to eat it too and we want to lose weight. So they have a lot of that aspirations there! (John laughs) >> And then I thought, Adrian Cockcroft said you know, the devs, they want to get married. They were marrying everybody, and then the ops team, they have to deal with the divorce. >> Yeah. >> And I thought that was poignant. It's like, they want consistency, they want standards, they got to be able to scale And Lori MacVittie, I'm not sure you agree with this, I'd have to think about it, but she was basically saying, all we've talked about is devs devs devs for the last 10 years, going forward we're going to be talking about ops. >> Yeah, and I think one of the things I learned from this day and looking back, and some kind of- I've been sauteing through all the interviews. If you zoom out, for me it was the epiphany of developers are still in charge. And I've said, you know, the developers are doing great, it's an ops security thing. Not sure I see that the way I was seeing before. I think what I learned was the refactoring pattern that's emerging, In Sik Rhee brought this up from Vertex Ventures with Marianna Tessel, it's a nuanced point but I think he's right on which is the pattern that's emerging is developers want ease-of-use tooling, they're driving the change and I think the developers in the devs ops ethos- it's never going to be separate. It's going to be DevOps. That means developers are driving operations and then security. So what I learned was it's not ops teams leveling up, it's devs redefining what ops is. >> Mm. And I think that to me is where Supercloud's going to be interesting- >> Forcing that. >> Yeah. >> Forcing the change because the structural change is open sources thriving, devs are still in charge and they still want more developers, Vittorio "we need more developers", right? So the developers are in charge and that's clear. Now, if that happens- if you believe that to be true the domino effect of that is going to be amazing because then everyone who gets on the wrong side of history, on the ops and security side, is going to be fighting a trend that may not be fight-able, you know, it might be inevitable. And so the winners are the ones that are refactoring their business like Snowflake. Snowflake is a data warehouse that had nothing to do with Amazon at first. It was the developers who said "I'm going to refactor data warehouse on AWS". That is a developer-driven refactorization and a business model. So I think that's the pattern I'm seeing is that this concept refactoring, patterns and the developer trajectory is critical. >> I thought there was another great comment. Maribel Lopez, her Lord of the Rings comment: "there will be no one ring to rule them all". Now at the same time, Kit Colbert, you know what we asked him straight out, "are you the- do you want to be the, the Supercloud OS?" and he basically said, "yeah, we do". Now, of course they're confined to their world, which is a pretty substantial world. I think, John, the reason why Maribel is so correct is security. I think security's a really hard problem to solve. You've got cloud as the first layer of defense and now you've got multiple clouds, multiple layers of defense, multiple shared responsibility models. You've got different tools for XDR, for identity, for governance, for privacy all within those different clouds. I mean, that really is a confusing picture. And I think the hardest- one of the hardest parts of Supercloud to solve. >> Yeah, and I thought the security founder Gee Rittenhouse, Piyush Sharrma from Accurics, which sold to Tenable, and Tony Kueh, former head of product at VMware. >> Right. >> Who's now an investor kind of looking for his next gig or what he is going to do next. He's obviously been extremely successful. They brought up the, the OS factor. Another point that they made I thought was interesting is that a lot of the things to do to solve the complexity is not doable. >> Yeah. >> It's too much work. So managed services might field the bit. So, and Chris Hoff mentioned on the Clouderati segment that the higher level services being a managed service and differentiating around the service could be the key competitive advantage for whoever does it. >> I think the other thing is Chris Hoff said "yeah, well, Web 3, metaverse, you know, DAO, Superclouds" you know, "Stupercloud" he called it and this bring up- It resonates because one of the criticisms that Charles Fitzgerald laid on us was, well, it doesn't help to throw out another term. I actually think it does help. And I think the reason it does help is because it's getting people to think. When you ask people about Supercloud, they automatically- it resonates with them. They play back what they think is the future of cloud. So Supercloud really talks to the future of cloud. There's a lot of aspects to it that need to be further defined, further thought out and we're getting to the point now where we- we can start- begin to say, okay that is Supercloud or that isn't Supercloud. >> I think that's really right on. I think Supercloud at the end of the day, for me from the simplest way to describe it is making sure that the developer experience is so good that the operations just happen. And Marianna Tessel said, she's investing in making their developer experience high velocity, very easy. So if you do that, you have to run on premise and on the cloud. So hybrid really is where Supercloud is going right now. It's not multi-cloud. Multi-cloud was- that was debunked on this session today. I thought that was clear. >> Yeah. Yeah, I mean I think- >> It's not about multi-cloud. It's about operationally seamless operations across environments, public cloud to on-premise, basically. >> I think we got consensus across the board that multi-cloud, you know, is a symptom Chuck Whitten's thing of multi-cloud by default versus multi- multi-cloud has not been a strategy, Kit Colbert said, up until the last couple of years. Yeah, because people said, "oh we got all these multiple clouds, what do we do with it?" and we got this mess that we have to solve. Whereas, I think Supercloud is something that is a strategy and then the other nuance that I keep bringing up is it's industries that are- as part of their digital transformation, are building clouds. Now, whether or not they become superclouds, I'm not convinced. I mean, what Goldman Sachs is doing, you know, with AWS, what Walmart's doing with Azure connecting their on-prem tools to those public clouds, you know, is that a supercloud? I mean, we're going to have to go back and really look at that definition. Or is it just kind of a SAS that spans on-prem and cloud. So, as I said, the further you go up the stack, the business case seems to wane a little bit but there's no question in my mind that from an infrastructure standpoint, to your point about operations, there's a real requirement for super- what we call Supercloud. >> Well, we're going to keep the conversation going, Dave. I want to put a shout out to our founding supporters of this initiative. Again, we put this together really fast kind of like a pilot series, an inaugural event. We want to have a face-to-face event as an industry event. Want to thank the founding supporters. These are the people who donated their time, their resource to contribute content, ideas and some cash, not everyone has committed some financial contribution but we want to recognize the names here. VMware, Intuit, Red Hat, Snowflake, Aisera, Alteryx, Confluent, Couchbase, Nutanix, Rafay Systems, Skyhigh Security, Aviatrix, Zscaler, Platform9, HashiCorp, F5 and all the media partners. Without their support, this wouldn't have happened. And there are more people that wanted to weigh in. There was more demand than we could pull off. We'll certainly continue the Supercloud conversation series here on "theCUBE" and we'll add more people in. And now, after this session, the Ecosystem Speaks session, we're going to run all the videos of the big name companies. We have the Nutanix CEOs weighing in, Aviatrix to name a few. >> Yeah. Let me, let me chime in, I mean you got Couchbase talking about Edge, Platform 9's going to be on, you know, everybody, you know Insig was poopoo-ing Oracle, but you know, Oracle and Azure, what they did, two technical guys, developers are coming on, we dig into what they did. Howie Xu from Zscaler, Paula Hansen is going to talk about going to market in the multi-cloud world. You mentioned Rajiv, the CEO of Nutanix, Ramesh is going to talk about multi-cloud infrastructure. So that's going to run now for, you know, quite some time here and some of the pre-record so super excited about that and I just want to thank the crew. I hope guys, I hope you have a list of credits there's too many of you to mention, but you know, awesome jobs really appreciate the work that you did in a very short amount of time. >> Well, I'm excited. I learned a lot and my takeaway was that Supercloud's a thing, there's a kind of sense that people want to talk about it and have real conversations, not BS or FUD. They want to have real substantive conversations and we're going to enable that on "theCUBE". Dave, final thoughts for you. >> Well, I mean, as I say, we put this together very quickly. It was really a phenomenal, you know, enlightening experience. I think it confirmed a lot of the concepts and the premises that we've put forth, that David Floyer helped evolve, that a lot of these analysts have helped evolve, that even Charles Fitzgerald with his antagonism helped to really sharpen our knives. So, you know, thank you Charles. And- >> I like his blog, by the I'm a reader- >> Yeah, absolutely. And it was great to be back in Palo Alto. It was my first time back since pre-COVID, so, you know, great job. >> All right. I want to thank all the crew and everyone. Thanks for watching this first, inaugural Supercloud event. We are definitely going to be doing more of these. So stay tuned, maybe face-to-face in person. I'm John Furrier with Dave Vellante now for the Ecosystem chiming in, and they're going to speak and share their thoughts here with "theCUBE" our first live stage performance event in our studio. Thanks for watching. (gentle upbeat music)

(bright upbeat music) >> Welcome back, everyone, to the "Supercloud 22." I'm John Furrier, host of "The Cube." This is the Cloud-erati panel, the distinguished experts who have been there from day one, watching the cloud grow, from building clouds, and all open source stuff as well. Just great stuff. Good friends of "The Cube," and great to introduce back on "The Cube," Adrian Cockcroft, formerly with Netflix, formerly AWS, retired, now commentating here in "The Cube," as well as other events. Great to see you back out there, Adrian. Lori MacVittie, Cloud Evangelist with F5, also wrote a great blog post on supercloud, as well as Dave Vellante as well, setting up the supercloud conversation, which we're going to get into, and Chris Hoff, who's the CTO and CSO of LastPass who's been building clouds, and we know him from "The Cube" before with security and cloud commentary. Welcome, all, back to "The Cube" and supercloud. >> Thanks, John. >> Hi. >> All right, Lori, we'll start with you to get things going. I want to try to sit back, as you guys are awesome experts, and involved from building, and in the trenches, on the front lines, and Adrian's coming out of retirement, but Lori, you wrote the post setting the table on supercloud. Let's start with you. What is supercloud? What is it evolving into? What is the north star, from your perspective? >> Well, I don't think there's a north star yet. I think that's one of the reasons I wrote it, because I had a clear picture of this in my mind, but over the past, I don't know, three, four years, I keep seeing, in research, my own and others', complexity, multi-cloud. "We can't manage it. They're all different. "We have trouble. What's going on? "We can't do anything right." And so digging into it, you start looking into, "Well, what do you mean by complexity?" Well, security. Migration, visibility, performance. The same old problems we've always had. And so, supercloud is a concept that is supposed to overlay all of the clouds and normalize it. That's really what we're talking about, is yet another abstraction layer that would provide some consistency that would allow you to do the same security and monitor things correctly. Cornell University actually put out a definition way back in 2016. And they said, "It's an architecture that enables migration "across different zones or providers," and I think that's important, "and provides interfaces to everything, "makes it consistent, and normalizes the network," basically brings it all together, but it also extends to private clouds. Sometimes we forget about that piece of it, and I think that's important in this, so that all your clouds look the same. So supercloud, big layer on top, makes everything wonderful. It's unicorns again. >> It's interesting. We had multiple perspectives. (mumbles) was like Snowflake, who built on top of AWS. Jerry Chan, who we heard from earlier today, Greylock Penn's "Castles in the Cloud" saying, "Hey, you can have a moat, "you can build an advantage and have differentiation," so startups are starting to build on clouds, that's the native cloud view, and then, of course, they get success and they go to all the other clouds 'cause they got customers in the ecosystem, but it seems that all the cloud players, Chris, you commented before we came on today, is that they're all fighting for the customer's workloads on their infrastructure. "Come bring your stuff over to here, "and we'll make it run better." And all your developers are going to be good. Is there a problem? I mean, or is this something else happening here? Is there a real problem? >> Well, I think the north star's over there, by the way, Lori. (laughing) >> Oh, there it is. >> Right there. The supercloud north star. So indeed I think there are opportunities. Whether you call them problems or not, John, I think is to be determined. Most companies have, especially if they're a large enterprise, whether or not they've got an investment in private cloud or not, have spent time really trying to optimize their engineering and workload placement on a single cloud. And that, regardless of your choice, as we take the big three, whether it's Amazon, Google, or Microsoft, each of them have their pros and cons for various types of workloads. And so you'll see a lot of folks optimizing for a particular cloud, and it takes a huge effort up and down the stack to just get a single cloud right. That doesn't take into consideration integrations with software as a service, instantiated, oftentimes, on top of infrastructure of the service that you need to supplement where the obstruction layer ends in infrastructure of the service. You've seen most IS players starting to now move up-chain, as we predicted years ago, to platform as a service, but platforms of various types. So I definitely see it as an opportunity. Previous employers have had multiple clouds, but they were very specifically optimized for the types of workloads, for example, in, let's say, AWS versus GCP, based on the need for different types and optimized compute platforms that each of those providers ran. We never, in that particular case, thought about necessarily running the same workloads across both clouds, because they had different pricing models, different security models, et cetera. And so the challenge is really coming down to the fact that, what is the cost benefit analysis of thinking about multi-cloud when you can potentially engineer the resiliency or redundancy, all the in-season "ilities" that you might need to factor into your deployments on a single cloud, if they are investing at the pace in which they are? So I think it's an opportunity, and it's one that continues to evolve, but this just reminds me, your comments remind me, of when we were talking about OpenStack versus AWS. "Oh, if there were only APIs that existed "that everybody could use," and you saw how that went. So I think that the challenge there is, what is the impetus for a singular cloud provider, any of the big three, deciding that they're going to abstract to a single abstraction layer and not be able to differentiate from the competitors? >> Yeah, and that differentiation's going to be big. I mean, assume that the clouds aren't going to stay still like AWS and just not stop innovating. We see the devs are doing great, Adrian, open source is bigger and better than ever, but now that's been commercialized into enterprise. It's an ops problem. So to Chris's point, the cost benefit analysis is interesting, because do companies have to spin up multiple operations teams, each with specialized training and tooling for the clouds that they're using, and does that open up a can of worms, or is that a good thing? I mean, can you design for this? I mean, is there an architecture or taxonomy that makes it work, or is it just the cart before the horse, the solution before the problem? >> Yeah, well, I think that if you look at any large vendor... Sorry, large customer, they've got a bit of everything already. If you're big enough, you've bought something from everybody at some point. So then you're trying to rationalize that, and trying to make it make sense. And I think there's two ways of looking at multi-cloud or supercloud, and one is that the... And practically, people go best of breed. They say, "Okay, I'm going to get my email "from Google or Microsoft. "I'm going to run my applications on AWS. "Maybe I'm going to do some AI machine learning on Google, "'cause those are the strengths of the platforms." So people tend to go where the strength is. So that's multi-cloud, 'cause you're using multiple clouds, and you still have to move data and make sure they're all working together. But then what Lori's talking about is trying to make them all look the same and trying to get all the security architectures to be the same and put this magical layer, this unicorn magical layer that, "Let's make them all look the same." And this is something that the CIOs have wanted for years, and they keep trying to buy it, and you can sell it, but the trouble is it's really hard to deliver. And I think, when I go back to some old friends of ours at Enstratius who had... And back in the early days of cloud, said, "Well, we'll just do an API that abstracts "all the cloud APIs into one layer." Enstratius ended up being sold to Dell a few years ago, and the problem they had was that... They didn't have any problem selling it. The problem they had was, a year later, when it came up for renewal, the developers all done end runs around it were ignoring it, and the CIOs weren't seeing usage. So you can sell it, but can you actually implement it and make it work well enough that it actually becomes part of your core architecture without, from an operations point of view, without having the developers going directly to their favorite APIs around them? And I'm not sure that you can really lock an organization down enough to get them onto a layer like that. So that's the way I see it. >> You just defined- >> You just defined shadow shadow IT. (laughing) That's pretty- (crosstalk) >> Shadow shadow IT, yeah. >> Yeah, shadow shadow it. >> Yeah. >> Yeah. >> I mean, this brings up the question, I mean, is there really a problem? I mean, I guess we'll just jump to it. What is supercloud? If you can have the magic outcome, what is it? Enstratius rendered in with automation? The security issues? Kubernetes is hot. What is the supercloud dream? I guess that's the question. >> I think it's got easier than it was five, 10 years ago. Kubernetes gives you a bunch of APIs that are common across lots of different areas, things like Snowflake or MongoDB Atlas. There are SaaS-based services, which are across multiple clouds from vendors that you've picked. So it's easier to build things which are more portable, but I still don't think it's easy to build this magic API that makes them all look the same. And I think that you're going to have leaky abstractions and security being... Getting the security right's going to be really much more complex than people think. >> What about specialty superclouds, Chris? What's your view on that? >> Yeah, I think what Adrian is alluding to, those leaky abstractions, are interesting, especially from the security perspective, 'cause I think what you see is if you were to happen to be able to thin slice across a set of specific types of workloads, there is a high probability given today that, at least on two of the three major clouds, you could get SaaS providers that sit on those same infrastructure of the service clouds for you, string them together, and have a service that technically is abstracted enough from the things you care about to work on one, two, or three, maybe not all of them, but most SaaS providers in the security space, or identity space, data space, for example, coexist on at least Microsoft and AWS, if not all three, with Google. And so you could technically abstract a service to the point that you let that level of abstract... Like Lori said, no computer science problem could not be... So, no computer science problem can't be solved with more layers of abstraction or misdirection... Or redirection. And in that particular case, if you happen to pick the right vendors that run on all three clouds, you could possibly get close. But then what that really talks about is then, if you built your seven-layer dip model, then you really have specialty superclouds spanning across infrastructure of the service clouds. One for your identity apps, one for data and data layers, to normalize that, one for security, but at what cost? Because you're going to be charged not for that service as a whole, but based on compute resources, based on how these vendors charge across each cloud. So again, that cost-benefit ratio might start being something that is rather imposing from a budgetary perspective. >> Lori, weigh in on this, because the enterprise people love to solve complexity with more complexity. Here, we need to go the other way. It's a commodity. So there has to be a better way. >> I think I'm hearing two fundamental assumptions. One, that a supercloud would force the existing big three to implement some sort of equal API. Don't agree with that. There's no business case for that. There's no reason that could compel them to do that. Otherwise, we would've convinced them to do that, what? 10, 15 years ago when we said we need to be interoperable. So it's not going to happen there. They don't have a good reason to do that. There's no business justification for that. The other presumption, I think, is that we would... That it's more about the services, the differentiated services, that are offered by all of these particular providers, as opposed to treating the core IaaS as the commodity it is. It's compute, it's some storage, it's some networking. Look at that piece. Now, pull those together by... And it's not OpenStack. That's not the answer, it wasn't the answer, it's not the answer now, but something that can actually pull those together and abstract it at a different layer. So cloud providers don't have to change, 'cause they're not going to change, but if someone else were to build that architecture to say, "all right, I'm going to treat all of this compute "so you can run your workloads," as Chris pointed out, "in the best place possible. "And we'll help you do that "by being able to provide those cost benefit analysis, "'What's the best performance, what are you doing,' "And then provide that as a layer." So I think that's really where supercloud is going, 'cause I think that's what a lot of the market actually wants in terms of where they want to run their workloads, because we're seeing that they want to run workloads at the edge, "a lot closer to me," which is yet another factor that we have to consider, and how are you going to be moving individual workloads around? That's the holy grail. Let's move individual workloads to where they're the best performance, the security, cost optimized, and then one layer up. >> Yeah, I think so- >> John Considine, who ultimately ran CloudSwitch, that sold to Verizon, as well as Tom Gillis, who built Bracket, are both rolling in their graves, 'cause what you just described was exactly that. (Lori laughing) Well, they're not even dead yet, so I can't say they're rolling in their graves. Sorry, Tom. Sorry, John. >> Well, how do hyperscalers keep their advantage with all this? I mean, to that point. >> Native services and managed services on top of it. Look how many flavors of managed Kubernetes you have. So you have a choice. Roll your own, or go with a managed service, and then differentiate based on the ability to take away and simplify some of that complexity. Doesn't mean it's more secure necessarily, but I do think we're seeing opportunities where those guys are fighting tooth and nail to keep you on a singular cloud, even though, to Lori's point, I agree, I don't think it's about standardized APIs, 'cause I think that's never going to happen. I do think, though, that SaaS-y supercloud model that we were talking about, layering SaaS that happens to span all the three infrastructure of the service are probably more in line with what Lori was talking about. But I do think that portability of workload is given to you today within lots of ways. But again, how much do you manage, and how much performance do you give up by running additional abstraction layers? And how much security do you give up by having to roll your own and manage that? Because the whole point was, in many cases... Cloud is using other people's computers, so in many cases, I want to manage as little of it as I possibly can. >> I like this whole SaaS angle, because if you had the old days, you're on Amazon Web Services, hey, if you build a SaaS application that runs on Amazon, you're all great, you're born in the cloud, just like that generations of startups. Great. Now when you have this super pass layer, as Dave Vellante was riffing on his analysis, and Lori, you were getting into this pass layer that's kind of like SaaS-y, what's the SaaS equation look like? Because that, to me, sounds like a supercloud version of saying, "I have a workload that runs on all the clouds equally." I just don't think that's ever going to happen. I agree with you, Chris, on that one. But I do see that you can have an abstraction that says, "Hey, I don't really want to get in the weeds. "I don't want to spend a lot of ops time on this. "I just want it to run effectively, and magic happens," or, as you said, some layer there. How does that work? How do you see this super pass layer, if anything, enabling a different SaaS game? >> I think you hit on it there. The last like 10 or so years, we've been all focused on developers and developer productivity, and it's all about the developer experience, and it's got to be good for them, 'cause they're the kings. And I think the next 10 years are going to be very focused on operations, because once you start scaling out, it's not about developers. They can deliver fast or slow, it doesn't matter, but if you can't scale it out, then you've got a real problem. So I think that's an important part of it, is really, what is the ops experience, and what is the best way to get those costs down? And this would serve that purpose if it was done right, which, we can argue about whether that's possible or not, but I don't have to implement it, so I can say it's possible. >> Well, are we going to be getting into infrastructure as code moves into "everything is code," security, data, (laughs) applications is code? I mean, "blank" is code, fill in the blank. (Lori laughing) >> Yeah, we're seeing more of that with things like CDK and Pulumi, where you are actually coding up using a real language rather than the death by YAML or whatever. How much YAML can you take? But actually having a real language so you're not trying to do things in parsing languages. So I think that's an interesting trend. You're getting some interesting templates, and I like what... I mean, the counterexample is that if you just go deep on one vendor, then maybe you can go faster and it is simpler. And one of my favorite vendor... Favorite customers right now that I've been talking to is Liberty Mutual. Went very deep and serverless first on AWS. They're just doing everything there, and they're using CDK Patterns to do it, and they're going extremely fast. There's a book coming out called "The Value Flywheel" by Dave Anderson, it's coming out in a few months, to just detail what they're doing, but that's the counterargument. If you could pick one vendor, you can go faster, you can get that vendor to do more for you, and maybe get a bigger discount so you're not splitting your discounts across vendors. So that's one aspect of it. But I think, fundamentally, you're going to find the CIOs and the ops people generally don't like sitting on one vendor. And if that single vendor is a horizontal platform that's trying to make all the clouds look the same, now you're locked into whatever that platform was. You've still got a platform there. There's still something. So I think that's always going to be something that the CIOs want, but the developers are always going to just pick whatever the best tool for building the thing is. And a analogy here is that the developers are dating and getting married, and then the operations people are running the family and getting divorced. And all the bad parts of that cycle are in the divorce end of it. You're trying to get out of a vendor, there's lawyers, it's just a big mess. >> Who's the lawyer in this example? (crosstalk) >> Well... (laughing) >> Great example. (crosstalk) >> That's why ops people don't like lock-in, because they're the ones trying to unlock. They aren't the ones doing the lock-in. They're the ones unlocking, when developers, if you separate the two, are the ones who are going, picking, having the fun part of it, going, trying a new thing. So they're chasing a shiny object, and then the ops people are trying to untangle themselves from the remains of that shiny object a few years later. So- >> Aren't we- >> One way of fixing that is to push it all together and make it more DevOps-y. >> Yeah, that's right. >> But that's trying to put all the responsibilities in one place, like more continuous improvement, but... >> Chris, what's your reaction to that? Because you're- >> No, that's exactly what I was going to bring up, yeah, John. And 'cause we keep saying "devs," "dev," and "ops" and I've heard somewhere you can glue those two things together. Heck, you could even include "sec" in the middle of it, and "DevSecOps." So what's interesting about what Adrian's saying though, too, is I think this has a lot to do with how you structure your engineering teams and how you think about development versus operations and security. So I'm building out a team now that very much makes use of, thanks to my brilliant VP of Engineering, a "Team Topologies" approach, which is a very streamlined and product oriented way of thinking about, for example, in engineering, if you think about team structures, you might have people that build the front end, build the middle tier, and the back end, and then you have a product that needs to make use of all three components in some form. So just from getting stuff done, their ability then has to tie to three different groups, versus building a team that's streamlined that ends up having front end, middleware, and backend folks that understand and share standards but are able to uncork the velocity that's required to do that. So if you think about that, and not just from an engineering development perspective, but then you couple in operations as a foundational layer that services them with embedded capabilities, we're putting engineers and operations teams embedded in those streamlined teams so that they can run at the velocity that they need to, they can do continuous integration, they can do continuous deployment. And then we added CS, which is continuously secure, continuous security. So instead of having giant, centralized teams, we're thinking there's a core team, for example, a foundational team, that services platform, makes sure all the trains are running on time, that we're doing what we need to do foundationally to make the environments fully dev and operator and security people functional. But then ultimately, we don't have these big, monolithic teams that get into turf wars. So, to Adrian's point about, the operators don't like to be paned in, well, they actually have a say, ultimately, in how they architect, deploy, manage, plan, build, and operate those systems. But at the same point in time, we're all looking at that problem across those teams and go... Like if one streamline team says, "I really want to go run on Azure, "because I like their services better," the reality is the foundational team has a larger vote versus opinion on whether or not, functionally, we can satisfy all of the requirements of the other team. Now, they may make a fantastic business case and we play rock, paper, scissors, and we do that. Right now, that hasn't really happened. We look at the balance of AWS, we are picking SaaS-y, supercloud vendors that will, by the way, happen to run on three platforms, if we so choose to expand there. So we have a similar interface, similar capability, similar processes, but we've made the choice at LastPass to go all in on AWS currently, with respect to how we deliver our products, for all the reasons we just talked about. But I do think that operations model and how you build your teams is extremely important. >> Yeah, and to that point- >> And has the- (crosstalk) >> The vendors themselves need optionality to the customer, what you're saying. So, "I'm going to go fast, "but I need to have that optionality." I guess the question I have for you guys is, what is today's trade-off? So if the decision point today is... First of all, I love the go-fast model on one cloud. I think that's my favorite when I look at all this, and then with the option, knowing that I'm going to have the option to go to multiple clouds. But everybody wants lock-in on the vendor side. Is that scale, is that data advantage? I mean, so the lock-in's a good question, and then also the trade-offs. What do people have to do today to go on a supercloud journey to have an ideal architecture and taxonomy, and what's the right trade-offs today? >> I think that the- Sorry, just put a comment and then let Lori get a word in, but there's a lot of... A lot of the market here is you're building a product, and that product is a SaaS product, and it needs to run somewhere. And the customers that you're going to... To get the full market, you need to go across multiple suppliers, most people doing AWS and Azure, and then with Google occasionally for some people. But that, I think, has become the pattern that most of the large SaaS platforms that you'd want to build out of, 'cause that's the fast way of getting something that's going to be stable at scale, it's got functionality, you'd have to go invest in building it and running it. Those platforms are just multi-cloud platforms, they're running across them. So Snowflake, for example, has to figure out how to make their stuff work on more than one cloud. I mean, they started on one, but they're going across clouds. And I think that that is just the way it's going to be, because you're not going to get a broad enough view into the market, because there isn't a single... AWS doesn't have 100% of the market. It's maybe a bit more than them, but Azure has got a pretty solid set of markets where it is strong, and it's market by market. So in some areas, different people in some places in the world, and different vertical markets, you'll find different preferences. And if you want to be across all of them with your data product, or whatever your SaaS product is, you're just going to have to figure this out. So in some sense, the supercloud story plays best with those SaaS providers like the Snowflakes of this world, I think. >> Lori? >> Yeah, I think the SaaS product... Identity, whatever, you're going to have specialized. SaaS, superclouds. We already see that emerging. Identity is becoming like this big SaaS play that crosses all clouds. It's not just for one. So you get an evolution going on where, yes, I mean, every vendor who provides some kind of specific functionality is going to have to build out and be multi-cloud, as it were. It's got to work equally across them. And the challenge, then, for them is to make it simple for both operators and, if required, dev. And maybe that's the other lesson moving forward. You can build something that is heaven for ops, but if the developers won't use it, well, then you're not going to get it adopted. But if you make it heaven for the developers, the ops team may not be able to keep it secure, keep everything. So maybe we have to start focusing on both, make it friendly for both, at least. Maybe it won't be the perfect experience, but gee, at least make it usable for both sides of the equation so that everyone can actually work in concert, like Chris was saying. A more comprehensive, cohesive approach to delivery and deployment. >> All right, well, wrapping up here, I want to just get one final comment from you guys, if you don't mind. What does supercloud look like in five years? What's the Nirvana, what's the steady state of supercloud in five to 10 years? Or say 10 years, make it easier. (crosstalk) Five to 10 years. Chris, we'll start with you. >> Wow. >> Supercloud, what's it look like? >> Geez. A magic pane, a single pane of glass. (laughs) >> Yeah, I think- >> Single glass of pain. >> Yeah, a single glass of pain. Thank you. You stole my line. Well, not mine, but that's the one I was going to use. Yeah, I think what is really fascinating is ultimately, to answer that question, I would reflect on market consolidation and market dynamics that happens even in the SaaS space. So we will see SaaS companies combining in focal areas to be able to leverage the positions, let's say, in the identity space that somebody has built to provide a set of compelling services that help abstract that identity problem or that security problem or that instrumentation and observability problem. So take your favorite vendors today. I think what we'll end up seeing is more consolidation in SaaS offerings that run on top of infrastructure of the service offerings to where a supercloud might look like something I described before. You have the combination of your favorite interoperable identity, observability, security, orchestration platforms run across them. They're sold as a stack, whether it be co-branded by an enterprise vendor that sells all of that and manages it for you or not. But I do think that... You talked about, I think you said, "Is this an innovator's dilemma?" No, I think it's an integrator's dilemma, as it has always ultimately been. As soon as you get from Genesis to Bespoke Build to product to then commoditization, the cycle starts anew. And I think we've gotten past commoditization, and we're looking at niche areas. So I see just the evolution, not necessarily a revolution, of what we're dealing with today as we see more consolidation in the marketplace. >> Lori, what's your take? Five years, 10 years, what does supercloud look like? >> Part of me wants to take the pie in the sky unicorn approach. "No, it will be beautiful. "One button, and things will happen," but I've seen this cycle many times before, and that's not going to happen. And I think Chris has got it pretty close to what I see already evolving. Those different kinds of super services, basically. And that's really what we're talking about. We call them SaaS, but they're... X is a service. Everything is a service, and it's really a supercloud that can run anywhere, but it presents a different interface, because, well, it's easier. And I think that's where we're going to go, and that's just going to get more refined. And yes, a lot of consolidation, especially on the observability side, but that's also starting to consume the security side, which is really interesting to watch. So that could be a little different supercloud coming on there that's really focused on specific types of security, at least, that we'll layer across, and then we'll just hook them all together. It's an API first world, and it seems like that's going to be our standard for the next while of how we integrate everything. So superclouds or APIs. >> Awesome. Adrian... Adrian, take us home. >> Yeah, sure. >> What's your- I think, and just picking up on Lori's point that these are web services, meaning that you can just call them from anywhere, they don't have to run everything in one place, they can stitch it together, and that's really meant... It's somewhat composable. So in practice, people are going to be composable. Can they compose their applications on multiple platforms? But I think the interesting thing here is what the vendors do, and what I'm seeing is vendors running software on other vendors. So you have Google building platforms that, then, they will support on AWS and Azure and vice versa. You've got AWS's distro of Kubernetes, which they now give you as a distro so you can run it on another platform. So I think that trend's going to continue, and it's going to be, possibly, you pick, say, an AWS or a Google software stack, but you don't run it all on AWS, you run it in multiple places. Yeah, and then the other thing is the third tier, second, third tier vendors, like, I mean, what's IBM doing? I think in five years time, IBM is going to be a SaaS vendor running on the other clouds. I mean, they're already halfway there. To be a bit more controversial, I guess it's always fun to... Like I don't work for a corporate entity now. No one tells me what I can say. >> Bring it on. >> How long can Google keep losing a billion dollars a quarter? They've either got to figure out how to make money out of this thing, or they'll end up basically being a software stack on another cloud platform as their, likely, actual way they can make money on it. Because you've got to... And maybe Oracle, is that a viable cloud platform that... You've got to get to some level of viability. And I think the second, third tier of vendors in five, 10 years are going to be running on the primary platform. And I think, just the other final thing that's really driving this right now. If you try and place an order right now for a piece of equipment for your data center, key pieces of equipment are a year out. It's like trying to buy a new fridge from like Sub-Zero or something like that. And it's like, it's a year. You got to wait for these things. Any high quality piece of equipment. So you go to deploy in your data center, and it's like, "I can't get stuff in my data center. "Like, the key pieces I need, I can't deploy a whole system. "We didn't get bits and pieces of it." So people are going to be cobbling together, or they're going, "No, this is going to cloud, because the cloud vendors "have a much stronger supply chain to just be able "to give you the system you need. "They've got the capacity." So I think we're going to see some pandemic and supply chain induced forced cloud migrations, just because you can't build stuff anymore outside the- >> We got to accelerate supercloud, 'cause they have the supply. They are the chain. >> That's super smart. That's the benefit of going last. So I'm going to scoop in real quick. I can't believe we can call this "Web3 Supercloud," because none of us said "Web3." Don't forget DAO. (crosstalk) (indistinct) You have blockchain, blockchain superclouds. I mean, there's some very interesting distributed computing stuff there, but we'll have to do- >> (crosstalk) We're going to call that the "Cubeverse." The "Cubeverse" is coming. >> Oh, the "Cubeverse." All right. >> We will be... >> That's very meta. >> In the metaverse, Cubeverse soon. >> "Stupor cloud," perhaps. But anyway, great points, Adrian and Lori. Loved it. >> Chris, great to see you. Adrian, Lori, thanks for coming on. We've known each other for a long time. You guys are part of the cloud-erati, the group that has been in there from day one, and watched it evolve, and you get the scar tissue to prove it, and the experience. So thank you so much for sharing your commentary. We'll roll this up and make it open to everybody as additional content. We'll call this the "outtakes," the longer version. But really appreciate your time, thank you. >> Thank you. >> Thanks so much. >> Okay, we'll be back with more "Supercloud 22" right after this. (bright upbeat music)

>> From theCUBE studios in Palo Alto in Boston bringing you data driven insights from theCUBE and ETR. This is breaking analysis with Dave Vellante. >> The term Supercloud is somewhat new, but the concepts behind it have been bubbling for years, early last decade when NIST put forth a definition of cloud computing it said services had to be accessible over a public network essentially cutting the on-prem crowd out of the cloud conversation. Now a guy named Chuck Hollis, who was a field CTO at EMC at the time and a prolific blogger objected to that criterion and laid out his vision for what he termed a private cloud. Now, in that post, he showed a workload running both on premises and in a public cloud sharing the underlying resources in an automated and seamless manner. What later became known more broadly as hybrid cloud that vision as we now know, really never materialized, and we were left with multi-cloud sets of largely incompatible and disconnected cloud services running in separate silos. The point is what Hollis laid out, IE the ability to abstract underlying infrastructure complexity and run workloads across multiple heterogeneous estates with an identical experience is what super cloud is all about. Hello and welcome to this week's Wikibon cube insights powered by ETR and this breaking analysis. We share what we hope to learn from super cloud 22 next week, next Tuesday at 9:00 AM Pacific. The community is gathering for Supercloud 22 an inclusive pilot symposium hosted by theCUBE and made possible by VMware and other founding partners. It's a one day single track event with more than 25 speakers digging into the architectural, the technical, structural and business aspects of Supercloud. This is a hybrid event with a live program in the morning running out of our Palo Alto studio and pre-recorded content in the afternoon featuring industry leaders, technologists, analysts and investors up and down the technology stack. Now, as I said up front the seeds of super cloud were sewn early last decade. After the very first reinvent we published our Amazon gorilla post, that scene in the upper right corner here. And we talked about how to differentiate from Amazon and form ecosystems around industries and data and how the cloud would change IT permanently. And then up in the upper left we put up a post on the old Wikibon Wiki. Yeah, it used to be a Wiki. Check out my hair by the way way no gray, that's how long ago this was. And we talked about in that post how to compete in the Amazon economy. And we showed a graph of how IT economics were changing. And cloud services had marginal economics that looked more like software than hardware at scale. And this would reset, we said opportunities for both technology sellers and buyers for the next 20 years. And this came into sharper focus in the ensuing years culminating in a milestone post by Greylock's Jerry Chen called Castles in the Cloud. It was an inspiration and catalyst for us using the term Supercloud in John Furrier's post prior to reinvent 2021. So we started to flesh out this idea of Supercloud where companies of all types build services on top of hyperscale infrastructure and across multiple clouds, going beyond multicloud 1.0, if you will, which was really a symptom, as we said, many times of multi-vendor at least that's what we argued. And despite its fuzzy definition, it resonated with people because they knew something was brewing, Keith Townsend the CTO advisor, even though he frankly, wasn't a big fan of the buzzy nature of the term Supercloud posted this awesome Blackboard on Twitter take a listen to how he framed it. Please play the clip. >> Is VMware the right company to make the super cloud work, term that Wikibon came up with to describe the taking of discreet services. So it says RDS from AWS, cloud compute engines from GCP and authentication from Azure to build SaaS applications or enterprise applications that connect back to your data center, is VMware's cross cloud vision 'cause it is just a vision today, the right approach. Or should you be looking towards companies like HashiCorp to provide this overall capability that we all agree, or maybe you don't that we need in an enterprise comment below your thoughts. >> So I really like that Keith has deep practitioner knowledge and lays out a couple of options. I especially like the examples he uses of cloud services. He recognizes the need for cross cloud services and he notes this capability is aspirational today. Remember this was eight or nine months ago and he brings HashiCorp into the conversation as they're one of the speakers at Supercloud 22 and he asks the community, what they think, the thing is we're trying to really test out this concept and people like Keith are instrumental as collaborators. Now I'm sure you're not surprised to hear that mot everyone is on board with the Supercloud meme, in particular Charles Fitzgerald has been a wonderful collaborator just by his hilarious criticisms of the concept. After a couple of super cloud posts, Charles put up his second rendition of "Supercloudifragilisticexpialidoucious". I mean, it's just beautiful, but to boot, he put up this picture of Baghdad Bob asking us to just stop, Bob's real name is Mohamed Said al-Sahaf. He was the minister of propaganda for Sadam Husein during the 2003 invasion of Iraq. And he made these outrageous claims of, you know US troops running in fear and putting down their arms and so forth. So anyway, Charles laid out several frankly very helpful critiques of Supercloud which has led us to really advance the definition and catalyze the community's thinking on the topic. Now, one of his issues and there are many is we said a prerequisite of super cloud was a super PaaS layer. Gartner's Lydia Leong chimed in saying there were many examples of successful PaaS vendors built on top of a hyperscaler some having the option to run in more than one cloud provider. But the key point we're trying to explore is the degree to which that PaaS layer is purpose built for a specific super cloud function. And not only runs in more than one cloud provider, Lydia but runs across multiple clouds simultaneously creating an identical developer experience irrespective of a state. Now, maybe that's what Lydia meant. It's hard to say from just a tweet and she's a sharp lady, so, and knows more about that market, that PaaS market, than I do. But to the former point at Supercloud 22, we have several examples. We're going to test. One is Oracle and Microsoft's recent announcement to run database services on OCI and Azure, making them appear as one rather than use an off the shelf platform. Oracle claims to have developed a capability for developers specifically built to ensure high performance low latency, and a common experience for developers across clouds. Another example we're going to test is Snowflake. I'll be interviewing Benoit Dageville co-founder of Snowflake to understand the degree to which Snowflake's recent announcement of an application development platform is perfect built, purpose built for the Snowflake data cloud. Is it just a plain old pass, big whoop as Lydia claims or is it something new and innovative, by the way we invited Charles Fitz to participate in Supercloud 22 and he decline saying in addition to a few other somewhat insulting things there's definitely interesting new stuff brewing that isn't traditional cloud or SaaS but branding at all super cloud doesn't help either. Well, indeed, we agree with part of that and we'll see if it helps advanced thinking and helps customers really plan for the future. And that's why Supercloud 22 has going to feature some of the best analysts in the business in The Great Supercloud Debate. In addition to Keith Townsend and Maribel Lopez of Lopez research and Sanjeev Mohan from former Gartner analyst and principal at SanjMo participated in this session. Now we don't want to mislead you. We don't want to imply that these analysts are hopping on the super cloud bandwagon but they're more than willing to go through the thought experiment and mental exercise. And, we had a great conversation that you don't want to miss. Maribel Lopez had what I thought was a really excellent way to think about this. She used TCP/IP as an historical example, listen to what she said. >> And Sanjeev Mohan has some excellent thoughts on the feasibility of an open versus de facto standard getting us to the vision of Supercloud, what's possible and what's likely now, again, I don't want to imply that these analysts are out banging the Supercloud drum. They're not necessarily doing that, but they do I think it's fair to say believe that something new is bubbling and whether it's called Supercloud or multicloud 2.0 or cross cloud services or whatever name you choose it's not multicloud of the 2010s and we chose Supercloud. So our goal here is to advance the discussion on what's next in cloud and Supercloud is meant to be a term to describe that future of cloud and specifically the cloud opportunities that can be built on top of hyperscale, compute, storage, networking machine learning, and other services at scale. And that is why we posted this piece on Answering the top 10 questions about Supercloud. Many of which were floated by Charles Fitzgerald and others in the community. Why does the industry need another term what's really new and different? And what is hype? What specific problems does Supercloud solve? What are the salient characteristics of Supercloud? What's different beyond multicloud? What is a super pass? Is it necessary to have a Supercloud? How will applications evolve on superclouds? What workloads will run? All these questions will be addressed in detail as a way to advance the discussion and help practitioners and business people understand what's real today. And what's possible with cloud in the near future. And one other question we'll address is who will build super clouds? And what new entrance we can expect. This is an ETR graphic that we showed in a previous episode of breaking analysis, and it lays out some of the companies we think are building super clouds or in a position to do so, by the way the Y axis shows net score or spending velocity and the X axis depicts presence in the ETR survey of more than 1200 respondents. But the key callouts to this slide in addition to some of the smaller firms that aren't yet showing up in the ETR data like Chaossearch and Starburst and Aviatrix and Clumio but the really interesting additions are industry players Walmart with Azure, Capital one and Goldman Sachs with AWS, Oracle, with Cerner. These we think are early examples, bubbling up of industry clouds that will eventually become super clouds. So we'll explore these and other trends to get the community's input on how this will all play out. These are the things we hope you'll take away from Supercloud 22. And we have an amazing lineup of experts to answer your question. Technologists like Kit Colbert, Adrian Cockcroft, Mariana Tessel, Chris Hoff, Will DeForest, Ali Ghodsi, Benoit Dageville, Muddu Sudhakar and many other tech athletes, investors like Jerry Chen and In Sik Rhee the analyst we featured earlier, Paula Hansen talking about go to market in a multi-cloud world Gee Rittenhouse talking about cloud security, David McJannet, Bhaskar Gorti of Platform9 and many, many more. And of course you, so please go to theCUBE.net and register for Supercloud 22, really lightweight reg. We're not doing this for lead gen. We're doing it for collaboration. If you sign in you can get the chat and ask questions in real time. So don't miss this inaugural event Supercloud 22 on August 9th at 9:00 AM Pacific. We'll see you there. Okay. That's it for today. Thanks for watching. Thank you to Alex Myerson who's on production and manages the podcast. Kristen Martin and Cheryl Knight. They help get the word out on social media and in our newsletters. And Rob Hof is our editor in chief over at SiliconANGLE. Does some really wonderful editing. Thank you to all. Remember these episodes are all available as podcasts wherever you listen, just search breaking analysis podcast. I publish each week on wikibon.com and Siliconangle.com. And you can email me at David.Vellantesiliconangle.com or DM me at Dvellante, comment on my LinkedIn post. Please do check out ETR.AI for the best survey data in the enterprise tech business. This is Dave Vellante for theCUBE insights powered by ETR. Thanks for watching. And we'll see you next week in Palo Alto at Supercloud 22 or next time on breaking analysis. (calm music)

(upbeat music) >> On August 9th at 9:00 am Pacific, we'll be broadcasting live from theCUBE Studios in Palo Alto, California. Supercloud22, an open industry event made possible by VMware. Supercloud22 will lay out the future of multi-cloud services in the 2020s. John Furrier and I will be hosting a star lineup, including Kit Colbert, VMware CTO, Benoit Dageville, co-founder of Snowflake, Marianna Tessel, CTO of Intuit, Ali Ghodsi, CEO of Databricks, Adrian Cockcroft, former CTO of Netflix, Jerry Chen of Greylock, Chris Hoff aka Beaker, Maribel Lopez, Keith Townsend, Sanjiv Mohan, and dozens of thought leaders. A full day track with 17 sessions. You won't want to miss Supercloud22. Go to thecube.net to mark your calendar and learn more about this free hybrid event. We'll see you there. (upbeat music)

(upbeat music) >> Welcome back to theCUBE's coverage of VEEMON 2022. We're here at the Aria in Las Vegas. Dave Vellante with David Nicholson, my co-host for the week, two days at wall to wall coverage. Jason Buffington is here, JBuff, who does some amazing work for VEEAM, former Analyst from the Enterprise Strategy Group. So he's got a real appreciation for independence data, and we're going to dig into some data. You guys, I got to say, Jason, first of all, welcome back to theCUBE. It's great to see you again. >> Yeah, two and a half years, thanks for having me back. >> Yeah, that's right. (Jason laughs) Seems like a blur. >> No doubt. >> But so here's the thing as analysts, you can appreciate this, the trend is your friend, right? and everybody just inundates you with now, ransomware. It's the trend. So you get everybody's talking about the ransomware, cyber resiliency, immutability, air gaps, et cetera. Okay, great. Technology's there, it's kind of like the NFL, everybody kind of does the same thing. >> There's a lot of wonderful buzzwords in that sentence. >> Absolutely, but what you guys have done that's different is you brought in some big time thought leadership, with data and survey work which of course as an analyst we love, but you drive strategies off of this. So you got to, I'll set it up. You got a new study out that's pivoted off of February study of 3,600 organizations, and then you follow that up with a thousand organizations that actually got hit with ransomware. So tell us more about the study and the work that you've done there. >> Yeah, I got to say I have the best job ever. So I spent seven years as an analyst. And when I decided I didn't want to be an analyst anymore, I called VEEAM and said, I'd like to get in the fight and they let me in. But they let me do independent research on their behalf. So it's kind of like being an in-house counsel. I'm an in-house analyst. And for the beginning of this year, in February, we published a report called the Data Protection Trends Report. And it was over 3000 responses, right? 28 countries around the world looking at digital transformation, the effects of COVID, where are they are on BAS and DRS. But one of the new areas we wanted to look at was how pervasive is ransomware? How does that align with BCDR overall? So some of those just big thought questions that everyone's trying to solve for. And out of that, we said, "Wow, this is really worth double clicking." And so today, actually about an hour ago we published the Ransomware Trends Report and it's a thousand organizations all of which have all been survived. They all had a ransomware attack. One of the things I think I'm most proud of for VEEAM in this particular project, we use an independent research firm. So no one knows it's VEEAM that's asking the questions. We don't have any access to the respondents along the way. I wish we did, right? >> Yeah, I bet >> Go sell 'em back up software. But of the thousands 200 were CISOs, 400 were security professionals which we don't normally interact with, 200 backup admins, 200 IT ops, and the idea was, "Okay, you've all been through a really bad day. Tell us from your four different views, how did that go? What did you solve for? What did you learn? What are you moving forward with?" And so, yeah, some great learnings all around helping us understand how do we deliver solutions that meet their needs? >> I mean, there's just not enough time here to cover all this data. And I think I like about it is, like you said, it's a blind survey. You used an independent third party whom I know they're really good. And you guys are really honest about it. It's like, it was funny that the analyst called today for the analyst meeting when Danny was saying if 54% and Dave Russell was like, it's 52%, actually ended up being 53%. (Jason laughs) So, whereas many companies would say 75%. So anyway, what were some of the more striking findings of that study? Let's get into it a little bit. >> So a couple of the ones that were really startling for me, on average about one in four organizations say they have not been hit. But since we know that ransomware has a gestation for around 200 days from first intrusions, so when you have that attack, 25% may be wrong. That's 25% in best case. Another 16% said they only got hit once in the last year. And that means 60%, right on the money got hit more than once per year. And so when you think about it's like that school bully Once they take your lunch money once and they want lunch money, again, they just come right back again. Did you fix this hole? Did you fix that hole? Cool, payday. And so that was really, really scary. Once they get in, on average organizations said 47% of their production data was encrypted. Think about that. So, and we tested for, hey, was it in the, maybe it's just in the ROBO. So on the edge where the tech isn't as good, or maybe it's in the cloud because it's in a broad attack surface. Whatever it is, turns out, doesn't matter. >> So this isn't just nibbling around the edges. >> No. >> This is going straight to the heart of the enterprise. >> 47% of production data, regardless of where it's stored, data center ROBO or cloud, on average was encrypted. But what I thought was really interesting was when you look at the four personas, the security professional and the backup admin. The person responsible for prevention or mediation, they saw a much higher rate of infection than the CSOs and the IT pros, which I think the meta point there is the closer you are to the problem. the worst this is. 47% is bad. it's worse than that. As you get closer to it. >> The other thing that struck me is that a large proportion of, I think it was a third of the companies that paid ransom. >> Oh yeah. >> Weren't able to recover it. Maybe got the keys and it didn't work or maybe they never got the keys. >> That's crazy too. And I think one thing that a lot of folks, you watch the movies and stuff and you think, "Oh, I'm going to pay the Bitcoin. I'm going to get this magic incantation key and all of a sudden it's like it never happened. That is not how this works. And so yeah. So the question actually was did you pay and did it work right? And so 52%, just at half of organization said, yes. I paid and I was able to recover it. A third of folks, 27%. So a third of those that paid, they paid they cut the check, they did the ransom, whatever, and they still couldn't get back. Almost even money by the way. So 24% paid, but could not get back. 19% did not pay, but recovered from backup. VEEAM's whole job for all of 2022 and 23 needs to be invert that number and help the other 81% say, "No, I didn't pay I just recovered." >> Well, in just a huge number of cases they attacked the backup Corpus. >> Yes. >> I mean, that's was... >> 94% >> 94%? >> 94% of the time, one of the first intrusions is to attempt to get rid of the backup repository. And in two thirds of all cases the back repository is impacted. And so when I describe this, I talk about it this way. The ransomware thief, they're selling a product. They're selling your survivability as a product. And how do you increase the likelihood that you will buy what they're selling? Get rid of the life preserver. Get rid of their only other option 'cause then they got nothing left. So yeah, two thirds, the backup password goes away. That's why VEEAM is so important around cloud and disk and tape, immutable at every level. How we do what we do. >> So what's the answer here. We hear things like immutability. We hear terms like air gap. We heard, which we don't hear often, is orchestrated recovery and automated recovery. I wonder if you could get, I want to come back to... So, okay. So you're differentiating with some thought leadership, that's nice. >> Yep. >> Okay, good. Thank you. The industry thanks you for that free service. But how about product and practices? How does VEEAM differentiate in that regard? >> Sure. Now full disclosure. So when you download that report, for every five or six pages of research, the marketing department is allowed to put in one paragraph. It says, this is our answer. They call the VEEAM perspective. That's their rebuttal. To five pages of research, they get one paragraph, 250 word count and you're done. And so there is actually a commercial... >> We're here to buy here in. (chuckles) >> To the back of that. It's how we pay for the research. >> Everybody sells an onset. (laughs) >> All right. So let's talk about the tech that actually matters though, because there actually are some good insights there. Certainly the first one is immutability. So if you don't have a survivable repository you have no options. And so we provide air gaping, whether you are cloud based. So your favorite hyper-scale or one of the tens of thousands of cloud service providers that offer VEEAM products. So you can have, immutability at the cloud layer. You can certainly have immutability at the object layer on-prem or disk. We're happy to use all your favorite DDoS and then tape. It is hard to get more air-gaped and take the tape out drive, stick it on a shelf or stick it in a white van and have it shipped down the street. So, and the fact that we aren't dependent on any architecture, means choose your favorite cloud, choose your favorite disc, choose your favorite tape and we'll make all of 'em usable and defendable. So that's super key Number one. Super key number two there's three. >> So Platform agnostic essentially. >> Yeah. >> Cloud platform agenda, >> Any cloud, any physical, we work happily with everybody. Just here for your data. So, now you know you have at least a repository, which is not affectable. The next thing is you need to know, do you actually have recoverable data? And that's two different questions. >> How do you know? Right, I mean... >> You don't. So one of my colleagues, Chris Hoff, talks about how you can have this Nalgene bottle that makes sure that no water spills. Do you know that that's water? Is it vodka? Is it poison? You don't know. You just know that nothing's spilling out of it. That's an immutable repository. Then you got to know, can you actually restore the data? And so automating test restores every night, not just did the backup log work. Only 16% actually test their backups. That breaks my heart. That means 84% got it wrong. >> And that's because it just don't have the resource or sometimes testing is dangerous. >> It can be dangerous. It can also just be hard. I mean, how do you spend something up without breaking what's already live. So several years ago, VEEAM created the sandbox is what we call a data lab. And so we create a whole framework for you with a proxy that goes in you can stand up whatever you want. You can, if file exists, you can ping it, you can ODBC SQL, you can map the exchange. I mean, you can, did it actually come up. >> You can actually run water through the recovery pipes. >> Yes. >> And tweak it so that it actually works. >> Exactly. So that's the second thing. And only 16% of organizations do. >> Wow. >> And then the third thing is orchestration. So there's a lot of complexity that happens when you recover one workload. There is a stupid amount of complexity happens when you try cover a whole site or old system, or I don't know, 47% of your infrastructure. And so what can you do to orchestrate that to remediate that time? Those are the three things we found. >> So, and that orchestration piece, a number of customers that were in the survey were trying to recover manually. Which is a formula for failure. A number of, I think the largest percentage were scripts which I want you to explain why scripts are problematic. And then there was a portion that was actually doing it right. Maybe it was bigger, maybe it was a quarter that was doing orchestrated recovery. But talk about why scripts are not the right approach. >> So there were two numbers in there. So there was 16% test the ability to recover, 25% use orchestration as part of the recovery process. And so the problem where it is, is that okay, if I'm doing it manually, think about, okay, I've stood back up these databases. Now I have to reconnect the apps. Now I have to re IP. I mean, there's lots of stuff to stand up any given application. Scripts says, "Hey, I'm going to write those steps down." But we all know that, that IT and infrastructure is a living breathing thing. And so those scripts are good for about the day after you put the application in, and after that they start to gather dust pretty quick. The thing about orchestration is, if you only have a script, it's as frequently as you run the script that's all you know. But if you do a workflow, have it run the workflow every night, every week, every month. Test it the same way. That's why that's such a key to success. And for us that's VEEAM disaster recovery orchestra tour. That's a product that orchestrates all the stuff that VEEAM users know and love about our backend recovery engine. >> So imagine you're, you are an Excel user, you're using macros. And I got to go in here, click on that, doing this, sort of watching you and it repeats that, but then something changes. New data or new compliance issue, whatever... >> That got renamed directly. >> So you're going to have to go in and manually change that. How do you, what's the technology behind automated orchestration? What's the magic there? >> The magic is a product that we call orchestrator. And so it actually takes all of those steps and you actually define each step along the way. You define the IP addresses. You define the paths. You define where it's going to go. And then it runs the job in test mode every night, every week, whatever. And so if there's a problem with any step along the way, it gives you the report. Fix those things before you need it. That's the power of orchestrator. >> So what are you guys doing with this study? What can we expect? >> So the report came out today. In a couple weeks, we'll release regional versions of the same data. The reason that we survey at scale is because we want to know what's different in a PJ versus the Americas versus Europe and all those different personas. So we'll be releasing regional versions of the data along the way. And then we'll enable road shows and events and all the other stuff that happens and our partners get it so they can use it for consulting, et cetera. >> So you saw differences in persona. In terms of their perception, the closer you were to the problem, the more obvious it was, did you have enough end to discern its pearly? I know that's why you're due the drill downs but did you sense any preliminary data you can share on regions as West getting hit harder or? >> So attack rate's actually pretty consistent. Especially because so many criminals now use ransomware as a service. I mean, you're standing it up and you're spreading wide and you're seeing what hits. Where we actually saw pretty distinct geographic problems is the cloud is not of as available in all segments. Expertise around preventative measures and remediation is not available in all segments, in all regions. And so really geographic split and segment split and the lack of expertise in some of the more advanced technologies you want to use, that's really where things break down. Common attack plane, uncommon disadvantage in recovery. >> Great stuff. I want to dig in more. I probably have a few more questions if you don't mind, I can email you or give you a call. It's Jason Buffington. Thanks so much for coming on theCUBE. >> Thanks for having me. >> All right, keep it right there. You're watching theCUBE's live coverage of VEEAMON 2022. We're here in person in Las Vegas, huge hybrid audience. Keep it right there, be right back. (upbeat music)