>> Announcer: Live from Barcelona Spain, it's theCUBE. Covering Cisco Live 2020. Brought to you by Cisco and its ecosystem partners. >> Hello everyone, welcome to theCUBE here live in Barcelona Spain for Cisco Live 2020. This is our first CUBE event for the year. Next 10 years of CUBE history, we look back 10 years since we've been around, for 10 years, we have another 10 more we're looking forward to. And this is the first event for 2020 Cisco Live at Barcelona. I'm John Furrier, your host, with Dave Vellante, Stuart Miniman, extracting the signal from the noise. The cloud business is noisy, the networking business is under siege and changing, Dave and Stu we're pre gaming, Cisco Live, kicking off the show, end of the first kind of pre day, Tomorrow's the big keynotes. David Geckler, Verizon exec is preparing to announce rumor has it some insights into what Cisco's position will be vis a vis cloudification, that's going to change their portfolio and probably identify some opportunities, and also some potential gaps in their strategy and what they can do to be competitive. The number one leader in networking, they got a great market position. But cloud is changing the game with networking. >> Yeah, john, it's funny, I heard you talking about, the 10 years and everything. 10 years ago, if I thought about Cisco, I'd be looking at the I pattern of getting the jitter out of the network and trying to tweak everything. And today, what are we talking about with Cisco? We're talking about software, we're talking about cloud. We're talking about developers. Yeah, they're a networking company at its core, but Cisco has been going through a significant transformation, it's been an interesting one to watch. Dave, you wrote a little bit about, Cisco is one of the four horsemen of the internet era, of course the dotcom, they were one of the ones that actually survived and thrived after the dotcom burst, but Cisco is a very different company today far from the $500 billion market cap that they had a few years back, they were at about $200 billion, but still dominant in switching and routing. But there are threats from a number of environments and a lot of changes as to what you need to think about when it comes to Cisco. >> Well, sometimes it's instructive to look back and see how we got here. Cisco made three big bets during its ascendancy, the first one was it bet on IP, I mean, John, you've talked about this a lot, it decimated the mini computer industry by connecting distributed computing and client server, the underlying plumbing there. The second big bet it made was it trained a bunch of engineers, the Cisco certified engineers CCIEs, and they used that as a lever and created a whole army of people that were Cisco advocates, and that was just a brilliant move. And the third was under the leadership of John Chambers, They did about 180 acquisitions, and they were quite good at acquisitions and what that did for them is it continued to fuel growth, it filled in gaps and it kept them relevant with customers. Now, part of that, too, was, Chambers had dozens and dozens of adjacent businesses, remember, he said they were all going to be a billion dollars. Well, most of them, didn't pan out. So they had to cut and burn, and so but now under the leadership of Roberts, they're a much more focused company, kind of getting back to basics, trying to bet on sure things and so let's talk about what some of those sure things are and how Cisco's performing. >> Well it's clear you said lever, they're got to pull a lever at some point and turn the boat that is Cisco, aircraft carrier, what do you want to call it? In the right direction? That's been something that, we've been covering Cisco for decades Stu as you just pointed out, and while we've been close to all the action, I think Cisco knows what's going on. It's clear to me that they kind of understand the landscape. They understand their opportunities in the future, but they're a massive business, Dave, you pointed it out. The combination of all those mergers. The thing that got my attention was as they understood the unification many, many years ago in the compute side, you saw Cisco clearly understands the unification. They know cloud is here, they know that do not make a move, that's cloud friendly, they were going to get swept away and be adrift with the next wave, which is cloud 3.0, whatever we call it. So to me, that's the big story with Cisco. What is the impact of the company when you cloudify business? That's not public cloud, that's hybrid public, economics are changing, the compute capabilities are changing, the network capabilities are changing, got the edge. I think Cisco will be defined by their actions over the next two to three years. What they announce, how they position it, and what they bring value to the customers because you got Silicon One chip, good move, got cloud position, got App D on the on the top of the stack, you got cloud center, they're trying to get to the cloud, but you can't do that until you have the subscription business, until you, can't do pricing by usage unless you have that model. So I think it's a brick by brick, but slowly they're doing it. We have to hear some things next year on Cisco, on how they're going to be true, cloud enabled? >> Well, software is a huge play for them, right? I mean, they've got it, because Cisco's been the dominant player in networking with two thirds of the market, I mean, they've sustained that for a decade plus, and it has allowed them to drive 60 plus percent gross margins for years and years and years, huge operating margin. So how are they going to continue that? Software is the key. And as you say, John, subscriptions is the cloud model that is critical for Cisco. Now they talk about 70% of their software business is subscriptions and annual recurring revenue, it's unclear really how big their software business is, they give hints, I'd peg it at about seven to eight billion last year, maybe growing to 10, 12 billion this year. So pretty sizable, but that's critical in terms of them driving the margins that they need to throw off free cash flow so they can invest in things like stock buybacks and dividends which prop up the stock. >> Well, the problem is you start chasing your tail on the stock price and or product TAMS and product revenue, you might actually miss the boat on the new product. So it's a balance between cannibalizing your own before you can bring in the new, and this is going to be the challenge with Cisco, when do they bite the bullet and say, "Okay, we got to get a position on this piece here "or that piece there, ultimately, "it's going to be about customers." And what do we know, public cloud succeeded with one data, hybrid cloud is a reality and people are executing specific technologies to do an operating model that's cloud And to me, the big wave for Cisco, in my opinion, is multi cloud, because that's not a technology. That's just, that's a value proposition, it's not so much a technology. >> Yeah, Dave, you mentioned a lot of the acquisitions that Cisco has done. In many ways, though, some of the areas where Cisco can be defined is the acquisitions that they didn't do. Cisco did not buy VMware, and were behind in the virtualization wave. And then they created UCS and that actually was a great tailwind for them, created their data center business. They did not end up buying Nicira, and yet, Nicira's done very well. But if you talk to most customers well, even if you're deploying NSX, whose hardware do you tend to have? Well, yes, sure, it might be Arista, might be somebody else's but Cisco still doing good, going well, so they haven't had, there hasn't been a silver bullet to kill Cisco's dominant, but how are they going to do without cloudification? The data center group has gone through a lot of challenges. If you look at they fumbled along with OpenStack, like many other companies did, they went through just as VMware really failed with VCloud Air, the cloud group inside of Cisco had, they had this large Cisco offering that for a couple of years, everybody's looking, I don't know, are you enabling service providers? What are you doing? Now they have management pieces, they're partnering with Google, Amazon, Azure, across the environments, they are heavily involved in Kubernetes and the service meshes. So it remains to be seen where Cisco will find that next Tam expansion to kind of take them to the next wave. >> But Stu, acquisition is a good piece. And what I think they got to do some M&A clearly and organic but the question is would Nicira have been successful at Cisco versus VMware. Look at the timing of that, I think VMware being bought would have been a home run. But Nicira, I don't think that succeeds at Cisco. I think that would be a bunch of knife fights internally. And Nicira would have been shifted up because what it was then and what it is now and VMware are two different things because VMware took it, and shaped it, that I don't think Cisco could have done it at that time, >> The success would have been a defensive move to keep VMware out. That would have been the nature of the success, but I think you're right, the infighting would have been brutal, but VMware wouldn't have Nicira. >> VMware, What they did when they bought Nicira is they spent the first three or four years just making it an extension of VMware. Now it's starting to become their multi Cloud Interconnect. And that's where we need to see Cisco be involved. Cisco's bought many companies that have promised to be multicloud management or that interconnecting fabric and they have not yet panned out. >> Well, security is the linchpin though here, they've made a bunch of acquisitions in security. And I've always said that they've got a position, their networking is the most cost effective, the highest performance and the most secure to connect multiple clouds to hybrid on-prem. And they're in a good position to do that. >> Well, I think I've always said this from day one, you guys know I'm harping on this, Stu and I, we High Five each other all the time when we say this, but back in the days in IT days, the heyday, if you were a network operator, network designer, network architect, you were the king, king or queen. So you had the keys to the kingdom. VMware is a legitimate threat to Cisco. They compete, and they talk about that all the time. But the question is, which community has the keys to the kingdom? Rhetorical question. >> Yeah, well John one point I made earlier, (John laughing) >> Okay, go ahead. >> I remember Pat Gelsinger got on stage and he's like, "Hey, here's the largest collection of network admins" and everybody's looking at him, what are you talking about Pat? When I talk to customers that are deploying NSX, it is mostly not the network team, it is the virtualization team, and they're still often fighting with the network team. But to your point, where I've seen some of the really smart network architects, and people building stuff, Amazon, Azure, Google all have phenomenal people, and they're building environment back Cisco needs to make sure they partner and are embedded there. >> If you, Dave mentioned the leverage. Cisco's got to pull that lever or, turn the boat around and one shift move now, or otherwise, they'll lose that leverage. They have more power than they think in my opinion, they probably do know, but they have the network. And I think the network guys trump the operating guys, because you always swap in operating staff, but you got the network, and the network runs the business. No one could swap out Cisco boxes for a Synopsis years ago, so or Bay, whatever it turned into, so they have that nested position. If they lose that they're done. >> Yeah, and I agree with you, John, there's a lot of, Stu, you pointed out this, people buy NSX and Cisco ACI, but my question is, okay, how long will that redundancy last? I think, to your rhetorical question, Cisco is sitting in the catbird seat and they know networking, they're investing in it. I don't think they're going to lose sight of that. Yeah, wrist is, common Adam and Juniper, but Cisco, they know how to manage that business and maintain its leadership. I guess my question is, have they lost that acquisition formula? Are they as good at acquisitions as they used to be? >> I think their old model's flawed for the modern era. I think the acquisition's got to come in and integrate and I think VMware has proven that they can do acquisitions right. I think that comes from the EMC kind of concept where it's got to fit in beautifully and have synergies right away. I think what Pat Gelsinger is doing I think he's smart and I think that's why VMware is so successful. They got great technical talent, they know the right waves to be on and they execute. So I think Cisco has got to get out of these siloed acquisitions, this business unit mindset and have things come in, if they work, in line with the strategy and the execution. It has to from day one, I've got it. You got to be fitting perfectly in. >> The portfolio is still pretty complicated. You got the core networking. You got things like WebEx, right? I mean, would you want to be going up against Microsoft Teams? But they're in it, Cisco's in it to win it, and they got to they got to talk about-- >> Don't count out Zoom. >> Talking about, no, Zoom's right there too in the mix. And so Cisco's got some work to do, expect some enhancements coming there, in HCI, they've got to walk a fine line Stu, you made this point. On the one hand, they've got, IBM and NetApp with UCS and conversion infrastructure, but then they buy Springpath, which is designed to replace converged infrastructure. So they've got to walk that fine line. >> All right, what are you guys going to hear this week? Let's just wrap this up by going down the line on thoughts and predictions as the keynote kicks off tomorrow, I took some notes, I was doing some, going around the floor trying to get inside people's heads and ask them probing questions. And here's what I got out of it. I think Cisco is going to recognize cloud and absolutely throw the holy water on the fact that it's part of their strategy. I think we'll hear a little bit about Silicon One and how it relates to the portfolio, but I think the big story will be how tying the application environment together with networking, not end to end but really as one seamless solution for customers. I think it's going to be a top story that's been teased out by some of the booths that I saw, connecting things as one holistic thing with application development focus with DevOps. >> Yeah, so John, ACI was application centric infrastructure. And it was critical back in back in the day there is like, well, the application owner really doesn't have much connection there. If you look at what Cisco has been doing the last few years, it is tying together more that application owner, the DevNet group that, we're sitting here in the DevNet zone, that connection between the developer and making enabling them as part of the business absolutely is a wave that Cisco needs to drive. I don't think we're going to see a ton of the Silicon One, 5G and that kind of stuff, if for no other reason then in about a month, they're going to be sitting here with 100,000 people from Mobile World Congress and that's where they keep their dry powder to make sure that they push that piece of it. But that is super important, so and yeah. >> I think, software and security, I mean, I, as you were talking about, Zoom, Teams, so they better focus on collaboration and I want to hear some stuff there, security, IoT and the edge. They've got a very strong position there. Their security, Cisco security business grew 22% last quarter, it's really doing well. So I want to hear more about that. And I think data center, what they're doing in the data center, what they're doing with their switching business, their HCI stuff and converged infrastructure, hyper converged and, three important areas that we'll hear about this week. >> And Dave, I'll emphasise on what you were saying. Edge edge edge, absolutely, if Cisco is going to maintain a dominant player in the network, they need to deliver on that edge. And I've heard a couple of messaging strategies in the past, there was fog computing and all this other stuff, but I think Cisco is in a position today between Meraki that they have between their core product, >> Dave: Devnet. >> To really be able to enable-- >> And those are really-- >> Well, I want to see more progress, I'm looking forward to see, I'm going to drill them on the interviews we do here. They spent millions, billions of dollars satisfying and creating a subscription model with the cloud. We're going to dig into it, we're going to extract the signal from the noise, theCUBE coverage here in Barcelona, Spain. First show of 2020, Cisco Live 2020, I'm John Furrier, Stuart Miniman, Dave Vellante. We'll be right back. (upbeat music)

(intense orchestral music) >> Hello everyone and welcome to theCUBE Conversation here in Palo Alto, at theCUBE studios. I'm John Furrier, we're here with a special conversation with Fortinet's John Maddison, senior vice president of products and solutions with Fortinet. Welcome to theCUBE Conversation. >> Good to be here again. >> So you guys have some hard new today hitting, it's called the FortiNAC, Forti, like Fortinet, Forti, N-A-C, network access control. >> Right. >> Significant announcement for your guys, take a minute to explain the announcement. >> Yeah, so about two months ago we acquired a company called Bradford Networks. They compete, provide products in the network access control arena. Other companies in that space, so people like ForeScout or Cisco or HP. We think it's a very important space because it's going to be the foundations for IOT security. You probably heard a lot of buzz around IOT security. And there's different levels of IOT security. There's that for the enterprise, there's that for cloud, et cetera and so, for us, this is an important announcement because it gives us that added visibility now to IOT devices via the fabric. >> And the product, is it an appliance? Is it software? What's the product making? >> It's both. You can do a virtual machine version. It's also an appliance. It comes in different levels. The key for it though is the scalability because with IOT devices, we're not talking 100 devices anymore, we're talking millions of devices so what it's able to do is look across many different protocols and devices and provide that visibility of just about any device attaching to your network. >> Who's the target audience for FortiNAC? Is it the data center? Is it the cloud? Is it the remote? Where's the product actually sit? >> Well it's more by industry, so certain industries will have lots more of these types of devices attaching. So think of manufacturing for example. The medical industry as well. And so those are the real, education's another one, so it's more by vertical and it's really focused on campuses, large campuses or remote offices or even manufacturing plants where, again, these devices are attaching to your network. >> And they'll sit at the edge, monitoring what's coming in and out? Is that the purpose? >> Well that's the neat thing about it, it doesn't have to sit at the edge and see all the traffic. What it does is interrogate existing devices at the edge. It could be a switch, it could be a router, it could be an access point, and from that information it can make an assessment of what the device is attaching and then apply a policy. >> So this is part of a bigger holistic picture? We've have conversations with Fortinet in the past, a few conversations certainly around security, with cloud it's the top conversation, on premise it's the top conversation. You guys also have some complimentary products involved like the security fabric and the connectors. Does this fit into that? Take a minute to explain the relevance of how FortiNAC works with the security fabric and the connectors? >> Yeah, last time I was here I explained our fabric and so the fabric is basically something, is a set of Fortinet products, solutions in a way, that are very tightly integrated into the network or into the customer's ecosystem, and then once you've built that you then provide automation systems across for protection, detection and response. And the whole idea is to make sure you're covering what we call the digital attack surface. The digital attack surface now includes, obviously IOT devices, so gaining this visibility from FortiNAC, making sure the information is available to our fabric is crucial for us to make sure we can protect the digital attack surface. >> And for customer's the fabric is a holistic view, the NAC is a product that sits in the campuses or within the network that kind of communicates in the fabric? Is that right? >> Right. So the NAC can see all the IOT devices attaching and then it integrates back into the fabric. The fabric can then apply a policy, so the fabric can see everything now From IOT to the campus, to the WAN, to the data center, to the cloud and if, for example, those IOT devices are communicating with something in the cloud the fabric can see end to end and apply, for example, a segmentation policy, end to end, all the way through the infrastructure. >> You know what I love about having conversations with Fortinet is that you guys spark two types of conversations, use cases and then product technology conversation. This obviously is an IOT kind of product. It makes a lot of sense, you got a little SD-WAN in there. This is the top conversation around enterprises and people looking at cloud an/or looking at re-platforming around cloud operations, it's the cloud architect, it's the network architect. >> Yeah. >> These guys are really being asked to redo things, so how does the IOT fit into this? What is the product? What is the FortiNAC do for IOT from a use case standpoint and then product and technology? >> That's a good conversation because recently, maybe the last 18 months, instead of talking about a point solution, instead of talking about a specific use case, customers want to put all those use cases together and then produce a longer term, more holistic architecture. So now they have a cyber security architect, security architects as well as networking architects. And they want to look at their infrastructure, because that's the things that's changing the most right now. Sure, the threat landscape's out there and the cyber criminals are changing and stuff, et cetera but it's really that infrastructure that's changing the most because they've moving to flexible WAN systems or cloud and so they want it integrated, end to end, over a long time period. So what they want to be able to do is to automate, that's the key word, is automation. It's to make sure all these devices attaching are part of the security automation architecture and then they comply that security policy automatically to that device. >> You know one of the things that's a big trend in the industry is having network guys and people who are managing infrastructure, move from a command line interface, DLI, to automation. >> Mm. >> You mentioned that. How does the FortiNAC extend the security fabric? Because you guys essentially have that holistic view with the fabric. So now you have this IOT capability. How is that device extending the security fabric and what's the benefits to the buyer? >> Yeah, so the fabric has visibility obviously at the next generation firewall, we also have deployment of access points and switches. But obviously there are other companies with vast deployments of switches, I can name a few, and access points and so if they weren't our switches we couldn't necessarily see those devices attaching. And so what FortiNAC does, it comes in and provides us that now complete visibility. It doesn't matter if it's our infrastructure switches and APs, it can be somebody else's. FortiNAC can interrogate and talk to those devices and not only gain that visibility but if we decide there's a certain security posture we want to apply to some IOT device, we don't know what it is, we want it segmented, restrict it's access. Then the fabric can then tell the FortiNAC device to provide control and segmentation back to it. >> So they're working together? >> Working together and it gives us now complete visibility of the IOT devices. >> Let's talk about some the trends around segmentation. We heard, certainly recently at VMworld about micro segmentation's been one of the key things. A lot of top architects, both network and cloud and software are looking at micro segmentation or segmentation in general around the network. Why is it important and what are some of the use cases that you guys are seeing around segmentation? >> It's extremely important but it's a very complex problem in that even though our customer's have bought a lot of different security products from different vendors and different infrastructure, one of the things they don't always realize is they bought a lot of different orchestration systems, a lot of command and control systems and those are key in the future because those systems determine what the infrastructure looks like. You NAC system is kind of an orchestration system, allowing different devices to come on/off the network. SD-WAN has it's own orchestration system. You talked about micro segmentation, things like VMware and NSX and Cisco ACI, all the clouds have their own orchestration systems as well. AWS, Azure, and so what's interesting is none of them really talk to each other. They're more focused on looking after their part of the infrastructure. Now to do segmentation end to end you really need to have end to end orchestration across all those systems. If I want to orchestrate, as I said, that IOT communication with a select application in the cloud, I need to orchestrate all the way through those orchestration systems. >> You need an orchestration or the orchestration system that you have in the cloud. (laughing) >> You need a mother of all orchestrators in some way but I don't think that's ever going to happen and so what's going to happen, really, is your security architecture and segmentation will be specific to a platform or fabric as we're building and then your fabric has to connect into the orchestration systems to tell it what's going on within that section of the orchestration. Again, if it's a NAC system, I can just explain, I know these IOT devices are attaching, let me apply a policy to those. If I know the WAN links are a certain type then I apply that policy. >> And this is the benefit of a holistic fabric because that's kind of where it ties together, right? >> It is, so you build a holistic security fabric and then you let the different infrastructure orchestrators, like VMware, or an SD-WAN vendor or a NAC vendor, do their job, really focus on the infrastructure. >> And you guys help those guys out, big time, with the orchestration side of it? >> Well we can connect into the orchestration systems and we just use it to make sure the security component is doing well. They're more focused on making sure the infrastructure delivers the applications to the end user. >> They do their job, you do your job. >> Exactly. >> Take a minute to explain for the folks out there, explain segmentation and what it is and why is it important for networks? >> A very simple example of segmentation, a couple of years ago there was a bank that got hacked in one of the countries, I think it was the Philippines or something like that, and what they found out was that in that particular country they didn't have the same security infrastructure in place so they got in through that particular branch and came all the way back into the core network and so a very simple segmentation policy they put in place was that, I'm going to segment by countries. So I'm not going to let this country's network access the core data center, if I give it a certain trust level. Segmentation can mean physical countries. It can mean I'm going to segment my intellectual property off. I could be segmenting by functions. Don't let those sales people anywhere near the intellectual property. You can also segment by identity. So segmentation means many different things, you have to apply, I think different levels of segmentation depending on your applications. >> And this is proven, too? We've heard this in many conversations in theCUBE. We had one guy from the US government saying, "We have these critical infrastructure pieces in the United States, why would we let anyone outside the United States access it?" >> Yeah. >> That's a great example. >> I mean if you go to critical infrastructure, you're even more dangerous. I mean most of the infrastructure's been air gapped. It's been totally air gapped, you can't get at it but that's changing as more of those devices become IOT and you have to let some access that. >> And this is where IOT is a challenge that we're seeing. This is one of the problems? >> It's IOT. You know that category is often referred to these days as OT, operational technology. >> Talk about end points, we're hearing endpoints being discussed, like hey, you connect the endpoints, your endpoint strategy, network strategy. Kind of elusive for some, describe why networking the endpoints is an important feature or is it? When people think of the endpoint of the network what are they really talking about? >> Well I think it's become more important. It's interesting if you go back 10 years or so even 15 years, you have a lot of endpoint vendors. Semantics, MacAfees, Trend Micros, Microsoft, I think, is now the largest endpoint security vendor. Then you have a different set of networking vendors, ourselves and some other names out there I can't remember. But, they're totally separated and so to look at your network, give you visibility to policy and segment, you need to be able to see the endpoints and the network together. The security fabric makes sure that you can at least see the endpoint. You may not provide the full stack of security, you may leave that to your endpoint vendor still but your network should be able to see your endpoint and vice versa, and you should be able to see what's communicating between the two. >> I'd like to talk about SD-WAN, but before we go there, just to kind of close out IOT, talk about Fortinet's differentiation and advantages when you talk about convergence between IOT and access technology. >> So the base technology's NAC, network access control, which is in place there but our advantage really is now scale, we can see huge amounts of IOT devices which are attaching and then take action not only at the access level but all the way into the cloud. >> SD-WAN has become a really hot topic. It's a huge market. >> Yeah. >> It's in the billions in terms of spend, it connects devices, campuses and devices but cloud's had a big renaissance within the SD-WAN market. Talk about what's going on with SD-WAN and how the security fabric and the FortiNAC fit into that because it's not your grandfather's SD-WAN market anymore as the expression goes. >> No. Well it's in that class of everything's being software defined, fair enough. But I think this marketplace, if you go even three years ago, was dominated because all the, you've got two marketplaces. You've got what I call the retail, which is distribute enterprise, thousands and thousands inside which already went to a UTM infrastructure. And then you had the branch office, which was more connected, in fact, it just had a simple router in there, it was connected back to the data center which then would go into the internet. And so what's happened is these branch offices they need more and more access to the cloud, more cloud applications are running. You need to provider QOS against those applications and then also these large corporations have decided they don't want to pay, it's a lot of money to get certain, high quality EPLS circuits, when they can get faster circuits through DSL and other mechanisms and so they wanted more flexibility around the wide area network. >> So commodity network access which is, you know, cloud non and EPLS, were high priced, secure. You get now more cloud access, this is translating to more traffic or is it? Is that the driver in all this? >> Well that's what happens and then you get more traffic going through there, it's the same with the next gen firewall right now and people saying, "There's a refresh going, we don't know why." the reason for it is, when you're in your office you're more than likely communicating with the cloud versus your local databases and so the same for the branch office, there's more traffic going through there, it's more encrypted, they want flexibility, they want HA modes, if that goes down now, you've got a big productivity problem with your employees there. And so this whole market sprung from nowhere only three or four years ago and is already in, as you say, in the billions of dollars. There's a lot of acquisition's already happened, consolidation. In our mind it's very important but what's just a important as all those elements is security. If I open up my branch office now to an internet connection, I need best of breed securities on that device and so we've been building SD-WAN, what I call core functionality, for some time, inside our fabric. It's quite a natural integration now of security into that. In fact some recent tests we did with SS Labs, we got highly recommended, for not only the SD-WAN features but that core security. Today SD-WAN vendors will say, well I'll just go and get some security solution from somewhere and bolt it on or attach it on, provide it through the cloud and that's fine but longterm, again, if you come back to that coordination, that orchestration, across two different systems, it's going to become hard. >> And the other complicating factor in this, aside from the infrastructure component, is that a lot of the SAS applications that people are buying, whether it's shadow IT or just off the shelf, or there's Dropbox or any of these services that are SAS based, cloud based, that's creating less of a perimeter. >> Yeah, when it all comes back, technology called CASB is providing that interface into that world through APIs and it all comes back to making sure that all your mechanisms of protection, detection, control are available to all your systems. If I've got some SD-WAN device somewhere and I need to check where this is going, I can use my application database or if I need to check if I'm going to this cloud, I use my CASB API. And so it comes back to a platform approach, a fabric approach. >> John, what's the SD-WAN approach for Fortinet? How do you guys do it? Why should people care? What's the differentiation? Why Fortinet for SD-WAN? What's the approach? >> Integrated in one word. That is, you don't need two boxes, you don't need two VMs, you don't need a box plus a cloud, it's all integrated on the system, best of breed SD-WAN functionality, best of breed tested by third party security which allows you then to have a much more cost effective solution. I think our TCO in the test as a 10th, or a 100th of some of the leading vendors outside there because you're bringing two vendors together and it's gets very costly. >> Alright, I'm going to put you on spot, I'm going to put my cynical hat on. So you're saying integrate security with SD-WAN? I'm going to say, hey, why not just keep it separate? Why integrate? >> Because the two functions need to work together. Where's the firewall going to go? Is it going to go in the cloud or is it going to go here? Who decides on the policy? If something happens, segmentation, who's deciding on segmentation policy? Usually two different companies, they don't really talk apart from maybe, there's an API leak in the security capabilities but to our mind, again, it comes back to that end to end segmentation and that's what a lot of the, I would say, the larger infrastructure vendors are trying to do. I want infrastructure all the way to devices being added, through my campus, through my SD-WAN, data center and cloud and if you've got multiple vendors, again, all over the place, there's no way you're going to be able to coordinate that. >> Alright, so I'll put my IT practitioner hat on. Okay, so I get that, so probably less security manual risk for human error, but I really want to automate. My goal is to automate some of these IT functions, get better security end to end, does this fit that requirement? >> Yeah, so from an automation perspective, we're building in some tools of our own but what we're finding more and more is that from an IT, as you said, they've gone out and built some dev ops capability. Ansible's a good example there. So what we're doing is making sure that, in fact, a lot of our partners and our SEs have already built these scripts and put them on GitHub, well now Microsoft Hub or whatever you want to call it. So we're taking those in and we're QAing them, making sure they're a high quality and then making them available to our customers and our partners through there. So this dev ops world, especially with cloud moving so fast, has become very important and to us it's a very important area we want to make available to our partners and customers. >> One of the things that's talked about a lot is SSL inspection, is that important? What do you guys do there? >> I think it's extremely important in that, a lot of enterprises have switched it off. The reason they switched it off is because when you switch it on it almost kills your performance. There was a recent, again an SS Labs test that was doing next gen firewall testing for SSL and some vendors' performance decreased by 90% and basically it was useless, you had to turn it off. A lot of enterprises want to switch it on. To switch it on, you need a system that has the performance capabilities. I think we decreased around 15%. The law of physics say you've got to decrease in some way but 15%'s a lot better than 90%. And you've got to switch that on because otherwise it's just a giant hole in your firewall. >> John, talk about the cloud because cloud now has multiple tracks to it. Used to be straight public cloud. Obviously on premise is this hot hybrid cloud, multi cloud is the center of the controversies, it's been validated. We see Amazon Web Services announcing something with VMware validation that you're going to start to see an on premises and cloud and some cloud native, born in the cloud companies will be out there. How do you guys extend the security fabric for those two cloud use cases? How does the Fortinet products scale to the cloud? >> Yeah, two good points. Again, a few years ago, I'd ask customers about cloud and say, "Yeah we're going to takes some steps in AWS." Now it's I've got four clouds, what's the next cloud I'm going to put inside there? I've got global clouds around the world. It's kind of interesting that there is this mad rush and it's still going on into public cloud but then I still see some people trying to do hybrid cloud and put some stuff inside their data centers. Some customers don't want that data leaving, regardless. Some people can't move mainframe applications out there so there's always going to be a hybrid world for some time but the key is multi cloud security in that, more than likely, your AWS security systems are not going to work inside a Google cloud, are not going to work inside your Azure cloud, are not going to work inside some of the data center pieces. And so hybrid cloud and multi cloud security Are really important, so for us the ability to support all those clouds, and it's not just saying, well I can put my firewall VM inside AWS. There's a whole set of deep integrations you need to do, to make sure you're inside their automation systems, you can see visibility, there's a lot of practices around compliance, et cetera, so it's actually a big task for each of us to make sure that we're compliant across the set of functions for each of those clouds. >> My final question is going to be around customer impact. If we zoom out, look at the marketplace and I'm a CIO or CXO, I'm a big time, busy enterprise architect or CIO, I'm so busy, I've got all this stuff going on, why Fortinet? Explain to me why are you important in my world? What should I be thinking about? What are some of the opportunities and challenges that I might face? What should I look at? I want to go to the cloud as much as possible because there's some benefits there. I want on premises to be as seamless as possible to the public cloud. I want rock solid security. I want to have the ability to use SAS apps. >> Right. >> Have programmable networks and have a great development team building top line revenue for my business. How can you help me? >> Is that all? (laughing) I think CIOs and CXOs are happier dealing with less vendors. The trouble is with some very large vendors, they just slow down the development side. I think what we bring to the table and by the way we're not the third largest cyber security company out there, what we try and bring is a broad approach, a broad product set so you can have different things from us as well at integrate into your current set but we try to keep very agile and fast with our developments because otherwise you'll fall behind the infrastructure, you'll fall behind the cyber threats. You know, GDPR, for example, over the last year, you've got to keep up with that. What we bring to the table is now a reasonably large company, we're five and a half thousand employees. A very large R and D budget, we try and move very fast. A large product set, all integrated through our fabric but again, we try and stay as agile and as fast moving as possible. Where we can't do it organically, we try and do it organically so our system integrate very well, where we can't do it, then we'll go and make smaller acquisitions, Bradford Networks was an example of that for IOT but I think we're building now a much better relationship with the CIO and CXO level and becoming one of their strategic partners going forward. >> Talk about the community that you guys have built because I've noticed, and I've seen you guys, certainly over the past couple years, that RSA I think a year and half, two years ago, you're working with a lot of industry partners. It's not just Fortinet by themselves, you work within the industry itself. >> Yeah, because people are building their ecosystem and they've made some decisions and hey want you to integrate inside those so we have about 50 partners now where they use our API to provide integration so they built our API and although we've mentioned FortiNAC today, we have APIs, for example, for ForeScout and other NAC vendors so if they've chosen that specific vendor, then we're fine, we'll integrate that inside our fabric. Will it have the level of integration that we have? Probably not, but at least you can see, have visibility, for example. I think the technology we've been building in the last year or so is something called fabric connectors which is a much, much deeper integration into the platforms so we have connectors for VMware NSX, for Cisco ACI, for AWS, and this provides a two way communication and that two way communication is important for one word, and that's automation. So once you can see things, once you direct policy backwards then you can start stitching together these objects and provide that end to end automation. >> Final question for you, a lot of the leading enterprises and businesses out there that are using technology to build digital business, whether it's from developers all the way down under the hood into the network, are all betting on multi cloud. Clearly that's obvious to us and that's pretty much being picked up by mainstream now. So early adopters that are leading the charge are multi cloud. If I'm betting on multi cloud, why Fortinet? Why should I be working with you guys? >> Because we're committed to supporting all those clouds. And as I said, it's no easy task to support, I think we support six clouds now, to go through all the different items and integrations across that, we're committed to that. We've got probably the most expansive integration across the most security products inside the industry and we'll continue to do that going forward. >> John, thanks for spending the time. John Maddison, senior vice president products and solutions at Fortinet here inside the special CUBE Conversation with the big news today, the FortiNAC new product integrating with the security fabric, IOT, SD-WAN, cloud solutions for multi cloud and IT. As automation comes down the road really fast, we're here in theCUBE bringing it to you. I'm John Furrier, thanks for watching. (intense orchestral music)

>> Narrator: Live from Austin, Texas, it's theCUBE covering KubeCon and CloudNativeCon 2017. Brought to you by Red Hat, the Linux Foundation and theCUBE's ecosystem partners. >> Welcome back, I'm Stu Miniman and you're watching SiliconANGLE Media's Flychip Production of theCUBE. We're here at CloudNativeCon and KubeCon here in Austin, Texas. Happy to welcome back to the program, a many-time alum Tom Joyce, who is now the CEO of Pensa. Tom, great to see ya. >> Great to see you too. >> Alright, so Tom, we've had you on, so many different ecosystems, so many different waves of technology. Talk about Pensa, how it fits into this whole cloud native space that we're looking at this channel. >> Great, yeah, and like you said, you and I we've known each other a long time, we've seen a lot of revolutions in technology, and we're in the middle a number of them right now, and at this event you've got the Cloud-native folks and you've got the folks that are tackling connectainers and Kubernetes orchestration. You know, it's interesting, this crowd here is so young, and so creative. The last few days, I was at the Gartner Data Center Infrastructure show, and-- >> Stu: Not so young there? >> Not so young, but the same problems, right? Two different communities trying to solve the same problems. Which are how do we deal with insane complexity? How do we deal with an environment that's now not just three public clouds and some hybrid clouds, but a growing list of specialty clouds. How do we manage all of that? And what Pensa is trying to do, is be a part of solving that problem, using intelligent automation technology. Especially in managing the underlay complexity, the infrastructure layer. It's kind of funny we've gone through a period of time when the whole discussion has been, hey, containers are going to be at Pensa, and infrastructure doesn't matter, and infrastructure is going away. I think there's some truth to how that is evolving, but it still matters especially when you get down to having to deliver services to customers. >> Tom first of all, Dan Cone got on stage from the CNCF, and he said, "It is exciting times for boring infrastructure." >> Tom: Yeah. >> Maybe too exciting. I love that line, because every wave comes out, it was like, Tom you remember, virtualization, I'm not going to have to worry about things like that. >> It's been the biggest revolution, and it is the biggest wave of infrastructure ever. >> We spent a decade fixing that. Containers came out, oh, once again we're extracted away and it's going to take that. So, what do you see as that role, between the infrastructure layer and that cloud native? What are the big challenges? What are your customers seeing, and how Pensa have an effect? >> Well, I think what we're seeing, in my opinion, is we're going from operations running everything to DevOps, to now their starting to talk about NoOps. How do we get to a point where-- >> Ah, we might have argued over the terminology. We need Ops, obviously. >> Here's what I think, I think it's going to be less Ops and more architecture. I think the challenge becomes around, how do you do the design, how do you architect these systems so that they'll work and not fail. It's a lot like one metaphor I heard somebody use and I'm going to steal is we went from drafting on a sketch pad, using CAD technology, to using 3D CAD technology, to automated CAD technology, to now servers providing it. Right? And what happened? Everybody got smarter about architecture being the important part, not the actual physical plugging together. I think the role of the architect, in a cloud native environment, in a Kubernetes environment, in a VM environment, is frankly more important than ever. Somebody needs to know how the tools work, to make sure the the service levels actually deliver. I have sat in a lot of these meetings where people say, "Look, just put your old app in a container "and you can run it anywhere, it'll be fine." Somebody needs to think about the architecture. We want to provide intelligent technology that helps them do that. Like AutoCAD and like some of these things that came along in that ecosystem. >> One of the things I've been poking at, you know, most of this year and coming into this show especially, is people say, "Ah, it's too complicated." The response really is, "Well apologizes, it's never going to get simple." What we need is, I need proper tooling, things like automation to be able to help because humans alone will not be able to fix that. I really need to have the combination of the tooling, proper architecture, as you said. What are you seeing, how's that playing out in the customer environment? >> I think what we're seeing is folks figuring out that number one it's cross domain and cross cloud. So whatever you design needs to work in multiple different environments that are going to end up having different capabilities. Nobody really has deep expertise and everything about networking, everything about containers, everything about compute and storage, but all those things still matter. What folks are asking for is a layer of technology that kind of arbitrates between the underlying infrastructure and the upper level applications, they're actually trying to deliver. And that's where this automation layer, that's submerging comes in. Part of that orchestration, and part of it's what we do. What we're focusing on is design, validate complex designs, build them and deploy them, using tools that help people do that a lot faster and get it right every time. So mistakes don't transpire. >> Yeah, Tom, I want you to help explain to our audience this whole SDN wave, kind of it played out, and sure Vmware NSX and Cisco ACI, they're doing okay, but for a lot of the industry, SDN equals still does nothing. Yet networking critically important, heavily involved in both the container and all this cloud native discussion. How are we fixing networking, how is it being set up for this type of environment versus what we we're trying to do with SDN? >> I think this is a good point, I think you've got SDN and the enterprise. You also have network functions virtualization and the service providers and often overlook that in the enterprise you're going through cloud native and DevOps transitions. And surge providers are going through a revolution of their own. Going from being telcos, becoming digital service providers. The problems are similar that technologies are different. My observation is this, is the hype cycle's real. We've gone through five years of talking about SDN, talking about open stack, talking about network functions virtualization. All of a sudden now, what I've seen in this job is that there's real money getting spent and the technology's being used. NSX's being used in a whole variety of ways that people didn't anticipate. We're seeing in everyone of these service providers, whether they're a classic telcos, they're wired, or they're wireless, or they're cloud. They're investing in technologies to revolutionize how that core of that network works, and how the edged network works. I think the first signs of that are really NSX and SDN. SDN has now gone mainstream because customers have seen that there's a real used case for it. That's kind of your first broadly applicable network function. And I think through the next couple of years, it will be one after another. Those problems are going to get knocked down. Frankly in our business, we started focusing on a lot of these enterprise problems with NSX and VSAN and software defined data center technologies around VMware. We're working on containers, but frankly the biggest area of growth for us is probably going to be these large service providers. It's like a trillion dollar business and it's going to be revolutionized over five years. We're getting involved in a lot of these network functions virtualization conversations. I wouldn't say it does nothing, it does a lot, but getting there, it's been a really hard technology to figure out. >> It took a little bit while to mature. The other thing you've got some strong background on, the management monitoring in this type of environment. What's new? How does that change in the networking space, when we have all microservices and all of these various pieces there? What are you seeing there? >> The short answer is I have a little bit of a controversial view on that. It's not unique but I think-- >> John Ferrer would say, we love controversy here on theCUBE. >> I think monitoring goes away. Monitoring the way it's been done for the last 30 years goes away. I think when we had mainframes, we had client servers, we had internet, and now we have this set of technologies we're working with in virtualization. Every time that transition has happened, there's been a whole bunch of monitoring companies. I think classic monitoring is eventually going to go away. Ultimately, there is a lot of complexity, and the machine needs to manage it, right? The machines going to need to manage it. The eyeballs watching the problem and remediating it to a greater and greater extent, are going to be automation technologies. Versus throwing out more and more alerts in front of a human that says, "I'm just going to turn them off "because I don't know what this means." I think automation technologies are going to replace classic monitoring. Again, you go around this event here, the folks that are doing cloud native, they don't want to have a bunch of monitoring alerts. They're not going to tolerate that. They just want to deliver an application service. They don't want to deal with operations, they don't want to deal with monitoring, they don't want to deal with problems, they want the problems to take care of themselves. That's hard, but I think that's coming. >> Tom, the end users whether it be enterprise, service providers, there's a lot of technology out there, there's a lot of things happening out there. When do they know to call Pensa? Give us some of the big value problems that they should knowing that say, "Oh hey", "Yes that makes sense to me, I need to give you guys a call" >> You can boil it down very simply, we deal with two kinds of people, and they're really the architects. Think about that CAD analogy. We're dealing with people that are doing complex designs in two areas. One is typically software defined data center. So people that are bringing all of these technologies together and need to deliver a working system, maybe a really complex proof of concept or big systems where they're using VMwear, as an example. We help them get that job done, do it fast. That's what the automation systems we provide do. The other is, in large scale service providers. Folks that are dealing with onboarding VNF's, building complex networks and have been grappling with that, with open stack in some of these early technologies for a number of years. We have a revolutionary way to onboard those VNF's, validate designs, deliver designs and do it in a way that integrates with all the open source technologies people are using. To be honest with you, I don't which of those is going to be more important to us, but their two big areas, and our technology applies to both. >> Tom, you've been CEO at a couple of companies now. I want to get your view point, just being the CEO for a startup in today's landscape, what's it like? What advice do you give your peers? When you guys are grabbing a drink at the bar, what are some of the biggest challenges and biggest things that excite you? >> We are to tired to grab a drink at the bar. I'll tell you that I love this. It is a great mental challenge, because again I've been like you, I've been doing this for over 30 years. It forces you to learn and learn and learn and question what you know. And that's what I really like, the opportunity to engage with the leading edge of technology. Frankly all the folks here are young and creative and it's forced me to become better at what I do. There are a lot more unknowns than working for a big company. With a big company, a lot of what you have to do is laid out before you. In this job, I have to constantly force myself to question what I know, to listen to the customer, to learn new things, and it can be tiring, but it's a good kind of tiring. >> Alright, last question I have for you. What are you most proud, what you've done since you've joined Pensa? And give us a little bit of outlook for 2018, for those that are watching, what should we be looking for, kind of miles stone deliverables or other items. >> I think what I'm most proud of, this sounds like a silly statement, but I'm proud of what the team has accomplished. I didn't do anything, right? I don't write the code. We have a bunch of engineers that are actually delivering the product. I think we've been really fortunate to keep all those people and get them focused on some big problems. I'm proud of delivering Pensa Lab to market, and I'm proud of the customers we've signed up, since we launched that just at the beginning of October. I'm proud of what we're doing with Nokia on large scale networking in the NFP area. And frankly I'm proud of the ability of this team to constantly engage and learn and try new things and take risks and screw up and try again. It's that whole experience, it's good to work with good people that you like. >> Alright and 2018? >> 2018 I think is going to be surprising for the people in terms of the kind of the reemergence of open stack. I think open stack is coming back. >> Don't let them hear that Tom, the wolves will come out. Why? >> Well because I think it's reaching at a point where the economics of certain kinds of cloud models, and frankly the economics of the Mware are forcing people to reconsider. But it especially around digital service providers. These large companies have been grappling with "How do we revolutionize our poor networks" for five years dealing with open stack. And they kind of got a lot of the stuff to work now. I think that is another sort of controversial statement. When I got into this job, I was like "Yeah open stack is dead". I was involved with Helion at Hewlett-Packard, and I was like "That's never coming back". Well guess what, it's coming back. I think the other thing is, we're going to see a lot more money being spent on revolutionizing the core networks, and these telcos and digital service providers. That's what I think the big things going to be. >> Absolutely, we've been at the open stack show for any years. The networking component especially for the telco and service providers, absolutely a strong area of focus. Your average enterprise, might not be looking for open stack. >> There might be pockets. >> Internationally there's some pockets, but absolutely. Tom Joyce, always a pleasure to catch up with you. Looking forward to seeing you the next time. And well be back with lots more coverage here from theCUBE at KubeCon. In Austin Texas, you're watching theCUBE.

>> Mind the fact that HP just started re-selling Veeam. We now have a combination of a very strong technology portfolio, deep integration, and a commitment to good market partnership. The combination we think will be very exciting for HP member and Veeam customers in the years to come. >> Narrator: Live from New Orleans, it's theCUBE, covering VeeamON 2017, brought to you by Veeam. >> We're back, welcome to theCUBE and VeeamON 2017, my name is Dave Vellante with Stu Miniman. Vladimir Val Taft is here, he's the principle infrastructure architect at Granite Construction. Val, good to see you, thanks for coming on theCUBE. >> Pleasure. >> So tell use about Granite Construction, what do you guys do? >> Well Granite is one of the largest public construction companies in US. It's your publicly traded company, it's actually one of the S&P 500 where the annual revenues are over 2 1/2 billion dollars. And if you see, on the East Coast, if you see Tappan Zee Bridge, that's one of the flagship projects of Granite Construction as an example. Also roads, tunnels, airports, heavy constructions. >> Is that the old Tappan Zee or the new one that's been going up? >> Vladimir: The new one. >> Oh yeah, yeah it looks great. >> Yeah I flew over it last week on my way to Orlando, I said, "Ah that's the new Tappan Zee." >> Looking forward to making it easier to get down to New York City, New Jersey area. >> So yeah, it's one of the flagship projects we're proud of. >> And then your role as a principle architect, tell us about that, and your background there. >> Well, construction industry is not known for over investing in IT. If you look at Gartner's reports, construction industry typically is around 1+% of revenue, and that's where Granite is. So when the new team took over IT, there was an org change, we inherited a lot of technical debt. And that was, plus expiring our lease on the data center, which was actually going to be closed down by a major vendor, and we had to move it very quickly. >> Okay so you come to a show like VeeamON to learn from your peers, figure out best practices. I mean that's what you hear from people, but what's the event been like for you? What's the conversation been like and where are you focused? >> Well, we chose Veeam as a partner, technology partner, for a number of, I believe, good reasons. So one of the motivations for me to come here was to establish better contacts with Veeam organization, also I realized that the technical depth here is, I would say, superior to many other events I had attended, so I was really searching for that depth. As well as the right contacts, because we are right outside of the Silicon Valley, so we're actually doing forward looking things, I can give you some examples. >> Dave: Please, yeah. >> We were site number 141 for the SDN implementation using Cisco ACI as an example. We are a proud customer of ServiceNow. >> I was there last week, and ServiceNow knowledge. >> That's right, actually I did go to Orlando. And well we also, HP is our preferred vendor so all of them are present in this form and some of the announcements, I really had a good fortune to hear first hand, actually make our life easier now. >> So anytime I hear of a ServiceNow customer, I know they've been through some kind of transformation and when you talked about technical debt, and I'm inferring that you've modernized some of your infrastructure, that's a big part of what you have to do as IT architect. Can you talk about that, first of all is that correct? And what did you have to do to achieve that? >> Well as a team we had to, as I mentioned, repay a lot of technical debt in a short period of time. And move our data center, but our main data center is just it, is just one data center. Granite is operational from coast to coast, we have more than 40 regional and branch sites, they have their own computer installations, computer rooms or mini data centers. We have 120, depending on the time of year and the volume of business, of construction sites which are also IT sites. So even the scale of that operation is a challenge. >> Val, with so many locations, can you speak to the impact that Veeam has with what you're doing both operationally and just in general? >> Sure, again in this reasonably short period of time, Veeam helped us as a tool to enable Veeam level backups, coz we had to virtualize very quickly and then move over the wire from the old data center with the expiring lease, lease expiration was really like, surprise, for the new team so the new data center at AT&T, (mumbles) Veeam was there as a backup tool to secure the baseline for the main data center. The main data center is VMware, so Veeam apparently has great name in the VMware community but then the field is pure Microsoft, and with Hyper-V Veeam was there right on time with support for pure Microsoft environment so that's what enabled our field, securing the basis for the field which we didn't have any backup standards, we couldn't get full control of our data, the ownership, the governance was not there, the backups were disjointed so at this point when we nailed what I started referring to as Veeam on the ground, we have that baseline. And here on the show floor I made contacts with the Veeam partner, who actually can look at the Veeam backups, analyze them and it's a low cost answer for us, to really better understand the dark data we inherited. Some of that might be backups of the old backups of the old backups, some of it may have PII. Again it's one extra benefit of attending the show was establishing contacts with the partners who actually complement the Veeam solution. Frankly getting this information of the field is more of a challenge, especially if or when we deal with very good resellers and partners Veeam has but there is always a delay getting this information first hand, expedite things. >> Alright Val, we're out of time so thank you very much for coming to theCUBE, appreciate it >> My pleasure. >> Good to meet you. Alright keep it right there everybody, we'll be back with our next guest. This is Dave Vellante, Stu Miniman live from VeeamON 2017, we'll be right back.