>> Narrator: theCUBE presents KubeCon, and CloudNativeCon Europe, 2022, brought to you by Red Hat, the Cloud Native Computing Foundation, and its ecosystem partners. >> Welcome to Valencia, Spain and KubeCon, CloudNativeCon Europe, 2022. I'm Keith Townsend, and we're continuing the conversation with builders, startups, large enterprise, customers, small customers, the whole community. Just got a interesting stat earlier in the day, 7.1 million community members in the CNCF foundation, and we're been interacting with 7,500 of them. But we're bringing the signal, separating the signal from the noise. We have a Kube alum who's been on both sides of the table, Omri Gazitt co-founder and CEO of Aserto. Welcome to the show. >> Thank you so much, Keith. >> So identity management, you know it's, it's critical need to the enterprise cloud native but there's plenty of solutions on the market, what unique problem are you solving you know how are you solving the problem in a unique way that we don't go to some of the big named vendors in this space? >> Yeah, we, my co-founder and I, were veterans of large clouds. We helped start Azure at Microsoft. We in fact helped build what became Azure Active Directory and those solutions entirely focus on one part, the "I" part, the identity part of the problem. They completely ignore the access management part and you could argue that is a larger problem and it is far from solved. So we completely agree. Identity management, a problem that's been solved over the last 15 years and solved well by great companies like Microsoft and Okta and Auth0. And we're best friends with them. We basically pick up where they leave off. We do the access management part. >> So the access management part, what specifically, what what am I getting when I engage with your team and your product? >> Yep. So basically I, authentication is all about proving that you are, who you say you are through a password or something else, you know, biometric. And that part is done. We basically pick up where that leaves off. So once you know who you are, once you've proven to a system that you are Keith. Now, what can Keith do? What roles, what permissions, , what operations can Keith perform on what resources? That's a harder problem. And that's the problem that we focus on. So for example, if you have a SaaS app - let's say you're building, you know an applicant tracking system and you Keith are an owner of some job descriptions and you have some candidates, but  somebody else has a different set of candidates and an admin, maybe has visibility at everything. How do you build that system? That actually is a pretty hard problem. And how do you build it to enterprise grade? That's where we come in. We basically have an end-to-end solution that gives you cloud native, end-to-end authorization that's built to enterprise grade. >> So when I think of this capability, I can't help but to think of AWS IAM and I'm in AWS IAM, I get my security role, and now I can assign to an EC2 instance, the ability to access some other AWS service or identity. So role based identity - are you giving me that type of capability? >> For everything else. So AWS IAM for AWS resources right? Google IAM for Google Resources. Azure has a similar system but they're all infrastructure focused. And what we're trying to do is bring that to your domain specific resources, right? So you, as an application builder, you have the things that correspond  you're not doing VMs, you're not doing storage arrays, you're not doing networks. You have higher level constructs, right. You know, like I said, if you're building Lever or Greenhouse, you have candidates and jobs and reports and things like that. So we basically allow you to create this fine grained access control, but for your own objects. >> So where's the boundaries? Let's say that I have a container or microservice that is a service and it has a role, it has an identity on my network. And there is a cloud based service, let's say a, a cloud SQL. And I want to do authentication across the two or can I only have the boundaries within my private infrastructure or does that boundary extend to the public cloud as well? >> It extends everywhere, right. So basically, you know, if you think about all the different hops here, you know, Zero Trust is the, the rage, right? And that encourages defense in depth. So you have an access proxy that does some type of authorization. Then you have an API Gateway that has a little bit more context, a little bit more authorization. For us we live inside of the application. So the application calls us, we give you a sidecar, you deploy it right next to your application. It gives you, you know, sub-millisecond response time, a hundred percent availability, all the authorization decisions are done with full context about who the user is and what resource they're trying to access. And so our sidecar will give you a response back, allow or deny, and then downstream from us, you could basically talk to another microservice. And at that point you're doing machine identities, right? So you may have a different authorization policy for those, only you know these particular services, are allowed to talk to these other services. And so we solve both the, you know authorization for machine identities as well as authorization for human identities. >> All right Omri are you ready for Q Clock? >> I sure am! >> Oh, I like the energy. >> Bring it on. >> You know, there have been many before you, they have failed the test. >> All right. I mean, they brought, they've brought the energy. You have the energy but do you have the ability to survive the clock? >> I'm going to do my best. >> So I'm going to say start the clock. I haven't said, said start cube clock yet, but when I say it, you have 60 seconds. There's no start overs. There's no repeats. The pressure's on, you ready? >> All right. I'm ready. >> Ready? Start Cube Clock. >> All right. If you are a VP of Engineering or a CTO or run a security or engineering organization what are you doing for roles and permissions? You're building it on your own, right? >> Tough times never last, tough people always do, and you're, you're delaying, you're letting me break you up. >> All right, I'm not going to let you break me up. Great. So you don't want to build it yourself. You don't want to build it yourself. Why would you spend engineering time? Why would you spend, you know, the- >> You deserve a seat at the table. >> No but look, why would you ever spend your time building something that is not differentiating your application? Instead use something like Aserto, just dear God use something, use a developer API. Don't build it yourself because what are you doing? You're reinventing the wheel, you know. You want to get out of the business of reinventing the wheel. >> Crawl before you walk. (Omri laughs) >> You think so? I think, I think you have to go you know, make sure that you spend your engineering resources on the things that matter and the things that matter are. >> Time up. >> Yep. >> You know what? You threw three great curve balls and struck me out. Great job. (Omri laughs) You, you, you just knocked it out the park. Great job Omri, I appreciate you coming in, stopping by, sharing your company's journey about authorization and authorization services and getting kind of this cloud capability, the cloud native. >> I appreciate your time as well Keith, always a pleasure. >> From Valencia Spain, I'm Keith Townsend, and you're watching theCUBE, the leader in high tech coverage. (soft instrumental music)

>> Narrator: The cube presents, the Kubecon and Cloudnativecon Europe, 2022 brought to you by Red Hat, the cloud native computing foundation and its ecosystem partners. >> Welcome to Valencia, Spain in Kubecon and Cloudnativecon Europe, 2022. I'm your host Keith Townsend. It's been a amazing day, three days of coverage 7,500 people, 170 sponsors, a good mix of end user organizations, vendors, just people with open source at large. I've loved the conversations. We're not going to stop that coverage just because this is the last session of the conference. Colin Murphy, senior software engineer, Adobe, >> Adobe. >> Oh, wow. This is going to be fun. And then Liam Randall, the chair of CNCF Cloud Native WebAssembly Day. >> That's correct. >> And CNCF & CEO of Cosmonic. >> That's right. >> All right. First off, let's talk about the show. How has this been different than other, if at all of other Kubecons? >> Well, first I think we all have to do a tremendous round of applause, not only for the vendors, but the CNC staff and all the attendees for coming out. And you have to say, Kubecon is back. The online experiences have been awesome but this was the first one, where Hallwaycon was in full effect. And you had the opportunity to sit down and meet with so many intelligent and inspiring peers and really have a chance to learn about all the exciting innovations that have happened over the last year. >> Colin. >> Yeah, it's been my most enjoyable Kubecon I've ever been to. And I've been to a bunch of them over the last few years. Just the quality of people. The problems that we're solving right now, everywhere from this newer stuff that we're talking about today with WebAssembly but then all these big enterprises trying to getting involved in Kubernetes >> Colin, to your point about the problems that we're solving, in many ways the pandemic has dramatically accelerated the pace of innovation, especially inside the CNCF, which is by far the most critical repository of open source projects that enterprises, governments and individuals rely on around the world, in order to deliver new experiences and to have coped and scaled out within the pandemic over the last few years. >> Yeah, I'm getting this feel, this vibe of the overall show that feels like we're on the cuff for something. There's other shows throughout the year, that's more vendor focused that talk about cloud native. But I think this is going to be the industry conference where we're just getting together and talking about it and it's going to probably be, in the next couple of years, the biggest conference of the year, that's just my personal opinion. >> I actually really strongly agree with you. And I think that the reason for that is the diversity that we get from the open source focus of Kubecon Kubecon has started where the industry really started which was in shared community projects. And I was the executive at Capital One that led the donation of cloud custodian into the CNCF. And I've started and put many projects here. And one of the reasons that you do that is so that you can build real scalable communities, Vendors that oftentimes even have competing interest but it gives us a place where we can truly collaborate where we can set aside our personal agendas and our company's agendas. And we can focus on the problems at hand. And how do we really raise the bar for technology for everybody. >> Now you two are representing a project that, you know as we look at kind of, how the web has evolved the past few decades, there's standards, there's things that we know that work, there's things that we know that don't work and we're beyond cloud native, we're kind of resistant to change. Funny enough. >> That's right. >> So WebAssembly, talk to me about what problem is WebAssembly solving that need solving? >> I think it's fitting that here on the last day of Kubecon, we're starting with the newest standard for the web and for background, there's only four languages that make up what we think of as the modern web. There's JavaScript, there's HTML, there's CSS, and now there's a new idea that's WebAssembly. And it's maybe not a new idea but it's certainly a new standard, that's got massive adoption and acceleration. WebAssembly is best thought of as almost like a portable little virtual machine. And like a lot of great ideas like JavaScript, it was originally designed to bring new experiences to browsers everywhere. And as organizations looked at the portability and security value props that come from this tiny little virtual machine, it's made a wonderful addition to backend servers and as a platform for portability to bring solutions all the way out to the edge. >> So what are some of the business cases for WebAssembly? Like what problem, what business problem are we solving? >> So it, you know, we would not have been able to bring Photoshop to the web without WASM. >> Wow. >> And just to be clear, I had nothing to do with that effort. So I want to make sure everybody understands, but if you have a lot of C++ or C code and you want to bring that experience to the web browser which is a great cost savings, cause it's running on the client's machines, really low latency, high performance experiences in the browser, WASM, really the only way to go. >> So I'm getting hints of fruit berry, Java. >> Liam: Yeah, absolutely. >> Colin: Definitely. >> You know, the look, WebAssembly sounds similar to promises you've heard before, right ones, run anywhere. The difference is, is that WebAssembly is not driven by any one particular vendor. So there's no one vendor that's trying to bring a plug in to every single device. WebAssembly was a recognition, much like Kubecon, the point that we started with around the diversity of thought ideas and representation of shared interest, of how do we have a platform that's polyglot? Many people can bring languages to it, and solutions that we can share and then build from there. And it is unlocking some of the most amazing and innovative experiences, both on the web backend servers and all the way to the edge. Because WebAssembly is a tiny little virtual machine that runs everywhere. Adobe's leadership is absolutely incredible with the things that they're doing with WebAssembly. They did this awesome blog post with the Google Chrome team that talked about other performance improvements that were brought into Chrome and other browsers, in order to enable that kind of experience. >> So I get the general concept of WebAssembly and it's one of those things that I have to ask the question, and I appreciate that Adobe uses it but without the community, I mean, I've dedicated some of my team's resources over the years to some really cool projects and products that just died on the buying cause there was no community around. >> Yeah. >> Who else uses WebAssembly? >> Yeah, I think so. We actually, inside the CNCF now, have an entire day devoted just to WebAssembly and as the co-chair of the CNCF Cloud Native WebAssembly Day, we really focus on bringing those case studies to the forefront. So some of the more interesting talks that we had here and at some of the precursor weekend conferences were from BMW, for example, they talked about how they were excited about not only WebAssembly, but a framework that they use on WebAssembly called WASM cloud, that lets them a flexibly scale machine learning models from their own edge, in their own vehicles through to their developer's workstations and even take that data onto their regular cloud Kubernetes and scale analysis and analytics. They invested and they just released a machine learning framework for one of the many great WebAssembly projects called WASM cloud, which is a CNCF project, a member project here in the CNCF. >> So how does that fit in overall landscape? >> So think of WebAssembly, like you think of HTML. It's a technology that gives you a lot of concept and to accelerate your journey on those technologies, people create frameworks. For example, if you were going to write a UI, you would not very likely start with an empty document you'd start with a react or view. And in a similar vein, if you were going to start a new microservice or backend application, project for WebAssembly, you might use WASM cloud or you might use ATMO or you might use a Spin. Those are three different types of projects. They all have their own different value props and their own different opinions that they bring to them. But the point is is that this is a quickly evolving space and it's going to dramatically change the type of experiences that we bring, not only to web browsers but to servers and edges everywhere. >> So Colin, you mentioned C+ >> Colin: Yeah. >> And other coding. Well , talk to me about the ramp up. >> Oh, well, so, yeah, so, C++ there was a lot of work done in scripting, at Adobe. Taking our C++ code and bringing it into the browser. A lot of new instructions, Cimdi, that were brought to make a really powerful experience, but what's new now is the server side aspect of things. So, just what kind of, what Liam was talking about. Now we can run this stuff in the data center. It's not just for people's browsers anymore. And then we can also bring it out to the edge too, which is a new space that we can take advantage of really almost only through WebAssembly and some JavaScript. >> So wait, let me get this kind of under hook. Before, if I wanted a rich experience, I have to run a heavy VDI instance on the back end so that I'm basically getting remote desktop calls from a light thin client back to my backend server, that's heavy. >> That is heavy. >> WebAssembly is alternative to that? >> Yes, absolutely. Think of WebAssembly as a tiny little CPU that is a shim, that we can take the places that don't even traditionally have a concept of a processor. So inside the browser, for example, traditionally cloud native development on the backend has been dominated by things like Docker and Docker is a wonderful technology and Container is a wonderful technology that really drove the last 10 years of cloud native with the great lift and shift, if you will. Take our existing applications, package them up in this virtual desktop and then deliver them. But to deliver the next 10 years of experiences, we need solutions that let us have portability first and a security model that's portable across the entire landscape. So this isn't just browsers and servers on the back end, WebAssembly creates an a layer of equality from truly edge to edge. It's can transcend different CPUs, different operating systems. So where containers have this lower bound off you need to be running Linux and you need to be in a place where you're going to bring Kubernetes. WebAssembly is so small and portable, it transcends that lower bound. It can go to places like iOS. It can go to places like web browsers. It can even go to teeny tiny CPUs that don't even traditionally have a full on operating systems inside them. >> Colin: Right, places where you can't run Docker. >> So as I think about that, and I'm a developer and I'm running my back end and I'm running whatever web stack that I want, how does this work? Like, how do I get started with it? >> Well, there's some great stuff Liam already mentioned with WASM cloud and Frmion Spin. Microsoft is heavily involved now on providing cloud products that can take advantage of WebAssembly. So we've got a lot of languages, new languages coming in.net and Ruby, Rust is a big one, TinyGo, really just a lot of places to get involved. A lot of places to get started. >> At the highest level Finton Ryan, when he was at Gartner, he's a really well known analyst. He wrote something profound a few years ago. He said, WebAssembly is the one technology, You don't need a strategy to adopt. >> Mm. >> Because frankly you're already using it because there's so many wonderful experiences and products that are out there, like what Adobe's doing. This virtual CPU is not just a platform to run on cloud native and to build applications towards the edge. You can embed this virtual CPU inside of applications. So cases where you would want to allow your users to customize an application or to extend functionality. Give you an example, Shopify is a big believer in WebAssembly because while their platform covers, two standard deviations or 80% of the use cases, they have a wonderful marketplace of extensions that folks can use in order to customize the checkout process or apply specialized discounts or integrate into a partner ecosystem. So when you think about the requirements for those scenarios, they line up to the same requirements that we have in browsers and servers. I want real security. I want portability. I want reuseability. And ultimately I want to save money and go faster. So organizations everywhere should take a few minutes and do a heads up and think about one, where WebAssembly is already in their environment, inside of places like Envoy and Istio, some of the most popular projects in the cloud native ecosystem, outside of Kubernetes. And they should perhaps consider studying, how WebAssembly can help them to transform the experiences that they're delivering for their customers. This may be the last day of Kubecon, but this is certainly not the last time we're going to be talking about WebAssembly, I'll tell you that. >> So, last question, we've talked a lot about how to get started. How about day two, when I'm thinking about performance troubleshooting and ensuring clients have a great experience what's day two operation like? >> That's a really good question. So there's, I know that each language kind of brings their own tool chain and their, and you know we saw some great stuff on, on WASM day. You can look it up around the .net experience for debugging, They really tried to make it as seamless and the same as it was for native code. So, yeah, I think that's a great question. I mean, right now it's still trying to figure out server side, It's still, as Liam said, a shifting landscape. But we've got some great stuff out here already >> You know, I'd make an even bigger call than that. When I think about the last 20 years as computing has evolved, we've continued to move through these epics of tech that were dominated by a key abstraction. Think about the rise of virtualization with VMware and the transition to the cloud. The rise of containerization, we virtualized to OS. The rise of Kubernetes and CNCF itself, where we virtualize cloud APIs. I firmly believe that WebAssembly represents the next epic of tech. So I think that day two WebAssembly continues to become one of the dominant themes, not only across cloud native but across the entire technical computing landscape. And it represents a fundamentally gigantic opportunity for organizations such as Adobe, that are always market leading and at the cutting edge of tech, to bring new experiences to their customers and for vendors to bring new platforms and tools to companies that want to execute on that opportunity. >> Colin Murphy, Liam Randall, I want to thank you for joining the Cube at Kubecon Cloudnativecon 2022. I'm now having a JavaScript based app that I want to re-look at, and maybe re-platforming that to WebAssembly. It's some lot of good stuff there. We want to thank you for tuning in to our coverage of Kubecon Cloudnativecon. And we want to thank the organization for hosting us, here from Valencia, Spain. I'm Keith Townsend, and you're watching the Cube, the leader in high tech coverage. (bright music)

(bouncy string music) >> TheCUBE presents KubeCon and CloudNativeCon Europe 2022, brought to you by Red Hat, the cloud native computing foundation, and its ecosystem partners. >> Welcome to Valencia, Spain in KubeCon and CloudNativeCon Europe 2022. I'm your host, Keith Townsend. And we're getting to the end of the day, but the energy level has not subsided on the show floors. Still plenty of activity, plenty of folks talking. I have, as a second time guest, this KubeCon, which is unusual, but not, I don't think, disappointing in any way, we're going to have plenty of content for you. Owen, you're the CPO, Owen Garrett, you're the CPO of... >> Of Deepfence. >> App Deepfence. >> Yeah. >> We're going to shift the conversation a little bit. Let's talk about open source availability, open source security availability for everybody. I drive a pretty nice SUV back home and it has all these cool safety features, that warns me when I'm dozing off, it lets me know when I'm steering into another lane, and I'm thinking, why isn't it just a standard thing on every vehicle? Isn't safety important? Think about that for open source security. Why isn't open source security just this thing available to every project and product? >> Keith, I love that analogy. And thanks for having me back! We had a lot of fun yesterday. >> Yeah, we did. >> Yeah. We, at Deepfence, we really believe security is something that everybody should benefit from. Because if applications aren't secure, if vulnerabilities find their way into production, then your mother, my aunt, uncle, using the internet, use an app, their identity is stolen, through no fault of their own, because the developer of that application didn't have access to the tools that he or she needed to secure the application. Security is built around public knowledge. When there are vulnerabilities, they're shared with the community. And we firmly believe that we should provide open source, accessible tools that takes that public knowledge and makes it easy for anybody to benefit from it. So at Deepfence, we've created a software platform, it's 100% open source, called ThreatMapper. And the job of this platform is to scan your applications as they're running and find, identify, are there security vulnerabilities that will find their way into production? So we'll look for these vulnerabilities, we'll use the wisdom of the community to inform that, and we'll help you find the vulnerabilities and identify which ones you've got to fix first. >> So when you say use the wisdom of the community, usually one of the hard things to crack is the definitions, what we called virus definitions in the past. >> Yes. How do we identify the latest threats? And that's usually something that's locked behind value. How do you do that >> You're right. when it comes to open source? >> You're right. And it's worrying, 'cause some organizations will take that and they'll hide that extra value and they'll only make it available to paying customers. Ethically, I think that's really wrong. That value is out there. It's just about getting it into hands of users, of developers. And what we will do is we'll take public feeds, like the CVEs from the NVD, National Vulnerability Database, we'll take feeds from operating system vendors, for language packs, and then we help organizations understand the context so they can unlock the value. The problem with security scanning is you find hundreds of thousands of false positives. Like in your SUV. As you drive down the street there are hundreds of things that you could hit. >> You're right. >> But you don't hit any of them. They're false positives, you don't need to worry about them. It's the one that walks across the road that you've got to avoid, you need to know about. We do the same with security vulnerabilities. We help you understand of these thousands of issues that might be present in your applications, which are the ones that really important? 'Cause developers, they're short of time. They can't fix everything. So we help them focus on the things that are going to give the biggest bang for their time. Not for the buck, because we're not charging them for it, but for their time. So when they invest time in improving the security of the applications, we, with our open source, accessible projects, will help guide them to invest that as best as possible. >> So I'm a small developer. I lead a smaller project, just a couple of developers. I don't have a dedicated security person. What's my experience in adopting this open source solution? Now I biting off more than I can chew and creating too much overhead? >> We try and make it as easy as possible to consume. So you're a developer, you're building applications, you're here at KubeCon, so you're probably deploying them onto Kubernetes, and you've probably used tools already to check them and make sure that there aren't vulnerabilities. But, nevertheless, you've got to let some of those vulnerable packages into production and there could be issues that were disclosed after you scanned. So with our tool, you place a little agent in your Kubernetes cluster, it's a DaemonSet, it's a one held command to push it out, and that talks back to the console that you own. So everything stays with you. Nothing comes to us, we respect your privacy. And you can use that to then scan and inventory your applications anytime you want and say, is this application still secure or are there new vulnerabilities disclosed recently that I didn't know about? And we make the user experience as easy as we can. We've had some fantastic chats on the demo booth here at KubeCon, and hey, if times were different, I'd love to have you across the booth, and we'll click and see. The user experience is as quick and as sweet and as joyable as we can make it. >> All right. We've had a nice casual chat up to this point, but we're going to flip the switch a little bit. I'm going to change personalities. >> All right. >> It's almost like, if you're an comic book fan, the Incredible Hulk. Keith, the mild-mannered guy with a button up shirt. Matter of fact, I'm going to unbutton my jacket. >> Okay. >> And we're going to get a little less formal. A little less formal, but a little bit more serious, and we're going to, in a second, start CUBE clock and you're going to give me the spiel. You're going to go from open source to commercial and you're going to try and convince me- >> Okay. >> In 60 seconds, or less, you can leave five seconds on the table and say you're done, why you should do- >> Here's the challenge. >> Why I should listen to you. >> Owen: Why you should listen to Deepfence. >> Why should you listen to app Deepfence? So I'm going to put the shot clock in my ear. Again, people never start on time. You need to use your whole 60 seconds. Start, CUBE clock. >> Keith, (dramatic horn music) you build and deploy applications, on Kubernetes or in the cloud. Your developers have ticked it off and signed off- >> Zero from zero is still zero. >> Saying they're secure, but do you know if they're still secure when they're running in production? With Deepfence ThreatMapper, it's an open source tool. >> You've got to call- >> You can scan them. >> Before you ball. You can find the issues >> Like you just thought out. >> In those applications running in your production environment and prioritize them so you know what to fix first. But, Keith, you can't always fix them straight away. >> Brands need to (indistinct). >> So deploy ThreatStryker, our enterprise platform, to then monitor those applications, see what's happening in real time. (dramatic horn music) Is someone attacking them? Are they gaining control? And if we see >> Success without, the exploits happening- success without passion- >> We will step in, >> Is nothing. >> Tell you what's going on. >> You got to have passion! >> And we can put the thumb on the attacker. We can stop them reaching the application by fire rolling just them. We can freeze the application (dramatic horn music) so it restarts, so you can go and investigate later. >> Keith: Five seconds. >> Be safe, shift left, (dramatic string music) but also, secure on the right hand side. >> That's it. I think you hit it out the park. Great job on- >> Cheers, Keith. >> Cheers. You did well under the pressure. TheCUBE, we bring the values. We're separating the signal from the noise. 60 seconds. That's a great explanation. From Valencia, Spain, I'm Keith Townsend, and you're watching theCUBE, the leader in high tech coverage. (bouncy percussive music)

>> Narrator: TheCUBE presents Kubecon and Cloudnativecon Europe, 2022. Brought to you by Red Hat, the cloud native computing foundation and its ecosystem partners. >> Welcome to Valencia, Spain in Kubecon, Cloudnativecon Europe, 2022. I'm Keith Townsend and we are in a beautiful locale. The city itself is not that big, 100,000, I mean, sorry, about 800,000 people. And we got out, got to see a little bit of the sites. It is an amazing city. I'm from the US, it's hard to put in context how a city of 800,000 people can be so beautiful. I'm here with Anish Dhar and Ganesh Datta, Co-founder and CTO of Cortex. Anish you're CEO of Cortex. We were having a conversation. One of the things that I asked my client is what is good. And you're claiming to answer the question about what is quality when it comes to measuring microservices? What is quality? >> Yeah, I think it really depends on the company and I think that's really the philosophy we have. When we built Cortex, is that we understood that different companies have different definitions of quality, but they need to be able to be represented in really objective ways. I think what ends up happening in most engineering organizations is that quality lives in people's heads. The engineers who write the services they're often the ones who understand all the intricacies with the service. What are the downstream dependencies, who's on call for this service? Where does the documentation live? All of these things I think impact the quality of the service. And as these engineers leave the company or they switch teams, they often take that tribal knowledge with them. And so I think quality really comes down to being able to objectively codify your best practices in some way and have that distributed to all engineers in the company. >> And to add to that, I think very concrete examples for an organization that's already modern like their idea of quality might be uptime incidents. For somebody that's like going through a modernization strategy, they're trying to get to the 21st century, they're trying to get to Kubernetes. For them, quality means where are we in that journey? Are you on our latest platforms? Are you running CI, are you doing continuous delivery? Like quality can mean a lot of things and so our perspective is how do we give you the tools to say as an organization, here's what quality means to us. >> So at first, my mind was going through when you said quality, Anish, you started out the conversation about having this kind of non-codified set of measurements, historical knowledge, et cetera. I was thinking observability, measuring how much time does it take to have a transaction. But Ganesh you're introducing this new thing. I'm working with this project where we're migrating a monolith application to a set of microservices. And you're telling me Cortex helps me measure the quality of what I'm doing in my project? >> Ganesh: Absolutely. >> How is that? >> Yeah, it's a great question. So I think when you think about observability, you think about uptime and latency and transactions and throughput and all this stuff. And I think that's very high level and I think that's one perspective of what quality is, but as you're going through this journey, you might say like the fact that we're tracking that stuff, the fact that you're using APM, you're using distributed tracing, that is one element of service quality. Maybe service quality means you're doing CICD, you're running vulnerability scans. You're using Docker. Like what that means to us can be very different. So observability is just one aspect of are you doing things the right way? Good to us means you're using SLOs. You are tracking those metrics. You're reporting that somewhere. And so that's like one component for our organization of what quality can mean. >> I'm kind of taken back by this because I've not seen someone kind of give the idea. And I think later on, this is the perfect segment to introduce theCUBE clock in which I'm going to give you a minute to kind of like give me the elevator pitch, but we're going to have the deep conversation right now. When you go in and you... What's the first process you do when you engage in a customer? Does a customer go and get this off of repository, install it, the open source version, and then what? I mean, what's the experience? >> Yeah, absolutely. So we have both a smart and on-prem version of Cortex. It's really straightforward. Basically we have a service discovery onboarding flow where customers can connect to different sets of source for their services. It could be Kubernetes, ECS, Git Repos, APM tools, and then we'll actually automatically map all of that service data with all of the integration data in the company. So we'll take that service and map it to its on call rotation to the JIRA tickets that have the service tag associated with it, to the data algo SLOs. And what that ends ends up producing is this service catalog that has all the information you need to understand your service. Almost like a single pane of glass to work with the service. And then once you have all of that data inside Cortex, then you can start writing scorecards, which grade the quality of those services across those different verticals Ganesh was talking about. Like whether it's a monolith, a microservice transition, whether it's production readiness or security standards, you can really start tracking that. And then engineers start understanding where the areas of risk with my service across reliability or security or operation maturity. I think it gives us in insane visibility into what's actually being built and the quality of that compared to your standards. >> So, okay, I have a standards for SLO that is usually something that is, it might not even be measured. So how do you help me understand that I'm lacking a measurable system for tracking SLO and what's the next step for helping me get that system? >> Yeah, I think our perspective is very much how do we help you create a culture where developers understand what's expected of them? So if SLOs are part of what we consider observability or reliability, then Cortex's perspective is, hey, we want to help your organization adopt SLOs. And so that service cataloging concept, the service catalog says, hey, here's my API integration. Then a scorecard, the organization goes in and says, we want every service owner to define their SLOs, we want you to define your thresholds. We want you to be tracking them, are you passing your SLOs? And so we're not being prescriptive about here's what we think your SLOs should be, ours is more around, hey, we're going to help you like if you care about SLOs, we're going to tell the service owners saying, hey, you need to have at least two SLOs for your service and you got to be tracking them. And the service catalog that data flows from a service catalog into those scorecards. And so we're helping them adopt that mindset of, hey, SLOs are important. It is a component of like a holistic service reliability excellence metric that we care about. >> So what happens when I already have systems for like SLO, how do I integrate that system with Cortex? >> That's one of the coolest things. So the service catalog can be pretty smart about it. So let's say you've sucked in your services from your GitHub. And so now your services are in Cortex. What we can do is we can actually discover from your APM tools, you can say like, hey, for this service, we have guessed that this is the corresponding APM in Datadog. And so from Datadog, here are your SLOs, here are your monitors. And so we can start mapping all the different parts of your world into the Cortex. And that's the power of the service catalog. The service catalog says, given a service, here's everything about that service. Here's the vulnerability scans. Here's the APM, the monitors, the SLOs, the JIRA ticket is like all that stuff comes into a single place. And then our scorecards product can go back out and say, hey, Datadog, tell me about this SLOs for the service. And so we're going to get that information live and then score your services against that. And so we're like integrating with all of your third party tools and integrations to create that single pan of glass. >> Yeah, and to add to that, I think one of the most interesting use cases with scorecards is, okay, which teams have actually adopted SLOs in the first place? I think a lot of companies struggle with how do we make sure engineers defined SLOs are passing them actually care about them. And scorecards can be used to one, which teams are actually meeting these guidelines? And then two, let's get those teams adopted on SLOs. Let's track that, you can do all of that in Cortex, which is I think a really interesting use case that we've seen. >> So let's talk about kind of my use case in the end to end process for integrating Cortex into migrations. So I have this monolithic application, I want to break it into microservices and then I want to ensure that I'm delivering if not, you know what, let's leave it a little bit more open ended. How do I know that I'm better at the end of I was in a monolith before, how do I measure that now that I'm in microservices and on cloud native, that I'm better? >> That's a good question. I think it comes down to, and we talk about this all the time for our customers that are going through that process. You can't define better if you don't define a baseline, like what does good mean to us? And so you need to start by saying, why are we moving to microservices? Is it because we want teams to move faster? Is it because we care about reliability up time? Like what is the core metric that we're tracking? And so you start by defining that as an organization. And that is kind of like a hand wavy thing. Why are we doing microservices? Once you have that, then you define this scorecard. And that's like our golden path. Once we're done doing this microservice migration, can we say like, yes, we have been successful and those metrics that we care about are being tracked. And so where Cortex fits in is from the very first step of creating a service, you can use Cortex to define templates. Like one click, you go in, it spins up a microservice for you that follows all your best practices. And so from there, ideally you're meeting 80% of your standards already. And then you can use scorecards to track historical progress. So you can say, are we meeting our golden path standards? Like if it's uptime, you can track uptime metrics and scorecards. If it's around velocity, you can track velocity metrics. Is it just around modernization? Are you doing CICD and vulnerability scans, like moving faster as a team? You can track that. And so you can start seeing like trends at a per team level, at a per department level, at a per product level saying, hey, we are seeing consistent progress in the metrics that we care about. And this microservice journey is helping us with that. So I think that's the kind of phased progress that we see with Cortex. >> So I'm going to give you kind of a hand wavy thing. We're told that cloud native helps me to do things faster with less defects so that I can do new opportunities. Let's stretch into kind of this non-tech, this new opportunities perspective. I want to be able to move my microservices. I want to be able to move my architecture to microservices, so I reduce call wait time on my customer service calls. So I can easily see how I can measure are we iterating faster? Are we putting out more updates quicker? That's pretty easy to measure. The number of defects, easy to measure. I can imagine a scorecard, but what about this wait time? I don't necessarily manage the call center system, but I get the data. How do I measure that the microservice migration was successful from a business process perspective? >> Yeah, that's a good question. I think it comes down to two things. One, the flexibility of scorecard means you can pipe in that data to Cortex. And what we recommend customers is track the outcome metrics and track the input metrics as well. And so what is the input metric to call wait time? Like maybe it's the fact that if something goes wrong, we have the run books to quickly roll back to an older version that we know is running. That way MTTR is faster. Or when something happens, we know the owner for that service and we can go back to them and say like, hey, we're going to ping you as an incident commander. Those are kind of the input metrics to, if we do these things, then we know our call wait time is going to drop because we're able to respond faster to incidents. And so you want to track those input metrics. And then you want to track the output metrics as well. And so if you have those metrics coming in from your Prometheus or your Datadogs or whatever, you can pipe that into Cortex and say, hey, we're going to look at both of these things holistically. So we want to see is there a correlation between those input metrics like are we doing things the right way, versus are we seeing the value that we want to come out of that? And so I think that's the value of Cortex is not so much around, hey, we're going to be prescriptive about it. It's here's this framework that will let you track all of that and say, are we doing things the right way and is it giving us the value that we want? And being able to report that update to engineer leadership and say, hey, maybe these services are not doing like we're not improving call wait time. Okay, why is that? Are these services behind on the actual input metrics that we care about? And so being able to see that I think is super valuable. >> Yeah, absolutely, I think just to touch on the reporting, I think that's one of the most value add things Cortex can provide. If you think about it, the service is atomic unit of your software. It represents everything that's being built and that bubbles up into teams, products, business units, and Cortex lets you represent that. So now I can, as a CTO, come in and say, hey, these product lines are they actually meeting our standards? Where are the areas of risk? Where should I be investing more resources? I think Cortex is almost like the best way to get the actual health of your engineering organization. >> All right Anish and Ganesh. We're going to go into the speed round here. >> Ganesh: It's time for the Q clock? >> Time for the Q clock. Start the Q clock. (upbeat music) Let's go on. >> Ganesh: Let's do it. >> Anish: Let's do it. >> Let's go on. You're you're 10 seconds in. >> Oh, we can start talking. Okay, well I would say, Anish was just touching on this. For a CTO, their question is how do I know if engineering quality is good? And they don't care about the microservice level. They care about as a business, is my engineering team actually producing. >> Keith: Follow the green, not the dream. (Ganesh laughs) >> And so the question is, well, how do we codify service quality? We don't want this to be a hand wavy thing that says like, oh, my team is good, my team is bad. We want to come in and define here's what service quality means. And we want that to be a number. You want that to be something that can- >> A goal without a timeline is just a dream. >> And CTO comes in and they say, here's what we care about. Here's how we're tracking it. Here are the teams that are doing well. We're going to reward the winners. We're going to move towards a world where every single team is doing service quality. And that's where Cortex can provide. We can give you that visibility that you never have before. >> For that five seconds. >> And hey, your SRE can't be the one handling all this. So let Cortex- >> Shoot the bad guy. >> Shot that, we're done. From Valencia Spain, I'm Keith Townsend. And you're watching theCube. The leader in high tech coverage. (soft music) (soft music) >> Narrator: TheCube presents Kubecon and Cloudnativecon Europe, 2022 brought to you by Red Hat, the cloud native computing foundation and its ecosystem partners. >> Welcome to Valencia, Spain in Kubecon, Cloudnativecon Europe, 2022. I'm Keith Townsend. And we are in a beautiful locale. The city itself is not that big 100,000, I mean, sorry, about 800,000 people. And we got out, got to see a little bit of the sites. It is an amazing city. I'm from the US, it's hard to put in context how a city of 800,000 people can be so beautiful. I'm here with Anish Dhar and Ganesh Datta, Co-founder and CTO of Cortex. Anish you're CEO of Cortex. We were having a conversation. One of the things that I asked my client is what is good. And you're claiming to answer the question about what is quality when it comes to measuring microservices? What is quality? >> Yeah, I think it really depends on the company. And I think that's really the philosophy we have when we build Cortex is that we understood that different companies have different definitions of quality, but they need to be able to be represented in really objective ways. I think what ends up happening in most engineering organizations is that quality lives in people's heads. Engineers who write the services, they're often the ones who understand all the intricacies with the service. What are the downstream I dependencies, who's on call for this service, where does the documentation live? All of these things, I think impact the quality of the service. And as these engineers leave the company or they switch teams, they often take that tribal knowledge with them. And so I think quality really comes down to being able to objectively like codify your best practices in some way, and have that distributed to all engineers in the company. >> And to add to that, I think like very concrete examples for an organization that's already modern their idea of quality might be uptime incidents. For somebody that's like going through a modernization strategy, they're trying to get to the 21st century. They're trying to get to Kubernetes. For them quality means like, where are we in that journey? Are you on our latest platforms? Are you running CI? Are you doing continuous delivery? Like quality can mean a lot of things. And so our perspective is how do we give you the tools to say as an organization here's what quality means to us. >> So at first my mind was going through when you said quality and as you started out the conversation about having this kind of non codified set of measurements, historical knowledge, et cetera. I was thinking observability measuring how much time does it take to have a transaction? But Ganesh you're introducing this new thing. I'm working with this project where we're migrating a monolith application to a set of microservices. And you're telling me Cortex helps me measure the quality of what I'm doing in my project? >> Ganesh: Absolutely. >> How is that? >> Yeah, it's a great question. So I think when you think about observability, you think about uptime and latency and transactions and throughput and all this stuff and I think that's very high level. And I think that's one perspective of what quality is. But as you're going through this journey, you might say like the fact that we're tracking that stuff, the fact that you're using APM, you're using distributed tracing, that is one element of service quality. Maybe service quality means you're doing CICD, you're running vulnerability scans. You're using Docker. Like what that means to us can be very different. So observability is just one aspect of, are you doing things the right way? Good to us means you're using SLOs. You are tracking those metrics. You're reporting that somewhere. And so that's like one component for our organization of what quality can mean. >> Wow, I'm kind of taken me back by this because I've not seen someone kind of give the idea. And I think later on, this is the perfect segment to introduce theCube clock in which I'm going to give you a minute to kind of like give me the elevator pitch, but we're going to have the deep conversation right now. When you go in and you... what's the first process you do when you engage in a customer? Does a customer go and get this off of repository, install it, the open source version and then what, I mean, what's the experience? >> Yeah, absolutely. So we have both a smart and on-prem version of Cortex. It's really straightforward. Basically we have a service discovery onboarding flow where customers can connect to different set of source for their services. It could be Kubernetes, ECS, Git Repos, APM tools, and then we'll actually automatically map all of that service data with all of the integration data in the company. So we'll take that service and map it to its on call rotation to the JIRA tickets that have the service tag associated with it, to the data algo SLOs. And what that ends up producing is this service catalog that has all the information you need to understand your service. Almost like a single pane of glass to work with the service. And then once you have all of that data inside Cortex, then you can start writing scorecards, which grade the quality of those services across those different verticals Ganesh was talking about. like whether it's a monolith, a microservice transition, whether it's production readiness or security standards, you can really start tracking that. And then engineers start understanding where are the areas of risk with my service across reliability or security or operation maturity. I think it gives us insane visibility into what's actually being built and the quality of that compared to your standards. >> So, okay, I have a standard for SLO. That is usually something that is, it might not even be measured. So how do you help me understand that I'm lacking a measurable system for tracking SLO and what's the next step for helping me get that system? >> Yeah, I think our perspective is very much how do we help you create a culture where developers understand what's expected of them? So if SLOs are part of what we consider observability and reliability, then Cortex's perspective is, hey, we want to help your organization adopt SLOs. And so that service cataloging concept, the service catalog says, hey, here's my APM integration. Then a scorecard, the organization goes in and says, we want every service owner to define their SLOs. We want to define your thresholds. We want you to be tracking them. Are you passing your SLOs? And so we're not being prescriptive about here's what we think your SLOs should be. Ours is more around, hey, we're going to help you like if you care about SLOs, we're going to tell the service owners saying, hey, you need to have at least two SLOs for your service and you've got to be tracking them. And the service catalog that data flows from the service catalog into those scorecards. And so we're helping them adopt that mindset of, hey, SLOs are important. It is a component of like a holistic service reliability excellence metric that we care about. >> So what happens when I already have systems for like SLO, how do I integrate that system with Cortex? >> That's one of the coolest things. So the service catalog can be pretty smart about it. So let's say you've sucked in your services from your GitHub. And so now your services are in Cortex. What we can do is we can actually discover from your APM tools, we can say like, hey, for this service we have guessed that this is the corresponding APM in Datadog. And so from Datadog, here are your SLOs, here are your monitors. And so we can start mapping all the different parts of your world into the Cortex. And that's the power of the service catalog. The service catalog says, given a service, here's everything about that service. Here's the vulnerability scans, here's the APM, the monitor, the SLOs, the JIRA ticket, like all that stuff comes into a single place. And then our scorecard product can go back out and say, hey, Datadog, tell me about this SLOs for the service. And so we're going to get that information live and then score your services against that. And so we're like integrating with all of your third party tools and integrations to create that single pan of glass. >> Yeah and to add to that, I think one of the most interesting use cases with scorecards is, okay, which teams have actually adopted SLOs in the first place? I think a lot of companies struggle with how do we make sure engineers defined SLOs are passing them actually care about them? And scorecards can be used to one, which teams are actually meeting these guidelines? And then two let's get those teams adopted on SLOs. Let's track that. You can do all of that in Cortex, which is, I think a really interesting use case that we've seen. >> So let's talk about kind of my use case in the end to end process for integrating Cortex into migrations. So I have this monolithic application, I want to break it into microservices and then I want to ensure that I'm delivering you know what, let's leave it a little bit more open ended. How do I know that I'm better at the end of I was in a monolith before, how do I measure that now that I'm in microservices and on cloud native, that I'm better? >> That's a good question. I think it comes down to, and we talk about this all the time for our customers that are going through that process. You can't define better if you don't define a baseline, like what does good mean to us? And so you need to start by saying, why are we moving to microservices? Is it because we want teams to move faster? Is it because we care about reliability up time? Like what is the core metric that we're tracking? And so you start by defining that as an organization. And that is kind of like a hand wavy thing. Why are we doing microservices? Once you have that, then you define the scorecard and that's like our golden path. Once we're done doing this microservice migration, can we say like, yes, we have been successful. And like those metrics that we care about are being tracked. And so where Cortex fits in is from the very first step of creating a service. You can use Cortex to define templates. Like one click, you go in, it spins up a microservice for you that follows all your best practices. And so from there, ideally you're meeting 80% of your standards already. And then you can use scorecards to track historical progress. So you can say, are we meeting our golden path standards? Like if it's uptime, you can track uptime metrics and scorecards. If it's around velocity, you can track velocity metrics. Is it just around modernization? Are you doing CICD and vulnerability scans, like moving faster as a team? You can track that. And so you can start seeing like trends at a per team level, at a per department level, at a per product level. Saying, hey, we are seeing consistent progress in the metrics that we care about. And this microservice journey is helping us with that. So I think that's the kind of phased progress that we see with Cortex. >> So I'm going to give you kind of a hand wavy thing. We're told that cloud native helps me to do things faster with less defects so that I can do new opportunities. Let's stretch into kind of this non-tech, this new opportunities perspective. I want to be able to move my microservices. I want to be able to move my architecture to microservices so I reduce call wait time on my customer service calls. So, I could easily see how I can measure are we iterating faster? Are we putting out more updates quicker? That's pretty easy to measure. The number of defects, easy to measure. I can imagine a scorecard. But what about this wait time? I don't necessarily manage the call center system, but I get the data. How do I measure that the microservice migration was successful from a business process perspective? >> Yeah, that's a good question. I think it comes down to two things. One, the flexibility of scorecard means you can pipe in that data to Cortex. And what we recommend customers is track the outcome metrics and track the input metrics as well. And so what is the input metric to call wait time? Like maybe it's the fact that if something goes wrong, we have the run book to quickly roll back to an older version that we know is running that way MTTR is faster. Or when something happens, we know the owner for that service and we can go back to them and say like, hey, we're going to ping you as an incident commander. Those are kind the input metrics to, if we do these things, then we know our call wait time is going to drop because we're able to respond faster to incidents. And so you want to track those input metrics and then you want to track the output metrics as well. And so if you have those metrics coming in from your Prometheus or your Datadogs or whatever, you can pipe that into Cortex and say, hey, we're going to look at both of these things holistically. So we want to see is there a correlation between those input metrics? Are we doing things the right way versus are we seeing the value that we want to come out of that? And so I think that's the value of Cortex is not so much around, hey, we're going to be prescriptive about it. It's here's this framework that will let you track all of that and say, are we doing things the right way and is it giving us the value that we want? And being able to report that update to engineer leadership and say, hey, maybe these services are not doing like we're not improving call wait time. Okay, why is that? Are these services behind on like the actual input metrics that we care about? And so being able to see that I think is super valuable. >> Yeah, absolutely. I think just to touch on the reporting, I think that's one of the most value add things Cortex can provide. If you think about it, the service is atomic unit of your software. It represents everything that's being built and that bubbles up into teams, products, business units, and Cortex lets you represent that. So now I can, as a CTO, come in and say, hey, these product lines are they actually meeting our standards? Where are the areas of risk? Where should I be investing more resources? I think Cortex is almost like the best way to get the actual health of your engineering organization. >> All right, Anish and Ganesh. We're going to go into the speed round here. >> Ganesh: It's time for the Q clock >> Time for the Q clock. Start the Q clock. (upbeat music) >> Let's go on. >> Ganesh: Let's do it. >> Anish: Let's do it. >> Let's go on, you're 10 seconds in. >> Oh, we can start talking. Okay, well I would say, Anish was just touching on this, for a CTO, their question is how do I know if engineering quality is good? And they don't care about the microservice level. They care about as a business, is my enduring team actually producing- >> Keith: Follow the green, not the dream. (Ganesh laughs) >> And so the question is, well, how do we codify service quality? We don't want this to be a hand wavy thing that says like, oh, my team is good, my team is bad. We want to come in and define here's what service quality means. And we want that to be a number. You want that to be something that you can- >> A goal without a timeline is just a dream. >> And a CTO comes in and they say, here's what we care about, here's how we're tracking it. Here are the teams that are doing well. We're going to reward the winners. We're going to move towards a world where every single team is doing service quality. And that's what Cortex can provide. We can give you that visibility that you never had before. >> For that five seconds. >> And hey, your SRE can't be the one handling all this. So let Cortex- >> Shoot the bad guy. >> Shot that, we're done. From Valencia Spain, I'm Keith Townsend. And you're watching theCube, the leader in high tech coverage. (soft music)

>> Narrator: theCUBE presents KubeCon and CloudNativeCon Europe 2022, brought to you by Red Hat, the Cloud Native Computing Foundation and its ecosystem partners. >> Welcome to Valencia, Spain, KubeCon, CloudNativeCon Europe 2022. I'm Keith Townsend, your host. And we're continuing the conversations around ecosystem cloud native, 7,500 people here, 170 plus show for sponsors. It is for open source conference, I think the destination. I might even premise that this may be, this may eventually roll to the biggest tech conference in the industry, maybe outside of AWS re:Invent. My next guest is Nick van Wiggeren. >> Wiggeren. >> VP engineering of PlanetScale. Nick, I'm going to start off the conversation right off the bat PlanetScale cloud native database, why do we need another database? >> Well, why don't you need another database? I mean, are you happy with yours? Is anyone happy with theirs? >> That's a good question. I don't think anyone is quite happy with, I don't know, I've never seen a excited database user, except for guys with really (murmurs) guys with great beards. >> Yeah. >> Keith: Or guys with gray hair maybe. >> Yeah. Outside of the dungeon I think... >> Keith: Right. >> No one is really is happy with their database, and that's what we're here to change. We're not just building the database, we're actually building the whole kind of start to finish experience, so that people can get more done. >> So what do you mean by getting more done? Because MySQL has been the underpinnings of like massive cloud database deployments. >> 100% >> It has been the de-facto standard. >> Nick: Yep. >> For cloud databases. >> Nick: Yep. >> What is PlanetScale doing in enabling us to do that I can't do with something like a MySQL or a SQL server? >> Great question. So we are MySQL compatible. So under the hood it's a lot of the MySQL you know and love. But on top of that we've layered workflows, we've layered scalability, we've layered serverless. So that you can get all of the the parts of the MySQL, that dependability, the thing that people have used for 20, 30 years, right? People don't even know a world before MySQL. But then you also get this ability to make schema changes faster. So you can kind of do your work quicker get to the business objectives faster. You can scale farther. So when you get to your MySQL and you say, well, can we handle adding this one feature on top? Can we handle the user growth we've got? You don't have to worry about that either. So it's kind of the best of both worlds. We've got one foot in history and we've got one foot in the new kind of cloud native database world. We want to give everyone the best of both. >> So when I think of serverless because that's the buzzy world. >> Yeah. >> But when I think of serverless I think about developers being able to write code. >> Yep. >> Deploy the code, not worry about VM sizes. >> Yep. >> Amount of disk space. >> Yep. >> CPU, et cetera. But we're talking about databases. >> Yep. >> I got to describe what type of disk I want to use. I got to describe the performance levels. >> Yep. >> I got all the descriptive stuff that I have to do about infrastructures. Databases are not... >> Yep. >> Keith: Serverless. >> Yep. >> They're the furthest thing from it. >> So despite what the name may say, I can guarantee you PlanetScale, your PlanetScale database does run on at least one server, usually more than one. But the idea is exactly what you said. So especially when you're starting off, when you're first beginning your, let's say database journey. That's a word I use a lot. The furthest thing from your mind is, how many CPUs do I need? How many disk iOS do I need? How much memory do I need? What we want you to be able to do is get started on focusing on shipping your code, right? The same way that Lambda, the same way that Kubernetes, and all of these other cloud native technologies just help people get done what they want to get done. PlanetScale is the same way, you want a database, you sign up, you click two buttons, you've got a database. We'll handle scaling the disk as you grow, we'll handle giving you more resources. And when you get to a spot where you're really starting to think about, my database has got hundreds of gigabytes or petabytes, terabytes, that's when we'll start to talk to you a little bit more about, hey, you know it really does run on a server, we ain't got to help you with the capacity planning, but there's no reason people should have to do that up front. I mean, that stinks. When you want to use a database you want to use a database. You don't want to use, 747 with 27 different knobs. You just want to get going. >> So, also when I think of serverless and cloud native, I think of stateless. >> Yep. >> Now there's stateless with databases, help me reconcile like, when you say it's cloud native. >> Nick: Yep. >> How is it cloud native when I think of cloud native as stateless? >> Yeah. So it's cloud native because it exists where you want it in the cloud, right? No matter where you've deployed your application on your own cloud, on a public cloud, or something like that, our job is to meet you and match the same level of velocity and the same level of change that you've got on your kind of cloud native setup. So there's a lot of state, right? We are your state and that's a big responsibility. And so what we want to do is, we want to let you experiment with the rest of the stateless workloads, and be right there next to you so that you can kind of get done what you need to get done. >> All right. So this concept of clicking two buttons... >> Nick: Yeah. >> And deploying, it's a database. >> Nick: Yep. >> It has to run somewhere. So let's say that I'm in AWS. >> Nick: Yep. >> And I have AWS VPC. What does it look like from a developer's perspective to consume the service? >> Yeah. So we've got a couple of different offerings, and AWS is a great example. So at the very kind of the most basic database unit you click, you get an endpoint, a host name, a password, and the username. You feed that right into your application and it's TLS secure and stuff like that, goes right into the database no problem. As you grow larger and larger, we can use things like AWS PrivateLink and stuff like that, to actually start to integrate more with your AWS environment, all the way over to what we call PlanetScale Managed. Which is where we actually deploy your data plan in your AWS account. So you give us some permissions and we kind of create a sub-account and stuff like that. And we can actually start sending pods, and hold clusters and stuff like that into your AWS account, give you a PrivateLink, so that everything looks like it's kind of wrapped up in your ownership but you still get the same kind of PlanetScale cloud experience, cloud native experience. >> So how do I make calls to the database? I mean, do I have to install a new... >> Nick: Great question. >> Like agent, or do some weird SQL configuration on my end? Or like what's the experience? >> Nope, we just need MySQL. Same way you'd go, install MySQL if you're on a Mac or app store to install MySQL on analytics PC, you just username, password, database name, and stuff like that, you feed that into your app and it just works. >> All right. So databases are typically security. >> Nick: Yep. >> When my security person. >> Nick: Yep. >> Sees a new database. >> Nick: Yep. >> Oh, they get excited. They're like, oh my job... >> Nick: I bet they do. >> My job just got real easy. I can find like eight or nine different findings. >> Right. >> How do you help me with compliance? >> Yeah. >> And answering these tough security questions from security? >> Great question. So security's at the core of what we do, right? We've got security people ourselves. We do the same thing for all the new vendors that we onboard. So we invest a lot. For example, the only way you can connect to a PlanetScale database even if you're using PrivateLink, even if you're not touching the public internet at all, is over TLS secured endpoint, right? From the very first day, the very first beta that we had we knew not a single byte goes over the internet that's not encrypted. It's encrypted at rest, we have audit logging, we do a ton internally as well to make sure that, what's happening to your database is something you can find out. The favorite thing that I think though is all your schema changes are tracked on PlanetScale, because we provide an entire workflow for your schema changes. We actually have like a GitHub Polar Request style thing, your security folks can actually look and say, what changes were made to the database day in and day out. They can go back and there's a full history of that log. So you actually have, I think better security than a lot of other databases where you've got to build all these tools and stuff like that, it's all built into PlanetScale. >> So, we started out the conversation with two clicks but I'm a developer. >> Nick: Yeah. >> And I'm developing a service at scale. >> Yep. >> I want to have a SaaS offering. How do I automate the deployment of the database and the management of the database across multiple customers? >> Yeah, so everything is API driven. We've got an API that you can use supervision databases to make schema changes, to make whatever changes you want to that database. We have an API that powers our website, the same API that customers can use to kind of automate any part of the workflow that they want. There's actually someone who did talk earlier using, I think, wwww.crossplane.io, or they can use Kubernetes custom resource definitions to provision PlanetScale databases completely automatically. So you can even do it as part of your standard deployment workflow. Just create a PlanetScale database, create a password, inject it in your app, all automatically. >> So Nick, as I'm thinking about scale. >> Yep. >> I'm thinking about multiple customers. >> Nick: Yep. >> I have a successful product. >> Nick: Yep. >> And now these customers are coming to me with different requirements. One customer wants to upgrade once every 1/4, another one, it's like, you know what? Just bring it on. Like bring the schema changes on. >> Yep. >> I want the latest features, et cetera. >> Nick: Right. >> How do I manage that with PlanetScale? When I'm thinking about MySQL it's a little, that can be a little difficult. >> Nick: Yeah. >> But how does PlanetScale help me solve that problem? >> Yeah. So, again I think it's that same workflow engine that we've built. So every database has its own kind of deploy queue, its own migration system. So you can automate all these processes and say, on this database, I want to change this schema this way, on this database I'm going to hold off. You can use our API to drive a view into like, well, what's the schema on this database? What's schema on this database? What version am I running on this database? And you can actually bring all that in. And if you were really successful you'd have this single plane of glass where you can see what's the status of all my databases and how are they doing, all powered by kind of the PlanetScale API. >> So we can't talk about databases without talking about backup. >> Nick: Yep. >> And recovery. >> Yep. >> How do I back this thing up and make sure that I can fall back? If someone deleted a table. >> Nick: Yep. >> It happens all the time in production. >> Nick: Yeah, 100%. >> How do I recover from it? >> So there's two pieces to this, and I'm going to talk about two different ways that we can help you solve this problem. One of them is, every PlanetScale database comes with backups built in and we test them fairly often, right? We use these backups. We actually give you a free daily backup on every database 'cause it's important to us as well. We want to be able to restore from backup, we want to be able to do failovers and stuff like that, all that is handled automatically. The other thing though is this feature that we launched in March called the PlanetScale Rewind. And what Rewind is, is actually a schema migration undo button. So let's say, you're a developer you're dropping a table or a column, you mean to drop this, but you drop the other one on accident, or you thought this column was unused but it wasn't. You know when you do something wrong, you cause an incident and you get that sick feeling in your stomach. >> Oh, I'm sorry. I've pulled a drive that was written not ready file and it was horrible. >> Exactly. And you kind of start to go, oh man, what am I going to do next? Everyone watching this right now is probably squirming in their seat a bit, you know the feeling. >> Yeah, I know the feeling >> Well, PlanetScale gives you an undo button. So you can click, undo migration, for 30 minutes after you do the migration and we'll revert your schema with all the data in it back to what your database looked like before you did that migration. Drop a column on accident, drop a table on accident, click the Rewind button, there's all the data there. And, the new rights that you've taken while that's happened are there as well. So it's not just a restore to a point in time backup. It's actually that we've replicated your rights sent them to both the old and the new schema, and we can get you right back to where you started, downtime solved. >> Both: So. >> Nick: Go ahead. >> DBAs are DBAs, whether they've become now reformed DBAs that are cloud architects, but they're DBAs. So there's a couple of things that they're going to want to know, one, how do I get my zero back up in my hands? >> Yeah. >> I want my, it's MySQL data. >> Nick: Yeah. >> I want my MySQL backup. >> Yeah. So you can just take backups off the database yourself the same way that you're doing today, right? MySQL dump, MySQL backup, and all those kinds of things. If you don't trust PlanetScale, and look, I'm all about backups, right? You want them in two different data centers on different mediums, you can just add on your own backup tools that you have right now and also use that. I'd like you to trust that PlanetScale has the backups as well. But if you want to keep doing that and run your own system, we're totally cool with that as well. In fact, I'd go as far as to say, I recommend it. You never have too many backups. >> So in a moment we're going to run Kube clock. So get your... >> Okay, all right. >> You know, stand tall. >> All right. >> I'll get ready. I'm going to... >> Nick: I'm tall, I'm tall. >> We're both tall. The last question before Kube clock. >> Nick: Yeah. >> It is, let's talk a little nerve knobs. >> Nick: Okay. >> The reform DBA. >> Nick: Yeah. >> They want, they're like, oh, this query ran a little bit slow. I know I can squeeze a little bit more out of that. >> Nick: Yeah. >> Who do they talk to? >> Yeah. So that's a great question. So we provide you some insights on the product itself, right? So you can take a look and see how are my queries performing and stuff like that. Our goal, our job is to surface to you all the metrics that you need to make that decision. 'Cause at the end of the day, a reform DBA or not it is still a skill to analyze the performance of a MySQL query, run and explain, kind of figure all that out. We can't do all of that for you. So we want to give you the information you need either knowledge or you know, stuff to learn whatever it is because some of it does have to come back to, what's my schema? What's my query? And how can I optimize it? I'm missing an index and stuff like that. >> All right. So, you're early adopter of the Kube clock. >> Okay. >> I have to, people say they're ready. >> Nick: Ooh, okay. >> All the time people say they're ready. >> Nick: Woo. >> But I'm not quite sure that they're ready. >> Nick: Well, now I'm nervous. >> So are you ready? >> Do I have any other choice? >> No, you don't. >> Nick: Then I am. >> But are you ready? >> Sure, let's go. >> All right. Start the Kube clock. (upbeat music) >> Nick: All right, what do you want me to do? >> Go. >> All right. >> You said you were ready. >> I'm ready, all right, I'm ready. All right. >> Okay, I'll reset. I'll give you, I'll give, see people say they're ready. >> All right. You're right. You're right. >> Start the Kube clock, go. >> Okay. Are you happy with how your database works? Are you happy with the velocity? Are you happy with what your engineers and what your teams can do with their database? >> Follow the dream not the... Well, follow the green... >> You got to be. >> Not the dream. >> You got to be able to deliver. At the end of the day you got to deliver what the business wants. It's not about performance. >> You got to crawl before you go. You got to crawl, you got to crawl. >> It's not just about is my query fast, it's not just about is my query right, it's about, are my customers getting what they want? >> You're here, you deserve a seat at the table. >> And that's what PlanetScale provides, right? PlanetScale... >> Keith: Ten more seconds. >> PlanetScale is a tool for getting done what you need to get done as a business. That's what we're here for. Ultimately, we want to be the best database for developing software. >> Keith: Two, one. >> That's it. End it there. >> Nick, you took a shot, I'm buying it. Great job. You know, this is fun. Our jobs are complex. >> Yep. >> Databases are hard. >> Yep. >> It is the, where your organization keeps the most valuable assets that you have. >> Nick: A 100%. >> And we are having these tough conversations. >> Nick: Yep. >> Here in Valencia, you're talking to the leader in tech coverage. From Valencia, Spain, I'm Keith Townsend, and you're watching theCUBE, the leader in high tech coverage. (upbeat music)

>>The cube presents, Coon and cloud native con Europe, 2022, brought to you by red hat, the cloud native computing foundation and its ecosystem partners. >>Welcome to Valencia Spain in Coon cloud native con Europe, 2022. I'm your host Keith Townsend. And we're continuing the conversation with community, with startups, with people building cloud native, a cube alum joint by a CTO. And not as the CTO advisor. I really appreciate talking to CTOs Capel. Th Lou don't forgive me if I murder the name, that's a tough one. I'm I'm, I'm getting warmed up to the cubey, but don't worry. When we get to the technical parts, it's gonna be fun. And then a cube alum, Umer K director of marketing Capel. You're the CTO. So we we'll start out with you. What's the problem statement? What, what, what are you guys doing? >>So, uh, we're building on top of an open source project podcast, custodian, uh, that is in CNCF. And that I built when I was at capital one and just as they were going, they're taking those first few steps. It's a large regulated enterprise into the cloud. And the challenge that I saw was, you know, how do we enable developers to pick whatever tools and technologies they want, if they wanna use Terraform or cloud formation or Ansible? I mean, the cloud gives us APIs and we wanna be able to enable people to use those APIs through innovative ways. Uh, but at the same time, we wanna make sure that the, regardless of what choices those developers make, that the organization is being is being well managed, that all those resources, all that infrastructure is complying to the organizational's policies. And what we saw at the time was that what we were getting impediments around our velocity into the cloud, because we had to cover off on all of the compliance and regulation aspects. >>And we were doing that them as one offs. And so, uh, taking a step back, I realized that what we really needed was a way to go faster on the compliance side and clock custodian was born out of that effort side of desk that we took through enterprise wide. And it was really about, um, accelerating the velocity around compliance, but doing it in the same way that we do application and infrastructure is code. So doing policy as code in a very simple readable YAML DSL, um, because, you know, PO you have, we, anytime we write code, we're gonna more people are gonna read that code than, than are going to need to be able to write it. And so being able to make it really easy to understand from both the developers that are in the environment from the compliance folks or auditors or security folks that might wanna review it, um, it was super important. And then instead of being at the time, we saw lots of very under products and they were all just big walls of red in somebody's corner office and getting that to actually back the information back in the hands of developers so that they can fix things, um, was problematic. So being able to do time remediation and real time collaboration and communication back to developers, Hey, you put a database on the internet. It's okay. We fixed it for you. And here's the corporate policy on how to do it better in the future. >>So this is a area of focus of mind that people, I think don't get right. A lot, the technology hard enough by itself. The transformation cloud is not just about adopting new technologies, but adopting new processes, the data, and information's there automatically. But when I go to an auditor or, or, uh, compliance and say, Hey, we've changed the process for how do we do change control for our software stack? I get a blank stare. It's what do you mean we've been doing it this way for the past 15, 20 years, that's resistance, it's a pain point and projects fail due to this issue. So talk to me about that initial customer engagement. What's what's that conversation like? >>So we start off by deploying our, our platform on top of buck custodian. Um, and as far as our customers, and we give them a view of all the things that are in their cloud, what is their baseline, so to speak. Um, but I think it's really important. Like I think you bring up a good point, like communication, the challenge, larger challenge for enterprises in the cloud, and especially with grocery compliance is understanding that it is not a steady state. It's always, there's always something new in the backlog. And so being able, and the, one of the challenges for larger orgs is just being able to communicate out what that is. I remember changing a tag policy and spending the next two years, explaining it to people what the actual tag policy was. Um, and so being able to actually inform them, you know, via email, via slack, via, you know, any communication mechanism, uh, as they're doing things is, is so powerful to be able to, to help the organization grow together and move and get an alignment about what, what the, what the new things are. >>And then additionally, you know, from a perspective of, uh, tooling that is built for the real world, like being able to, as those new policies come into play, being able to say, okay, we're going to segment into stopping the bleeding on the net new and being able to then take action on what's already deployed that now needs to become into compliance is, is really important. But coming back to your question on customer engagements, so we'll go in and we'll deploy, uh, a SAC platform for them. We'll basically show them all of the things that are there already and extent. Um, we provide a real time SQL interface that customers can use, um, that is an asset inventory of all their cloud assets. Uh, and then we provide, uh, policy packs that sort of cover off on compliance, security, cost, optimizations, and opportunities for them. Uh, and then we help them through, uh, get ops around those policies, help deploy remediation activities and capabilities for their environment. >>So walk me through some of the detail of, of, of the process and where the software helps and where people need to step in. I'm making I'm, I'm talking to my security auditor, and he's saying, you know what, Keith, I understand that the Aw, that the, uh, VM talking to the application, VM talking to the Oracle database, there is a firewall rule that says that that can happen. Show me that rule in cloud custodian. And you're trying to explain, well, well, there's no longer a firewall. There's a service. And the service is talking to that. And it, it is here and clouds, custodian and St is whether Stant help come to either help with the conversation, or where do I inject more of my experience and my ability to negotiate with the auditor. >>So stalet from the perspective, uh, and if we take a step back, we, we talk about governances code and, and the four pillars around compliance, security, cost, optimization operations, uh, that we help organizations do. But if we take a step back, what is cloud custodian? Cloud custodian is really a cloud orchestrator, a resource orchestrator. What <inaudible> provides on top of that is UI UX, um, policy packs at scale execution, across thousands of accounts, but in the context of an auditor, what we're really providing is here's the policy that we're enforcing. And here's the evidence, the attestation over time. And here's the resource database with history that shows how we, how we got here, where we compliant last year to this policy that we just wrote today. >>So shifting the conversation, you just mentioned operations. One of the larger conversations that I have with CIOs and CTOs is where do I put my people? Like this is a really tough challenge. When you look at moving to something like a SRE model, or, uh, let's say, even focus on the SRE, like what, where does the SRE sit in an organization? How does stack, like if at all, help me make those types of strategic decisions if I'm talking about governance overall. So, >>So I think in terms of personas, if you look at there's a cloud engineer, then SRE, I think that what at its core Stackler and cloud custodian does is a centralized engine, right? So your cost policies, your compliance policies, your security policies are not in a silo anymore. It's one tool. It's one repository that everyone can collaborate on as well. And even engineering, a lot of engineering teams run custodian and, and adopt custodian as well. So in terms of persona stack, it really helps bring it together. All teams have the same simple YAML DSL file that they can write their policies, share their policies and communicate and collaborate better as well. >>Yeah. So I mean, cloud transformation for an enterprise is a deeper topic. Like I think, you know, there's a lot of good breast practices establishing a cloud center of excellence. Um, I, I think, you know, investing in training for people, uh, getting certification so everyone can speak the same language when it comes to cloud is a key aspect. When it comes to the operations aspect, I very much believe that you should have, you know, try to devolve and get the developers writing, uh, some of the DevOps. And so having SREs around for the actual application teams is, is valuable, but you still have a core cloud infrastructure engineering group that's doing potentially any of your core networking, any of your, you know, IM authentication aspects. And so, uh, what we found is that, you know, SLA and cloud custodian get PR primarily get deployed by one of three groups. >>The, uh, you know, you've got the, the CIO buyer within that cloud infrastructure engineering team. And what we found is that group is because they're working with the application teams in a read right way. Uh, they're very much more, um, uh, used to doing and open to doing remediation in real time. Um, and so, and then we also have the CISO teams that want to get to a secure compliance state, be able to do audit and, and validate that all the environments are, um, you know, secure, frankly. And then we get to the CFO groups. Uh, and so, and this sometimes is part of the cloud center of excellence. And so it, it has to be this cross team collaboration. And they're really focused on the, that, that cost optimization, finding the over provision, underutilized things, establishing workloads for dev environments to turn them off at night. Um, and of course, respective of time zones, cause we're all global these days. Uh, and so those are sort of the three groups that we see that sort of really want to engage with us because we can provide value for them to help their accelerate their business goals. >>So that's an expansive view, cost compliance, security operations. That's a lot, I'm thinking about all the tools, all the information that feeds into that, where does cloud custodians start and stop? Like, am I putting cloud custodian agents on servers or, uh, pods, like how, how am I interacting with this? >>So the core clock suiting is just to see lot it's stateless, it's designed to be operationally simple. Um, and so you can run it in Kubernetes, in Jenkins. We've seen people use GitLab. We've seen people run just as a query interactive tool just from, um, investigations perspective on their laptop. But when you write a policy, a policy really consists of, you know, a couple of core elements. Uh, you identify a resource you want to target say an S3 bucket or, uh, a Google cloud VM. And then you say establishes that a filters. I want to look for all the C two instances that are on public subnets with an IM roll attached that has the ability to, uh, create another IM user. And so that, you know, you filter down, you ask the arbitrary questions to filter to the interesting set of things you want, and then you take a set of actions on them. >>So you might take an action, like stop an C two instance, and you might use it as an incident response. Um, you might, uh, use it for off hours in a, in that type of policy. So you get this library of filters and actions that you can combine to form, you know, millions of different types of policies. Now, we also have this notion of an execution mode. So you might say, uh, let's operate in real time. Whenever someone launches this instance, whenever there's an API call, we want to introspect what that API I call is doing and make sure that it's compliant to policy. Now, when you do that, custo will, when you, and you run it with the COI, cause you will actually provision a Lambda function and hook up the event sources to it. Uh, and sorry, Lambda really the serverless we bind into the serverless native capabilities of the underlying cloud provider. So Google cloud function, Azure serverless functions, uh, and native AWS Lambda native us. And so now that policy is effectively hermetically sealed, running, uh, in the Seus runtime of that cloud and responding to API calls in real time, all with, you know, structured outputs and logs and metrics to the native cloud provider capabilities around those. Um, and that really ensures that, uh, you know, it's effectively becomes operation free from the perspective of the user of having to maintain infrastructure >>For it. So let's talk about >>Agent agent list and API based. >>Let's talk about like the a non-developer use case specifically finance. Absolutely. We, you have to deploy the ability to deploy, uh, um, uh, SAP in a, uh, E C two instance, but it's very expensive. Do it only when you absolutely need to do it, but you have the rights to do it. And I wanna run a, uh, a check to see if anyone's doing it like this is this isn't a colder developer, what is their experience? So, >>So primarily we focus on the infrastructure. So low balancers, VMs, you know, encryption and address on discs. Um, when we get into the application workloads running on those instances, we spend, we don't spend that that's on our target focus area. Mm-hmm <affirmative>, we can do it. Uh, and it really depends on the underlying cloud provider's capabilities. So in Amazon, there's a system called systems manager and it runs, and it's basically running an agent on the box. We're not running the agent, but we can communicate with that agent. We can, I inspect the, the inventory that's running on that box. We can send commands to that box, through those serverless functions and through those policies. And so we see it commonly used for like incident response and a security perspective where you might wanna take a memory snapshot of, of, of the instance before, uh, um, yeah, putting it into a forensic cloud and adding >>To that, like these days we're seeing the emerging personas of a fops engineer or a fops director as well, because cost in cloud is totally different. So what custodian and Stackler allows to do is again, using the simple policy files. Even if they have a non-developer background, they can understand this DSL, they can create policies, they can better, uh, target developers, better get them to take actions on policy as well. If they're overspending in the cloud or underspending in the cloud, uh, especially with St. You get, they get a lot of, out of the box dashboards and policy packs too. So say they can really understand how the cost has been consumed. They can have the developers take actions because a lot of the fops finance people complain like my developers does not understand it. Right. How do we get them to take action and make sure we are not over spending? Right. So with custodian policies, they're able to send them, uh, educational messages on slack or open a J ticket and really enforce them to take action as well and start saving cost. Like >>If you, uh, if you imagine cloud custodian as, um, you know, cleaning staff for, for the, your, your cloud environment, like it, it's, uh, you know, if you go to a typical, you know, cloud account, you're gonna see chairs that are 10 feet tall sitting at the table. You're gonna, because it's been over provision and obviously, you know, one can use it. Um, you're gonna find like the trash is overflowing because no one set up a log retention policy on the log group or set up S3, uh, life cycle rules on their buckets. And so you just have this, um, sort of this, uh, this explosion of things that people now, you know, beyond application functioning, like beyond, you know, getting to, you know, high performance, Dr. Capable, uh, SLAs around your application model, you now have to worry about the life cycle of all those resources and helping people manage that life cycle and making sure that they're using the, the, just the resources and consumption that they need, because we're all utilization based, uh, in the cloud. And so getting that to be more in line with what the application actually needs is really where we can help organizations and the CFO cost context. >>So, Emil, you got 10 seconds to tell me why you brought me a comic book. >><laugh> we created this comic book, uh, to explain the concept of governance scored in a simplified fashion. I know Keith, you like comic books, I believe. Uh, so it's a simple way of describing what we do, why it's important for pH ops for SecOps teams. And it talks about custodian and St. It as well. >>Well, I'm more of an Ironman type of guy or Batman cloud governance or governance cloud native governance is a very tough problem. I can't under emphasize how many projects get stalled or fail from a perception perspective, even if you're technically delivered what you've asked to deliver. That's where a lot of these conversations are going. We're gonna talk to a bunch of startups that are solving these tough problems here from Licia Spain, I'm Keith Townsend, and you're watching the cube, the leader in high tech coverage.

>> Announcer: "theCUBE" presents "Kubecon and Cloudnativecon Europe, 2022" brought to you by Red Hat, the Cloud Native Computing Foundation and its ecosystem partners. >> Welcome to Valencia, Spain and "Kubecon + Cloudnativecon Europe, 2022." I'm Keith Townsend, and we're continuing the conversations with amazing people doing amazing things. I think we've moved beyond a certain phase of the hype cycle when it comes to Kubernetes. And we're going to go a little bit in detail with that today, and on all the sessions, I have today with me, Taylor Dolezal. New head of CNCF Ecosystem. So, first off, what does that mean new head of? You're the head of CNCF Ecosystem? What is the CNCF Ecosystem? >> Yeah. Yeah. It's really the end user ecosystem. So, the CNCF is comprised of really three pillars. And there's the governing board, they oversee the budget and fun things, make sure everything's signed and proper. Then there's the Technical Oversight Committee, TOC. And they really help decide the technical direction of the organization through deliberation and talking about which projects get invited and accepted. Projects get donated, and the TOC votes on who's going to make it in, based on all this criteria. And then, lastly, is the end user ecosystem, that encompasses a whole bunch of different working groups, special interest groups. And that's been really interesting to kind of get a deeper sense into, as of late. So, there are groups like the developer experience group, and the user research group. And those have very specific focuses that kind of go across all industries. But what we've seen lately, is that there are really deep wants to create, whether it be financial services user group, and things like that, because end users are having trouble with going to all of the different meetings. If you're a company, a vendor member company that's selling authentication software, or something in networking, makes sense to have a SIG network, SIG off, and those kinds of things. But when it comes down to like Boeing that just joined, does that make sense for them to jump into all those meetings? Or does it make sense to have some other kind of thing that is representative of them, so that they can attend that one thing, it's specific to their industry? They can get that download and kind of come up to speed, or find the best practices as quickly as possible in a nice synthesized way. >> So, you're 10 weeks into this role. You're coming from a customer environment. So, talk to me a little bit about the customer side of it? When you're looking at something, it's odd to call CNCF massive. But it is, 7.1 million members, and the number of contributing projects, et cetera. Talk to me about the view from the outside versus the view now that you're inside? >> Yeah, so honestly, it's been fun to kind of... For me, it's really mirrored the open-source journey. I've gone to Kubecon before, gotten to enjoy all of the booths, and trying to understand what's going on, and then worked for HashiCorp before coming to the CNCF. And so, get that vendor member kind of experience working the booth itself. So, kind of getting deeper and deeper into the stack of the conference itself. And I keep saying, vendor member and end user members, the difference between those, is end users are not organizations that sell cloud native services. Those are the groups that are kind of more consuming, the Airbnbs, the Boeings, the Mercedes, these people that use these technologies and want to kind of give that feedback back to these projects. But yeah, very incredibly massive and just sprawling when it comes to working in all those contexts. >> So, I have so many questions around, like the differences between having you as an end user and in inter-operating with vendors and the CNCF itself. So, let's start from the end user lens. When you're an end user and you're out discovering open-source and cloud native products, what's that journey like? How do you go from saying, okay, I'm primarily focused on vendor solutions, to let me look at this cloud native stack? >> Yeah, so really with that, there's been, I think that a lot of people have started to work with me and ask for, "Can we have recommended architectures? Can we have blueprints for how to do these things?" When the CNCF doesn't want to take that position, we don't want to kind of be the king maker and be like, this is the only way forward. We want to be inclusive, we want to pull in these projects, and kind of give everyone the same boot strap and jump... I missing the word of it, just ability to kind of like springboard off of that. Create a nice base for everybody to get started with, and then, see what works out, learn from one another. I think that when it comes to Kubernetes, and Prometheus, and some other projects, being able to share best practices between those groups of what works best as well. So, within all of the separations of the CNCF, I think that's something I've found really fun, is kind of like seeing how the projects relate to those verticals and those groups as well. Is how you run a project, might actually have a really good play inside of an organization like, "I like that idea. Let's try that out with our team." >> So, like this idea of springboarding. You know, is when an entrepreneur says, "You know what? I'm going to quit my job and springboard off into doing something new." There's a lot of uncertainty, but for enterprise, that can be really scary. Like we're used to our big vendors, HashiCorp, VMware, Cisco kind of guiding us and telling us like, what's next? What is that experience like, springboarding off into something as massive as cloud native? >> So, I think it's really, it's a great question. So, I think that's why the CNCF works so well, is the fact that it's a safe place for all these companies to come together, even companies of competing products. you know, having that common vision of, we want to make production boring again, we don't want to have so much sprawl and have to take in so much knowledge at once. Can we kind of work together to create all these things to get rid of our adminis trivia or maintenance tasks? I think that when it comes to open-source in general, there's a fantastic book it's called "Working in Public," it's by Stripe Press. I recommend it all over the place. It's orange, so you'll recognize it. Yeah, it's easy to see. But it's really good 'cause it talks about the maintainer journey, and what things make it difficult. And so, I think that that's what the CNCF is really working hard to try to get rid of, is all this monotonous, all these monotonous things, filing issues, best practices. How do you adopt open-source within your organization? We have tips and tricks, and kind of playbooks in ways that you could accomplish that. So, that's what I find really useful for those kinds of situations. Then it becomes easier to adopt that within your organization. >> So, I asked Priyanka, CNCF executive director last night, a pretty tough question. And this is kind of in the meat of what you do. What happens when you? Let's pick on service mesh 'cause everyone likes to pick on service mesh. >> XXXX: Yeah. >> What happens when there's differences at that vendor level on the direction of a CIG or a project, or the ecosystem around service mesh? >> Yeah, so that's the fun part. Honestly, is 'cause people get to hash it out. And so, I think that's been the biggest thing for me finding out, was that there's more than one way to do thing. And so, I think it always comes down to use case. What are you trying to do? And then you get to solve after that. So, it really is, I know it depends, which is the worst answer. But I really do think that's the case, because if you have people that are using something within the automotive space, or in the financial services space, they're going to have completely different needs, wants, you know, some might need to run Coball or Fortran, others might not have to. So, even at that level, just down to what your tech stack looks like, audits, and those kinds of things, that can just really differ. So, I think it does come down to something more like that. >> So, the CNCF loosely has become kind of a standards body. And it's centered around the core project Kubernetes? >> Mm-hmm. >> So, what does it mean, when we're looking at larger segments such as service mesh or observability, et cetera, to be Kubernetes compliant? Where's the point, if any, that the CNCF steps in versus just letting everyone hash it out? Is it Kubernetes just need to be Kubernetes compliant and everything else is free for all? >> Honestly, in many cases, it's up to the communities themselves to decide that. So, the groups that are running OCI, the Open Container Interface, Open Storage Interface, all of those things that we've agreed on as ways to implement those technologies, I think that's where the CNCF, that's the line. That's where the CNCF gets up to. And then, it's like we help foster those communities and those conversations and asking, does this work for you? If not, let's talk about it, let's figure out why it might not. And then, really working closely with community to kind of help bring those things forward and create action items. >> So, it's all about putting the right people in the rooms and not necessarily playing referee, but to get people in the right room to have and facilitate the conversation? >> Absolutely. Absolutely. Like all of the booths behind us could have their own conferences, but we want to bring everybody together to have those conversations. And again, sprawling can be really wild at certain times, but it's good to have those cross understandings, or to hear from somebody that you're like, "Oh, my goodness, I didn't even think about that kind of context or use case." So, really inclusive conversation. >> So, organizations like Boeing, Adobe, Microsoft, from an end user perspective, it's sometimes difficult to get those organizations into these types of communities. How do you encourage them to participate in the conversation 'cause their voice is extremely important? >> Yeah, that I'd also say it really is the community. I really liked the Kubernetes documentary that was put out, working with some of the CNCF folks and core, and beginning Kubernetes contributors and maintainers. And it just kind of blew me away when they had said, you know, what we thought was success, was seeing Kubernetes in an Amazon Data Center. That's when we knew that this was going to take root. And you'd rarely hear that, is like, "When somebody that we typically compete with, its success is seeing it, seeing them use that." And so, I thought was really cool. >> You know, I like to use this technology for my community of skipping rope. You see the girls and boys jumping double Dutch rope. And you think, "I can do that. Like it's just jumping." But there's this hesitation to actually, how do you start? How do you get inside of it? The question is how do you become a member of the community? We've talked a lot about what happens when you're in the community. But how do you join the community? >> So, really, there's a whole bunch of ways that you can. Actually, the shirt that I'm wearing, I got from the 114 Release. So, this is just a fun example of that community. And just kind of how welcoming and inviting that they are. Really, I do think it's kind of like a job breaker. Almost you start at the outside, you start using these technologies, even more generally like, what is DevOps? What is production? How do I get to infrastructure, architecture, or software engineering? Once you start there, you start working your way in, you develop a stack, and then you start to see these tools, technologies, workflows. And then, after you've kind of gotten a good amount of time spent with it, you might really enjoy it like that, and then want to help contribute like, "I like this, but it would be great to have a function that did this. Or I want a feature that does that." At that point in time, you can either take a look at the source code on GitHub, or wherever it's hosted, and then start to kind of come up with that, some ideas to contribute back to that. And then, beyond that, you can actually say, "No, I kind of want to have these conversations with people." Join in those special interest groups, and those meetings to kind of talk about things. And then, after a while, you can kind of find yourself in a contributor role, and then a maintainer role. After that, if you really like the project, and want to kind of work with community on that front. So, I think you had asked before, like Microsoft, Adobe and these others. Really it's about steering the projects. It's these communities want these things, and then, these companies say, "Okay, this is great. Let's join in the conversation with the community." And together again, inclusivity, and bringing everybody to the table to have that discussion and push things forward. >> So, Taylor, closing message. What would you want people watching this show to get when they think about ecosystem and CNCF? >> So, ecosystem it's a big place, come on in. Yeah, (laughs) the water's just fine. I really want people to take away the fact that... I think really when it comes down to, it really is the community, it's you. We are the end user ecosystem. We're the people that build the tools, and we need help. No matter how big or small, when you come in and join the community, you don't have to rewrite the Kubernetes scheduler. You can help make documentation that much more easy to understand, and in doing so, helping thousands of people, If I'm going through the instructions or reading a paragraph, doesn't make sense, that has such a profound impact. And I think a lot of people miss that. It's like, even just changing punctuation can have such a giant difference. >> Yeah, I think people sometimes forget that community, especially community-run projects, they need product managers. They need people that will help with communications, people that will help with messaging, websites updating. Just reachability, anywhere from developing code to developing documentation, there's ways to jump in and help the community. From Valencia, Spain, I'm Keith Townsend, and you're watching "theCUBE," the leader in high tech coverage. (bright upbeat music)

>>The cube presents, Coon and cloud native con Europe, 2022, brought to you by red hat, the cloud native computing foundation and its ecosystem partners. >>Welcome to Licia Spain in Coon and cloud native con Europe, 2022. I'm Keith Townsend, along with my cohot Paul Gillon, who's been putting in some pretty good work talking to incredible people. And we have, I don't wanna call, heard the face of CNCF, but you kind of introduced me to, you don't know this, but you know, charmer executive director of CNCF. You introduced me to Kuan at Cuan San Diego's my one of my first CU coupons. And I was trying to get my bearings about me and you're on stage and I'm like, okay. Uh, she looks like a reasonable person. This might be a reasonable place to learn about cloud native. Welcome to the show. >>Thank you so much for having me. And that's so nice to hear >><laugh> it is an amazing show, roughly 7,500 people. >>Yes, that's right. Sold out >>Sold. That's a big show. And with that comes, you know, uh, so someone told me, uh, CNCF is an outstanding organization, which it, which it is you're the executive director. And I told them, you know what, that's like being the president of the United States without having air force one. <laugh> like you get home. I dunno >>About that. You >>Get, no, you get all of the, I mean, 7,500 people from across, literally across the world. That's true at Europe. We're in Europe, we're in, we're coming out of times that have been, you know, it can't be overstated. It, this, this is unlike any other times. >>Yes, absolutely >>Difficult decisions. There was a whole co uh, uh, I don't know the term, uh, uh, cuffa uh, or blow up about mask versus no mask. How do you manage just, just the diversity of the community. >>That is such a great question, because I, as I mentioned in my keynote a little bit, right? At this point, we're a community of what, 7.1 million developers. That's a really big group. And so when we think about how should we manage the diversity, the way I see it, it's essential to treat each other with kindness, professionalism, and respect. Now that's easy to say, right. Because it sounds great. Right. Old paper is awesome. Yeah. Yeah. Great >>Concept. 0.1 million people later. >><laugh> exactly. And so, uh, this is why like, uh, I phoned a friend on stage and, um, van Jones came and spoke with us. Who's the renowned CNN contributor, uh, commentator, sorry. And his advice was very much that in such a diverse community, there's always gonna be lots of perspectives, lots opinions. And we need to a always bring the version of ourselves, which we think will empower this ecosystem, BEC what are, what we are doing. If everybody did that, is that gonna be a good thing or a bad thing? And the other is we need to give each other space and grace, um, space to do what we need to do. Grace. If there are mistakes, if there are challenges. And so those are, those are some good principles for us to live by. And I think that in terms of how CNCF tries to enable the diversity, it's by really trying to hear from everybody possible, the vocal loud voices, as well as the folks who you need to reach out a little bit, pull in a little bit. So it's an ongoing, it's an ongoing challenge that we do our best with. >>How do you balance? And I've been to a lot of trade shows and conferences over the years, their trade organizers are very coin operated. You know, they're there, they're there for the money. Yeah. <laugh> and you have traditional trade shows and you have a situation here where an open source community that is motivated by very different, um, principles, but you need to make money. You need the show to be profitable. Uh, you need to sell some sponsorships, but you also need to keep it available and open to the people who, who don't have the big budgets. How are you balancing that? >>So I would actually like to, uh, share something that may not be obvious, which is that we don't actually do the shows to make money. We, um, as you said, like, uh, a lot of trade shows are coin up and the goal there is like, um, well actually they're different kinds of, I think if it's an independent event organization, it can be like, Hey, let's make as much revenue as possible. If it's part of a large, um, large company, like, like cloud provider, et cetera, the events tend to be lost leaders because they're like lead gen, I think, >>But they're, they're lost leaders, but they're profit makers ultimately >>Long term. Yeah. Yeah. It's like top of the funnel. I, I guess for us, we are only doing the events to enable the community and bring people from different companies together. So our goal is to try and break even <laugh> >>Well, that's, that's laudable. Um, the, how big does it get though? I mean, you're at the point with 7,500 attendees here where you're on the cusp of being a really big event, uh, would you limit it size eventually? Or are you just gonna let this thing run? Its course. >>So our inherent belief is that we want to be accessible and open to more and more and more people because the mission is to make cloud native ubiquitous. Right. Uh, and so that means we are excited about growth. We are excited about opening the doors for as everyone, but I think actually the one, one good thing that came out of this pandemic is that we've become a lot more comfortable with hybrid. So we have a virtual component and an in-person component. So combining that, I think makes it well, it's very challenging cause like running to events, but it's also like, it can scale a little bit better. And then if the numbers increase from like, if they double, for example, we're still, I think we're still not in the realm of south by Southwest, which, which feels like, oh, that's the step function difference. So linear increases in number of attendees, I think is a good thing. If, and when we get to the point where it's, um, you know, exponential growth at that point, we have to think about, um, a completely different event really. Right, >>Right. So 7 billion people in the world approaching 8 billion, 7.1 members in the community. Technology is obviously an enabler where I it's enabled me to, to be here and Licia Spain experiencing this beautiful city. There's so much work to be done. What mm-hmm <affirmative> what is the role of CNCF in providing access to education and technology for the rest of the world? >>Absolutely. So, you know, one of the key, uh, areas we focus on is learning and development in supporting the ecosystem in learners beginners to start their cloud native journey or expand their cloud native journey with training certifications, and actually shared this in the keynote every year. Uh, the increase in number of people taking certifications grows by 216% year over year growth. It's a lot, right? And every week about a thousand people are taking a certification exam. So, and we set that up primarily to bring people in and that's one of our more successful initiatives, but we do so many, we do mentorship programs, internship programs. We, uh, a lot of diversity scholarships, these events, it all kind of comes together to support the ecosystem, to grow >>The turning away from the events, uh, toward just toward the CNCF Brit large, you have a growing number of projects. The, the number of projects within CNCF is becoming kind of overwhelming. Is there an upper threshold at which you would, do you tighten the, the limits on, on what projects you will incubate or how big does that tent become? >>Right. I think, you know, when we had 50 projects, we were feeling overwhelmed then too, but we seem to have cop just fine. And there's a reason for that. The reason is that cloud native has been growing so fast with the world. It's a representative of what's going on in our world over the course of the pandemic. As you know, every company became a technology company. People had to like double their engineering staffs over without anybody ever having met in person mm-hmm <affirmative> right. And when that kind of change is going around the world cloud needing be being the scaffolding of how people build and deploy modern software just grew really with it. And the use cases we needed to support grew. That's why the types of projects and kinds of projects is growing. So there's a method. There's a reason to the madness I should say. And I think, um, as the world and, uh, the landscape of technology evolves cloud native will, will evolve and keep developing in either into new projects or consolidation of projects and everything is on the table. >>So I think one of these perceptions Riley Arone is that CNCF is kind of where the big people go to play. If you're a small project and you're looking at CNCF, you're thinking one day I'll get big enough. Like how should small project leaders or leaders of small projects, how should they engage CNCF? >>Totally. And, you know, I want to really change this narrative because, um, in CNCF we have three tiers of projects. There's the graduated ones, which are at the top. These are the most mature ones we really believe and put our sand behind them. They, uh, then there's the incubating projects, which are pretty solid technologies with good usage that are getting there. And then there's the sandbox, which is literally a sandbox and op open ground for innovation. And the bar to entry is low in that it's, uh, easy to apply. There's a mass boat to get you in. And once you're in, you have a neutral IP zone created by being a CNCF project that you can attract more maintainers, more companies can start collaborating. So we, we become an enabler for the small projects, so everybody should know that >>FYI. Yeah. So I won't be interested to know how that, so I have an idea. So let's say I don't have an idea, but let's say that idea have, >>I'm sure you have an idea. <laugh>, I'm >>Sure I have idea. And, and I just don't have the infrastructure to run a project. I need help, but I think it it's going to solve a pro problem. Yeah. What's that application process like, >>So, okay. So you apply after you already have let's a GitHub repo. Okay. Yeah. >>So you, I have a GI help repo. >>Yeah. As in like your pro you've started the project, you started the coding, you've like, put it out there on GitHub, you have something going. And so it's not at just ideal level. Mm-hmm, <affirmative>, it's at like early stage of execution level. Um, and so, and then your question was, how do you apply? >>Yeah. So how do I, so I have, let's say that, uh, let, let's talk about something I'm thinking about doing, and I actually do, is that we're thinking about doing a open store, a cloud native framework for people migrating to the public cloud, to, or to cloud native. There's just not enough public information about that. And I'm like, you know what? I wanna contribute what I know to it. So that's a project in itself, not necessarily a software project, but a IP project, or let's say I have a tool to do that migration. And I put that up on my GitHub report. I want people to iterate on that tool. >>Right. So it would be a simple process of literally there is when you go to, um, our, uh, online, uh, materials, there's a simple process for sandbox where you fill a Google form, where you put in your URL, explain what you're doing, or some basic information hit submit. And we batch process these, um, about every once a month, I think. And, uh, the TC looks at the, what you've filled in, takes a group vote and goes from there. >>When about your operating model, I mean, do, do you, you mentioned you don't look to make a profit in this show. Do you look, and I wanna be sure CNCF is a non-profit, is that correct? Correct. Do you look, what models do you look at in determining your own governance? Do you look at a commercial business? Do you look at a nonprofit? Um, like of ourselves? Yeah. What's your model for how you run CNCF. >>Oh, okay. So it's a nonprofit, as I said, and our model is very simple. We want to raise the funds that we are able to raise in order to then invest them into community initiatives that play the supporter enabler role to all these projects we just talked about. We're not, we are never the project. We are the top cheerleader of the project. Think of us like that. And in terms of, um, but interestingly, unlike, I, I mean, I don't know much about other found, uh, nonprofit session compare, but interestingly, the donating companies are relevant, not just because of their cash that they have put in, but because those companies are part of this ecosystem and they need to, um, them being in this ecosystem, they help create content around cloud native. They, they do more than give us money. And that's why we really like our members, uh, they'll provide contributing engineers to projects. They will help us with marketing with case studies and interviews and all of that. And so it, it becomes this like healthy cycle of it starts with someone donating to become a member, but they end up doing so many different things. Mm-hmm <affirmative> and ultimately the goal is make cloud native ubiquitous and all this goes towards >>That. So talk to me about conflict resolution, because there's some really big projects in CNC, but only some stuff that is changed, literally changing the world, but there's competing interest between some of the projects. I mean, you, you, there there's, if you look at service mesh, there's a lot of service mesh solutions Uhhuh. Yes. And there's just different visions. Where's the CNCF and, and kind of just making sure the community aspect is thought across all of the different or considered across all the different projects as they have the let's say inevitably bump heads. >>Yeah. So by design CNCF was never meant to be a king maker where you picked one project. Right. And I think that's been working out really well because, um, one is when you accept a project, you're not a hundred percent sure that specific one is gonna take over that technology space. Right. So we're leaving it open to see who works it out. The second is that as every company is becoming a technology company, use cases are different. So a service mesh service mesh a might work really well for my company, but it really may not be a fit for your code base. And so the diversity of options is actually a really good thing. >>So talk to me about, uh, saw an interesting note coming out of the keynote yesterday, 65% of the participants here at CU con are new to Kuan. I'm like, oh, I'm a, I'm a vet. You are, I went to two or three before this. So O GE yeah, OG actually, that's what I tweeted OG of Kuan, but, uh, who, who are they like, what's making up? Are they developers? Are they traditional enterprises? Are they contributing companies? Who's the 65%, >>Um, who's the 65%, >>Right? The new, new, >>Well, it's all kinds of C companies sending their developers, right? It's sometimes there's a lot of them are end users. I think at least half or a third, at least of attendees are end user companies. And, uh, then there is also like the new startups around town. And then there is like the, every big company or small has been hiring developers as fast as possible. And even if they've always been a player in cloud native, they need to send all these people to this ecosystem to start building the relationships start like learning the technology. So it's all kinds of folks are collecting to that here. >>As I, as I think about people starting to learn the technologies, learn the communities, the one thing the market change for this coupon for me over others is the number of customers, sharing stories, end user organizations. Mm-hmm, <affirmative>, mm-hmm, <affirmative> much of the cuon that I've been through many of the open source conferences. It's always been like vendors pushing their message, et cetera. What talk, tell me about that. C change. >>One thing that's like just immediate, um, and the case right now is that all the co-chairs for the event who are in charge of designing the agenda are end users. So we have Emily Fox from apple. We have Jasmine James from Twitter, and we have Ricardo Roka from se. So they're all end users. So naturally they're like, you know, picking talks that they're like, well, this is very relevant. Imma go for that and I'm here for it. Right? So that's one thing that's just happening. The other though is a greater trend, which is, as I was saying in the pandemic, so many companies has to get going and quickly that they have built expertise and users are no longer the passive recipients of information. They're equal contributors. They know what they need, what they want, they have experiences to share. And you're seeing that reflected in the conference. >>One thing I've seen at other conferences in the past that started out really for practitioners, uh, is that invariably, they want to go upscale and they wanna draw the CIOs and the, oh yeah. The, uh, you know, the executive, the top executives. Is that an objective, uh, for you or, or do you really want to keep this kind of a, a t-shirt crowd for the long term? >>Hey, everyone's welcome. That's really important, you know? Right. And, um, so we, and that's why we are trying to expand. It's like, you know, middle out as they had in the Silicon valley show the idea being, sorry, I just meant this a little. Okay. So the idea being that we've had the core developer crews, developer, DevOps, SRE crowd, right op over the course of the last virtual events, we actually expanded in the other direction. We put in a business value track, which was more for like people in the business, but not in as a developer or DevOps engineer. We also had a student thing where it's like, you're trying to get all the university crowd people, and it's been working phenomen phenomenally. And then actually this, this event, we went, uh, in the other direction as well. We hosted our inaugural CTO summit, which is for senior leadership and end user companies. And the idea is they're discussing topics of technology that are business relevant. So our topic this time was resiliency in multi-cloud and we're producing a research paper about it. That's gonna come out in some weeks. So BA so with, for us, it's about getting everybody under this tent. Right. And, but it will never mean that we deprioritize what we started with, which is the engineering crowd. It's just an expansion >>Stay true to your roots. >>Yes. Well, Prianca, we're going to talk to a lot of those startup communities tomorrow. Ah, tomorrow's coverage. It's all about startups. Why should CTOs, uh, new startups talk to these upstarts of as opposed to some of the bigger players here on the show floor, over 170 sponsoring companies, the show floor has been vibrant engaging. Yes. And we're going to get into that community tomorrow's coverage on the cube from Valencia Spain. I'm Keith Townson, along with Paul Gillon and you're watching the cube, the leader and high tech coverage.

(upbeat music) >> Announcer: TheCUBE presents KubeCon and CloudNativeCon Europe, 2022. Brought to you by Red Hat, the Cloud Native Computing Foundation and its ecosystem partners. >> Welcome to Valencia, Spain, a KubeCon, CloudNativeCon Europe, 2022. I'm your host, Keith Townsend alongside Paul Gillon, Senior Editor, Enterprise Architecture for SiliconANGLE. We are, I think at the half point way point this to be fair we've talked to a lot of folks in open source in general. What's the difference between open source communities and these closed source communities that we attend so so much? >> Well open source is just it's that it's open it's anybody can contribute. There are a set of rules that manage how your contributions are reflected in the code base. What has to be shared, what you can keep to yourself but the it's an entirely different vibe. You know, you go to a conventional conference where there's a lot of proprietary being sold and it's all about cash. It's all about money changing hands. It's all about doing the deal. And open source conferences I think are more, they're more transparent and yeah money changes hands, but it seems like the objective of the interaction is not to consummate a deal to the degree that it is at a more conventional computer conference. >> And I think that can create an uneven side effect. And we're going to talk about that a little bit with, honestly a friend of mine Alex Ellis, founder of OpenFaaS. Alex welcome back to the program. >> Thank you, good to see Keith. >> So how long you've been doing OpenFaaS? >> Well, I first had this idea that serverless and function should be run on your own hardware back in 2016. >> Wow and I remember seeing you at DockerCon EU, was that in 2017? >> Yeah, I think that's when we first met and Simon Foskett took us out to dinner and we got chatting. And I just remember you went back to your hotel room after the presentation. You just had your iPhone out and your headphones you were talking about how you tried to OpenWhisk and really struggled with it and OpenFaaS sort of got you where you needed to be to sort of get some value out of the solution. >> And I think that's the magic of these open source communities in open source conferences that you can try stuff, you can struggle with it, come to a conference either get some advice or go in another direction and try something like a OpenFaaS. But we're going to talk about the business perspective. >> Yeah. >> Give us some, like give us some hero numbers from the project. What types of organizations are using OpenFaaS and what are like the download and stars all those, the ways you guys measure project success. >> So there's a few ways that you hear this talked about at KubeCon specifically. And one of the metrics that you hear the most often is GitHub stars. Now a GitHub star means that somebody with their laptop like yourself has heard of a project or seen it on their phone and clicked a button that's it. There's not really an indication of adoption but of interest. And that might be fleeting and a blog post you might publish you might bump that up by 2000. And so OpenFaaS quite quickly got a lot of stars which encouraged me to go on and do more with it. And it's now just crossed 30,000 across the whole organization of about 40 different open source repositories. >> Wow that is a number. >> Now you are in ecosystem where Knative is also taken off. And can you distinguish your approach to serverless or FaaS to Knatives? >> Yes so, Knative isn't an approach to FaaS. That's simply put and if you listen to Aikas Ville from the Knative project, he was working inside Google and wished that Kubernetes would do a little bit more than what it did. And so he started an initiative with some others to start bringing more abstractions like Auto Scaling, revision management so he can have two versions of code and and shift traffic around. And that's really what they're trying to do is add onto Kubernetes and make it do some of the things that a platform might do. Now OpenFaaS started from a different angle and frankly, two years earlier. >> There was no Kubernetes when you started it. >> It kind of led in the space and and built out that ecosystem. So the idea was, I was working with Lambda and AWS Alexa skills. I wanted to run them on my own hardware and I couldn't. And so OpenFaaS from the beginning started from that developer experience of here's my code, run it for me. Knative is a set of extensions that may be a building block but you're still pretty much working with Kubernetes. We get calls come through. And actually recently I can't tell you who they are but there's a very large telecommunications provider in the US that was using OpenFaaS, like yourself heard of Knative and in the hype they switched. And then they switched back again recently to OpenFaaS and they've come to us for quite a large commercial deal. >> So did they find Knative to be more restrictive? >> No, it's the opposite. It's a lot less opinionated. It's more like building blocks and you are dealing with a lot more detail. It's a much bigger system to manage, but don't get me wrong. I mean the guys are very friendly. They have their sort of use cases that they pursue. Google's now donated the project to CNCF. And so they're running it that way. Now it doesn't mean that there aren't FaaS on top of it. Red Hat have a serverless product VMware have one. But OpenFaaS because it owns the whole stack can get you something that's always been very lean, simple to use to the point that Keith in his hotel room installed it and was product with it in an evening without having to be a Kubernetes expert. >> And that is and if you remember back that was very anti-Kubernetes. >> Yes. >> It was not a platform I thought that was. And for some of the very same reasons, I didn't think it was very user friendly. You know, I tried open with I'm thinking what enterprise is going to try this thing, especially without the handholding and the support needed to do that. And you know, something pretty interesting that happened as I shared this with you on Twitter, I was having a briefing by a big microprocessor company, one of the big two. And they were showing me some of the work they were doing in Cloud-native and the way that they stretch test the system to show me Auto Scaling. Is that they bought up a OpenFaaS what is it? The well text that just does a bunch of, >> The cows maybe. >> Yeah the cows. That does just a bunch of texts. And it just all, and I'm like one I was amazed at is super simple app. And the second one was the reason why they discovered it was because of that simplicity is just a thing that's in your store that you can just download and test. And it was open fast. And it was this big company that you had no idea that was using >> No >> OpenFaaS. >> No. >> How prevalent is that? That you're always running into like these surprises of who's using the solution. >> There are a lot of top tier companies, billion dollar companies that use software that I've worked on. And it's quite common. The main issue you have with open source is you don't have like the commercial software you talked about, the relationships. They don't tell you they're using it until it breaks. And then they may come in incognito with a personal email address asking for things. What they don't want to do often is lend their brands or support you. And so it is a big challenge. However, early on, when I met you, BT, live person the University of Washington, and a bunch of other companies had told us they were using it. We were having discussions with them took them to Kubecon and did talks with them. You can go and look at them in the video player. However, when I left my job in 2019 to work on this full time I went to them and I said, you know, use it in production it's useful for you. We've done a talk, we really understand the business value of how it saves you time. I haven't got a way to fund it and it won't exist unless you help they were like sucks to be you. >> Wow that's brutal. So, okay let me get this right. I remember the story 2019, you leave your job. You say I'm going to do OpenFaaS and support this project 100% of your time. If there's no one contributing to the project from a financial perspective how do you make money? I've always pitched open source because you're the first person that I've met that ran an open source project. And I always pitched them people like you who work on it on their side time. But they're not the Knatives of the world, the SDOs, they have full time developers. Sponsored by Google and Microsoft, etc. If you're not sponsored how do you make money off of open source? >> If this is the million dollar question, really? How do you make money from something that is completely free? Where all of the value has already been captured by a company and they have no incentive to support you build a relationship or send you money in any way. >> And no one has really figured it out. Arguably Red Hat is the only one that's pulled it off. >> Well, people do refer to Red Hat and they say the Red Hat model but I think that was a one off. And we quite, we can kind of agree about that in a business. However, I eventually accepted the fact that companies don't pay for something they can get for free. It took me a very long time to get around that because you know, with open source enthusiast built a huge community around this project, almost 400 people have contributed code to it over the years. And we have had full-time people working on it on and off. And there's some people who really support it in their working hours or at home on the weekends. But no, I had to really think, right, what am I going to offer? And to begin with it would support existing customers weren't interested. They're not really customers because they're consuming it as a project. So I needed to create a product because we understand we buy products. Initially I just couldn't find the right customers. And so many times I thought about giving up, leaving it behind, my family would've supported me with that as well. And they would've known exactly why even you would've done. And so what I started to do was offer my insights as a community leader, as a maintainer to companies like we've got here. So Casting one of my customers, CSIG one of my customers, Rancher R, DigitalOcean, a lot of the vendors you see here. And I was able to get a significant amount of money by lending my expertise and writing content that gave me enough buffer to give the doctors time to realize that maybe they do need support and go a bit further into production. And over the last 12 months, we've been signing six figure deals with existing users and new users alike in enterprise. >> For support >> For support, for licensing of new features that are close source and for consulting. >> So you have proprietary extensions. Also that are sort of enterprise class. Right and then also the consulting business, the support business which is a proven business model that has worked >> Is a proven business model. What it's not a proven business model is if you work hard enough, you deserve to be rewarded. >> Mmh. >> You have to go with the system. Winter comes after autumn. Summer comes after spring and you, it's no point saying why is it like that? That's the way it is. And if you go with it, you can benefit from it. And that's what the realization I had as much as I didn't want to do it. >> So you know this community, well you know there's other project founders out here thinking about making the leap. If you're giving advice to a project founder and they're thinking about making this leap, you know quitting their job and becoming the next Alex. And I think this is the perception that the misperception out there. >> Yes. >> You're, you're well known. There's a difference between being well known and well compensated. >> Yeah. >> What advice would you give those founders >> To be. >> Before they make the leap to say you know what I'm going to do my project full time. I'm going to lean on the generosity of the community. So there are some generous people in the community. You've done some really interesting things for individual like contributions etc but that's not enough. >> So look, I mean really you have to go back to the MBA mindset. What problem are you trying to solve? Who is your target customer? What do they care about? What do they eat and drink? When do they go to sleep? You really need to know who this is for. And then customize a journey for them so that they can come to you. And you need some way initially of funneling those people in qualifying them because not everybody that comes to a student or somebody doing a PhD is not your customer. >> Right, right. >> You need to understand sales. You need to understand a lot about business but you can work it out on your way. You know, I'm testament to that. And once you have people you then need something to sell them that might meet their needs and be prepared to tell them that what you've got isn't right for them. 'cause sometimes that's the one thing that will build integrity. >> That's very hard for community leaders. It's very hard for community leaders to say, no >> Absolutely so how do you help them over that hump? I think of what you've done. >> So you have to set some boundaries because as an open source developer and maintainer you want to help everybody that's there regardless. And I think for me it was taking some of the open source features that companies used not releasing them anymore in the open source edition, putting them into the paid developing new features based on what feedback we'd had, offering support as well but also understanding what is support. What do you need to offer? You may think you need a one hour SLA for a fix probably turns out that you could sell a three day response time or one day response time. And some people would want that and see value in it. But you're not going to know until you talk to your customers. >> I want to ask you, because this has been a particular interest of mine. It seems like managed services have been kind of the lifeline for pure open source companies. Enabling these companies to maintain their open source roots, but still have a revenue stream of delivering as a service. Is that a business model option you've looked at? >> There's three business models perhaps that are prevalent. One is OpenCore, which is roughly what I'm following. >> Right. >> Then there is SaaS, which is what you understand and then there's support on pure open source. So that's more like what Rancher does. Now if you think of a company like Buoyant that produces Linkerd they do a bit of both. So they don't have any close source pieces yet but they can host it for you or you can host it and they'll support you. And so I think if there's a way that you can put your product into a SaaS that makes it easier for them to run then you know go for it. However, we've OpenFaaS, remember what is the core problem we are solving, portability So why lock into my cloud? >> Take that option off the table, go ahead. >> It's been a long journey and I've been a fan since your start. I've seen the bumps and bruises and the scars get made. If you're open source leader and you're thinking about becoming as famous as Alex, hey you can do that, you can put in all the work become famous but if you want to make a living, solve a problem, understand what people are willing to pay for that problem and go out and sell it. Valuable lessons here on theCUBE. From Valencia, Spain I'm Keith Townsend along with Paul Gillon and you're watching theCUBE the leader in high-tech coverage. (Upbeat music)

(upbeat music) >> Announcer: theCUBE presents KubeCon and CloudNativeCon Europe 2022, brought to you by Red Hat, the Cloud Native Computing Foundation, and its ecosystem partners. >> Welcome to Valencia, Spain, in KubeCon CloudNativeCon Europe 2022. I'm your host Keith Townsend, along with Paul Gillon. And we're going to talk to some amazing folks. But first Paul, do you remember your college days? >> Vaguely. (Keith laughing) A lot of them are lost. >> I think a lot of mine are lost as well. Well, not really, I got my degree as an adult, so they're not that far past. I can remember 'cause I have the student debt to prove it. (both laughing) Along with us today is Kenneth Hoste, systems administrator at Ghent University, and Marcel Hild, senior manager software engineering at Red Hat. You're working in office of the CTO? >> That's absolutely correct, yes >> So first off, I'm going to start off with you Kenneth. Tell us a little bit about the research that the university does. Like what's the end result? >> Oh, wow, that's a good question. So the research we do at university and again, is very broad. We have bioinformaticians, physicists, people looking at financial data, all kinds of stuff. And the end result can be very varied as well. Very often it's research papers, or spinoffs from the university. Yeah, depending on the domain I would say, it depends a lot on. >> So that sounds like the perfect environment for cloud native. Like the infrastructure that's completely flexible, that researchers can come and have a standard way of interacting, each team just use it's resources as they would, the Navana for cloud native. >> Yeah. >> But somehow, I'm going to guess HPC isn't quite there yet. >> Yeah, not really, no. So, HPC is a bit, let's say slow into adopting new technologies. And we're definitely seeing some impact from cloud, especially things like containers and Kubernetes, or we're starting to hear these things in HPC community as well. But I haven't seen a lot of HPC clusters who are really fully cloud native. Not yet at least. Maybe this is coming. And if I'm walking around here at KubeCon, I can definitely, I'm being convinced that it's coming. So whether we like it or not we're probably going to have to start worrying about stuff like this. But we're still, let's say, the most prominent technologies of things like NPI, which has been there for 20, 30 years. The Fortran programming language is still the main language, if you're looking at compute time being spent on supercomputers, over 1/2 of the time spent is in Fortran code essentially. >> Keith: Wow. >> So either the application itself where the simulations are being done is implemented in Fortran, or the libraries that we are talking to from Python for example, for doing heavy duty computations, that backend library is implemented in Fortran. So if you take all of that into account, easily over 1/2 of the time is spent in Fortran code. >> So is this because the libraries don't migrate easily to, distributed to that environment? >> Well, it's multiple things. So first of all, Fortran is very well suited for implementing these type of things. >> Paul: Right. >> We haven't really seen a better alternative maybe. And also it'll be a huge effort to re-implement that same functionality in a newer language. So, the use case has to be very convincing, there has to be a very good reason why you would move away from Fortran. And, at least the HPC community hasn't seen that reason yet. >> So in theory, and right now we're talking about the theory and then what it takes to get to the future. In theory, I can take that Fortran code put it in a compiler that runs in a container? >> Yeah, of course, yeah. >> Why isn't it that simple? >> I guess because traditionally HPC is very slow at adopting new stuff. So, I'm not saying there isn't a reason that we should start looking at these things. Flexibility is a very important one. For a lot of researchers, their compute needs are very picky. So they're doing research, they have an idea, they want you to run lots of simulations, get the results, but then they're silent for a long time writing the paper, or thinking about how to, what they can learn from the results. So there's lots of peaks, and that's a very good fit for a cloud environment. I guess at the scale of university you have enough diversity end users that all those peaks never fall at the same time. So if you have your big own infrastructure you can still fill it up quite easily and keep your users happy. But this busty thing, I guess we're seeing that more and more or so. >> So Marcel, talk to us about, Red Hat needing to service these types of end users. That it can be on both ends I'd imagine that you have some people still in writing in Fortran, you have some people that's asking you for objects based storage. Where's Fortran, I'm sorry, not Fortran, but where is Red Hat in providing the underlay and the capabilities for the HPC and AI community? >> Yeah. So, I think if you look at the user base that we're looking at, it's on this spectrum from development to production. So putting AI workloads into production, it's an interesting challenge but it's easier to solve, and it has been solved to some extent, than the development cycle. So what we're looking at in Kenneth's domain it's more like the end user, the data scientist, developing code, and doing these experiments. Putting them into production is that's where containers live and thrive. You can containerize your model, you containerize your workload, you deploy it into your OpenShift Kubernetes cluster, done, you monitor it, done. So the software developments and the SRE, the ops part, done, but how do I get the data scientist into this cloud native age where he's not developing on his laptop or on a machine, where he SSH into and then does some stuff there. And then some system admin comes and needs to tweak it because it's running out of memory or whatnot. But how do we take him and make him, well, and provide him an environment that is good enough to work in, in the browser, and then with IDE, where the workload of doing the computation and the experimentation is repeatable, so that the environment is always the same, it's reliable, so it's always up and running. It doesn't consume resources, although it's up and running. Where it's, where the supply chain and the configuration of... And the, well, the modules that are brought into the system are also reliable. So all these problems that we solved in the traditional software development world, now have to transition into the data science and HPC world, where the problems are similar, but yeah, it's different sets. It's more or less, also a huge educational problem and transitioning the tools over into that is something... >> Well, is this mostly a technical issue or is this a cultural issue? I mean, are HPC workloads that different from more conventional OLTP workloads that they would not adapt well to a distributed containerized environment? >> I think it's both. So, on one hand it's the cultural issue because you have two different communities, everybody is reinventing the wheel, everybody is some sort of siloed. So they think, okay, what we've done for 30 years now we, there's no need to change it. And they, so it's, that's what thrives and here at KubeCon where you have different communities coming together, okay, this is how you solved the problem, maybe this applies also to our problem. But it's also the, well, the tooling, which is bound to a machine, which is bound to an HPC computer, which is architecturally different than a distributed environment where you would treat your containers as kettle, and as something that you can replace, right? And the HPC community usually builds up huge machines, and these are like the gray machines. So it's also technical bit of moving it to this age. >> So the massively parallel nature of HPC workloads you're saying Kubernetes has not yet been adapted to that? >> Well, I think that parallelism works great. It's just a matter of moving that out from an HPC computer into the scale out factor of a Kubernetes cloud that elastically scales out. Whereas the traditional HPC computer, I think, and Kenneth can correct me here is, more like, I have this massive computer with 1 million cores or whatnot, and now use it. And I can use my time slice, and book my time slice there. Whereas this a Kubernetes example the concept is more like, I have 1000 cores and I declare something into it and scale it up and down based on the needs. >> So, Kenneth, this is where you talked about the culture part of the changes that need to be happening. And quite frankly, the computer is a tool, it's a tool to get to the answer. And if that tool is working, if I have a 1000 cores on a single HPC thing, and you're telling me, well, I can't get to a system with 2000 cores. And if you containerized your process and move it over then maybe I'll get to the answer 50% faster maybe I'm not that... Someone has to make that decision. How important is it to get people involved in these types of communities from a researcher? 'Cause research is very tight-knit community to have these conversations and help that see move happen. >> I think it's very important to that community should, let's say, the cloud community, HPC research community, they should be talking a lot more, there should be way more cross pollination than there is today. I'm actually, I'm happy that I've seen HPC mentioned at booths and talks quite often here at KubeCon, I wasn't really expecting that. And I'm not sure, it's my first KubeCon, so I don't know, but I think that's kind of new, it's pretty recent. If you're going to the HPC community conferences there containers have been there for a couple of years now, something like Kubernetes is still a bit new. But just this morning there was a keynote by a guy from CERN, who was explaining, they're basically slowly moving towards Kubernetes even for their HPC clusters as well. And he's seeing that as the future because all the flexibility it gives you and you can basically hide all that from the end user, from the researcher. They don't really have to know that they're running on top of Kubernetes. They shouldn't care. Like you said, to them it's just a tool, and they care about if the tool works, they can get their answers and that's what they want to do. How that's actually being done in the background they don't really care. >> So talk to me about the AI side of the equation, because when I talk to people doing AI, they're on the other end of the spectrum. What are some of the benefits they're seeing from containerization? >> I think it's the reproducibility of experiments. So, and data scientists are, they're data scientists and they do research. So they care about their experiment. And maybe they also care about putting the model into production. But, I think from a geeky perspective they are more interested in finding the next model, finding the next solution. So they do an experiment, and they're done with it, and then maybe it's going to production. So how do I repeat that experiment in a year from now, so that I can build on top of it? And a container I think is the best solution to wrap something with its dependency, like freeze it, maybe even with the data, store it away, and then come to it back later and redo the experiment or share the experiment with some of my fellow researchers, so that they don't have to go through the process of setting up an equivalent environment on their machines, be it their laptop, via their cloud environment. So you go to the internet, download something doesn't work, container works. >> Well, you said something that really intrigues me you know in concept, I can have a, let's say a one terabyte data set, have a experiment associated with that. Take a snapshot of that somehow, I don't know how, take a snapshot of that and then share it with the rest of the community and then continue my work. >> Marcel: Yeah. >> And then we can stop back and compare notes. Where are we at in a maturity scale? Like, what are some of the pitfalls or challenges customers should be looking out for? >> I think you actually said it right there, how do I snapshot a terabyte of data? It's, that's... >> It's a terabyte of data. (both conversing) >> It's a bit of a challenge. And if you snapshot it, you have two terabytes of data or you just snapshot the, like and get you to do a, okay, this is currently where we're at. So that's why the technology is evolving. How do we do source control management for data? How do we license data? How do we make sure that the data is unbiased, et cetera? So that's going more into the AI side of things. But at dealing with data in a declarative way in a containerized way, I think that's where currently a lot of innovation is happening. >> What do you mean by dealing with data in a declarative way? >> If I'm saying I run this experiment based on this data set and I'm running this other experiment based on this other data set, and I as the researcher don't care where the data is stored, I care that the data is accessible. And so I might declare, this is the process that I put on my data, like a data processing pipeline. These are the steps that it's going through. And eventually it will have gone through this process and I can work with my data. Pretty much like applying the concept of pipelines through data. Like you have these data pipelines and then now you have cube flow pipelines as one solution to apply the pipeline concept, to well, managing your data. >> Given the stateless nature of containers, is that an impediment to HPC adoption because of the very large data sets that are typically involved? >> I think it is if you have terabytes of data. Just, you have to get it to the place where the computation will happen, right? And just uploading that into the cloud is already a challenge. If you have the data sitting there on a supercomputer and maybe it was sitting there for two years, you probably don't care. And typically a lot of universities the researchers don't necessarily pay for the compute time they use. Like, this is also... At least in Ghent that's the case, it's centrally funded, which means, the researchers don't have to worry about the cost, they just get access to the supercomputer. If they need two terabytes of data, they get that space and they can park it on the system for years, no problem. If they need 200 terabytes of data, that's absolutely fine. >> But the university cares about the cost? >> The university cares about the cost, but they want to enable the researchers to do the research that they want to do. >> Right. >> And we always tell researchers don't feel constrained about things like compute power, storage space. If you're doing smaller research, because you're feeling constrained, you have to tell us, and we will just expand our storage system and buy a new cluster. >> Paul: Wonderful. >> So you, to enable your research. >> It's a nice environment to be in. I think this might be a Jevons paradox problem, you give researchers this capability you might, you're going to see some amazing things. Well, now the people are snapshoting, one, two, three, four, five, different versions of a one terabytes of data. It's a good problem to have, and I hope to have you back on theCUBE, talking about how Red Hat and Ghent have solved those problems. Thank you so much for joining theCUBE. From Valencia, Spain, I'm Keith Townsend along with Paul Gillon. And you're watching theCUBE, the leader in high tech coverage. (upbeat music)

>>The cube presents, Coon and cloud native con Europe, 2022, brought to you by red hat, the cloud native computing foundation and its ecosystem partners. >>Welcome to Valencia Spain in Coon and cloud native con Europe, 2022. I'm Keith Townsend, along with my host, Paul Gillon senior editor, enterprise architecture at Silicon angle. We are continuing the conversation here at KU con cloud native con around security app defense. Paul, were you aware it was this many security challenges and, and that were native to like cloud native >>Well there's security challenges with every new technology. And as we heard, uh, today from our, some of our earlier guests, uh, containers and Kubernetes naturally introduce new variables in the landscape and that creates the potential vulnerabilities. So there's a whole industry that's evolving around that. And what we've been looking at today, yesterday, we talked very much about managing Kubernetes today. We're talking about many of the nuances of building a, a Kubernetes based environment and security is clearly one of them. >>So welcome our guests on Garrett, head of products. >>Thank >>You and community at deep fence. You know what I'm going. I'm going to start out the question with a pretty interesting security at scale is one of your taglines. >>Absolutely. >>What does that mean? Exactly. >>So Kubernetes is all about scale securing applications and Kubernetes is a completely different game to securing your traditional monolithic legacy enterprise applications. Kubernetes grows it scales it's elastic, and the perimeter around a Kubernetes application is very, very porous. There are lots of entry points. So you can't think about securing a cloud native application. The way that you might have secured a monolith securing a monolith is like securing a castle. You build a wall around it. You put guards on the gate. You control, who comes in and out, and job is more or less done securing a cloud native application. It's like securing a city. People are roaming through the city without checks and balances. There are lots of services in the city that you've got to check and monitor. It's extremely porous. So sec, all of the security problems in Kubernetes with cloud native applications, they're amplified by scale, the size of the application, the number of nodes and the complexity of the application and the way that it's built and delivered. >>That's, uh, kind of a chilling phrase. The perimeter is porous. Uh, yeah, companies are adopting Kubernetes right now. Evidently bringing in all of these new, these new, uh, vulnerability points. Do they know what they're getting into >>Many don't, there's, there's a huge amount of work around trying to help organizations make the transition from thinking about applications as single components to thinking about them as microservices with multiple little, little components, it's a really essential step because that's what allows businesses to evolve, to digitize, to deliver services, using APIs, mobile, mobile apps. So it's a necessary technical change, but it brings with it. Lots of challenges and security is one of those biggest challenges. >>So as I'm thinking about that poorest nature, I can't help, but think, you know, if I have my, my traditional IPS does a really great job of blocking that centralized data center and access to that centralized data center. As I think about that city example that you gave me, I'm thinking, you know what? I have intruders or not even intruders. I have bad actors within my city. You >>Do you, how >>Do, how does deep defense help protect me from those bad actors that are inside or roaming the city? >>So this is the wonderful, unique technology we have within deep fence. So we install little sensors, little lightweight sensors on each host. That's running your application on Kubernetes nodes as a Damon set against Fargate instances on Docker hosts on bare metal. And those sensors install little taps into the network using E B P F and they monitor the workloads. So it's a little bit like having CCTV cameras throughout your city tracking what's happening. There are a lot of solutions which we'll look at what happens on a workload traditional XDR solutions that look for things like process changes or file system changes. And we gather those signals indicators of compromise, but those alone are too little too late. They tell you that a breach has probably already happened. What deep defense does is we also look at the network. We gather network signals. We can see someone using a, a reconnaissance tool roaming through your application, sending probe traffic to try and find weak points. >>We can see them then elevating the level of attack and trying to weaponize a particular exploit that they might have find, or vulnerability that they find. We can see everything that comes into each of the components, not just at the perimeter, but right inside your application. We see what happens in those components process file, integrity, changes. And we see what comes out, attempt exfiltrate, something that looks like a database file or et cetera password. And we put all of these little subtle signals, the indicators of attack, the network based signals and the indicators of compromise. We put those together and we build a picture of the threats against each of the workloads in your cloud, native application. There's lots and lots of background, recon traffic. We see that you generally don't need to worry about that. It's just noise. But as that elevates and you see evidence of exploits and later spread, we identify that we'll let you know, or we can step in and we can proactively block the behavior that's causing those problems. So we can stop someone from accessing a component, or if a component's compromised, we can, we can freeze it and restart it. And this is a key part of the technology within our threat striker security observability platform, >>Uh, false alerts are the bane of the security ministry's existence. What do you do to protect against those? >>So we use a range of heuristics and a degree, a small degree of machine learning to try and piece together. What's happening. It's a complicated picture. So some of your viewers will have heard of a might attack matrix. So a dictionary of techniques and tactics and, and protocols that attackers might use in order to attack an infrastructure. So we gather the signals, those TTPs, and we then build a model to try and understand how those little signals pieced together. So maybe there's, you know, there's a guy with a striped striped vest that is trying the doors in your city, you know, a low level criminal who isn't getting anywhere. We'll pick that up and that's low risk. But then if we see that person infiltrate a building, because they find an open door, then that raises the level of risk. So we monitor the growing level of risk against each workload. >>And once it hits a level of concern, then we let you know, but you can then forensically go back in time and look at all of the signals that surround that. So we don't just tell you, there was an alert and a file was compromised in your workload, do something about it. We tell you the file was compromised. And prior to that, there were these events, process failures. Those could have been caused by network events that are correlated to a vulnerability that we know. And those in, in turn could have been discovered by recon traffic. So we help you build that entire active picture up. Every application's different. You need to have the context to understand and interpret signals that a solution like threat striker gives you, and we give you that context. >>So I would push back. If I'm a platform team, say, you know what? I have a service mesh. I, I have trusted traffic going to trucked traffic going from trusted sources. I'm, I'm cutting off the problem even before it happens. Why should I use, uh, deep fix? >>So a service mesh won't cut off the problem. It'll just hide the problem because a service mesh will just encrypt the traffic between each of the components. It doesn't stop the bad traffic flowing. If a component is compromised, people can still talk to another component and the service mesh happily encrypts it and hides it. What we do. We love service meshes because we can decrypt the traffic or we can inspect the individual application components before they talk to the mesh side car. So we can pull out and see the plane, text traffic. We can identify things that other tools wouldn't have a hope of, of identifying. >>So, you know, you, you just, uh, triggered something. >>Yeah. >>A lot of companies do not like decrypting that traffic after it's been sent, they don't want anyone else, including security tools to see it. Yeah. How do you ensure, how do you serve those clients? >>So we serve those clients by having an architecture that sits entirely on premise in their infrastructure. Their sensitive data never leaves their network, their VPCs, their, their boundary. They install a threat striker console. So this is the tool that does all of the analysis and make the protection decisions. They run that themselves. They deploy the threat, striker sensors in their production environment. They talk over secure links, authenticated to the console. So everything sits within their power view, their level of their degree of control. >>So if, if they're building a, a, a cloud application though, or, or a hybrid cloud application, how do you connect? How do you deal with the cloud side? >>So whether their production environments are next to the threat striker console, whether they're running on remote clouds, our sensors will run in all of those environments and the console will manage a complex hybrid environment. It will show you traffic running in your Kubernetes cluster and AWS traffic Mon running on your VMs on Google traffic, running in your 4g instances on again, on AWS and on your on-prem instances, it gathers that data securely from each of those remote places, sends it to the console that you own and operate securely. So you have full control over what is captured. It's encrypted, it's authenticated, it's streamed back. So it never leaves your level of control. >>Talk to me about the overhead. How is this deployed and managed with MI environment? >>So there are two components, as we've learned, we have the console. All of the work is done on the console, the any necessary decryption, all the calculation that runs on a Kubernetes cluster, that, that you would deploy, that you would scale. So that's fully in your control. Then you need to install little sensors on each of your production environments to bring the data back to the console. >>Now those on pots, or are those in running inside of, uh, containers themselves. >>So they are container based. They're typically deployed as a demon set. So one instance per node in your Kubernetes cluster, they are, we have put a lot of engineering work into making those as lightweight as possible. They do very little analysis themselves. They do a little bit of pre-filtering of network traffic to reduce the bandwidth, and then they pass the packets back to the management console. So our goal is to have the minimal impact on customers, production environments, so that they can scale and operate without an impact on the performance or availability of their applications. And we have customers who are monitoring services running on literally thousands of Kubernetes nodes and streaming the data back to their management console and using that to analyze from a single point of control what's going on in their applications. >>So we hear time and again, CIOs complaining that they have too many point security products. Yes, I think average of 87 in, in, in the enterprise, according to, to one survey, aren't you just another, >>And that is the big challenge with security. There is no silver bullet product that will secure everything that you have. You have your, the what, you're the, what you're securing scales over space from your infrastructure to the containers and the workloads and the application code. It scales over time. Are you secure? Are you putting security measures in, at shift left development when you deploy or are you securing production? And it scales over the environments. There is no silver bullet that will provide best to breed security across that entire set of dimensions. There are large organizations that will present you with holistic solutions, which are a bunch of different solutions with the same logo on them, bundle together under the same umbrella. Those don't necessarily solve the problem. You need to understand the risks that your organization is faced. And then what are the best to breed solutions for each of those risks and for the life cycle of your application at deep fence, we are about securing your production environment. >>Your developers have built applications. They've secured those applications using tools like SNCC, and they've ticked and signed off saying with this list of documented vulnerabilities, my application is secure. It's now ready to go into production. But when I talk to, to application security people to ops people, and I say, are the applications in your Kubernetes environment? Are they secure? They say, look, honestly, I don't know, the developers have signed off something, but that's not what I'm running. I've had to inject things into the application. So it's different. There could have been issues that were, that were discovered after the developers signed it off. The developers made exceptions, but also 60, 80% of the code I'm running in production. Didn't come from my development team. It's infrastructure, it's third party modules. So when you look at security as a whole, you realize there are so many ax axis that you have to consider. There are so many points along these, a axis, and you need to figure out in a kind of a van diagram fashion, how are you going to address security issues at each of those points? So when it comes to production security, if you want a best breed solution for finding vulnerabilities in your production environment, threat map, open source, we'll do that. And then for monitoring attack behavior threat striker enterprise will do that. Then deep defense is a great set of solutions to look at. >>So on. Thanks for stopping by security at layers is a repetitive thing that we hear security experts talk about. Not one solution will solve every problem when it comes to security from Valencia Spain, I'm Keith Townson, along with Paul Gillon and you're watching the Q the leader in high tech coverage.

>> Announcer: "theCUBE" presents KubeCon and CloudNativeCon Europe 2022 brought to you by Red Hat, the Cloud Native Computing Foundation and its ecosystem partners. >> Welcome to Valencia, Spain and KubeCon and CloudNativeCon Europe 2022. I'm Keith Townsend, my co-host, Paul Gillin, Senior Editor Enterprise Architecture for SiliconANGLE. We're going to talk, or continue to talk to amazing people. The coverage has been amazing, but also the city of Valencia is beautiful. I have to eat a little crow, I landed and I saw the convention center, Paul, have you got out and explored the city at all? >> Absolutely, my first reaction to Valencia when we were out in this industrial section was, "This looks like Cincinnati." >> Yes. >> But then I got on the bus second day here, 10 minutes to downtown, another world, it's almost a middle ages flavor down there with these little winding streets and just absolutely gorgeous city. >> Beautiful city. I compared it to Charlotte, no disrespect to Charlotte, but this is an amazing city. Naina Singh, Principal Product Manager at Red Hat, and Roland Huss, also Principal Product Manager at Red Hat. We're going to talk a little serverless. I'm going to get this right off the bat. People get kind of feisty when we call things like Knative serverless. What's the difference between something like a Lambda and Knative? >> Okay, so I'll start. Lambda is, like a function as a server, right? Which is one of the definitions of serverless. Serverless is a deployment platform now. When we introduced serverless to containers through Knative, that's when the serverless got revolutionized, it democratized serverless. Lambda was proprietary-based, you write small snippets of code, run for a short duration of time on demand, and done. And then Knative which brought serverless to containers, where all those benefits of easy, practical, event-driven, running on demand, going up and down, all those came to containers. So that's where Knative comes into picture. >> Yeah, I would also say that Knative is based on containers from the very beginning, and so, it really allows you to run arbitrary workloads in your container, whereas with Lambda you have only a limited set of language that you can use and you have a runtime contract there which is much easier with Knative to run your applications, for example, if it's coming in a language that is not supported by Lambda. And of course the most important benefit of Knative is it's run on top of Kubernetes, which allows you- >> Yes. >> To run your serverless platform on any other Kubernetes installation, so I think this is one of the biggest thing. >> I think we saw about three years ago there was a burst of interest around serverless computing and really some very compelling cost arguments for using it, and then it seemed to die down, we haven't heard a lot about serverless, and maybe I'm just not listening to the right people, but what is it going to take for serverless to kind of break out and achieve its potential? >> Yeah, I would say that really the big advantage of course of Knative in that case is that you can scale down to zero. I think this is one of the big things that will really bring more people onto board because you really save a lot of money with that if your applications are not running when they're not used. Yeah, I think also that, because you don't have this vendor log in part thing, when people realize that you can run really on every Kubernete platform, then I think that the journey of serverless will continue. >> And I will add that the event-driven applications, there hasn't been enough buzz around them yet. There is, but serverless is going to bring a new lease on life on them, right? The other thing is the ease of use for developers. With Knative, we are introducing a new programming model, the functions, where you don't even have to create containers, it would do create containers for you. >> So you create the servers, but not the containers? >> Right now, you create the containers and then you deploy them in a serverless fashion using Knative. But the container creation was on the developers, and functions is going to be the third component of Knative that we are developing upstream, and Red Hat donated that project, is going to be where code to cloud capability. So you bring your code and everything else will be taken care of, so. >> So, I'd call a function or, it's funny, we're kind of circular with this. What used to be, I'd write a function and put it into a container, this server will provide that function not just call that function as if I'm developing kind of a low code no code, not no code, but a low code effort. So if there's a repetitive thing that the community wants to do, you'll provide that as a predefined function or as a server. >> Yeah, exactly. So functions really helps the developer to bring their code into the container, so it's really kind of a new (indistinct) on top of Knative- >> on top op. >> And of course, it's also a more opinionated approach. It's really more closer coming to Lambda now because it also comes with a programming model, which means that you have certain signature that you have to implement and other stuff. But you can also create your own templates, because at the end what matters is that you have a container at the end that you can run on Knative. >> What kind of applications is serverless really the ideal platform? >> Yeah, of course the ideal application is a HTTP-based web application that has no state and that has a very non-uniform traffic shape, which means that, for example, if you have a business where you only have spikes at certain times, like maybe for Super Bowl or Christmas, when selling some merchandise like that, then you can scale up from zero very quickly at a arbitrary high depending on the load. And this is, I think, the big benefit over, for example, Kubernetes Horizontal Pod Autoscaling where it's more like indirect measures of value scaling based on CPR memory, but here, it directly relates one to one to the traffic that is coming in to concurrent request. Yeah, so this helps a lot for non-uniform traffic shapes that I think this has become one of the ideal use case. >> Yeah. But I think that is one of the most used or defined one, but I do believe that you can write almost all applications. There are some, of course, that would not be the right load, but as long as you are handling state through external mechanism. Let's say, for example you're using database to save the state, or you're using physical volume amount to save the state, it increases the density of your cluster because when they're running, the containers would pop up, when your application is not running, the container would go down, and the resources can be used to run any other application that you want to us, right? >> So, when I'm thinking about Lambda, I kind of get the event-driven nature of Lambda. I have a S3 bucket, and if a S3 event is driven, then my functions as the server will start, and that's kind of the listening servers. How does that work with Knative or a Kubernetes-based thing? 'Cause I don't have an event-driven thing that I can think of that kicks off, like, how can I do that in Kubernetes? >> So I'll start. So it is exactly the same thing. In Knative world, it's the container that's going to come up and your servers in the container, that will do the processing of that same event that you are talking. So let's say the notification came from S3 server when the object got dropped, that would trigger an application. And in world of Kubernetes, Knative, it's the container that's going to come up with the servers in it, do the processing, either find another servers or whatever it needs to do. >> So Knative is listening for the event, and when the event happens, then Knative executes the container. >> Exactly. >> Basically. >> So the concept of Knative source which is kind of adapted to the external world, for example, for the S3 bucket. And as soon as there is an event coming in, Knative will wake up that server, will transmit this event as a cloud event, which is another standard from the CNCF, and then when the server is done, then the server spins down again to zero so that the server is only running when there are events, which is very cost effective and which people really actually like to have this kind of way of dynamic scaling up from zero to one and even higher like that. >> Lambda has been sort of synonymous with serverless in the early going here, is Knative a competitor to Lambda, is it complimentary? Would you use the two together? >> Yeah, I would say that Lambda is a offering from AWS, so it's a cloud server there. Knative itself is a platform, so you can run it in the cloud, and there are other cloud offerings like from IBM, but you can also run it on-premise for example, that's the alternative. So you can also have hybrid set scenarios where you really can put one part into the cloud, the other part on-prem, and I think there's a big difference in that you have a much more flexibility and you can avoid this kind of Windows login compared to AWS Lambda. >> Because Knative provides specifications and performance tests, so you can move from one server to another. If you are on IBM offering that's using Knative, and if you go to a Google offering- >> A google offering. >> That's on Knative, or a Red Hat offering on Knative, it should be seamless because they're both conforming to the same specifications of Knative. Whereas if you are in Lambda, there are custom deployments, so you are only going to be able to run those workloads only on AWS. >> So KnativeCon, co-located event as part of KubeCon, I'm curious as to the level of effort in the user interaction for deploying Knative. 'Cause when I think about Lambda or cloud-run or one of the other functions as a servers, there is no backend that I have to worry about. And I think this is where some of the debate becomes over serverless versus some other definition. What's the level of lifting that needs to be done to deploy Knative in my Kubernetes environment? >> So if you like... >> Is this something that comes as based part of the OpenShift install or do I have to like, you know, I have to... >> Go ahead, you answer first. >> Okay, so actually for OpenShift, it's a code layer product. So you have this catalog of operator that you can choose from, and OpenShift Serverless is one part of that. So it's really kind of a one click install where you have also get a default configuration, you can flexibly configure it as you like. Yeah, we think that's a good user experience and of course you can go to these cloud offerings like Google Cloud one or IBM Code Engine, they just have everything set up for you. And the idea of other different alternatives, you have (indistinct) charts, you can install Knative in different ways, you also have options for the backend systems. For example, we mentioned that when an event comes in, then there's a broker in the middle of something which dispatches all the events to the servers, and there you can have a different backend system like Kafka or AMQ. So you can have very production grade messaging system which really is responsible for delivering your events to your servers. >> Now, Knative has recently, I'm sorry, did I interrupt you? >> No, I was just going to say that Knative, when we talk about, we generally just talk about the serverless deployment model, right? And the Eventing gets eclipsed in. That Eventing which provides this infrastructure for producing and consuming event is inherent part of Knative, right? So you install Knative, you install Eventing, and then you are ready to connect all your disparate systems through Events. With CloudEvents, that's the specification we use for consistent and portable events. >> So Knative recently admitted to the, or accepted by the Cloud Native Computing Foundation, incubating there. Congratulations, it's a big step. >> Thank you. >> Thanks. >> How does that change the outlook for Knative adoption? >> So we get a lot of support now from the CNCF which is really great, so we could be part of this conference, for example which was not so easy before that. And we see really a lot of interest and we also heard before the move that many contributors were not, started into looking into Knative because of this kind of non being part of a mutual foundation, so they were kind of afraid that the project would go away anytime like that. And we see the adoption really increases, but slowly at the moment. So we are still ramping up there and we really hope for more contributors. Yeah, that's where we are. >> CNCF is almost synonymous with open source and trust. So, being in CNCF and then having this first KnativeCon event as part of KubeCon, we are hoping, and it's a recent addition to CNCF as well, right? So we are hoping that this events and these interviews, this will catapult more interest into serverless. So I'm really, really hopeful and I only see positive from here on out for Knative. >> Well, I can sense the excitement. KnativeCon sold out, congratulations on that. >> Thank you. >> I can talk about serverless all day, it's a topic that I really love, it's a fascinating way to build applications and manage applications, but we have a lot more coverage to do today on "theCUBE" from Spain. From Valencia, Spain, I'm Keith Townsend along with Paul Gillin, and you're watching "theCUBE," the leader in high-tech coverage. (gentle upbeat music)

>>The queue presents Coon and cloud native con Europe, 2022, brought to you by red hat, the cloud native computing foundation and its ecosystem partners. >>Welcome to Licia Spain, a Coon cloud native con Europe, 2022. I'm your host, Keith Townson, along with Paul Gillon senior editor, enterprise architecture for Silicon angle. Paul, we're gonna talk to some amazing people this week. Coon, what the energy here, what, what, what, what would you say about >>It? I'd say it's reminiscent of, of early year, uh, early stage conferences I've seen with other technologies. There is a lot of startup activity. Here's a lot of money in the market, despite the sell off in the stock market lately. Uh, a lot of anticipation that there are, there could be big exits. There could be big things ahead for these companies. You don't see that when you go to the big established conferences, uh, you see just, uh, anticipation here that I don't think you see, uh, you you'll see maybe in a couple years, so it's fun to be here right now. I'm sure it'll be a very different experience in two or three years. >>So welcome to our guest cube alum. Batam Tobar the founder and CEO of Upbound. Welcome back. >>Thank you. Yeah, pleasure to be on, on the show again. >>So Paul, tell us the we're in this phase of migrations and, and moving to cloud native stacks. Are we another replatforming generation? I mean, we've done, the enterprise has done this, you know, time and time again, whether it's from Java to.net or do net to Java or from bare metal to VMs, but are we in another age of replatforming? >>You know, it's interesting. Every company has now become a tech company and every tech company needs to build a very model, you know, modern digital platform for them to actually run their business. And if they don't do that, then they'll probably be out of business. And, um, it is interesting to think about how companies are platforming and replatforming. Like, you know, as you said, just a, a few years back, you know, we were on people using cloud Foundry or using Heroku, you hear Heroku a lot, or, you know, now it's cloud native and Kubernetes and, and it, it begs the question, you know, is this the end? That to your point, is this, you know, do we have a, you know, what, what makes us sure that this is the, you know, the last platform or the future proof platform that, that people are building, >>There's never a last platform, right? There's always something around the core. The question is, is Kubernetes Linux, or is it windows? >>That, that's a good question. Um, it's more like more like Linux. I think, um, you know, the, you know, you've heard this before, but people talk about Kubernetes as a platform off platforms. Um, you can use it to build other platforms and if you know what you're doing, you can probably put, assemble a set of pieces around it and arrive at something that looks and can work for your business, but it requires a ton of talent. It requires a lot of people that actually can act, you know, know how to put this stick together to, to work for your business. It is, there's not a lot of guidance. I, we were, I think we were chatting earlier about the CSCF landscape and, and, um, how there are all these different projects and companies around it, but, but they don't come together in meaningful ways that you have, they act the enterprise itself has to figure out how to bring them together. Right. And that's the combination of what they do there organically or not is their platform. Right. And that changes. It can change over time. >>Do you think they really do. They really want to put these things together? I mean, there's, that's not what enterprise is like to do. They want to find someone who's gonna come in and, uh, turnkey do it all for them. >>Yeah. And, and if there was, this is the, this is the things like EV every week now you hear about another platform that says, this is the new Heroku. This is the new cloud Foundry, this replaces every, you know, some vendor has, and you can see them all around here. You know, companies that are basically selling platform solutions, um, that do put 'em together. And the problem with it is that you typically outgrow these, like you are, um, it might solve 80% of the use cases you care about, but the other 20% are not represented. And so you end up outgrowing the platform itself, right? And the, the choice has been mostly around, you know, do you buy something off the shelf that solves 80% of your use cases, or do you build something on your own? And then you have to spend all your resources actually going through and building all of it. And that's been the dilemma, you know, people who talk about this as a platform dilemma, but it's been, it's been the way for a long time. Like you, every, we go through this cycle every few years and, you know, people end up essentially oscillating between buying something off the, you know, that's off the shelf or building it, building it themselves. >>So what's the payoff. If I'm a CIO and I'm looking at the landscape, I don't need to understand, you know, I don't know to know what a pod is to know that looking at 200 plus projects in co and at, in cloud native, uh, foundation and the bevy of, of co-located projects and, and conferences before they, even the start of this, what's the payoff >>Increasing the pace of innovation. I mean, that literally is when we talk to customers, they all say roughly the same thing. They want something that works for their business. They want something that helps them take their, you know, line of business applications to production in a much quicker way, lets them innovate, lets them create higher engineers that can, don't have to understand everything about every system, but can actually specialize and focus on the, the parts that they sh they care about. Um, but it's all in the context of, you know, people want to be able to innovate at a very high pace, otherwise they get disrupted. >>So I was at the, you know, my favorite part of, of Coon in general is the hallway track and talking to people on the ground, doing cool things. I was talking to a engineer who was able to take their Java, stack their, their, uh, net stack and start to create APIs between and break 'em into microservices. Now teams are working across from one another realizing that, that, that promise of innovation, but that was the end point. They they're there. Yeah. As companies are thinking about replatforming where like, where do we start? I mean, looking at the, the CNCF, the, the map and it's 200 plus projects, where do I start? >>Do you typically today start with Kubernetes and, and um, a lot of companies have now deployed Kubernetes to production as a container orchestrator, whether they're going through a vendor or not, but now you are seeing all the things around it, whether it's C I C D or GI ops that they're looking at, you know, or the starting to build consoles around, you know, their, their platforms or looking at managing more than just containers. And that's a theme that, you know, we're seeing a lot now, people want, people want to actually bring this modern stack to manage, not just container workloads, but start looking at databases and cloud workloads and everything else that they're doing around it. Honestly, everybody's trying to do the same thing. They're trying to arrive at a single point of control, a single, you know, a platform that can do it all that they can centralize policy centralized controls to compliance governance, cost controls, and then expose a self-service experience to developers. Like they're all trying to build what we probably call an internal cloud platform. They don't know, they talk about it in different ways, but almost everyone is trying to build some internal platform that sits on top of, on premises. And on top of cloud, depending on their scenarios, >>You make an interesting point, which is that everyone here is to some extent trying to do the same thing. And there's fine points of granularity between now they're approaching it as you walk around this floor. Do you understand what all of these companies are doing? >>I'm not sure I understand all of them, but I, I do. I do recognize a lot of them. Yes. >>And in terms of your approach, you, you use the term control plane, uh, what is distinctive about your approach? >>Very good question. So, you know, we, we end up out take a, um, we we're trying to solve, uh, this problem as well. We're trying to help people build their own platforms. Um, but let me, let me, you know, there's a lot to it. So let me actually step back and talk about the architecture of this. But if you were to look at any cloud platform, let's take the largest one. AWS, if you peek behind the scenes at AWS, you know, um, it's basically a set of independent services, EC two S3 databases, et cetera, um, that are, you know, essentially working on different parts of, you know, like offer completely different pricing, different services, et cetera. They come together because they all integrate into a control plan. >>It's the thing that serves an API. It's the thing that gives it all a common field. It's where you do access control. It's where you do, um, billing, metering, cost control policy, et cetera. Right? And so our realization was if the enterprises are platforming and replatforming, why shouldn't they build their platform in the same way that the cloud vendors build theirs? And so we started this project almost four years ago, now three and a half years, um, called cross plain, which is a, essentially an open source control plane that can become the integration point for all services. And essentially gives you a universal control plane for cloud. >>So you mentioned the idea of the orchestrating or managing stuff other than containers, as I think about companies that built amazing platforms, enterprise companies, building amazing applications on AWS 10 years ago, and they're adopting the AWS control plane. And now I'm looking at Kubernetes is Kubernetes the way to multi-cloud to be able to control those discrete applic, uh, services in a AWS or Google cloud Azure or Oracle cloud is cetera. >>We kind of have the tease it, the parts. So there are really two parts to Kubernetes and everybody thinks of Kubernetes as a container orchestration platform. Right? And, um, you know, there is a sense that people say, if I was to run Kubernetes on everywhere and can build everything on top of containers, that I get some kind of portability across clouds, right. That I can put things in containers. And then they magically run, you know, in different environments. Um, in reality, what we've seen is not everything fits in containers. It's not gonna be the world is not gonna look like containers on the bottom. Everything else is on top. Instead, what we're gonna see is essentially a set of services that people are using across the different vendors. So if you look at like, you could be at AWS shop primarily, but I bet you're using confluent or elastic or data breaks or snowflake or Mongo or other services. >>I bet you're using things that are on premises, right? And so when you look at that and you say to build my platform as an enterprise, I have to consume services from multiple vendors. Even it's just one major cloud vendor, but I'm consuming services from others. How do I bring them together in meaningful ways so that I can, you know, build my platform on top of the collection of them and offer something that my developers can consume. And self-service on. That's not a, that's not just containers. What's interesting though, is if you look at Kubernetes and, you know, look inside it, Kubernetes built a control plane. That's actually quite useful and applicable outside of container scenarios. So this whole notion of CRDs and controllers, if you've heard that term, um, the ability, you know, like there are two parts to Kubernetes, there is the control plane, and then there's the container container, uh, workloads and the control plane is generic. >>It could be used literally across, you know, you can use it to manage things that are completely outside of container workloads. And that's what we did with cross plain. We took the control plane of Kubernetes and then built bindings providers that connected to AWS, to Google, to Azure, to digital ocean, to all these different environments. So you can bring the way of managing, you know, the style of managing that Kubernetes invented to more than just containers. You can now manage cloud services, using the same approach that you are now using with Kubernetes and using the entire ecosystem of tooling around it. >>Enterprise have been under pressure replatform for a long time. It was first go to Unix then to Linux and virtualize then to move to the cloud. Now, Kubernetes, do you think that this is the stack that enterprises can finally commit to? >>I think if you take the orientation of your deploying a control plane within your enterprise, that is extensible, that enables you to actually connect it to all the things that are under your domain, um, that that actually can be a Futureproof way of doing a platform. And, you know, if you look at the largest cloud platforms, AWS has been around for at least 15 years now, uh, and they really haven't changed the architecture of AWS significantly. It's still a control plane, a set of control planes that are managing services. >>It's a legacy >>They've added a lot of services. They've have a ton of diversity. They've added so many different things, but the architecture is still a hub and spoke that they've built, right? And if the enterprise can take the same orientation, put a control plane, let it manage all the things that are, you know, about today, arrive at a single point of control, have a single point where you can enforce policy compliance, cost controls, et cetera, mm-hmm <affirmative>, and then expose a self-service experience to your developers that actually can become future proof. >>So we've heard this promise before the cloud of clouds, basically. Yes, the, the, to be able to manage everything, what we find is the devils in the details. The being able to say, you know, a load balancer issuing a, a command to, to deploy a load balancer in AWS is different than it is in Azure, which is different than it is in GCP. How do, how do enterprises know that we can talk to a single control plane to do that? I mean, that just seems extremely difficult to manage. Oh >>Yeah. That, um, the approach is not, you're not trying to create a lowest common denominator between clouds. That's a really, really hard problem. And in fact, you get relegated to just using this, you know, really shallow features of each, if you're, if you're gonna do that, like your, your example of load balancers, load balances look completely different between between cloud vendors. Um, the approach that we kind of advocate for is that you shouldn't think of them as you shouldn't try to unify them in a way that makes them, you know, there's a, uh, there's a global abstraction that says, oh, there's a load balancer. And it somehow magically works across the different cloud vendors. I think that's a really, really hard thing to say, to do as you point out. However, if you bring them all under a same control plane, As different as they are, you're able to now apply policies. You're able to set cost controls. You're able to expose a self-service experience on top of them, even, even if they are very different. And that's, that's something that I think is, you know, been hard to do in the past. >>So BAAM, we'll love to dig deeper into this in future segments. And I'm gonna take a look at the, the, the product and project <laugh> and see where you folks land in this conversation from Valencia Spain, I'm Keith towns. And along with Paul Gillon, and you're watching the leader in high tech.

(upbeat music) >> theCUBE presents KubeCon and CloudNativeCon Europe 22, brought to you by the Cloud Native Computing Foundation. >> Valencia, Spain, a KubeCon, CloudNativeCon Europe 2022. I'm Keith Towns along with Paul Gillon, Senior Editor Enterprise Architecture for Silicon Angle. Welcome Paul. >> Thank you Keith, pleasure to work with you. >> We're going to have some amazing people this week. I think I saw stat this morning, 65% of the attendees, 7,500 folks. First time KubeCon attendees, is this your first conference? >> It is my first KubeCon and it is amazing to see how many people are here and to think of just a couple of years ago, three years ago, we were still talking about, what the Cloud was, what the Cloud was going to do and how we were going to integrate multiple Clouds. And now we have this whole new framework for computing that is just rifled out of nowhere. And as we can see by the number of people who are here this has become the dominant trend in Enterprise Architecture right now how to adopt Kubernetes and containers, build microservices based applications, and really get to that transparent Cloud that has been so elusive. >> It has been elusive. And we are seeing vendors from startups with just a few dozen people, to some of the traditional players we see in the enterprise space with 1000s of employees looking to capture kind of lightning in a bottle so to speak, this elusive concept of multicloud. >> And what we're seeing here is very typical of an early stage conference. I've seen many times over the years where the floor is really dominated by companies, frankly, I've never heard of that. The many of them are only two or three years old, you don't see the big dominant computing players with the presence here that these smaller companies have. That's very typical. We saw that in the PC age, we saw it in the early days of Unix and it's happening again. And what will happen over time is that a lot of these companies will be acquired, there'll be some consolidation. And the nature of this show will change, I think dramatically over the next couple or three years but there is an excitement and an energy in this auditorium today that is really a lot of fun and very reminiscent of other new technologies just as they requested. >> Well, speaking of new technologies, we have Dave Cole, CRO, Chief Revenue Officer. >> That's right. >> Chief Marketing Officer of Spectrum Cloud. Welcome to the show. >> Thank you. It's great to be here. >> So let's talk about this big ecosystem, Kubernetes. >> Yes. >> Solve problem? >> Well the dream is... Well, first of all applications are really the lifeblood of a company, whether it's our phone or whether it's a big company trying to connect with its customers about applications. And so the whole idea today is how do I build these applications to build that tight relationship with my customers? And how do I reinvent these applications rapidly in along comes containerization which helps you innovate more quickly? And certainly a dominant technology there is Kubernetes. And the question is, how do you get Kubernetes to help you build applications that can be born anywhere and live anywhere and take advantage of the places that it's running? Because everywhere has pluses and minuses. >> So you know what, the promise of Kubernetes from when I first read about it years ago is, runs on my laptop? >> Yeah. >> I can push it to any Cloud, any platforms. >> That's right, that's right. >> Where's the gap? Where are we in that phase? Like talk to me about scale? Is it that simple? >> Well, that is actually the problem is that today, while the technology is the dominant containerization technology in orchestration technology, it really still takes a power user, it really hasn't been very approachable to the masses. And so was these very expensive highly skilled resources that sit in a dark corner that have focused on Kubernetes, but that now is trying to evolve to make it more accessible to the masses. It's not about sort of hand wiring together, what is a typical 20 layer stack, to really manage Kubernetes and then have your engineers manually can reconfigure it and make sure everything works together. Now it's about how do I create these stacks, make it easy to deploy and manage at scale? So we've gone from sort of DIY Developer Centric to all right, now how do I manage this at scale? >> Now this is a point that is important, I think is often overlooked. This is not just about Kubernetes. This is about a whole stack of Cloud Native Technologies. And you who is going to integrate that all that stuff, piece that stuff together? Obviously, you have a role in that. But in the enterprise, what is the awareness level of how complex this stack is and how difficult it is to assemble? >> We see a recognition of that we've had developers working on Kubernetes and applications, but now when we say, how do we weave it into our production environments? How do we ensure things like scalability and governance? How do we have this sort of interesting mix of innovation, flexibility, but with control? And that's sort of an interesting combination where you want developers to be able to run fast and use the latest tools, but you need to create these guardrails to deploy it at scale. >> So where do the developers fit in that operation stack then? Is Kubernetes an AIOps or an ops task or is it sort of a shared task across the development spectrum? >> Well, I think there's a desire to allow application developers to just focus on the application and have a Kubernetes related technology that ensures that all of the infrastructure and related application services are just there to support them. And because the typical stack from the operating system to the application can be up to 20 different layers, components, you just want all those components to work together, you don't want application developers to worry about those things. And the latest technologies like Spectra Cloud there's others are making that easy application engineers focus on their apps, all of the infrastructure and the services are taken care of. And those apps can then live natively on any environment. >> So help paint this picture for us. I get AKS, EKS, Anthos, all of these distributions OpenShift, the Tanzu, where's Spectra Cloud helping me to kind of cobble together all these different distros, I thought distro was the thing just like Linux has different distros, Randy said different distros. >> That actually is the irony, is that sort of the age of debating the distros largely is over. There are a lot of distros and if you look at them there are largely shades of gray in being different from each other. But the Kubernetes distribution is just one element of like 20 elements that all have to work together. So right now what's happening is that it's not about the distribution it's now how do I again, sorry to repeat myself, but move this into scale? How do I move it into deploy at scale to be able to manage ongoing at scale to be able to innovate at-scale, to allow engineers as I said, use the coolest tools but still have technical guardrails that the enterprise knows, they'll be in control of. >> What does at-scale mean to the enterprise customers you're talking to now? What do they mean when they say that? >> Well, I think it's interesting because we think scale's different because we've all been in the industry and it's frankly, sort of boring old word. But today it means different things, like how do I automate the deployment at-scale? How do I be able to make it really easy to provision resources for applications on any environment, from either a virtualized or bare metal data center, Cloud, or today Edge is really big, where people are trying to push applications out to be closer to the source of the data. And so you want to be able to deploy it-scale, you want to manage at-scale, you want to make it easy to, as I said earlier, allow application developers to build their applications, but ITOps wants the ability to ensure security and governance and all of that. And then finally innovate at-scale. If you look at this show, it's interesting, three years ago when we started Spectra Cloud, there are about 1400 businesses or technologies in the Kubernetes ecosystem, today there's over 1800 and all of these technologies made up of open source and commercial all version in a different rates, it becomes an insurmountable problem, unless you can set those guardrails sort of that balance between flexibility, control, let developers access the technologies. But again, manage it as a part of your normal processes of a scaled operation. >> So Dave, I'm a little challenged here, because I'm hearing two where I typically consider conflicting terms. Flexibility, control. >> Yes. >> In order to achieve control, I need complexity, in order to choose flexibility, I need t-shirt, one t-shirt fits all and I get simplicity. How can I get both that just doesn't compute. >> Well, that's the opportunity and the challenge at the same time. So you're right. So developers want choice, good developers want the ability to choose the latest technology so they can innovate rapidly. And yet ITOps, wants to be able to make sure that there are guardrails. And so with some of today's technologies, like Spectra Cloud, it is, you have the ability to get both. We actually worked with dimensional research, and we sponsor an annual state of Kubernetes survey. We found this last summer, that two out of three IT executives said, you could not have both flexibility and control together, but in fact they want it. And so it is this interesting balance, how do I give engineers the ability to get anything they want, but ITOps the ability to establish control. And that's why Kubernetes is really at its next inflection point. Whereas I mentioned, it's not debates about the distro or DIY projects. It's not big incumbents creating siloed Kubernetes solutions, but in fact it's about allowing all these technologies to work together and be able to establish these controls. And that's really where the industry is today. >> Enterprise , enterprise CIOs, do not typically like to take chances. Now we were talking about the growth in the market that you described from 1400, 1800 vendors, most of these companies, very small startups, our enterprises are you seeing them willing to take a leap with these unproven companies? Or are they holding back and waiting for the IBMs, the HPS, the MicrosoftS to come in with the VMwares with whatever they solution they have? >> I think so. I mean, we sell to the global 2000. We had yesterday, as a part of Edge day here at the event, we had GE Healthcare as one of our customers telling their story, and they're a market share leader in medical imaging equipment, X-rays, MRIs, CAT scans, and they're starting to treat those as Edge devices. And so here is a very large established company, a leader in their industry, working with people like Spectra Cloud, realizing that Kubernetes is interesting technology. The Edge is an interesting thought but how do I marry the two together? So we are seeing large corporations seeing so much of an opportunity that they're working with the smaller companies, the latest technology. >> So let's talk about the Edge a little, you kind of opened it up there. How should customers think about the Edge versus the Cloud Data Center or even bare metal? >> Actually it's a... Well bare metal is fairly easy is that many people are looking to reduce some of the overhead or inefficiencies of the virtualized environment. But we've had really sort of parallel little white tornadoes, we've had bare metal as infrastructure that's been developing, and then we've had orchestration developing but they haven't really come together very well. Lately, we're finally starting to see that come together. Spectra Cloud contributed to open source a metal as a service technology that finally brings these two worlds together, making bare metal much more approachable to the enterprise. Edge is interesting, because it seems pretty obvious, you want to push your application out closer to your source of data, whether it's AI inferencing, or IoT or anything like that, you don't want to worry about intermittent connectivity or latency or anything like that. But people have wanted to be able to treat the Edge as if it's almost like a Cloud, where all I worry about is the app. So really, the Edge to us is just the next extension in a multi-Cloud sort of motif where I want these Edge devices to require low IT resources, to automate the provisioning, automate the ongoing version management, patch management, really act like a Cloud. And we're seeing this as very popular now. And I just used the GE Healthcare example of that, imagine a CAT scan machine, I'm making this part up in China and that's just an Edge device and it's doing medical imagery which is very intense in terms of data, you want to be able to process it quickly and accurately, as close to the endpoint, the healthcare provider is possible. >> So let's talk about that in some level of details, we think about kind of Edge and these fixed devices such as imaging device, are we putting agents on there, or we looking at something talking back to the Cloud? Where does special Cloud inject and help make that simple, that problem of just having dispersed endpoints all over the world simpler? >> Sure. Well we announced our Edge Kubernetes, Edge solution at a big medical conference called HIMMS, months ago. And what we allow you to do is we allow the application engineers to develop their application, and then you can de you can design this declarative model this cluster API, but beyond Cluster profile which determines which additional application services you need and the Edge device, all the person has to do with the endpoint is plug in the power, plug in the communications, it registers the Edge device, it automates the deployment of the full stack and then it does the ongoing versioning and patch management, sort of a self-driving Edge device running Kubernetes. And we make it just very easy. No IT resources required at the endpoint, no expensive field engineering resources to go to these endpoints twice a year to apply new patches and things like that, all automated. >> But there's so many different types of Edge devices with different capabilities, different operating systems, some have no operating system. I mean that seems, like a much more complex environment, just calling it the Edge is simple, but what you're really talking about is 1000s of different devices, that you have to run your applications on how are you dealing with that? >> So one of the ways is that we're really unbiased. In other words, we're OS and distro agnostic. So we don't want to debate about which distribution you like, we don't want to debate about which OS you want to use. The truth is, you're right. There's different environments and different choices that you'll want to make. And so the key is, how do you incorporate those and also recognize everything beyond those, OS and Kubernetes and all of that and manage that full stack. So that's what we do, is we allow you to choose which tools you want to use and let it be deployed and managed on any environment. >> And who's... >> So... >> I'm sorry Keith, who's responsible for making Kubernetes run on the Edge device. >> We do. We provision the entire stack. I mean, of course the company does using our product, but we provision the entire Kubernetes infrastructure stack, all the application services and the application itself on that device. >> So I would love to dig into like where pods happen and all that. But, provisioning is getting to the point that is a solve problem. Day two. >> Yes. >> Like you just mentioned HIMMS, highly regulated environments. How does Spectra Cloud helping with configuration management, change control, audit, compliance, et cetera, the hard stuff. >> Yep. And one of the things we do, you bring up a good point is we manage the full life cycle from day zero, which is sort of create, deploy, all the way to day two, which is about access control, security, it's about ongoing versioning in a patch management. It's all of that built into the platform. But you're right, like the medical industry has a lot of regulations. And so you need to be able to make sure that everything works, it's always up to the latest level have the highest level of security. And so all that's built into the platform. It's not just a fire and forget it really is about that full life cycle of deploying, managing on an ongoing basis. >> Well, Dave, I'd love to go into a great deal of detail with you about kind of this day two ops and I think we'll be covering a lot more of that topic, Paul, throughout the week, as we talk about just as we've gotten past, how do I deploy Kubernetes pod, to how do I actually operate IT? >> Absolutely, absolutely. The devil is in the details as they say. >> Well, and also too, you have to recognize that the Edge has some very unique requirements, you want very small form factors, typically, you want low IT resources, it has to be sort of zero touch or low touch because if you're a large food provider with 20,000 store locations, you don't want to send out field engineers two or three times a year to update them. So it really is an interesting beast and we have some exciting technology and people like GE are using that. >> Well, Dave, thanks a lot for coming on theCUBE, you're now KubeCon, you've not been on before? >> I have actually, yes its... But I always enjoy it. >> Great conversation. From Valencia, Spain. I'm Keith Towns, along with Paul Gillon and you're watching theCUBE, the leader in high tech coverage. (upbeat music)

>> Announcer: theCUBE presents "Kubecon and Cloudnativecon Europe 2022" brought to you by Red Hat, the Cloud Native Computing Foundation and its ecosystem partners. >> Welcome to theCUBE coverage of Kubecon 2022, E.U. I'm here with my cohost, Paul Gillin. >> Pleased to work with you, Keith. >> Nice to work with you, Paul. And we have our first two guests. "theCUBE" is hot. I'm telling you we are having interviews before the start of even the show floor. I have with me, we got to start with the customers first. Enterprise Architect Adnan Khan, welcome to the show. >> Thank you so much. >> Keith: CUBE time first, now you're at CUBE-alumni. >> Yup. >> And Haseeb Budhani, CEO Arathi, welcome back. >> Nice to talk to you again today. >> So, we're talking all things Kubernetes and we're super excited to talk to MoneyGram about their journey to Kubernetes. First question I have for Adnan. Talk to us about what your pre-Kubernetes landscape looked like? >> Yeah. Certainly, Keith. So, we had a traditional mix of legacy applications and modern applications. A few years ago we made the decision to move to a microservices architecture, and this was all happening while we were still on-prem. So, your traditional VMs. And we started 20, 30 microservices but with the microservices packing. You quickly expand to hundreds of microservices. And we started getting to that stage where managing them without sort of an orchestration platform, and just as traditional VMs, was getting to be really challenging, especially from a day two operational. You can manage 10, 15 microservices, but when you start having 50, and so forth, all those concerns around high availability, operational performance. So, we started looking at some open-source projects. Spring cloud, we are predominantly a Java shop. So, we looked at the spring cloud projects. They give you a number of initiatives for doing some of those management. And what we realized again, to manage those components without sort of a platform, was really challenging. So, that kind of led us to sort of Kubernetes where along with our journey new cloud, it was the platform that could help us with a lot of those management operational concerns. >> So, as you talk about some of those challenges, pre-Kubernetes, what were some of the operational issues that you folks experienced? >> Yeah, certain things like auto scaling is number one. I mean, that's a fundamental concept of cloud native, right? Is how do you auto scale VMs, right? You can put in some old methods and stuff, but it was really hard to do that automatically. So, Kubernetes with like HPA gives you those out of the box. Provided you set the right policies, you can have auto scaling where it can scale up and scale back, so we were doing that manually. So, before, you know, MoneyGram, obviously, holiday season, people are sending more money, Mother's Day. Our Ops team would go and basically manually scale VMs. So, we'd go from four instances to maybe eight instances, but that entailed outages. And just to plan around doing that manually, and then sort of scale them back was a lot of overhead, a lot of administration overhead. So, we wanted something that could help us do that automatically in an efficient and intrusive way. That was one of the things, monitoring and and management operations, just kind of visibility into how those applications were during what were the status of your workloads, was also a challenge to do that. >> So, Haseeb, I got to ask the question. If someone would've came to me with that problem, I'd just say, "You know what? Go to the plug to cloud." How does your group help solve some of these challenges? What do you guys do? >> Yeah. What do we do? Here's my perspective on the market as it's playing out. So, I see a bifurcation happening in the Kubernetes space. But there's the Kubernetes run time, so Amazon has EKS, Azure as AKS. There's enough of these available, they're not managed services, they're actually really good, frankly. In fact, retail customers, if you're an Amazon why would you spin up your own? Just use EKS, it's awesome. But then, there's an operational layer that is needed to run Kubernetes. My perspective is that, 50,000 enterprises are adopting Kubernetes over the next 5 to 10 years. And they're all going to go through the same exact journey, and they're all going to end up potentially making the same mistake, which is, they're going to assume that Kubernetes is easy. They're going to say, "Well, this is not hard. I got this up and running on my laptop. This is so easy, no worries. I can do EKS." But then, okay, can you consistently spin up these things? Can you scale them consistently? Do you have the right blueprints in place? Do you have the right access management in place? Do you have the right policies in place? Can you deploy applications consistently? Do you have monitoring and visibility into those things? Do your developers have access when they need it? Do you have the right networking layer in place? Do you have the right chargebacks in place? Remember you have multiple teams. And by the way, nobody has a single cluster, so you got to do this across multiple clusters. And some of them have multiple clouds. Not because they want to be multiple clouds, because, but sometimes you buy a company, and they happen to be in Azure. How many dashboards do you have now across all the open-source technologies that you have identified to solve these problems? This is where pain lies. So, I think that Kubernetes is fundamentally a solve problem. Like our friends at AWS and Azure, they've solved this problem. It's like a AKS, EKS, et cetera, EGK for that matter. They're great, and you should use them, and don't even think about spinning up QB best clusters. Don't do it, use the platforms that exist. And commensurately on-premises, OpenShift is pretty awesome. If you like it, use it. But then when it comes to the operations layer, that's where today, we end up investing in a DevOps team, and then an SRE organization that need to become experts in Kubernetes, and that is not tenable. Can you, let's say unlimited capital, unlimited budgets. Can you hire 20 people to do Kubernetes today? >> If you could find them. >> If you can find 'em, right? So, even if you could, the point is that, see five years ago when your competitors were not doing Kubernetes, it was a competitive advantage to go build a team to do Kubernetes so you could move faster. Today, you know, there's a high chance that your competitors are already buying from a Rafay or somebody like Rafay. So, now, it's better to take these really, really sharp engineers and have them work on things that make the company money. Writing operations for Kubernetes, this is a commodity now. >> How confident are you that the cloud providers won't get in and do what you do and put you out of business? >> Yeah, I mean, absolutely. In fact, I had a conversation with somebody from HBS this morning and I was telling them, I don't think you have a choice, you have to do this. Competition is not a bad thing. If we are the only company in a space, this is not a space, right? The bet we are making is that every enterprise, they have an on-prem strategy, they have at least a handful of, everybody's got at least two clouds that they're thinking about. Everybody starts with one cloud, and then they have some other cloud that they're also thinking about. For them to only rely on one cloud's tools to solve for on-prem, plus that second cloud, they potentially they may have, that's a tough thing to do. And at the same time, we as a vendor, I mean, the only real reason why startups survive, is because you have technology that is truly differentiator. Otherwise, I mean, you got to build something that is materially interesting, right? We seem to have- >> Keith: Now. Sorry, go ahead. >> No, I was going to, you actually have me thinking about something. Adnan? >> Yes. >> MoneyGram, big, well known company. a startup, adding, working in a space with Google, VMware, all the biggest names. What brought you to Rafay to solve this operational challenge? >> Yeah. A good question. So, when we started out sort of in our Kubernetes, we had heard about EKS and we are an AWS shop, so that was the most natural path. And we looked at EKS and used that to create our clusters. But then we realized very quickly, that, yes, to Haseeb's point, AWS manages the control plane for you, it gives you the high availability. So, you're not managing those components which is some really heavy lifting. But then what about all the other things like centralized dashboard? What about, we need to provision Kubernetes clusters on multicloud, right? We have other clouds that we use, or also on-prem, right? How do you do some of that stuff? We also, at that time were looking at other tools also. And I had, I remember come up with an MVP list that we needed to have in place for day one or day two operations before we even launch any single applications into production. And my Ops team looked at that list and literally, there was only one or two items that they could check off with EKS. They've got the control plane, they've got the cluster provision, but what about all those other components? And some of that kind of led us down the path of, you know, looking at, "Hey, what's out there in this space?" And we realized pretty quickly that there weren't too many. There were some large providers and capabilities like Antos, but we felt that it was a little too much for what we were trying to do at that point in time. We wanted to scale slowly. We wanted to minimize our footprint, and Rafay seemed to sort of, was a nice mix from all those different angles. >> How was the situation affecting your developer experience? >> So, that's a really good question also. So, operations was one aspect to it. The other part is the application development. We've got MoneyGram is when a lot of organizations have a plethora of technologies from Java, to .net, to node.js, what have you, right? Now, as you start saying, okay, now we're going cloud native and we're going to start deploying to Kubernetes. There's a fair amount of overhead because a tech stack, all of a sudden goes from, just being Java or just being .net, to things like Docker. All these container orchestration and deployment concerns, Kubernetes deployment artifacts, (chuckles) I got to write all this YAML as my developer say, "YAML hell." (panel laughing) I got to learn Docker files. I need to figure out a package manager like HELM on top of learning all the Kubernetes artifacts. So, initially, we went with sort of, okay, you know, we can just train our developers. And that was wrong. I mean, you can't assume that everyone is going to sort of learn all these deployment concerns and we'll adopt them. There's a lot of stuff that's outside of their sort of core dev domain, that you're putting all this burden on them. So, we could not rely on them in to be sort of CUBE cuddle experts, right? That's a fair amount overhead learning curve there. So, Rafay again, from their dashboard perspective, saw the managed CUBE cuddle, gives you that easy access for devs, where they can go and monitor the status of their workloads. They don't have to figure out, configuring all these tools locally, just to get it to work. We did some things from a DevOps perspective to basically streamline and automate that process. But then, also Rafay came in and helped us out on kind of that providing that dashboard. They don't have to break, they can basically get on through single sign on and have visibility into the status of their deployment. They can do troubleshooting diagnostics all through a single pane of glass, which was a key key item. Initially, before Rafay, we were doing that command line. And again, just getting some of the tools configured was huge, it took us days just to get that. And then the learning curve for development teams "Oh, now you got the tools, now you got to figure out how to use it." >> So, Haseeb talk to me about the cloud native infrastructure. When I look at that entire landscape number, I'm just overwhelmed by it. As a customer, I look at it, I'm like, "I don't know where to start." I'm sure, Adnan, you folks looked at it and said, "Wow, there's so many solutions." How do you engage with the ecosystem? You have to be at some level opinionated but flexible enough to meet every customer's needs. How do you approach that? >> So, it's a really tough problem to solve because... So, the thing about abstraction layers, we all know how that plays out, right? So, abstraction layers are fundamentally never the right answer because they will never catch up, because you're trying to write a layer on top. So, then we had to solve the problem, which was, well, we can't be an abstraction layer, but then at the same time, we need to provide some, sort of like centralization standardization. So, we sort of have this the following dissonance in our platform, which is actually really important to solve the problem. So, we think of a stack as floor things. There's the Kubernetes layer, infrastructure layer, and EKS is different from AKS, and it's okay. If we try to now bring them all together and make them behave as one, our customers are going to suffer. Because there are features in EKS that I really want, but then if you write an abstraction then I'm not going to get 'em so not okay. So, treat them as individual things that we logic that we now curate. So, every time EKS, for example, goes from 1.22 to 1.23, we write a new product, just so my customer can press a button and upgrade these clusters. Similarly, we do this for AKS, we do this for GK. It's a really, really hard job, but that's the job, we got to do it. On top of that, you have these things called add-ons, like my network policy, my access management policy, my et cetera. These things are all actually the same. So, whether I'm EKS or AKS, I want the same access for Keith versus Adnan, right? So, then those components are sort of the same across, doesn't matter how many clusters, doesn't matter how many clouds. On top of that, you have applications. And when it comes to the developer, in fact I do the following demo a lot of times. Because people ask the question. People say things like, "I want to run the same Kubernetes distribution everywhere because this is like Linux." Actually, it's not. So, I do a demo where I spin up access to an OpenShift cluster, and an EKS cluster, and then AKS cluster. And I say, "Log in, show me which one is which?" They're all the same. >> So, Adnan, make that real for me. I'm sure after this amount of time, developers groups have come to you with things that are snowflakes. And as a enterprise architect, you have to make it work within your framework. How has working with Rafay made that possible? >> Yeah, so I think one of the very common concerns is the whole deployment to Haseeb's point, is you are from a deployment perspective, it's still using HELM, it's still using some of the same tooling. How do you? Rafay gives us some tools. You know, they have a command line Add Cuddle API that essentially we use. We wanted parity across all our different environments, different clusters, it doesn't matter where you're running. So, that gives us basically a consistent API for deployment. We've also had challenges with just some of the tooling in general that we worked with Rafay actually, to actually extend their, Add Cuddle API for us so that we have a better deployment experience for our developers. >> Haseeb, how long does this opportunity exist for you? At some point, do the cloud providers figure this out, or does the open-source community figure out how to do what you've done and this opportunity is gone? >> So, I think back to a platform that I think very highly of, which has been around a long time and continues to live, vCenter. I think vCenter is awesome. And it's beautiful, VMware did an incredible job. What is the job? It's job is to manage VMs, right? But then it's for access, it's also storage. It's also networking in a sec, right? All these things got done because to solve a real problem, you have to think about all the things that come together to help you solve that problem from an operations perspective. My view is that this market needs essentially a vCenter, but for Kubernetes, right? And that is a very broad problem. And it's going to spend, it's not about a cloud. I mean, every cloud should build this. I mean, why would they not? It makes sense. Anto exist, right? Everybody should have one. But then, the clarity in thinking that the Rafay team seems to have exhibited, till date, seems to merit an independent company, in my opinion, I think like, I mean, from a technical perspective, this product's awesome, right? I mean, we seem to have no real competition when it comes to this broad breadth of capabilities. Will it last? We'll see, right? I mean, I keep doing "CUBE" shows, right? So, every year you can ask me that question again, and we'll see. >> You make a good point though. I mean, you're up against VMware, You're up against Google. They're both trying to do sort of the same thing you're doing. Why are you succeeding? >> Maybe it's focused. Maybe it's because of the right experience. I think startups, only in hindsight, can one tell why a startup was successful. In all honesty, I've been in a one or two startups in the past, and there's a lot of luck to this, there's a lot of timing to this. I think this timing for a product like this is perfect. Like three, four years ago, nobody would've cared. Like honesty, nobody would've cared. This is the right time to have a product like this in the market because so many enterprises are now thinking of modernization. And because everybody's doing this, this is like the boots strong problem in HCI. Everybody's doing it, but there's only so many people in the industry who actually understand this problem, so they can't even hire the people. And the CTO said, "I got to go. I don't have the people, I can't fill the seats." And then they look for solutions, and via that solution, that we're going to get embedded. And when you have infrastructure software like this embedded in your solution, we're going to be around with the... Assuming, obviously, we don't score up, right? We're going to be around with these companies for some time. We're going to have strong partners for the long term. >> Well, vCenter for Kubernetes I love to end on that note. Intriguing conversation, we could go on forever on this topic, 'cause there's a lot of work to do. I don't think this will over be a solved problem for the Kubernetes as cloud native solutions, so I think there's a lot of opportunities in that space. Haseeb Budhani, thank you for rejoining "theCUBE." Adnan Khan, welcome becoming a CUBE-alum. >> (laughs) Awesome. Thank you so much. >> Check your own profile on the sound's website, it's really cool. From Valencia, Spain, I'm Keith Townsend, along with my Host Paul Gillin . And you're watching "theCUBE," the leader in high tech coverage. (bright upbeat music)

>> theCUBE presents KubeCon and CloudNativeCon, Europe, 2022. Brought to you by Red Hat, the cloud-native computing foundation and its ecosystem partners. >> Welcome to Valencia, Spain in KubeCon, CloudNativeCon, Europe, 2022. I'm Keith Townsend with my cohosts, Enrico Signoretti, Senior IT Analyst at GigaOm. >> Exactly. >> 7,500 people I'm told, Enrico. What's the flavor of the show so far? >> It's a fantastic mood, I mean, I found a lot of people wanting to track, talk about what they're doing with Kubernetes, sharing their you know, stories, some war stories that bit tough. And you know, this is where you learn actually. Because we had a lot of Zoom calls, webinar and stuff. But it is when you talk a video, "Oh, I did it this way, and it didn't work out very well." So, and, you start a conversation like this that is really different from learning from Zoom, when, you know, everybody talks about things that work it well, they did it right. No, it's here that you learn from other experiences. >> So we're talking to amazing people the whole week, talking about those experiences here on theCUBE. Fresh on the theCUBE for the first time, Chris Voss, senior software engineer at Microsoft Xbox. Chris, welcome to the theCUBE. >> Thank you so much for having me. >> So first off, give us a high level picture of the environment that you're running at Microsoft. >> Yeah. So, you know, we've got 20 well probably close to 30 clusters at this point around the globe, you know 700 to 1,000 pods per cluster, roughly. So about 22,000 pods total. So yeah, it's pretty, pretty sizable footprint and yeah. So we've been running on Kubernetes since 2018 and well actually might be 2017, but anyways, so yeah, that's kind of our footprint. Yeah. >> So all of that, let's talk about the basics which is security across multiple I'm assuming containers, microservices, etcetera. Why did you and the team settle on Linkerd? >> Yeah, so previously we had our own kind of solution for managing TLS certs and things like that. And we found it to be pretty painful, pretty quickly. And so we knew, you know we wanted something that was a little bit more abstracted away from the developers and things like that, that allowed us to move quickly. And so we began investigating, you know, solutions to that. And a few of our colleagues went to Kubecon in San Diego in 2019, Cloudnativecon as well. And basically they just, you know, sponged it all up. And actually funny enough, my old manager was one of the people who was there and he went to the Linkerd booth and they had a thing going that was like, "Hey, get set up with MTLS in five minutes." And he was like, "This is something we want to do, why not check this out?" And he was able to do it. And so that put it on our radar. And so yeah, we investigated several others and Linkerd just perfectly fit exactly what we needed. >> So, in general we are talking about, you know, security at scale. So how you manage security scale and also flexibility. Right? So, but you know, what is the... You told us about the five minutes to start using there but you know, again, we are talking about war stories. We're talking about, you know, all these. So what kind of challenges you found at the beginning when you started adopting this technology? >> So the biggest ones were around getting up and running with like a new service, especially in the beginning, right, we were, you know, adding a new service almost every day. It felt like. And so, you know, basically it took someone going through a whole bunch of different repos, getting approvals from everyone to get the certs minted, all that fun stuff getting them put into the right environments and in the right clusters, to make sure that, you know, everybody is talking appropriately. And just the amount of work that that took alone was just a huge headache and a huge barrier to entry for us to, quickly move up the number of services we have. >> So, I'm trying to wrap my head around the scale of the challenge. When I think about certification or certificate management, I have to do it on a small scale. And every now and again, when a certificate expires it is just a troubleshooting pain. >> Yes. >> So as I think about that, it costs it's not just certificates across 22,000 pods, or it's certificates across 22,000 pods in multiple applications. How were you doing that before Linkerd? Like, what was the... And what were the pain points? Like what happens when a certificate either fails? Or expired up? Not updated? >> So, I mean, to be completely honest, the biggest thing is we're just unable to make the calls, you know, out or in, based on yeah, what is failing basically. But, you know, we saw essentially an uptick in failures around a certain service and pretty quickly, pretty quickly, we got used to the fact that it was like, oh, it's probably a cert expiration issue. And so we tried, you know, a few things in order to make that a little bit more automated and things like that. But we never came to a solution that like didn't require every engineer on the team to know essentially quite a bit about this, just to get into it, which was a huge issue. >> So talk about day two, after you've deployed Linkerd, how did this alleviate software engineers? And what was like the benefits of now having this automated way of managing certs? >> So the biggest thing is like, there is no touch from developers, everyone on our team... Well, I mean, there are a lot of people who are familiar with security and certs and all of that stuff. But no one has to know it. Like it's not a requirement. Like for instance, I knew nothing about it when I joined the team. And even when I was setting up our newer clusters, I knew very little about it. And I was still able to really quickly set up Linkerd, which was really nice. And it's been, you know, essentially we've been able to just kind of set it, and not think about it too much. Obviously, you know, there're parts of it that you have to think about, we monitor it and all that fun stuff, but yeah, it's been pretty painless almost day one. It took a long time to trust it for developers. You know, anytime there was a failure, it's like, "Oh, could this be Linkerd?" you know. But after a while, like now we don't have that immediate assumption because people have built up that trust, but. >> Also you have this massive infrastructure I mean, 30 clusters. So, I guess, that it's quite different to manage a single cluster in 30. So what are the, you know, consideration that you have to do to install this software on, you know, 30 different cluster, manage different, you know versions probably, et cetera, et cetera, et cetera. >> So, I mean, you know, as far as like... I guess, just to clarify, are you asking specifically with Linkerd? Or are you just asking in more in general? >> Well, I mean, you can take that the question in two ways. >> Okay. >> Sure, yeah, so Linkerd in particular but the 30 cluster also quite interesting. >> Yeah. So, I mean, you know, more generally, you know how we manage our clusters and things like that. We have, you know, a CLI tool that we use in order to like change context very quickly, and switch and communicate with whatever cluster we're trying to connect to and you know, are we debugging or getting logs, whatever. And then, you know, with Linkerd it's nice because again, you know, we aren't having to worry about like, oh, how is this cert being inserted in the right node? Or not the right node, but in the right cluster or things like that. Whereas with Linkerd, we don't really have that concern. When we spin up our clusters, essentially we get the route certificate and everything like that packaged up, passed along to Linkerd on installation. And then essentially, there's not much we have to do after that. >> So talk to me about your upcoming section here at Kubecon. what's the high level talking points? Like what attendees learn? >> Yeah. So it's a journey. Those are the sorts of talks that I find useful. Having not been, you know, I'm not a deep Kubernetes expert from, you know decades or whatever of experience, but-- >> I think nobody is. >> (indistinct). >> True, yes. >> That's also true. >> That's another story >> That's a job posting decades of requirements for-- >> Of course, yeah. But so, you know, it's a journey. It's really just like, hey, what made us decide on a service mesh in the first place? What made us choose Linkerd? And then what are the ways in which, you know, we use Linkerd? So what are those, you know we use some of the extra plugins and things like that. And then finally, a little bit about more what we're going to do in the future. >> Let's talk about not just necessarily the future as in two or three days from now, or two or three years from now. Well, the future after you immediately solve the low level problems with Linkerd, what were some of the surprises? Because Linkerd in service mesh and in general have side benefits. Do you experience any of those side benefits as well? >> Yeah, it's funny, you know, writing the blog post, you know, I hadn't really looked at a lot of the data in years on, you know when we did our investigations and things like that. And we had seen that we like had very low latency and low CPU utilization and things like that. And looking at some of that, I found that we were actually saving time off of requests. And I couldn't really think of why that was and I was talking with someone else and the biggest, unfortunately all that data's gone now, like the source data. So I can't go back and verify this but it makes sense, you know, there's the availability zone routing that Linkerd supports. And so I think that's actually doing it where, you know essentially, if a node is closer to another node, it's essentially, you know, routing to those ones. So when one service is talking to another service and maybe they're on the same node, you know, it short circuits that and allows us to gain some time there. It's not huge, but it adds up after, you know, 10, 20 calls down the line. >> Right. In general, so you are saying that it's smooth operations at this very, you know, simplifying your life. >> And again, we didn't have to really do anything for that. It handled that for us. >> It was there? >> Yep. Yeah, exactly. >> So we know one thing when I do it on my laptop it works fine. When I do it with across 22,000 pods, that's a different experience. What were some of the lessons learned coming out of Kubecon 2018 in San Diego? I was there. I wish I would've ran into the Microsoft folks, but what were some of the hard lessons learned scaling Linkerd across the 22,000 nodes? >> So, you know, the first one and this seems pretty obvious, but was just not something I knew about was the high availability mode of Linkerd. So obviously makes sense. You would want that in, you know a large scale environment. So like, that's one of the big lessons that like, we didn't ride away. No. Like one of the mistakes we made in one of our pre-production clusters was not turning that on. And we were kind of surprised. We were like, whoa, like all of these pods are spinning up but they're having issues, like actually getting injected and things like that. And we found, oh, okay. Yeah, you need to actually give it some more resources. But it's still very lightweight considering, you know, they have high availability mode but it's just a few instances still. >> So from, even from, you know, binary perspective and running Linkerd how much overhead is it? >> That is a great question. So I don't remember off the top of my head, the numbers but it's very lightweight. We evaluated a few different service missions and it was the lightest weight that we encountered at that point. >> And then from a resource perspective, is it a team of Linkerd people? Is it a couple of people? Like how? >> To be completely honest for a long time, it was one person Abraham, who actually is the person who proposed this talk. He couldn't make it to Valencia, but he essentially did probably 95% of the work to get into production. And then this was before, we even had a team dedicated to our infrastructure. And so we have, now we have a team dedicated, we're all kind of Linkerd folks, if not Linkerd experts, we at least can troubleshoot basically. And things like that. So it's, I think a group of six people on our team and then, you know various people who've had experience with it on other teams. >> But others, dedicated just to that. >> No one is dedicated just to it. No, it's pretty like pretty light touch once it's up and running. It took a very long time for us to really understand it and to, you know, get like not getting started, but like getting to where we really felt comfortable letting it go in production. But once it was there, like, it is very, very light touch. >> Well, I really appreciate you stopping by Chris. It's been an amazing conversation to hear how Microsoft is using a open source project. >> Exactly. >> At scale, it's just a few years ago when you would've heard the concept of Microsoft and open source together and like OS, just, you know-- >> They have changed a lot in the last few years. Now, there are huge contributors. And, you know, if you go to Azure, it's full of open source stuff, everywhere so. >> Yeah. >> Wow. The Kubecon 2022, how the world has changed in so many ways. From Valencia Spain, I'm Keith Townsend, along with Enrico Signoretti. You're watching theCUBE, the leader in high tech coverage. (upbeat music)