>> Hi, my name is Andy Clemenko. I'm a Senior Solutions Engineer at StackRox. Thanks for joining us today for my talk on labels, labels, labels. Obviously, you can reach me at all the socials. Before we get started, I like to point you to my GitHub repo, you can go to andyc.info/dc20, and it'll take you to my GitHub page where I've got all of this documentation, socials. Before we get started, I like to point you to my GitHub repo, you can go to andyc.info/dc20, (upbeat music) >> Hi, my name is Andy Clemenko. I'm a Senior Solutions Engineer at StackRox. Thanks for joining us today for my talk on labels, labels, labels. Obviously, you can reach me at all the socials. Before we get started, I like to point you to my GitHub repo, you can go to andyc.info/dc20, and it'll take you to my GitHub page where I've got all of this documentation, I've got the Keynote file there. YAMLs, I've got Dockerfiles, Compose files, all that good stuff. If you want to follow along, great, if not go back and review later, kind of fun. So let me tell you a little bit about myself. I am a former DOD contractor. This is my seventh DockerCon. I've spoken, I had the pleasure to speak at a few of them, one even in Europe. I was even a Docker employee for quite a number of years, providing solutions to the federal government and customers around containers and all things Docker. So I've been doing this a little while. One of the things that I always found interesting was the lack of understanding around labels. So why labels, right? Well, as a former DOD contractor, I had built out a large registry. And the question I constantly got was, where did this image come from? How did you get it? What's in it? Where did it come from? How did it get here? And one of the things we did to kind of alleviate some of those questions was we established a baseline set of labels. Labels really are designed to provide as much metadata around the image as possible. I ask everyone in attendance, when was the last time you pulled an image and had 100% confidence, you knew what was inside it, where it was built, how it was built, when it was built, you probably didn't, right? The last thing we obviously want is a container fire, like our image on the screen. And one kind of interesting way we can kind of prevent that is through the use of labels. We can use labels to address security, address some of the simplicity on how to run these images. So think of it, kind of like self documenting, Think of it also as an audit trail, image provenance, things like that. These are some interesting concepts that we can definitely mandate as we move forward. What is a label, right? Specifically what is the Schema? It's just a key-value. All right? It's any key and pretty much any value. What if we could dump in all kinds of information? What if we could encode things and store it in there? And I've got a fun little demo to show you about that. Let's start off with some of the simple keys, right? Author, date, description, version. Some of the basic information around the image. That would be pretty useful, right? What about specific labels for CI? What about a, where's the version control? Where's the source, right? Whether it's Git, whether it's GitLab, whether it's GitHub, whether it's Gitosis, right? Even SPN, who cares? Where are the source files that built, where's the Docker file that built this image? What's the commit number? That might be interesting in terms of tracking the resulting image to a person or to a commit, hopefully then to a person. How is it built? What if you wanted to play with it and do a git clone of the repo and then build the Docker file on your own? Having a label specifically dedicated on how to build this image might be interesting for development work. Where it was built, and obviously what build number, right? These kind of all, not only talk about continuous integration, CI but also start to talk about security. Specifically what server built it. The version control number, the version number, the commit number, again, how it was built. What's the specific build number? What was that job number in, say, Jenkins or GitLab? What if we could take it a step further? What if we could actually apply policy enforcement in the build pipeline, looking specifically for some of these specific labels? I've got a good example of, in my demo of a policy enforcement. So let's look at some sample labels. Now originally, this idea came out of label-schema.org. And then it was a modified to opencontainers, org.opencontainers.image. There is a link in my GitHub page that links to the full reference. But these are some of the labels that I like to use, just as kind of like a standardization. So obviously, Author's, an email address, so now the image is attributable to a person, that's always kind of good for security and reliability. Where's the source? Where's the version control that has the source, the Docker file and all the assets? How it was built, build number, build server the commit, we talked about, when it was created, a simple description. A fun one I like adding in is the healthZendpoint. Now obviously, the health check directive should be in the Docker file. But if you've got other systems that want to ping your applications, why not declare it and make it queryable? Image version, obviously, that's simple declarative And then a title. And then I've got the two fun ones. Remember, I talked about what if we could encode some fun things? Hypothetically, what if we could encode the Compose file of how to build the stack in the first image itself? And conversely the Kubernetes? Well, actually, you can and I have a demo to show you how to kind of take advantage of that. So how do we create labels? And really creating labels as a function of build time okay? You can't really add labels to an image after the fact. The way you do add labels is either through the Docker file, which I'm a big fan of, because it's declarative. It's in version control. It's kind of irrefutable, especially if you're tracking that commit number in a label. You can extend it from being a static kind of declaration to more a dynamic with build arguments. And I can show you, I'll show you in a little while how you can use a build argument at build time to pass in that variable. And then obviously, if you did it by hand, you could do a docker build--label key equals value. I'm not a big fan of the third one, I love the first one and obviously the second one. Being dynamic we can take advantage of some of the variables coming out of version control. Or I should say, some of the variables coming out of our CI system. And that way, it self documents effectively at build time, which is kind of cool. How do we view labels? Well, there's two major ways to view labels. The first one is obviously a docker pull and docker inspect. You can pull the image locally, you can inspect it, you can obviously, it's going to output as JSON. So you going to use something like JQ to crack it open and look at the individual labels. Another one which I found recently was Skopeo from Red Hat. This allows you to actually query the registry server. So you don't even have to pull the image initially. This can be really useful if you're on a really small development workstation, and you're trying to talk to a Kubernetes cluster and wanting to deploy apps kind of in a very simple manner. Okay? And this was that use case, right? Using Kubernetes, the Kubernetes demo. One of the interesting things about this is that you can base64 encode almost anything, push it in as text into a label and then base64 decode it, and then use it. So in this case, in my demo, I'll show you how we can actually use a kubectl apply piped from the base64 decode from the label itself from skopeo talking to the registry. And what's interesting about this kind of technique is you don't need to store Helm charts. You don't need to learn another language for your declarative automation, right? You don't need all this extra levels of abstraction inherently, if you use it as a label with a kubectl apply, It's just built in. It's kind of like the kiss approach to a certain extent. It does require some encoding when you actually build the image, but to me, it doesn't seem that hard. Okay, let's take a look at a demo. And what I'm going to do for my demo, before we actually get started is here's my repo. Here's a, let me actually go to the actual full repo. So here's the repo, right? And I've got my Jenkins pipeline 'cause I'm using Jenkins for this demo. And in my demo flask, I've got the Docker file. I've got my compose and my Kubernetes YAML. So let's take a look at the Docker file, right? So it's a simple Alpine image. The org statements are the build time arguments that are passed in. Label, so again, I'm using the org.opencontainers.image.blank, for most of them. There's a typo there. Let's see if you can find it, I'll show you it later. My source, build date, build number, commit. Build number and get commit are derived from the Jenkins itself, which is nice. I can just take advantage of existing URLs. I don't have to create anything crazy. And again, I've got my actual Docker build command. Now this is just a label on how to build it. And then here's my simple Python, APK upgrade, remove the package manager, kind of some security stuff, health check getting Python through, okay? Let's take a look at the Jenkins pipeline real quick. So here is my Jenkins pipeline and I have four major stages, four stages, I have built. And here in build, what I do is I actually do the Git clone. And then I do my docker build. From there, I actually tell the Jenkins StackRox plugin. So that's what I'm using for my security scanning. So go ahead and scan, basically, I'm staging it to scan the image. I'm pushing it to Hub, okay? Where I can see the, basically I'm pushing the image up to Hub so such that my StackRox security scanner can go ahead and scan the image. I'm kicking off the scan itself. And then if everything's successful, I'm pushing it to prod. Now what I'm doing is I'm just using the same image with two tags, pre-prod and prod. This is not exactly ideal, in your environment, you probably want to use separate registries and non-prod and a production registry, but for demonstration purposes, I think this is okay. So let's go over to my Jenkins and I've got a deliberate failure. And I'll show you why there's a reason for that. And let's go down. Let's look at my, so I have a StackRox report. Let's look at my report. And it says image required, required image label alert, right? Request that the maintainer, add the required label to the image, so we're missing a label, okay? One of the things we can do is let's flip over, and let's look at Skopeo. Right? I'm going to do this just the easy way. So instead of looking at org.zdocker, opencontainers.image.authors. Okay, see here it says build signature? That was the typo, we didn't actually pass in. So if we go back to our repo, we didn't pass in the the build time argument, we just passed in the word. So let's fix that real quick. That's the Docker file. Let's go ahead and put our dollar sign in their. First day with the fingers you going to love it. And let's go ahead and commit that. Okay? So now that that's committed, we can go back to Jenkins, and we can actually do another build. And there's number 12. And as you can see, I've been playing with this for a little bit today. And while that's running, come on, we can go ahead and look at the Console output. Okay, so there's our image. And again, look at all the build arguments that we're passing into the build statement. So we're passing in the date and the date gets derived on the command line. With the build arguments, there's the base64 encoded of the Compose file. Here's the base64 encoding of the Kubernetes YAML. We do the build. And then let's go down to the bottom layer exists and successful. So here's where we can see no system policy violations profound marking stack regimes security plugin, build step as successful, okay? So we're actually able to do policy enforcement that that image exists, that that label sorry, exists in the image. And again, we can look at the security report and there's no policy violations and no vulnerabilities. So that's pretty good for security, right? We can now enforce and mandate use of certain labels within our images. And let's flip back over to Skopeo, and let's go ahead and look at it. So we're looking at the prod version again. And there's it is in my email address. And that validated that that was valid for that policy. So that's kind of cool. Now, let's take it a step further. What if, let's go ahead and take a look at all of the image, all the labels for a second, let me remove the dash org, make it pretty. Okay? So we have all of our image labels. Again, author's build, commit number, look at the commit number. It was built today build number 12. We saw that right? Delete, build 12. So that's kind of cool dynamic labels. Name, healthz, right? But what we're looking for is we're going to look at the org.zdockerketers label. So let's go look at the label real quick. Okay, well that doesn't really help us because it's encoded but let's base64 dash D, let's decode it. And I need to put the dash r in there 'cause it doesn't like, there we go. So there's my Kubernetes YAML. So why can't we simply kubectl apply dash f? Let's just apply it from standard end. So now we've actually used that label. From the image that we've queried with skopeo, from a remote registry to deploy locally to our Kubernetes cluster. So let's go ahead and look everything's up and running, perfect. So what does that look like, right? So luckily, I'm using traefik for Ingress 'cause I love it. And I've got an object in my Kubernetes YAML called flask.doctor.life. That's my Ingress object for traefik. I can go to flask.docker.life. And I can hit refresh. Obviously, I'm not a very good web designer 'cause the background image in the text. We can go ahead and refresh it a couple times we've got Redis storing a hit counter. We can see that our server name is roundrobing. Okay? That's kind of cool. So let's kind of recap a little bit about my demo environment. So my demo environment, I'm using DigitalOcean, Ubuntu 19.10 Vms. I'm using K3s instead of full Kubernetes either full Rancher, full Open Shift or Docker Enterprise. I think K3s has some really interesting advantages on the development side and it's kind of intended for IoT but it works really well and it deploys super easy. I'm using traefik for Ingress. I love traefik. I may or may not be a traefik ambassador. I'm using Jenkins for CI. And I'm using StackRox for image scanning and policy enforcement. One of the things to think about though, especially in terms of labels is none of this demo stack is required. You can be in any cloud, you can be in CentOs, you can be in any Kubernetes. You can even be in swarm, if you wanted to, or Docker compose. Any Ingress, any CI system, Jenkins, circle, GitLab, it doesn't matter. And pretty much any scanning. One of the things that I think is kind of nice about at least StackRox is that we do a lot more than just image scanning, right? With the policy enforcement things like that. I guess that's kind of a shameless plug. But again, any of this stack is completely replaceable, with any comparative product in that category. So I'd like to, again, point you guys to the andyc.infodc20, that's take you right to the GitHub repo. You can reach out to me at any of the socials @clemenko or andy@stackrox.com. And thank you for attending. I hope you learned something fun about labels. And hopefully you guys can standardize labels in your organization and really kind of take your images and the image provenance to a new level. Thanks for watching. (upbeat music) >> Narrator: Live from Las Vegas It's theCUBE. Covering AWS re:Invent 2019. Brought to you by Amazon Web Services and Intel along with it's ecosystem partners. >> Okay, welcome back everyone theCUBE's live coverage of AWS re:Invent 2019. This is theCUBE's 7th year covering Amazon re:Invent. It's their 8th year of the conference. I want to just shout out to Intel for their sponsorship for these two amazing sets. Without their support we wouldn't be able to bring our mission of great content to you. I'm John Furrier. Stu Miniman. We're here with the chief of AWS, the chief executive officer Andy Jassy. Tech athlete in and of himself three hour Keynotes. Welcome to theCUBE again, great to see you. >> Great to be here, thanks for having me guys. >> Congratulations on a great show a lot of great buzz. >> Andy: Thank you. >> A lot of good stuff. Your Keynote was phenomenal. You get right into it, you giddy up right into it as you say, three hours, thirty announcements. You guys do a lot, but what I liked, the new addition, the last year and this year is the band; house band. They're pretty good. >> Andy: They're good right? >> They hit the queen notes, so that keeps it balanced. So we're going to work on getting a band for theCUBE. >> Awesome. >> So if I have to ask you, what's your walk up song, what would it be? >> There's so many choices, it depends on what kind of mood I'm in. But, uh, maybe Times Like These by the Foo Fighters. >> John: Alright. >> These are unusual times right now. >> Foo Fighters playing at the Amazon Intersect Show. >> Yes they are. >> Good plug Andy. >> Headlining. >> Very clever >> Always getting a good plug in there. >> My very favorite band. Well congratulations on the Intersect you got a lot going on. Intersect is a music festival, I'll get to that in a second But, I think the big news for me is two things, obviously we had a one-on-one exclusive interview and you laid out, essentially what looks like was going to be your Keynote, and it was. Transformation- >> Andy: Thank you for the practice. (Laughter) >> John: I'm glad to practice, use me anytime. >> Yeah. >> And I like to appreciate the comments on Jedi on the record, that was great. But I think the transformation story's a very real one, but the NFL news you guys just announced, to me, was so much fun and relevant. You had the Commissioner of NFL on stage with you talking about a strategic partnership. That is as top down, aggressive goal as you could get to have Rodger Goodell fly to a tech conference to sit with you and then bring his team talk about the deal. >> Well, ya know, we've been partners with the NFL for a while with the Next Gen Stats that they use on all their telecasts and one of the things I really like about Roger is that he's very curious and very interested in technology and the first couple times I spoke with him he asked me so many questions about ways the NFL might be able to use the Cloud and digital transformation to transform their various experiences and he's always said if you have a creative idea or something you think that could change the world for us, just call me he said or text me or email me and I'll call you back within 24 hours. And so, we've spent the better part of the last year talking about a lot of really interesting, strategic ways that they can evolve their experience both for fans, as well as their players and the Player Health and Safety Initiative, it's so important in sports and particularly important with the NFL given the nature of the sport and they've always had a focus on it, but what you can do with computer vision and machine learning algorithms and then building a digital athlete which is really like a digital twin of each athlete so you understand, what does it look like when they're healthy and compare that when it looks like they may not be healthy and be able to simulate all kinds of different combinations of player hits and angles and different plays so that you could try to predict injuries and predict the right equipment you need before there's a problem can be really transformational so we're super excited about it. >> Did you guys come up with the idea or was it a collaboration between them? >> It was really a collaboration. I mean they, look, they are very focused on players safety and health and it's a big deal for their- you know, they have two main constituents the players and fans and they care deeply about the players and it's a-it's a hard problem in a sport like Football, I mean, you watch it. >> Yeah, and I got to say it does point out the use cases of what you guys are promoting heavily at the show here of the SageMaker Studio, which was a big part of your Keynote, where they have all this data. >> Andy: Right. >> And they're data hoarders, they hoard data but the manual process of going through the data was a killer problem. This is consistent with a lot of the enterprises that are out there, they have more data than they even know. So this seems to be a big part of the strategy. How do you get the customers to actually wake up to the fact that they got all this data and how do you tie that together? >> I think in almost every company they know they have a lot of data. And there are always pockets of people who want to do something with it. But, when you're going to make these really big leaps forward; these transformations, the things like Volkswagen is doing where they're reinventing their factories and their manufacturing process or the NFL where they're going to radically transform how they do players uh, health and safety. It starts top down and if the senior leader isn't convicted about wanting to take that leap forward and trying something different and organizing the data differently and organizing the team differently and using machine learning and getting help from us and building algorithms and building some muscle inside the company it just doesn't happen because it's not in the normal machinery of what most companies do. And so it always, almost always, starts top down. Sometimes it can be the Commissioner or CEO sometimes it can be the CIO but it has to be senior level conviction or it doesn't get off the ground. >> And the business model impact has to be real. For NFL, they know concussions, hurting their youth pipe-lining, this is a huge issue for them. This is their business model. >> They lose even more players to lower extremity injuries. And so just the notion of trying to be able to predict injuries and, you know, the impact it can have on rules and the impact it can have on the equipment they use, it's a huge game changer when they look at the next 10 to 20 years. >> Alright, love geeking out on the NFL but Andy, you know- >> No more NFL talk? >> Off camera how about we talk? >> Nobody talks about the Giants being 2 and 10. >> Stu: We're both Patriots fans here. >> People bring up the undefeated season. >> So Andy- >> Everybody's a Patriot's fan now. (Laughter) >> It's fascinating to watch uh, you and your three hour uh, Keynote, uh Werner in his you know, architectural discussion, really showed how AWS is really extending its reach, you know, it's not just a place. For a few years people have been talking about you know, Cloud is an operational model its not a destination or a location but, I felt it really was laid out is you talked about Breadth and Depth and Werner really talked about you know, Architectural differentiation. People talk about Cloud, but there are very-there are a lot of differences between the vision for where things are going. Help us understand why, I mean, Amazon's vision is still a bit different from what other people talk about where this whole Cloud expansion, journey, put ever what tag or label you want on it but you know, the control plane and the technology that you're building and where you see that going. >> Well I think that, we've talked about this a couple times we have two macro types of customers. We have those that really want to get at the low level building blocks and stitch them together creatively however they see fit to create whatever's in their-in their heads. And then we have the second segment of customers that say look, I'm willing to give up some of that flexibility in exchange for getting 80% of the way there much faster. In an abstraction that's different from those low level building blocks. And both segments of builders we want to serve and serve well and so we've built very significant offerings in both areas. I think when you look at microservices um, you know, some of it has to do with the fact that we have this very strongly held belief born out of several years of Amazon where you know, the first 7 or 8 years of Amazon's consumer business we basically jumbled together all of the parts of our technology in moving really quickly and when we wanted to move quickly where you had to impact multiple internal development teams it was so long because it was this big ball, this big monolithic piece. And we got religion about that in trying to move faster in the consumer business and having to tease those pieces apart. And it really was a lot of impetus behind conceiving AWS where it was these low level, very flexible building blocks that6 don't try and make all the decisions for customers they get to make them themselves. And some of the microservices that you saw Werner talking about just, you know, for instance, what we-what we did with Nitro or even what we did with Firecracker those are very much about us relentlessly working to continue to uh, tease apart the different components. And even things that look like low level building blocks over time, you build more and more features and all of the sudden you realize they have a lot of things that are combined together that you wished weren't that slow you down and so, Nitro was a completely re imagining of our Hypervisor and Virtualization layer to allow us, both to let customers have better performance but also to let us move faster and have a better security story for our customers. >> I got to ask you the question around transformation because I think that all points, all the data points, you got all the references, Goldman Sachs on stage at the Keynote, Cerner, I mean healthcare just is an amazing example because I mean, that's demonstrating real value there there's no excuse. I talked to someone who wouldn't be named last night, in and around the area said, the CIA has a cost bar like this a cost-a budget like this but the demand for mission based apps is going up exponentially, so there's need for the Cloud. And so, you see more and more of that. What is your top down, aggressive goals to fill that solution base because you're also a very transformational thinker; what is your-what is your aggressive top down goals for your organization because you're serving a market with trillions of dollars of spend that's shifting, that's on the table. >> Yeah. >> A lot of competition now sees it too, they're going to go after it. But at the end of the day you have customers that have a demand for things, apps. >> Andy: Yeah. >> And not a lot of budget increase at the same time. This is a huge dynamic. >> Yeah. >> John: What's your goals? >> You know I think that at a high level our top down aggressive goals are that we want every single customer who uses our platform to have an outstanding customer experience. And we want that outstanding customer experience in part is that their operational performance and their security are outstanding, but also that it allows them to build, uh, build projects and initiatives that change their customer experience and allow them to be a sustainable successful business over a long period of time. And then, we also really want to be the technology infrastructure platform under all the applications that people build. And we're realistic, we know that you know, the market segments we address with infrastructure, software, hardware, and data center services globally are trillions of dollars in the long term and it won't only be us, but we have that goal of wanting to serve every application and that requires not just the security operational premise but also a lot of functionality and a lot of capability. We have by far the most amount of capability out there and yet I would tell you, we have 3 to 5 years of items on our roadmap that customers want us to add. And that's just what we know today. >> And Andy, underneath the covers you've been going through some transformation. When we talked a couple of years ago, about how serverless is impacting things I've heard that that's actually, in many ways, glue behind the two pizza teams to work between organizations. Talk about how the internal transformations are happening. How that impacts your discussions with customers that are going through that transformation. >> Well, I mean, there's a lot of- a lot of the technology we build comes from things that we're doing ourselves you know? And that we're learning ourselves. It's kind of how we started thinking about microservices, serverless too, we saw the need, you know, we would have we would build all these functions that when some kind of object came into an object store we would spin up, compute, all those tasks would take like, 3 or 4 hundred milliseconds then we'd spin it back down and yet, we'd have to keep a cluster up in multiple availability zones because we needed that fault tolerance and it was- we just said this is wasteful and, that's part of how we came up with Lambda and you know, when we were thinking about Lambda people understandably said, well if we build Lambda and we build this serverless adventure in computing a lot of people were keeping clusters of instances aren't going to use them anymore it's going to lead to less absolute revenue for us. But we, we have learned this lesson over the last 20 years at Amazon which is, if it's something that's good for customers you're much better off cannibalizing yourself and doing the right thing for customers and being part of shaping something. And I think if you look at the history of technology you always build things and people say well, that's going to cannibalize this and people are going to spend less money, what really ends up happening is they spend less money per unit of compute but it allows them to do so much more that they ultimately, long term, end up being more significant customers. >> I mean, you are like beating the drum all the time. Customers, what they say, we encompass the roadmap, I got that you guys have that playbook down, that's been really successful for you. >> Andy: Yeah. >> Two years ago you told me machine learning was really important to you because your customers told you. What's the next traunch of importance for customers? What's on top of mind now, as you, look at- >> Andy: Yeah. >> This re:Invent kind of coming to a close, Replay's tonight, you had conversations, you're a tech athlete, you're running around, doing speeches, talking to customers. What's that next hill from if it's machine learning today- >> There's so much I mean, (weird background noise) >> It's not a soup question (Laughter) And I think we're still in the very early days of machine learning it's not like most companies have mastered it yet even though they're using it much more then they did in the past. But, you know, I think machine learning for sure I think the Edge for sure, I think that um, we're optimistic about Quantum Computing even though I think it'll be a few years before it's really broadly useful. We're very um, enthusiastic about robotics. I think the amount of functions that are going to be done by these- >> Yeah. >> robotic applications are much more expansive than people realize. It doesn't mean humans won't have jobs, they're just going to work on things that are more value added. We're believers in augmented virtual reality, we're big believers in what's going to happen with Voice. And I'm also uh, I think sometimes people get bored you know, I think you're even bored with machine learning already >> Not yet. >> People get bored with the things you've heard about but, I think just what we've done with the Chips you know, in terms of giving people 40% better price performance in the latest generation of X86 processors. It's pretty unbelievable in the difference in what people are going to be able to do. Or just look at big data I mean, big data, we haven't gotten through big data where people have totally solved it. The amount of data that companies want to store, process, analyze, is exponentially larger than it was a few years ago and it will, I think, exponentially increase again in the next few years. You need different tools and services. >> Well I think we're not bored with machine learning we're excited to get started because we have all this data from the video and you guys got SageMaker. >> Andy: Yeah. >> We call it the stairway to machine learning heaven. >> Andy: Yeah. >> You start with the data, move up, knock- >> You guys are very sophisticated with what you do with technology and machine learning and there's so much I mean, we're just kind of, again, in such early innings. And I think that, it was so- before SageMaker, it was so hard for everyday developers and data scientists to build models but the combination of SageMaker and what's happened with thousands of companies standardizing on it the last two years, plus now SageMaker studio, giant leap forward. >> Well, we hope to use the data to transform our experience with our audience. And we're on Amazon Cloud so we really appreciate that. >> Andy: Yeah. >> And appreciate your support- >> Andy: Yeah, of course. >> John: With Amazon and get that machine learning going a little faster for us, that would be better. >> If you have requests I'm interested, yeah. >> So Andy, you talked about that you've got the customers that are builders and the customers that need simplification. Traditionally when you get into the, you know, the heart of the majority of adoption of something you really need to simplify that environment. But when I think about the successful enterprise of the future, they need to be builders. how'l I normally would've said enterprise want to pay for solutions because they don't have the skill set but, if they're going to succeed in this new economy they need to go through that transformation >> Andy: Yeah. >> That you talk to, so, I mean, are we in just a total new era when we look back will this be different than some of these previous waves? >> It's a really good question Stu, and I don't think there's a simple answer to it. I think that a lot of enterprises in some ways, I think wish that they could just skip the low level building blocks and only operate at that higher level abstraction. That's why people were so excited by things like, SageMaker, or CodeGuru, or Kendra, or Contact Lens, these are all services that allow them to just send us data and then run it on our models and get back the answers. But I think one of the big trends that we see with enterprises is that they are taking more and more of their development in house and they are wanting to operate more and more like startups. I think that they admire what companies like AirBnB and Pintrest and Slack and Robinhood and a whole bunch of those companies, Stripe, have done and so when, you know, I think you go through these phases and eras where there are waves of success at different companies and then others want to follow that success and replicate it. And so, we see more and more enterprises saying we need to take back a lot of that development in house. And as they do that, and as they add more developers those developers in most cases like to deal with the building blocks. And they have a lot of ideas on how they can creatively stich them together. >> Yeah, on that point, I want to just quickly ask you on Amazon versus other Clouds because you made a comment to me in our interview about how hard it is to provide a service to other people. And it's hard to have a service that you're using yourself and turn that around and the most quoted line of my story was, the compression algorithm- there's no compression algorithm for experience. Which to me, is the diseconomies of scale for taking shortcuts. >> Andy: Yeah. And so I think this is a really interesting point, just add some color commentary because I think this is a fundamental difference between AWS and others because you guys have a trajectory over the years of serving, at scale, customers wherever they are, whatever they want to do, now you got microservices. >> Yeah. >> John: It's even more complex. That's hard. >> Yeah. >> John: Talk about that. >> I think there are a few elements to that notion of there's no compression algorithm for experience and I think the first thing to know about AWS which is different is, we just come from a different heritage and a different background. We ran a business for a long time that was our sole business that was a consumer retail business that was very low margin. And so, we had to operate at very large scale given how many people were using us but also, we had to run infrastructure services deep in the stack, compute storage and database, and reliable scalable data centers at very low cost and margins. And so, when you look at our business it actually, today, I mean its, its a higher margin business in our retail business, its a lower margin business in software companies but at real scale, it's a high volume, relatively low margin business. And the way that you have to operate to be successful with those businesses and the things you have to think about and that DNA come from the type of operators we have to be in our consumer retail business. And there's nobody else in our space that does that. So, you know, the way that we think about costs, the way we think about innovation in the data center, um, and I also think the way that we operate services and how long we've been operating services as a company its a very different mindset than operating package software. Then you look at when uh, you think about some of the uh, issues in very large scale Cloud, you can't learn some of those lessons until you get to different elbows of the curve and scale. And so what I was telling you is, its really different to run your own platform for your own users where you get to tell them exactly how its going to be done. But that's not the way the real world works. I mean, we have millions of external customers who use us from every imaginable country and location whenever they want, without any warning, for lots of different use cases, and they have lots of design patterns and we don't get to tell them what to do. And so operating a Cloud like that, at a scale that's several times larger than the next few providers combined is a very different endeavor and a very different operating rigor. >> Well you got to keep raising the bar you guys do a great job, really impressed again. Another tsunami of announcements. In fact, you had to spill the beans earlier with Quantum the day before the event. Tight schedule. I got to ask you about the musical festival because, I think this is a very cool innovation. It's the inaugural Intersect conference. >> Yes. >> John: Which is not part of Replay, >> Yes. >> John: Which is the concert tonight. Its a whole new thing, big music act, you're a big music buff, your daughter's an artist. Why did you do this? What's the purpose? What's your goal? >> Yeah, it's an experiment. I think that what's happened is that re:Invent has gotten so big, we have 65 thousand people here, that to do the party, which we do every year, its like a 35-40 thousand person concert now. Which means you have to have a location that has multiple stages and, you know, we thought about it last year and when we were watching it and we said, we're kind of throwing, like, a 4 hour music festival right now. There's multiple stages, and its quite expensive to set up that set for a party and we said well, maybe we don't have to spend all that money for 4 hours and then rip it apart because actually the rent to keep those locations for another two days is much smaller than the cost of actually building multiple stages and so we thought we would try it this year. We're very passionate about music as a business and I think we-I think our customers feel like we've thrown a pretty good music party the last few years and we thought we would try it at a larger scale as an experiment. And if you look at the economics- >> At the headliners real quick. >> The Foo Fighters are headlining on Saturday night, Anderson Paak and the Free Nationals, Brandi Carlile, Shawn Mullins, um, Willy Porter, its a good set. Friday night its Beck and Kacey Musgraves so it's a really great set of um, about thirty artists and we're hopeful that if we can build a great experience that people will want to attend that we can do it at scale and it might be something that both pays for itself and maybe, helps pay for re:Invent too overtime and you know, I think that we're also thinking about it as not just a music concert and festival the reason we named it Intersect is that we want an intersection of music genres and people and ethnicities and age groups and art and technology all there together and this will be the first year we try it, its an experiment and we're really excited about it. >> Well I'm gone, congratulations on all your success and I want to thank you we've been 7 years here at re:Invent we've been documenting the history. You got two sets now, one set upstairs. So appreciate you. >> theCUBE is part of re:Invent, you know, you guys really are apart of the event and we really appreciate your coming here and I know people appreciate the content you create as well. >> And we just launched CUBE365 on Amazon Marketplace built on AWS so thanks for letting us- >> Very cool >> John: Build on the platform. appreciate it. >> Thanks for having me guys, I appreciate it. >> Andy Jassy the CEO of AWS here inside theCUBE, it's our 7th year covering and documenting the thunderous innovation that Amazon's doing they're really doing amazing work building out the new technologies here in the Cloud computing world. I'm John Furrier, Stu Miniman, be right back with more after this short break. (Outro music)

la from Las Vegas it's the cube covering AWS reinvent 2019 brought to you by Amazon Web Services and in care along with its ecosystem partners hey welcome back everyone cubes live coverage of eight of us reinvent 2019 this is the cube seventh year covering Amazon reinvent it's their eighth year of the conference and want to just shout out to Intel for their sponsorship for these two amazing sets without their support we would be able to bring our mission of great content to you I'm John Force to many men we're here with the chief of AWS the chief executive officer Andy chassis tech athlete and himself three our keynotes welcome to the cube again great to see you great to be here thanks for having me guys congratulations on a great show a lot of great buzz thank you a lot of good stuff your keynote was phenomenal you get right into you giddy up right into as you say three hours 30 announcements you guys do a lot but what I liked the new addition in the last year and this year is the band house man yeah they're pretty good they hit the Queen note so that keeps it balanced so we're going to work on getting a band for the cube awesome so if I have to ask you what's your walk-up song what would it be there's so many choices depends what kind of mood I'm in but maybe times like these by the Foo Fighters these are unusual times right now Foo Fighters playing at the Amazon intersect show they are Gandy well congratulations on the intersect you got a lot going on intersect is the music festival I'll get that in a second but I think the big news for me is two things obviously we had a one-on-one exclusive interview and you laid out essentially what looks like was gonna be your keynote it was transformation key for the practice I'm glad to practice use me anytime yeah and I like to appreciate the comments on Jedi on the record that was great but I think the transformation story is a very real one but the NFL news you guys just announced to me was so much fun and relevant you had the Commissioner of NFL on stage with you talking about a strategic partnership that is as top-down aggressive goals you could get yeah I have Roger Goodell fly to a tech conference to sit with you and then bring his team talk about the deal well you know we've been partners with the NFL for a while with the next-gen stats are they using all their telecasts and one of the things I really like about Roger is that he's very curious and very interested in technology in the first couple times I spoke with him he asked me so many questions about ways the NFL might be able to use the cloud and digital transformation to transform their various experiences and he's always said if you have a creative idea or something you think that could change the world for us just call me is it or text me or email me and I'll call you back within 24 hours and so we've spent the better part of the last year talking about a lot of really interesting strategic ways that they can evolve their experience both for fans as well as their players and the player health and safe safety initiative it's so important in sports and particularly important with the NFL given the nature of the sport and they've always had a focus on it but what you can do with computer vision and machine learning algorithms and then building a digital athlete which is really like a digital twin of each athlete so you understand what does it look like when they're healthy what and compare that when it looks like they may not be healthy and be able to simulate all kinds of different combinations of player hits and angles and different plays so that you can try to predict injuries and predict the right equipment you need before there's a problem can be really transformational so it was super excited about it did you guys come up with the idea it was the collaboration between there's really a collaboration I mean they look they are very focused on player's safety and health and it's it's a big deal for their you know they have two main constituents that the players and fans and they care deeply about the players and it's a it's a hard problem in a sport like football but you watch it yeah I gotta say it does point out the use cases of what you guys are promoting heavily at the show here of the stage maker studio which is a big part of your keynote where they have all this data right and they're dated hoarders they've the hoard data but they're the manual process of going through the data it was a killer problem this is consistent with a lot of the enterprises that are out there they have more data than they even know so this seems to be a big part of the strategy how do you get the customers to actually a wake up to the fact that they got data and how do you tie that together I think in almost every company they know they have a lot of data and there are always pockets of people who want to do something with it but when you're gonna make these really big leaps forward these transformations so things like Volkswagen is doing with they're reinventing their factories in their manufacturing process or the NFL where they're gonna radically transform how they do players health and safety it starts top-down and if they if the senior leader isn't convicted about wanting to take that leap forward and trying something different and organizing the data differently and organizing the team differently and using machine learning and getting help from us and building algorithms and building some muscle inside the company it just doesn't happen because it's not in the normal machinery of what most companies do and so it all wait almost always starts top-down sometimes it can be the commissioner or the CEO sometimes it can be the CIO but it has to be senior level conviction or it does get off the ground and the business model impact has to be real for NFL they know concussions hurting their youth pipelining this is a huge issue for them is their business model they they lose even more players to lower extremity injuries and so just the notion of trying to be able to predict injuries and you know the impact it can have on rules the impact it can have on the equipment they use it's a huge game changer when they look at the next 10 to 20 years all right love geeking out on the NFL but no more do you know off camera a 10 man is here defeated season so everybody's a Patriots fan now it's fascinating to watch you and your three-hour keynote Vernor in his you know architectural discussion really showed how AWS is really extending its reach you know it's not just a place for a few years people have been talking about you know cloud as an operation operational model it's not a destination or a location but I felt that really was laid out is you talked about breadth and depth and Verna really talked about you know architectural differentiation people talk about cloud but there are very there are a lot of differences between the vision for where things are going help us understand and why I mean Amazon's vision is still a bit different from what other people talk about where this whole cloud expansion journey but put over what tagger label you want on it but you know the control plane and the technology that you're building and where you see that going well I think that we've talked about this a couple times we we have two macro types of customers we have those that really want to get at the load level building blocks and stitch them together creatively and however they see fit to create whatever is in there in their heads and then we have this second segment of customers who say look I'm willing to give up some of that flexibility in exchange for getting 80% of the way they're much faster in an abstraction that's different from those low level building blocks in both segments of builders we want to serve and serve well and so we built very significant offerings in both areas I think when you look at micro services you know some of it has to do with the fact that we have this very strongly held belief born out of several years at Amazon where you know the first seven or eight years of Amazon's consumer business we basically jumbled together all of the parts of our technology and moving really quickly and when we wanted to move quickly where you had to impact multiple internal development teams it was so long because it was this big ball this big monolithic piece and we got religion about that and trying to move faster in the consumer business and having to tease those pieces apart and it really was a lot of the impetus behind conceiving AWS where it was these low-level very flexible building blocks that don't try and make all the decisions for customers they get to make them themselves and some of the micro services that you saw Verner talking about just you know for instance what we what we did with nitro or even what we do with firecracker those are very much about us relentlessly working to continue to to tease apart the different components and even things that look like low-level building blocks over time you build more and more features and all of a sudden you realize they have a lot of things that are they were combined together that you wished weren't that slowed you down and so nitro was a completely reimagining of our hypervisor and virtualization layer to allow us both to let customers have better performance but also to let us move faster and have a better security story for our customers I got to ask you the question around transformation because I think it all points to that all the data points you got all the references goldman-sachs on stage at the keynote Cerner and the healthcare just an amazing example because I mean this demonstrating real value there there's no excuse I talked to someone who wouldn't be named last night and then around the area said the CIA has a cost bar like this cost up on a budget like this but the demand for mission based apps is going up exponentially so there's need for the cloud and so seeing more and more of that what is your top-down aggressive goals to fill that solution base because you're also very transformational thinker what is your what is your aggressive top-down goals for your organization because you're serving a market with trillions of dollars of span that's shifting that's on the table a lot of competition now sees it too they're gonna go after it but at the end of the day you have customers that have that demand for things apps yeah and not a lot of budget increase at the same time this is a huge dynamic what's your goals you know I think that at a high level are top-down aggressive goals so that we want every single customer who uses our platform to have an outstanding customer experience and we want that outstanding customer experience in part is that their operational performance and their security are outstanding but also that it allows them to build and it build projects and initiatives that change their customer experience and allow them to be a sustainable successful business over a long period of time and then we also really want to be the technology infrastructure platform under all the applications that people build and they were realistic we know that that you know the market segments we address with infrastructure software hardware and data center services globally are trillions of dollars in the long term it won't only be us but we have that goal of wanting to serve every application and that requires not just the security operational performance but also a lot of functionality a lot of capability we have by far the most amount of capability out there and yet I would tell you we have three to five years of items on our roadmap that customers want us to add and that's just what we know today well and any underneath the covers you've been going through some transformation when we talked a couple years ago about how serverless is impacting things I've heard that that's actually in many ways glue behind the two pizza teams to work between organizations talk about how the internal transformations are happening how that impacts your discussions with customers that are going through that transformation well I mean there's a lot of a lot of the technology we build comes from things that we're doing ourselves you know and that we're learning ourselves it's kind of how we started thinking about microservices serverless - we saw the need we know we would have we would build all these functions that when some kind of object came into an object store we would spin up compute all those tasks would take like three or four hundred milliseconds then we spin it back down and yet we'd have to keep a cluster up in multiple availability zones because we needed that fault tolerance and it was we just said this is wasteful and that's part of how we came up with lambda and that you know when we were thinking about lambda people understandably said well if we build lambda and we build the serverless event-driven computing a lot of people who are keeping clusters of instances aren't going to use them anymore it's going to lead to less absolute revenue for us but we we have learned this lesson over the last 20 years at Amazon which is if it's something it's good for customers you're much better off cannibalizing yourself and doing the right thing for customers and being part of shaping something and I think if you look at the history of Technology you always build things and people say well that's gonna cannibalize this and people are gonna spend less money what really ends up happening is they spend spend less money per unit of compute but it allows them to do so much more that the ultimately long-term end up being you know more significant customers I mean you are like beating the drum all the time customers what they say we implement the roadmap I got that you guys have that playbook down that's been really successful for you yeah two years ago you told me machine learning was really important to you because your customers told what's the next tranche of importance for customers what's on top of mine now as you look at this reinvent kind of coming to a close replays tonight you had conversations your your tech a fleet you're running around doing speeches talking to customers what's that next hill from from my fist machine learning today there's so much I mean that's not it's not a soup question you know I think we're still in this in the very early days of machine learning it's not like most companies have mastered yet even though they're using it much more than they did in the past but you know I think machine learning for sure I think the edge for sure I think that we're optimistic about quantum computing even though I think it'll be a few years before it's really broadly useful we're very enthusiastic about robotics I think the amount of functions are going to be done by these robotic applications are much more expansive than people realize it doesn't mean humans won't have jobs they're just going to work on things that are more value-added I thought we're believers in augmented and virtual reality we're big believers and what's going to happen with voice and I'm also I think sometimes people get bored you know I think you're even bored with machine learning maybe already but yet people get bored with the things you've heard about but I think just what we've done with the chips you know in terms of giving people 40% better price performance in the latest generation of x86 processors it's pretty unbelievable and the difference in what people are going to be able to do or just look at big data I mean big date we haven't gotten through big data where people have totally solved it the amount of data that companies want to store process and analyze is exponentially larger than it was a few years ago and it will I think exponentially increase again in the next few years you need different tools the service I think we're not we're not for with machine learning we're excited to get started because we have all this data from the video and you guys got sage maker yeah we call it a stairway to machine learning heaven we start with the data move up what now guys are very sophisticated with what you do with technology and machine learning and there's so much I mean we're just kind of again in this early innings and I think that it was soaked before sage maker was so hard for everyday developers and data scientists to build models but the combination of sage maker and what's happened with thousands of companies standardizing on it the last two years Plus now sage maker studio giant leap forward we hope to use the data to transform our experience with our audience and we're on Amazon Cloud I really appreciate that and appreciate your support if we're with Amazon and Instant get that machine learning going a little faster for us a big that'll be better if you have requests so any I'm you talked about that you've got the customers that are builders and the customers that need simplification traditionally when you get into the you know the heart of the majority of adoption of something you really need to simplify that environment but when I think about the successful enterprise of the future they need to be builders yeah so has the model flipped if you know I normally would said enterprise want to pay for solutions because they don't have the skill set but if they're gonna succeed in this new economy they need to go through that transformation that yeah so I mean are we in just a total new era when we look back will this be different than some of these previous waves it's a it's a really good question Stu and I I don't think there's a simple answer to it I think that a lot of enterprises in some ways I think wish that they could just skip the low level building blocks and and only operate at that higher level abstraction it's why people were so excited by things like sage maker or code guru or Kendra or contact lens these are all services that allow them to just send us data and then run it on our models and get back the answers but I think one of the big trends that we see with enterprises is that they are taking more and more of their development in-house and they are wanting to operate more and more like startups I think that they admire what companies like Airbnb and Pinterest and slack and and you know Robin Hood and a whole bunch of those companies stripe have done and so when you know I think you go through these phases and errors where there are waves of success at different companies and then others want to follow that success and and replicate and so we see more and more enterprises saying we need to take back a lot of that development in-house and as they do that and as they add more developers those developers in most cases like to deal with the building blocks and they have a lot of ideas on how they can create us to creatively stitch them together on that point I want to just quickly ask you on Amazon versus other clouds because you made a comment to me in our interview about how hard it is to provide a service that to other people and it's hard to have a service that you're using yourself and turn that around and the most quoted line in my story was the compression algorithm there's no compression outliving for experience which to me is the diseconomies of scale for taking shortcuts yeah and so I think this is a really interesting point just add some color comments or I think this is a fundamental difference between AWS and others because you guys have a trajectory over the years of serving at scale customers wherever they are whatever they want to do now you got micro services it's even more complex that's hard yeah how about that I think there are a few elements to that notion of there's no compression algorithm I think the first thing to know about AWS which is different is we just come from a different heritage in a different background we sweep ran a business for a long time that was our sole business that was a consumer retail business that was very low margin and so we had to operate a very large scale given how many people were using us but also we had to run infrastructure services deep in the stack compute storage and database in reliable scalable data centers at very low costs and margins and so when you look at our our business it actually today I mean it's it's a higher margin business in our retail business the lower margin business and software companies but at real scale it's a it's a high-volume relatively low margin business and the way that you have to operate to be successful with those businesses and the things you have to think about and that DNA come from the type of operators that we have to be in our consumer retail business and there's nobody else in our space that does that you know the way that we think about cost the way we think about innovation and the data center and and I also think the way that we operate services and how long we've been operating services of the company it's a very different mindset than operating package software then you look at when you think about some of the issues and very large scale cloud you can't learn some of those lessons until you get two different elbows of the curve and scale and so what I was telling you is it's really different to run your own platform for your own users where you get to tell them exactly how it's going to be done but that's nothing really the way the real world works I mean we have millions of external customers who use us from every imaginable country and location whenever they want without any warning for lots of different use cases and they have lots of design patterns and we don't get to tell them what to do and so operating a cloud like that at a scale that's several times larger the next few providers combined is a very different endeavor and a very different operating rigor well you got to keep raising the bar you guys do a great job really impress again another tsunami of announcements in fact you had to spill the beans early with quantum the day before the event tight schedule I gotta ask you about the music festival because I think there's a really cool innovation it's the inaugural intersex conference yeah it's not part of replay which is the concert tonight right it's a whole new thing big music act you're a big music buff your daughter's an artist why did you do this what's the purpose what's your goal yeah it's an experiment I think that what's happened is that reinvent has gotten so big with 65,000 people here that to do the party which we do every year it's like a thirty five forty thousand person concert now which means you have to have a location that has multiple stages and you know we thought about it last year when we were watching it and we said we're kind of throwing like a four hour music festival right now there's multiple stages and it's quite expensive to set up that set for our partying we said well maybe we don't have to spend all that money for four hours in the rip it apart because actually the rent to keep those locations for another two days is much smaller than the cost of actually building multiple stages and so we we would try it this year we're very passionate about music as a business and I think we are I think our customers feel like we throw in a pretty good music party the last few years and we thought we were trying at a larger scale as an experiment and if you look at the economics the headliners real quick the Foo Fighters are headlining on Saturday night Anderson Park and the free Nashville free Nationals Brandi Carlile Shawn Mullins Willie Porter it's a good set Friday night it's back in Kacey Musgraves so it's it's a really great set of about 30 artists and we're hopeful that if we can build a great experience that people want to attend that we can do it it's scale and it might be something that you know both pays for itself and maybe helps pay for reinvent to overtime and you know I think that we're also thinking about it as not just a music concert and festival the reason we named it intersect is that we want an intersection of music genres and people and ethnicities and age groups and art and Technology all there together and this will be the first year we try it it's an experiment and we're really excited about I'm gone congratulations all your success and I want to thank you we've been seven years here at reinvent we've been documenting the history two sets now once-dead upstairs so appreciate a cube is part of reinvent you know you guys really are a part of the event and we really appreciate your coming here and I know people appreciate the content you create as well and we just launched cube 365 on Amazon Marketplace built on AWS so thanks for letting us cool build on the platform appreciate it thanks for having me guys Jesse the CEO of AWS here inside the cube it's our seventh year covering and documenting they're just the thunderous innovation that Amazon is doing they're really doing amazing work building out the new technologies here in the cloud computing world I'm John Force too many men be right back with more after this short break [Music]

>> Narrator: Live from San Diego California it's theCUBE covering Cisco Live, US, 2019 brought to you by Cisco and its ecosystem partners. >> Welcome back we're here at the San Diego convention center for Cisco Live 2019 and you're watching theCUBE the worldwide leader in enterprise tech coverage helping extract the signal from the noise. I'm Stu Miniman we've had three days wall to wall coverage my co-host Dave Vellante and Lisa Martin are all in the house and I'm really excited to actually sit down one on one with one of the users at this user conference the 30th anniversary conference actually for Cisco with their users and partners over 28,000 so speaking for all of them right? We have Sebastien Morissette who's an IT architect specialist at Intact Financial Corporation come to us from beautiful Montreal Canada. >> Exactly. >> All right thank you so much for joining us so Sebastien first of all how many Cisco Lives have you been too? >> Honestly this is my first. >> Oh absolutely exciting for that, my first one I came too was actually 10 years ago I joked at the 20th anniversary they went back 20 years to have some 80's bands they had The Bangles and Devo on and now on the 30 year they moved 10 years forwards they have two great bands from the 90's Wheezer and Foo Fighters so your first time at Cisco Live give us your general impressions of the show. >> Well actually it's been very great I've had a lot of appearances I had to do as well so I got some sessions in I did some work as well so it's amazing to see how these events unfold right? Like the sheer size of this thing and how many people are involved, how many booths how many technical sessions you can have so, I was very pleased I'm here with a lot of people from my team as well from Intact so you know we get the chance to do stuff outside of the work area as well so it's interesting right? It's giving us this opportunity to really deep dive into what we love which is technology but at the same time spend some time together outside of work. >> That's awesome, we've had gorgeous weather here in San Diego hope you definitely get to see the sights before we geek out on some of the technology just give our audience a little bit about Intact and the insurance business but give us a little bit about the history of the company and core focus. >> Okay well Intact is a company that was, they grew as acquisitions with acquisitions we've typically, we were ING Canada back in, before 2010 and afterwards we were publicly traded now so we're Intact Financial Corp. Typically we're the number one PNC insurer in Canada and we've been working with different partners to build our data center 2.0 initiative which is kind of a new offering of you know modern IT services within Intact. >> Okay great and just to, your purview in the company and just the comment about the company is you know when you talk about those transformations you know MNA is something we see a lot in your industry and put some extra special challenges in place when you're doing that but tell us a little bit about what's under your role and scope as to kind of locations, people however you measure you know what, boxes or ports or whatever. >> Okay well you know typically my role is lead architect within the infrastructure and security group for North America Intact through acquisition we actually bought OneBeacon Insurance last year, so typically we now have a US presence as well in specialty insurance, specialty lines so typically whenever we're looking at different technologies we look at the skills sets that we have, we look to see what can be the better half for us to you know accelerate and be more agile in how we actually consume technology so in some cases whatever we're looking at building up these new features like I was talking for data center 2.0 it happens that some of the technologies and the skill sets we have were with Cisco which is why we are here today with the team. >> All right so Sebastien you talk about data center 2.0 and transformation there at the organizational level is it branded data center transformation does the word digital transformation come up in your discussions? >> Yeah data center 2.0 is actually kind of the project name that we've been giving this initiative for the past two years but it really is at the essence a digital transformation, what we're doing is we're typically taking training wheels to the Cloud so we're building an on-prem private Cloud offering with multi-sites so we have three sites in the scope right now and the goal is really to actually allow our business to expand into the Cloud while being in a secure on-prem environment when we get to that maturity level where we feel we're ready to actually really go into public Cloud our software engineering teams our development teams will have experienced it on-prem safely and will have a confidence level to bringing them there so it has been transformational also because we decided to push DevOps culture as far as we can from an infrastructure team so we were trying to get all the adoption from our software engineering folks to actually structure themselves, bring on DevOps team and that we can share with them so they can actually be more agile and get a lot more done without having to depend on us and spend a lot of time waiting for VM's or stuff so trying to accelerate that. >> Awesome I love that 'cause sometimes you hear okay we're going to 2.0 it's basically a fancy refresh but we're going to keep things mostly the same when I hear DevOps I know that culture and organization is something that is a key piece of that, I have to ask you without getting down into the pedantics of this, when you say a private Cloud that's in your data center we understand some of the covenants and reasons what you have but how do you determine whether, what was your guiding line as to how is this a Cloud versus just some new virtualized environment? >> I've had the chance to have great executive sponsorship from my senior vice president typically we were looking at how can we access the Cloud? The way I approached it was overhauling what we do was not the route to go what I asked him to do is say you know trust me I'll start with a clean slate and we will build a brand new landing area for Cloud native applications and new methodologies for modern IT services so typically in the end we didn't overhaul anything that we had we built a brand new sandbox for Intact to be able to work with so we went from disaster recovery to business continuity in that move we've built a three site approach because when I was looking at kind of my capex expenditure if I was building two sites to be fully resilient and be business continuity I would be spending 200% of my capital to actually build up that capacity when you go to three sites it seems awkward but you just need 50% on each site of your capacity to ensure 100% of coverage of your requirements, so in the end you're actually spending 150% of your capacity, or your capex to buy the compute, so there's an incentive there as well. So to answer your question more precisely it's very easy for us to see how it's a Cloud because we're not operating it the same way we're operating our other environment and since we started from scratch every process has been revised we haven't kept everything we had before so we had the chance to build something brand new for that specific offering that our software engineering groups were asking us to do. >> All right that's exciting stuff there when you look at these multi-site deployments I think back in my career and I worked on some of these environments, management, security and networking are absolutely critical, I hear oh okay I've got 50% in each oh my God what if a site gets isolated and I can't talk to those other two so luckily I'm guessing Cisco has something to do with your rollout, we're obviously here at Cisco Live so give us a little bit inside the architecture and especially you know what kind of Cisco pieces are you using? >> All right well you know typically the way that our story started was kind of weird the first thing we've done is we've actually went to Cisco to redesign a DMZ and we got out from Cisco Montreal team with an idea to not just change and buy ACI switches for the DMZ but actually rebuild our whole design to you know integrate ACI into the fabric and then when you start talking about firewalls or switches they tell you well with ACI you have contracts so it really started that way so we built an ACI fabric with the Cisco HyperFlex hyper-converged infrastructure as our compute layer so typically think of it as Intact is building our new version of a software defined data center. So with building that we have all the components so we have the virtualization like you spoke of earlier which is running like you know VMware on site, on top of the HyperFlex and then we have the ACI since we had three sites we topped it off with the multi-site orchestrator to be able to manage consistent policies around all of our three sites and in the end we needed to have an orchestrator to be able to deploy the content onto that and when we were looking at it early on it was Clicker when Cisco purchased Clicker we were looking at finding a Cloud management platform, so we ended up using CloudCenter which is now CloudCenter Suite and in the way we were using it, which was a little atypical from the typical way clients are using CloudCenter today we're taking it into the data center and out to the Cloud whereas when I was talking with Kip Compton earlier this week he was saying you know what sometimes our clients buy it more for the Cloud first and I was like well we have like the inverse story of exactly how we did the opposite but it works as well, so typically where we stand today I have the three sites we're able to deploy with CloudCenter we've got multi-site on top of that and the idea it really is that, I spoke about training wheels earlier well we're taking them off right? In the next couple of weeks we're starting to look into negotiations with public Cloud providers trying to move towards the public Cloud and you know there's exciting news that came out from Cisco this week while I was here about the fact that now you know they're forecasting a lot more collaboration with Microsoft and AWS and now they have all the three major Cloud providers covered with ACI Anywhere so that means all of our security that you were talking about earlier will now have a consistent policy model applied all, everywhere so to be honest I'm not too concerned about if we did a good choice a couple of years back I think we're in our sweet spot right now. >> Yeah and you're right it's a different story than we've generally heard from Cisco and some customers which is I have all of these public Cloud's and I have my data center and I'm looking for some piece to help tie it together and that the CloudCenter Suite is there so you feel you're confident with the platform that you chose and that's going to give you the flexibility as to whichever public Cloud or public Cloud you choose are you at the point there that do you know which public Cloud you're going to be on or maybe it's a little too early? >> Well to be honest you know we're keeping our options open you know we have different providers that are offered, you know the major public one there's Amazon there's Google Cloud we're not closing any options it's really a question of us to do the same secure approach that we've done right now with this offering to really go one at a time make sure that we're able to nail it down, make it secure that we get all the information back so I'm not at a possibility right now to disclose which ones we're dealing with because we're still negotiating but in the end we're not limiting ourselves we just want to be able to scale. >> Right you're confident that the Cisco solution that you choose will give you the flexibility no matter which one you use or if you use multiples or need to make switches along the way? >> Yeah. >> Question I have for you on that is when you look at multi-Cloud one of the things that are challenging for companies is how do I make sure I've got the skillsets because workloads might be portable, networks might be connected but understanding how I manage each of those environments so do you feel CloudCenter Suite's going to help you through that? You know what do you see as you look out over your roadmap as to what that's going to mean for you know your DevOps team and the people managing this environment as it spreads out to the public Cloud? >> Actually I'm feeling really confident because you know especially after seeing a couple of sessions of what Roland Acra and Kip have announced for the data center and for the Cloud piece we're seeing more and more normalization being done by Cisco to actually allow us to be confident in the fact that on prem we're doing ACI and that our policies are going to be mapped to the constructs of the different Cloud providers. So for me what it means is I don't necessarily need to become specialized in how we're going to be operating inside of a Cloud we need to make sure that we get the proper policies built into the different products you know Cisco's branding it the Anywhere right? They have the HX Anywhere the ACI Anywhere and typically that's what we like about it is I can have one consistent set of skillsets and allow the people to use it one thing I found interesting about this week and it's not necessarily to do like more promotion for Cisco is like the Cloud First ACI right? So being able to be starting with ACI in the Cloud I found that was kind of interesting because when you know how the multi-site orchestrator works means apps you build out in the Cloud you're going to be able to to pull back in through the MSO and push it back on prem or anywhere in other Clouds afterwards so I found that was very intuitive of them to go to that route of allowing us to you know transparently migrate apps between sites. >> All right so Sebastien you're using a lot of the latest and greatest from Cisco you talk about the HX the ACI the CloudCenter Suite what advice do you give to your peers out there and they say you know I've used Cisco products for a long time Cisco makes great products but you know simplicity and management across the product lines was something that you know needed some work what does the Cisco of today look like you know what's working well? What still would you like to see them progress on? >> Well you know for us one of the things that was nice like I mentioned earlier is we're typically going greenfield so I didn't have a lot of the issues that other companies might be facing if they're trying to take their brownfield and actually make it into what we've built so my first advice would be if you're able to get the executive sponsorship to build a greenfield environment there's nothing in Cloud native applications that is you know symmetric with the traditional environment of a data center, it's completely different ways of working we have one week sprints we patch everything as it comes out if an application goes into the environment it needs to be functional with that patching cycle of almost every time we're at n or n-1 so, my thing is think about applications as being the center of what you actually need and not the infrastructure, let the infrastructure be what it is because you're going to be anywhere right? So that's one of the things I would say, from what you said about Cisco and the integration you were right, we have lived a couple of items like that in the last two years and a half, however I've noticed that these new software components like CloudShare and everything not necessarily the hardware part Cisco nails hardware like it works they've been doing it for years the thing is with these software teams they're very customer driven we have access to the engineers now I mean we've had meetings with the Canadian execs Roland Acra's team we were able to get access to the developers and the teams here in the US so, every company has challenges I would be lying if I told you that even at Intact we don't have silos and we don't have issues sometimes with different teams managing together but I feel as if at least for the technologies that we're using they've done good work for us to actually help us get through that. >> Well it's interesting Sebastian you bring that up because I look at you say okay, you've got a greenfield environment awesome, we can go do some new tech, well let's throw in there the DevOps and let's change all the other pieces you're like completely overhauling your environment how much of that were there some new team members that came in as part of that or you know I look people, process and technology sounded like you were taking it all on at once, did that work well? Would you have if you looked back would you have changed some of the ordering and maybe you know gotten one piece before the other or did it help to kind of you know start brand new start fresh and get everything going? >> Well I wouldn't redo the part of starting fresh however, it helped us get really good pace and work you know it's our first agile project as an infrastructure group so all of that was great learning experience the only thing I would say is you need to make sure your organization is ready for that level of change because it's one thing to have one VP sponsorship to actually build out this type of approach but where we struggled a little bit was afterwards getting the rest of our IT organization to kind of want to get onboard. because we are building something new, the traditional environment is not disappearing and we're telling our software engineering groups here's a new area where you can play in but you know typically I'd say that it's been well received we have not had the need to build new skillsets because we're doing infrastructure as code so typically a lot of the stuff we're building we're making sure it's automated so that way it's very nice and lean and when we build a new site we have a lot of automation already built in so we can properly just deploy so lessons learned like you've asked me I'd say that typically I'd probably do much of what I did the same way, but I would work a little bit more on the people area just to make sure that the message is clearly understood that what we're building is for the future of Intact and make sure that we spend a little bit more time managing that aspect because for the technology it's fine for the time it took and everything it's fine, it's really people the change is significant to most of them and when you've been doing something for a long time and someone comes up and disrupts it's like if we were disrupting our own company right? So typically I'd say, that would be something that I would say to people manage that properly or you will have a lot more work to do inside of that initiative to actually gain everybody's momentum and get them to be behind you. >> Well Sebastien I really appreciate you walking us through all of your transformation I want to just give you the final word sounds like you've got great access to Cisco really hope you're happy with what you've done final word is to you know your expectations coming into a show like this and you know what your take aways will be from Cisco Live 2019 in San Diego? >> Well outside from the amazing weather you mean or yeah? so you know typically I like the event I've been to other events before, like I said this is my first time at Cisco but what I've seen is that Cisco's really into getting their customers to understand their technology so they're really present so I really liked how you know we were given the opportunity to do hands on labs and actually learn new technologies so typically great experience coming here and great opportunities and thanks so much for having us. >> Well Sebastien Morissette congratulations to your team at Intact and thank you so much for sharing this story. >> Thank you so much. >> All right we've got a little bit more left here of three days wall to wall coverage Cisco Live 2019 in San Diego for Dave Vellante, Lisa Martin I'm Stu Miniman and thanks as always for watching theCUBE. (electronic jingle)