>> Live from Seattle, Washington it's the CUBE covering KubeCon and CloudNativeCon North America 2018. Brought to you by Red Hat, the Cloud Native Computing Foundation, and its ecosystem partners. >> Hey, welcome back, everyone. We are here live with CUBE coverage at KubeCon, CloudNativeCon 2018 in Seattle. I'm John Furrier with Stu Miniman your hosts all week, three days of coverage. We're in day two. 8,000 attendees, up from 4,000, spanning to China, in Europe, everywhere, the CNCF is expanding. The Linux Foundation, and the ecosystems expanding, we're here with Dan Kohn who's the executive director of the CNCF. Dan, great to see you. I know you work hard. (laughs) I see you out in China. You've done the work. You guys and the team have taken this hockey stick as it's described on the Twittersphere, really up and to the right, you've doubled, it's almost like Moore's law for attendance. (laughs) Doubling every six months. It's really a testament of how it's structured, how you guys are managing it, the balances that you go through. So congratulations. >> So thank you very much, and I'm thrilled that you guys have been with us through that whole ride, that we met here in Seattle two years ago at the first KubeCon we ran with 1,000 attendees. And here we are eight times higher two years later. But I absolutely do need to say it is the community that's growing, and we try and organize them a little bit and harness some of that excitement and energy and then there is a ton of logistics and effort that it takes to go from 28 members to 349 and to put on an event like this, but we do have an amazing team at the Linux Foundation and this is absolutely an all hands on deck where the entire events team is out here and working really hard. >> You guys are smart, you know what you're doing, and you have the right tone and posture, but you set it up right, so it's end user driven, it's open-source community as the core of the event, and you're seeing end users that have contributed, they're now consuming, you have vendors coming in, but you set the nice playbook up, and the downstream benefits of that open-source core has impacted IT, developers, average developers, and this is the magic. And you guys don't take too many hard stands on things, you take a good enough stand on the enablement piece of it. This is a critical piece. Explain the rationale because I think this is a success formula. You don't go too far and say, here's the CNCF stack. >> Right. >> You pull back a little bit on that and let the ecosystem enable it. Talk about that rationale because I think this is an important point. >> Sure and I would say that one of the huge advantages that CNCF has had is that we came later after a lot of other projects. So our parent, the Linux Foundation, has been around for 15 years. We've been able to leverage all of their expertise. We've looked at some of the mistakes that OpenStack, and Apache, and IETF, and other giants who came before us did, and our aspiration has always been to make entirely new mistakes rather than to replicate the old ones. But as you mentioned end user is a key focus, so when you look at our community, how CNCF is set up, we have a governing board that's mainly vendors, it does have developer and other reps on it. We have our technical oversight committee of these nine experts, kind of like our supreme court, and then we have this end user community that is feeding requirements and feedback back to the other group. >> I want to ask you about the structure, and I think this is important because you guys have a great governance model, but you have this concept of graduation. You have Kubernetes, and it's really solid, people are very happy with it, and there's always debates in open-source as you know, but there's a concept of graduating. Anyone can have projects, and explain that dynamic. 'Cause that's, I've heard people say, oh that's part of the CNCF, and well it hasn't graduated, but it's a project. It's important as a laddering there, explain that concept. I think this is important for people to understand that you're open, but there's kind of a model of graduation. What does it mean? >> Sure and it, people have said, oh you mean they've graduated, so they've left now, right? Like the kids leaving the home. And it's definitely not that model. Kubernetes is still very much part of CNCF. We're happy to do it. But we think that one of CNCF's functions is as a signaling and a marketing to enterprise users. And we like the cliche of crossing the chasm where we talk about 2018 was really the year that Kubernetes crossed the chasm. Went from as early adopters who'd been using it for years and were thrilled with it but they actually jump over now to the early majority. I will say though that the late majority, the laggards, the skeptics, they're not using these technologies yet. We still have a ton of opportunity for years to come on that. So we say the graduated projects, which today is not just Kubernetes but also Prometheus and Envoy. Those are the ones that are suitable for really any enterprise company, and that they should feel confident these are very mature, serious technologies for companies of all size. The majority of our projects are incubating. Those are great projects, technically capable, companies should absolutely use them if the use case fits, but they're less mature. And then we have this other category of the Sandbox, 11 projects in there, and we say look, these are incredibly promising. If you are technical enough and you have the use cases, you absolutely should consider it, but they are less mature. And then our hope is to help the projects move along that graduation phase. >> And that's how companies start. Bloomberg's plan, I thinking jumping into Sandbox, they'll start getting some code in there that'll attract some people, they get their code, they don't have to come back after the fact and join in. So you have the Sandbox, you've got projects, you've got graduation, so. >> Now Bloomberg's a little bit unusual, and I like them as an example where they have, I don't know if they mentioned this, but almost a philosophy not to spend money on software. And of course that's great. All of our projects are free and open-source, and they're willing to spend money on people, and they hire a spectacular group of engineers, and then they support everything in-house. But in reality, the vast majority of end users are very happy to work with the vendor, including a lot of our members, and pay for some of that support. And so a Bloomberg can be a little bit more adventurous than many, I think. >> Dan, I wonder if you can provide a little bit of context. I hear some people look at really kind of the conformance and certification that the CNCF does. And I think in many ways learn from the mistakes of some of the things we've done in the past because they'll see there's so many companies, it's like, well there's too many distributions. Maybe you could help explain the difference between a distribution-- >> Sure. >> And what's supported and how that makes sense. >> And I think when you look back at, and we just had, CNCF just had our three-year birthday this week, we have a little birthday cake on Twitter and everything. But if you look at all the activities we've been involved in over those three years, KubeCon, CloudNativeCon, we have a service provider program, we've done a lot of marketing, helping projects, I think it's the certification and the software conformance is the single thing that we've had done that's had the biggest impact on the community. And the idea here is that we wanted a way for individual companies to be able to make changes to Kubernetes because they all want to, but to still have confidence that you could take the same workload and move it between the different public clouds, between the different enterprise distros or just vanilla Kubernetes that you download or different installers out there. And so the solution was an open-source software conformance project that anyone can download these tasks and run them, and then a process where people upload the test results and say, yes my implementation is still conformant. I've made these changes, but I haven't broken anything. And we really have some amazing cases of our members, some of our biggest members, who had turned off APIs, maybe in their public cloud for good reasons. They said, oh this doesn't apply or we don't, but that's exactly the kind of thing that can cause incompatibility. >> Yeah, I mean that's critically important, and the other thing that is, what I haven't heard, is there's so many projects here. And we go to the Amazon show and it's like, I'm overwhelmed and I don't know what to do, and I can't keep up with everything. I'm actually surprised I don't hear that here because there are pockets, and this is multiple communities, not like a single monolithic community, so you've got, you know Envoy has their own little separate show and Operators has a thing on Friday that they're doing, and there's the Helm community and sometimes I'm putting many of the pieces together, but oftentimes I'm taking just a couple of the pieces. How do you manage this loosely coupled, it's like distributed architecture. >> Loosely coupled is a key phrase. I think the big advantage we have is our anchor tenant of Kubernetes has its own gravitational field. And so from a compatibility standpoint, we have this, excuse me, certification program for Kubernetes and then all of the other projects essentially ensure they're orbiting around and they ensure that they're compatible with Kubernetes, that also ensures they're compatible with each other. Now it's definitely the case that our projects are used beyond just Kubernetes. We were thrilled with Amazon's announcement two weeks ago of commercial support for Envoy and talking about how one of the things they loved about Envoy is that is doesn't just work on Kubernetes, they can use it on their proprietary ECS platform on their regular EC2 environment as well. And that's true for almost all of our projects. Prometheus is used in Mesos, is used in Docker Swarm, is used in VMs, but I do think that having so much traction and momentum around Kubernetes just is a forcing function for the whole community to come together and stay compatible. >> Well you guys did a great job. That happened last year. It's really to me is an example of a historic moment in the computer industry because this is a modern version of enabling technology that's going to enable a lot of value creation, a lot of wealth creation, a lot of customer, and it's all in a new way, so I think you guys really cracked the code on that and continued success. You've obviously had China going gangbusters, you're expanding, China by the way is one of the largest areas we've reported on Siliconangle.com and the CUBE in the past. China has emerged as one of the largest contributors and consumers of open-source given the rise of all the action going on in China. >> And we've been thrilled to see that, and I mean there was just the example yesterday where etcd is now the newest project, the newest incubating project in CNCF, and the co-creator of that and really the lead maintainer for it left CoreOS when it was acquired by Red Hat and is now with Alibaba. And he's originally from China. He is helping Alibaba just who's a platinum member of CNCF, who's been offering a certified Kubernetes service, but they're now looking at how they can move much more of their internal workloads over to it. JD.com has 25,000 servers. That's the second biggest retailer in China. >> It's a constituent. >> I was there six times last year. >> I know you were. >> I ran into you once in a hotel lobby. (laughing) >> What are you doing in China? It's huge, we're here. This is a big dynamic. This is new. I mean this is a big force and function. >> And to have so much energy, and I do also want to really emphasize the two-way street, that it's not just Chinese companies adopting these technologies that started in the US. >> They're contributing. >> We were thrilled a month ago to have Harbor come in as an incubating project and that started in China and is now being used across the world. >> Dan, 2019, you've got three shows again, Barcelona, Shanghai, and San Diego. >> Exactly. >> Of course the numbers are going to be up and to the right, but what else should we be looking for? >> So I think the two, so definitely China, we're going to continue doing it there, we continue to be relations serverless, we're thrilled with the progress of our serverless working group. They have this new cloud event spec, we have all of the different major clouds participating in it. The third area that I think you're going to see us that is somewhat new is looking at telcos. And our vision is that you can take a lot, most networking code today is done in virtual machines called virtual network functions. We think those should evolve to become cloud native network functions. The same networking code running in containers on Kubernetes. And so this is actually going to be our first time with a booth at Mobile World Congress in Barcelona in February. And we're going to be talking about-- >> Makes a lot of sense. IOT, over the top, a lot of enablement there. Makes inefficiencies in that inefficient stacks. >> Yeah, and on the edge as well. >> Dan, thanks for coming out, I appreciate it. Again, you've done the work, hard work, and continue it, great success, congratulations. I know it's early days still but. >> I hope it is. At some date Kubernetes is going to plateau. But it really doesn't feel like it'll be 2019. >> Yeah, it definitely is not boring. (laughing) Even though we had much more, Dan. >> Dan Kohn, executive director of the CNCF. Here inside the CUBE, breaking it all down, again, another successful show. Just the growth, this is the tsunami, it's a rise of Kubernetes and the ecosystem around it, creating values, the CUBE coverage, live here in Seattle. I'll be back with more coverage after this short break. I'm John Furrier with Stu Miniman. Be right back. (upbeat music)

[Music] [Applause] [Music] welcome to the special cube conversations here in Palo Alto cube studios I'm John Ferrier the founder of Silicon angle in the cube we're here with divest cargoes the founder and CEO of arcus Inc our curse com ar-are see us calm and Steve Herod General Partner at at General Catalyst VCU's funded him congratulations on your launch these guys launched on Monday a hot new product software OS for networking powering white boxes in a whole new generation of potentially cloud computing welcome to this cube conversation congratulations on your >> launch thank you John >> so today I should talk about this this >> startup when do you guys were founded let's get to the specifics date you were founded some of the people on the team and the funding and we were formally incorporated in February of 2016 we really got going in earnest in August of 2016 and have you know chosen to stay in stealth the the founding team consists of myself a gentleman by the name of Kop tell he's our CTO we also have a gentleman by the name of Derek Young he's our chief architect and our backgrounds are a combination of the semiconductor industry I spent a lot of time in the semiconductor industry most recently I was president of easy chip and we sold that company to Mellanox and Kher and Derek our networking protocol experts spent 20 plus years at places like Cisco and arguably some of the best protocol guys in the world so the three of us got together and basically saw an opportunity to to bring some of the insights and and architectural innovation you know we had in mind to the Mobius a pedigree in there some some top talent absolutely some of the things that they've done in the past from some notable yeah I mean you know some if you if you'd like some just high-level numbers we have 600 plus years of experience of deep networking expertise within the company our collective team has shipped over 400 products to production we have over 200 IETF RFC papers that have been filed by the team as well as 150 plus patents so we really can do something on the pedigree for sure yeah we absolutely focused on getting the best talent in the world because we felt that it would be a significant differentiation to be able to start from a clean sheet of paper and so really having people who have that expertise allowed us to kind of take a step back and you know reimagine what could be possible with an operating system and gave us the benefit of being able to you know choose >> best-in-class approaches so what's the >> cap the point that this all came >> together what was the guiding vision was it network os's are going to be cloud-based was it going to be more I owe t what was the some of the founding principles that really got this going because clearly we see a trend where you know Intel's been dominating we see what NVIDIA is doing competitively certainly on the GPU side you're seeing the white box has become a trend Google makes their own stuff apples big making their own silicon seeking the that's kind of a whole big scale world out there that has got a lot of hardware experience what was the catalyst for you guys when you found this kinda was the guiding principle yeah I would say there were three John and you hit you hit on a couple of them in your reference to Intel and NVIDIA with some of the innovation but if I start at the top level the market the networking market is a large market and it's also very strategic and foundational in a hyper-connected world that market is also dominated by a few people and there's essentially three vertically integrated OEM so that dominate that market and when you have that type of dominance it leads to ultimately high prices and muted innovations so we felt number one the market was going through tremendous change but at the same time it had been tightly controlled by a few people the other part of it was that there was a tremendous amount of innovation that was happening at the silicon component level coming from the semiconductor industry I was early at Broadcom very you know involved in some of the networking things that happened in the early stages of the company we saw tremendous amounts of innovation feature velocity that was happening at the silicon component level that in turn led to a lot of system hardware people coming into the market and producing systems based on this wide variety of choices for you know for the silicon but the missing link was really an operating system that would unleash all that innovation so Silicon Valley is back Steve you you know you're a VC now but you were the CTO at VMware one of the companies that actually changed how data centers operate certainly as it certainly as a pretext and cloud computing was seeing with micro services and the growth of cloud silicon's hot IT operations is certainly being decimated as we old knew it in the past everything's being automated away you need more function now there's a demand this is this penny how you see I mean you always see things are a little early as of technologist now VC what got you excited about these guys what's the what's the bottom line yeah maybe two points on that which so one silicon is is definitely become interesting again if you will in the in the Silicon Valley area and I think that's partly because cloud scale and web scale allows these environments where you can afford to put in new hardware and really take advantage of it I was a semiconductor I first austerity too so it's exciting for me to see that but um you know is the fish that it's kind of a straightforward story you know especially in a world of whether it's cloud or IOT or everything networking is you know like literally the core to all of us working going forward and the opportunity to rethink it in a new design and in software first mentality felt kind of perfect right now I think I I think device even sell the team a little short even is with all the numbers that are there kr for instance this co-founder was sort of everyone you talk to will call him mister BGP which is one of the main routing protocols in the internet so just a ridiculously deep team trying to take this on and there been a few companies trying to do something kind of like this and I think what do they say that the second Mouse gets the cheese and I think I think we've seen some things that didn't work the first time around and we can really I think improve on them and have a >> chance to make a major impact on the networking market you know just to kind of go on a tangent here for a second >> because you know as you're talking kind of my brain is kind of firing away because you know one of things I've been talking about on the cube a lot is ageism and if you look at the movement of the cloud that's brought us systems mindset back you look at all the best successes out there right now it's almost a old guys and gals but it's really systems people people who understand networking and systems because the cloud is an operating system you have an operating system for networking so you're seeing that trend certainly happened that's awesome the question I have for you device is what is the difference what's the impact of this new network OS because I'm almost envisioning if I think through my mind's eye you got servers and server list certainly big train seeing and cloud it's one resource pools one operating system and that needs to have cohesiveness and connectedness through services so is this how you guys are thinking about how are you guys think about the network os what's different about what you guys are doing with ARC OS versus what's out there today now that's a great question John so in terms of in terms of what we've done the the third piece you know of the puzzle so to speak when we were talking about our team I talked a little bit about the market opportunity I talked a little bit about the innovation that was happening at the semiconductor and systems level and said the missing link was on the OS and so as I said at the onset we had the benefit of hiring some of the best people in the world and what that gave us the opportunity was to look at the twenty plus years of development that had happened on the operating system side for networking and basically identify those things that really made sense so we had the benefit of being able to adopt what worked and then augment that with those things that were needed for a modern day networking infrastructure environment and so we set about producing a product we call it our Co s and the the characteristics of it that are unique are that its first of all its best-in-class protocols we have minimal dependency on open source protocols and the reason for that is that no serious network operator is going to put an open source networking protocol in the core of their network they're just not going to risk their business and the efficacy and performance of their network for something like that so we start with best-in-class protocols and then we captured them in a very open modular Services microservices based architecture and that allows us the flexibility and the extensibility to be able to compose it in a manner that's consistent with what the end-use case is going to be so it's designed from the onset to be very scalable and very versatile in terms of where it can be deployed we can deploy it you know in a physical environment we can deploy it visa via a container or we could deploy it in the cloud so we're agnostic to all of those use case scenarios and then in addition to that we knew that we had to make it usable it makes no sense to have the best-in-class protocols if our end customers can't use them so what we've done is we've adopted open config yang based models and we have programmable api's so in any environment people can leverage their existing tools their existing applications and they can relatively easily and efficiently integrate our Co s into their networking environment and then similarly we did the same thing on the hardware side we have something that we call D pal it's a data plane adaptation layer it's an intelligent how and what that allows us to do is be Hardware agnostic so we're indifferent to what the underlying hardware is and what we want to do is be able to take advantage of the advancements in the silicon component level as well as at the system level and be able to deploy our go S anywhere it's let's take a step back so you guys so the protocols that's awesome what's the value proposition for our Co S and who's the target audience you mentioned data centers in the past is a data center operators is it developers is it service providers who was your target customer yeah so so the the piece of the puzzle that wraps everything together is we wanted to do it at massive scale and so we have the ability to support internet scale with deep routing capabilities within our Co s and as a byproduct of that and all the other things that we've done architectural II were the world's first operating system that's been ported to the high-end Broadcom strata DNX family that product is called jericho plus in the marketplace and as a byproduct of that we can ingest a full internet routing table and as a byproduct of that we can be used in the highest end applications for network operators so performance is a key value public performance as measured by internet scale as measured by convergence times as measured by the amount of control visibility and access that we provide and by virtue of being able to solve that high-end problem it's very easy for us to come down so in terms of your specific question about what are the use cases we have active discussions in data center centric applications for the leaf and spine we have active discussions for edge applications we have active discussions going on for cloud centric applications arcus can be used anywhere who's the buyer those network operator so since we can go look a variety of personas network operator large telco that's right inner person running a killer app that's you know high mission-critical high scale is that Mike right yeah you're getting you're absolutely getting it right basically anybody that has a network and has a networking infrastructure that is consuming networking equipment is a potential customer for ours now the product has the extensibility to be used anywhere in the data center at the edge or in the cloud we're very focused on some of the use cases that are in the CDN peering and IP you know route reflector IP peering use cases great Steve I want to get your thoughts because I say I know how you invest you guys a great great firm over there you're pretty finicky on investments certainly team check pedigrees they're on the team so that's a good inside market tamp big markets what's the market here for you but how do you see this market what's the bet for you guys on the market side yeah it's pretty pretty straightforward as you look at the size of the networking market with you know three major players around here and you know a longer tail owning a small piece of Haitian giant market is a great way to get started and if you believe in the and the secular trends that are going on with innovation and hardware and the ability to take advantage of them I think we have identified a few really interesting starting use cases and web-scale companies that have a lot of cost and needs in the networking side but what I would love about the software architecture it reminds me a lot of things do have kind of just even the early virtualization pieces if you if you can take advantage of movement in advantages and hardware as they improve and really bring them into a company more quickly than before then those companies are gonna be able to have you know better economics on their networking early on so get a great layer in solve a particular use case but then the trends of being able to take advantage of new hardware and to be able to provide the data and the API is to programmatic and to manage it who one would that it's creative limp limitless opportunity because with custom silicon that has you know purpose-built protocols it's easy to put a box together and in a large data center or even boxes yeah you can imagine the vendors of the advances and the chips really love that there's a good company that can take advantage of them more quickly than others can so cloud cloud service refined certainly as a target audience here large the large clouds would love it there's an app coming in Broadcom as a customer they a partner of you guys in two parts first comes a partner so we we've ported arc OS onto multiple members of the Broadcom switching family so we have five or six of their components their networking system on chip components that we've ported to including the two highest end which is the jericho plus and you got a letter in the Broadcom buying CA and that's gonna open up IT operations to you guys and volge instead of applications and me to talk about what you just said extensibility of taking what you just said about boxes and tying applique and application performance you know what's going to see that vertically integrated and i think i think eloping yeah from from a semiconductor perspective since i spent a lot of time in the industry you know one of the challenges i had founded a high court count multi processor company and one of the challenges we always had was the software and at easy chip we had the world's highest and network processor challenge with software and i think if you take all the innovation in the silicon industry and couple it with the right software the combination of those two things opens up a vast number of opportunities and we feel that with our Co s we provide you know that software piece that's going to help people take advantage of all the great innovation that's happening you mentioned earlier open source people don't want to bring open source at the core the network yet the open source communities are growing really at an exponential rate you starting to see open source be the lingua franca for all developers especially the modern software developers wine not open sourcing the core the amino acids gotta be bulletproof you need security obviously answers there but that seems difficult to the trend on open source what's the what's the answer there on why not open source in the core yeah so we we take advantage of open source where it makes sense so we take advantage of open and onl open network Linux and we have developed our protocols that run on that environment the reason we feel that the protocols being developed in-house as opposed to leveraging things from the open source community are the internet scale multi-threading of bgp integrating things like open config yang based models into that environment right well it's not only proven but our the the the capabilities that we're able to innovate on and bring unique differentiation weren't really going back to a clean sheet of paper and so we designed it ground-up to really be optimized for the needs of today Steve your old boss Palmer rich used to talk about the harden top mmm-hmm similar here right you know one really no one's really gonna care if it works great it's under the under the harden top where you use open source as a connection point for services and opportunities to grow that similar concept yes I mean at the end of the day open source is great for certain things and for community and extensibility and for visibility and then on the flip side they look to a company that's accountable and for making sure it performs and as high quality and so I think I think that modern way for especially for the mission critical infrastructure is to have a mix of both and to give back to community where it makes sense to be responsible for hardening things are building them when they don't expense so how'd you how'd you how'd you land these guys you get him early and don't sit don't talk to any other VCS how did it all come together between you guys we've actually been friends for a while which has been great in it at one point we actually decided to ask hey what do you actually do I found that I was a venture investor and he is a network engineer but now I actually have actually really liked the networking space as a whole as much as people talk about the cloud or open source or storage being tough networking is literally everywhere and will be everywhere and whatever our world looks like so I always been looking for the most interesting companies in that space and we always joke like the investment world kind of San Francisco's applications mid here's sort of operating systems and the lower you get the more technical it gets and so well there's a vaccine I mean we're a media company I think we're doing things different we're team before we came on camera but I think media is undervalued I wrote just wrote a tweet on that got some traction on that but it's shifting back to silicon you're seeing systems if you look at some of the hottest areas IT operations is being automated away AI ops you know Auto machine learning starting to see some of these high-end like home systems like that's exactly where I was gonna go it's like the vid I I especially just love very deep intellectual property that is hard to replicate and that you can you know ultimately you can charge a premium for something that is that hard to do and so that's that's really something I get drugs in the deal with in you guys you have any other syndicates in the video about soda sure you know so our initial seed investor was clear ventures gentleman by the name of Chris rust is on our board and then Steve came in and led our most recent round of funding and he also was on the board what we've done beyond that institutional money is we have a group of very strategic individual investors two people I would maybe highlight amongst the vast number of advisers we have our gentleman by the name of Pankaj Patel punka JH was the chief development officer at Cisco he was basically number two at Cisco for a number of years deep operating experience across all facets of what we would need and then there's another gentleman by the name of Amarjeet Gill I've been friends with armored teeth for 30 years he's probably one of the single most successful entrepreneurs in the he's incubated companies that have been purchased by Broadcom by Apple by Google by Facebook by Intel by EMC so we were fortunate enough to get him involved and keep him busy great pedigree great investors with that kind of electoral property and those smart mines they're a lot of pressure on you as the CEO not to screw it up right I mean come on now get all those smart man come on okay you got it look at really good you know I I welcome it actually I enjoy it you know we look when you have a great team and you have as many capable people surrounding you it really comes together and so I don't think it's about me I actually think number one it's about I was just kidding by the way I think it's about the team and I'm merely a spokesperson to represent all the great work that our team has done so I'm really proud of the guys we have and frankly it makes my job easier you've got a lot of people to tap for for advice certainly the shared experiences electively in the different areas make a lot of sense in the investors certainly yeah up to you absolutely absolutely and it's not it's not just at the at the board it's just not at the investor level it's at the adviser level and also at you know at our individual team members when we have a team that executes as well as we have you know everything falls into place well we think the software worlds change we think the economics are changing certainly when you look at cloud whether it's cloud computing or token economics with blockchain and new emerging tech around AI we think the world is certainly going to change so you guys got a great team to kind of figure it out I mean you got a-you know execute in real time you got a real technology play with IP question is what's the next step what is your priorities now that you're out there congratulations on your launch thank you in stealth mode you got some customers you've got Broadcom relationships and looking out in the landscape what's your what's your plan for the next year what's your goals really to take every facet of what you said and just scale the business you know we're actively hiring we have a lot of customer activity this week happens to be the most recent IETF conference that happened in Montreal given our company launch on Monday there's been a tremendous amount of interest in everything that we're doing so that coupled with the existing customer discussions we have is only going to expand and then we have a very robust roadmap to continue to augment and add capabilities to the baseline capabilities that we brought to the market so I I really view the next year as scaling the business in all aspects and increasingly my time is going to be focused on commercially centric activities right well congratulations got a great team we receive great investment cube conversation here I'm John furry here the hot startup here launching this week here in California in Silicon Valley where silicon is back and software is back it's the cube bringing you all the action I'm John Fourier thanks for watching [Music]

>> Live from Orlando, Florida, it's theCUBE, covering Cisco Live 2018 brought to you by Cisco, NetApp, and theCUBE's ecosystem partners. >> Welcome back everyone. This is theCUBE's live coverage here in Orlando, Florida, for Cisco Live 2018. I'm John Furrier with theCUBE. Stu Miniman, my co-host, for the next two more days. We're in three days of coverage. Our next two guests here from Cisco Ronnie Ray, Vice President of Cisco, and Prakash Rajamani, Director of Project Management at Cisco. Guys, welcome to theCube. Thanks for coming on. >> Thank you, John. >> So all the buzz is about the DevNet developer aspect, the rise of the network engineer moving up to the stack while taking care of business in the software-defined data center, software-defined service provider. Everything is software-defined. You guys are involved in the DNA Center Platform. We talked about the DNA Center, the product. This is a real innovation environment for you guys, so take a minute to explain, what is the DNA Center Platform? And how does that compare from the DNA Center? How should customers think about this? What is it? what's the offering? >> Absolutely. So if we just walk back about a year. A year ago we launched DNA Center. DNA Center is the product, and that supported things, like SD-Access, which is absolutely a new innovation about Software-Defined campuses. Through the year, we've launched showrooms, through the year we've launched Enterprise Network Functions Virtualization, we have capabilities in automation, and these are all product capabilities that DNA Center has. What we're doing today and this week in Cisco live and in the DevNet area right now is that we have launched DNA Center platform, which is the ability to open up and expose all of the APIs and the STKs that now makes DNA Center a product that our customers, our partners and developers out there can now work on and create new value. It could be apps, it could be integrations, it could be new devices, third-party devices that Cisco's never supported before, but they can now make that supportable in DNA Center because we're giving them the tools to do that. >> So this is not so much a customer thing, it's more of a partner or app, is that kind of how this goes? So if I'm a partner, makes sense. is this kind of where it's different? I mean, where's the line here, or is it open for everybody? >> It is for everybody. If you are a networking expert and you've done CLI in the past, what we are doing is making API simpler, we are making them intent-based, which means that they can achieve a lot more and this is open to you as a networking expert, you as an application developer, you as a partner that is providing, creating your services for your end customer or client. All of you can now use DNA Center platform to create new value. >> This is great, it's for everyone. So this is where, if I get this right, we love this notion of DevOps on cloud, Susie and you guys have been talking about network programmability. Is this kind of where it is? We're talking about network programmability, is this where the APIs shine, and what's our vision? >> This is truly network programmability, in fact in the past what we've talked about is device programmability, but now what you're doing in DNA Center platform is really expressing intent and using APIs that apply across the whole network. Prakash can probably give you some examples of what these intent APIs look like. >> I think as Ronnie said, we like to call it Network DevOps, I think Susie calls it that too. And this is the way in which Network DevOps is conductible. There are two kinds of target market that we look at. One is the network engineer who understands everything network-centric, who knows all the nuances, and are very comfortable with those, but then being able to achieve those through a programmable API, that's one market. The way we want to go with the intent API is for the software engineers who want to be able to say, I want to prioritize YouTube traffic less than my network, and I want to prioritize my custom-built app as the most critical for my enterprise, as the most critical on my network. And I want to express that as an intent through an API, and then let the DNA Center platform take care of making that real on the network without having to worry about all the technologies and all the, >> How to provision it, what's going on under the hood, essentially to them it's a call. >> To them it's a call, and it's taken care of. >> That is actually seamless to the software developer, by the way, who doesn't want to get in the weeds of networking. The networking guys who are under the hood, what does it mean for them? They get to provide services to the developers, so it sounds like everyone's winning here. What's the benefit to the network engineers? They get scalability? I see the benefits to the software developer, that's awesome, but where's the network engineer, what are they getting out of it? >> They can achieve more things faster, they can get deeper, and this is absolutely making it simpler for them operationally to run their network. So they can basically free up time to do other tasks, like design and architecture that typically is, very hard to explain. >> Cooler tasks. (laughs) Not boring, mundane, cut and paste the scripts, CLI scripts, to another device. >> Absolutely and that's one part. The other part is about the cool new apps that they can create because there are use cases, even if you look at all the show floor, the companies that are here in Cisco Live and that they come every year, there are use cases out there that even collectively as an industry we cannot solve, that needs to be solved in the context of the company and the environment that you're in and so the network expert that's sitting in a customer environment can say, "Okay, I have this problem, let me solve it, "let me go build-" >> But they're gettable problems to solve now. Because now you're taking off more time, but also cloud and some of the software-defined things are now at the disposal to create that creativity. Is that what you're getting at, this is the new opportunity. Is that what Chuck was kind of referring to in his keynote around getting at these new use cases? >> Certainly, this opens up a new use case because this is a new way to program across the entire network in a much more simpler fashion than it's ever been done before. >> So when I hear a new way to program, I want to understand, what's the learning curve for this? If somebody understands the rocky APIs, is this a short learning curve, if they don't, is it a longer learning curve? >> So what we have done from a learning curve perspective, we have worked with a development team, we have learning labs where somebody who's not familiar with programming completely can start with the basics of, okay, how do I get started with DNA Center platform APIs and get started and go through a sequence of learning labs to get them completely familiarized with everything. Somebody like what you said, like a Meraki person, who's already using the Meraki API, for them, anybody who understands REST XML APIs can just turn around and there's a bunch of new APIs available that they can understand, program, try within the product, and then get sample codes and then build on top of that. So it's that easy as that. >> It was interesting, I was walking through the show floor, talking to some of the customers here, and for some of them, what's off the shelf is good, but I hear them griping about, not about Cisco, some of the partners, like "I can't customize what I need." One of the challenges we've always had in IT is, it's great if you can take the off the shelf, but everybody needs to tweak and adjust what they have. How's that addressed with this solution? >> From a customer's perspective, because we provide in our product we provide a specific set of capabilities, but when it comes to API, we make it much, much, much richer and granular so that people can create any workflow that they want. The workflows that we create in the API context is in three formats. We have what we call as tasks, which are individual operations that we perform, and then we group the tasks and offer them as workflows. And we group the workflows and offer them as an intent. So as a user, based on what level of granular they need, you can go to the lowest level task, or you can go all the way up to the intent based on your skillset and then use them and customize them as it fits your needs. >> So they can get up and running pretty quickly, sounds like, and if you know APIs then it's just JSON, it's all the same XML, all the great stuff, but I gotta ask where this goes from here because one of the things we were talking about before we came on camera is, we've been covering all the Linux Foundation, the Cloud Native Computing Foundation, CNCF, you've got Docker Containers, and containers now have been a great thing. Pretty much check, standard, everyone's using containers. And it's great, put a container around it, a lot of great things could happen. Kubernetes and then microservices around Service Meshes, Diane Greene mentioned in her keynote with Chuck Robbins, Istio was a big hot, one of the hottest projects in the Linux foundation, so that's kind of microservices, this sounds like it's got a lot of levels of granularity. I love that word because now when you get to that point, you can really make the software targeted and strong and bullet-proof. How is that on the road map, where does someone who's actually looking at microservices as a North Star, what does your offering mean for them? Is it right in line? What's the progression, what's the road map? >> So, from a microservice perspective, DNA Center as a product itself is completely microservice-based architecture. There's 110 microservices today that make up what is DNA Center. This gives us a flexibility to really update every single service, every single capability, and make it almost like giving customers ability to do this every two weeks or every four weeks, new changes, new announcements, in a very simple fashion. That's kind of how the part is being built. What we eventually want to do is extend the platform as an ability for partners and others to build microservices that can be built and deployed within DNA Center over time. That's further down the road, but given that solution and given the strategy where we are as a product architecture that lends us to extend that to them. >> It's natural extension, so basically you're cloudified. You've got all the APIs, so if a customer wants to sling APIs, customers want to integrate in, like you mentioned, ServiceNow, they can do that easily today, and then you've got some extensibility in the road map to be kind of Cloud Native when things start growing. Timing's everything, it's kind of evolving right now heavily at the Cloud Native. >> I mean that's the benefit of this architecture, that you can really pick and choose where you want to run over time. We are right now on a box, an appliance that helps us solve the solution, but there's nothing that stops us from going anywhere. >> So Ronnie, I want you to talk about the significance, this is an open platform. I've watched Cisco my entire career, and always Cisco's been heavily involved in standards, but takes arrows from people as to how they do this. This is open, what does that mean? And what's that mean to your customers? >> Absolutely, this is basically opening up Cisco to industry-wide innovation. So until now, if you look at everything that we've done on DNA Center and on some of the other Cisco platforms that Cisco developed, but we are now getting to a point where with DevNet, now with 500,000 developers registered, we have the critical mass to basically say the industry can come and develop on top of Cisco platforms. And so this is completely new kinds of innovation that we will see, use cases that we've never thought of, and this will happen. And of course we will continue to contribute to all whether it's IETF or whether it's OpenConfig, all of these in with the YANG models that we are doing across the industry, those will continue, the open source confirmations that we do, but this is really saying, okay, let's provide our best customers and our partners and of course the individual developer that's out there a way to today build new creations and maybe tomorrow there's a part to monetize that. >> It's interesting you bring that up, I love the open. We love open, we're open content. You guys are now open networking, for lack of a better description. Chuck Robbins talked about in his keynote, one of the things I was really impressed on, he highlighted something that we've been talking about, is that the geo-political, the geo-technical world, is a huge factor, you look at just cloud computing, you've got Regis, you've got GDPR, I mean all these things going on, you mentioned assurances off camera, this is like a huge deal, right. You've got a global tech landscape, you've got global tech compliance issues, so you got this now open source and it's whatever fourth generation where it's part of the entrepreneurial fabric. So Ronnie, I've got to ask you, you've been an entrepreneur before. With bringing entrepreneurship into networking, what's the guiding principles, what's your inspirational view on this because this is really, not only save time for engineers, it makes them part of an open collaborative culture, like open source which you're used to, bringing an entrepreneurial vibe to it. >> Absolutely. >> This is a big dynamic, what's your view on this? >> It's a huge dynamic and I can talk from personal experience, you know when I've done start-ups and I've raised money or put my own money into it, 70% of your calories go in building a platform. So you're just looking at how do I store data, how do I process data, how to I look at availability of systems, and 30% of it really goes into building a use case. What we are doing with DNA Center platform is basically saying forget about the 70%. We will give you normalized data, whether it's for Cisco equipment or whether it's for third-party equipment. So the STK will allow you to bring in Juniper or Huawei or Aruba or whoever that's out there and you can bring that into DNA Center, so now you have a view of the entire network, Cisco and Non-Cisco. You have normalized data for all of those and you can configure all of those, you can image update all of those. It's very very powerful. Just from an ISV standpoint, individual available standpoint now you are kind of unlocking, making this almost democratic. >> You've done the heavy-lifting. >> Yep, absolutely. >> That's what Cloud is all about, but talk about the creativity because you mentioned that entrepreneurial, a lot of the energy goes into trying to find the fatal flaw, is the product gonna be product-market fit, you do all that heavy-lifting and bootstrap it, right now it's simply, okay, I can sling some APIs together, get a prototype, then the creativity starts. Talk about the creativity impact. How do you see that impacting some of these new use cases, these hard problems. This is gonna come from, not some guy coming out of business school saying, "Hey, I'm gonna go hire "some engineers and solve that big, hard problem." It's gonna come organically, this is a huge deal. >> This is a huge deal, and because we're making it simpler it can come from any quarters, it doesn't have to be an established company, it can be an individual person that can't solve any use case, and then we ask Cisco, not only do we have, and of course the majority share in the market, but will also we have the platforms, like DevNet, and DevNet now has an equal system exchange, so if something that's cool can float up in the exchange can be voted on, can become something that becomes an absolutely easy part to monetization for somebody, that basically saying, "Okay, how do I marry business "and how do I take network and bring them together." >> This is awesome and it's also external to Cisco, but talk about the global impact. Just outside North America, massive growth, you're seeing things going on in Europe, but really in the Asia and China, huge growth markets going on. When you go to China, talk about mobility, they have mobility nailed down. India is absolutely on fire, growing like crazy. The talent, this is a melting pot of tech talent. How do you make all that work from a Cisco standpoint because what you want to do is bring the goods to everybody, that's open source. >> Absolutely, so think about any of the logical place that people go to with, given the way that the platform is already built, which is, it is Cloud Native. We've not in the cloud yet, but at some point the platform will go to cloud. And we are looking at harnessing the creative talent worldwide, whether it be in Asia or whether it be in Europe, or whether it be in the Americas, really doing that new value creation and taking that to the masses. And Cisco has the right to claim this market, we are absolutely in support of folks that want to do that. That's why DevNet has all of the learning labs and the sandboxes and everything else that's there in support, these are free to use. We want people to come and learn and co-create on the platform. >> And making it open and collaborative, the community aspect of it. >> Absolutely. >> Alright, final question while you guys are here, obviously you're at the Cisco perspective, but put your industry landscape hat on, people who couldn't make Cisco Live this year here in Orlando, they might be watching this video either live or on demand when it goes up to YouTube. What's the big story, I mean obviously what you guys are doing, across the whole show, what's the most important stories that are developing here this week that people should pay attention to deeply? >> So in terms of looking at the openness of the platform, Cisco is an open platform, API is really the new CLI because that's the way that you'll talk to the network. And think about what Chuck said at the opening keynote, this starts from the user, the things that you want to do to the applications, wherever they live, whether it be in a cloud, in a multi-cloud environment, Cisco is bringing all of that together. >> Prakash, what's your thoughts? >> Adding on to Ronnie's point, the openness and something that new that we are doing, not just from campus perspective, but campus, branch, data center, and making it open across everything, which is what Dave Goeckeler covered today in his keynote, I think that's something that Cisco is not just looking at one infrastructure, but across all of his portfolio and making it unique is really something that people should take away from this one. >> That's awesome. Great stuff, well guys, thanks for sharing. Thanks for co-sharing, co-developing content with us. I gotta say just from the hallway conversations, people are impressed that you guys are taking a very practical approach, not trying to boil over the ocean here with all these capabilities and announcements, focusing on the network value, where it fits in, and being Cloud Native from day one with microservices is a good start, so congratulations. >> Thank you. >> Thanks for sharing. Live coverage here in theCUBER. Day two of Cisco Live, I'm John Furrier with Stu Miniman. More live coverage, stay with us here at day two as we start winding down day two here at Cisco Live in Orlando, Florida, be right back.

>> Announcer: Live from New York City It's TheCube. Covering CyberConnect 2017. Brought to you by Centrify and the Institute for Critical Infrastructure Technology. >> It got out of control, they were testing it. Okay, welcome back everyone. We are here live in New York City for CyberConnect 2017. This is Cube's coverage is presented by Centrify. It's an industry event, bringing all the leaders of industry and government together around all the great opportunities to solve the crisis of our generation. That's cyber security. We have Cricket Liu. Chief DNS architect and senior fellow at Infoblox. Cricket, great to see you again. Welcome to theCUBE. >> Thank you, nice to be back John. >> So we're live here and really this is the first inaugural event of CyberConnect. Bringing government and industry together. We saw the retired general on stage talking about some of the history, but also the fluid nature. We saw Jim from Aetna, talking about how unconventional tactics and talking about domains and how he was handling email. That's a DNS problem. >> Yeah, yeah. >> You're the DNS guru. DNS has become a role in this. What's going on here around DNS? Why is it important to CyberConnect? >> Well, I'll be talking tomorrow about the first anniversary, well, a little bit later than the first anniversary of the big DDoS attack on Dyn. The DNS hosting provider up in Manchester, New Hampshire. And trying to determine if we've actually learned anything, have we improved our DNS infrastructure in any way in the ensuing year plus? Are we doing anything from the standards, standpoint on protecting DNS infrastructure. Those sorts of things. >> And certainly one of the highlight examples was mobile users are masked by the DNS on, say, email for example. Jim was pointing that out. I got to ask you, because we heard things like sink-holing addresses, hackers create domain names in the first 48 hours to launch attacks. So there's all kinds of tactical things that are being involved with, lets say, domain names for instance. >> Cricket: Yeah, yeah. >> That's part of the critical infrastructure. So, the question is how, in DDoS attacks, denial-of-service attacks, are coming in in the tens of thousands per day? >> Yeah, well that issue that you talked about, in particular the idea that the bad guys register brand new domain names, domain names that initially have no negative reputation associated with them, my friend Paul Vixie and his new company Farsight Security have been working on that. They have what is called a -- >> John: What's the name of the company again? >> Farsight Security. >> Farsight? >> And they have what's called a Passive DNS Database. Which is a database basically of DNS telemetry that is accumulated from big recursive DNS servers around the internet. So they know when a brand new domain name pops up, somewhere on the internet because someone has to resolve it. And they pump all of these brand new domain names into what's called a response policy zone feed. And you can get for example different thresh holds. I want to see the brand new domain names created over the last 30 minutes or seen over the last 30 minutes. And if you block resolution of those brand new domain names, it turns out you block a tremendous amount of really malicious activity. And then after say, 30 minutes if it's a legitimate domain name it falls off the list and you can resolve it. >> So this says your doing DNS signaling as a service for new name registrations because the demand is for software APIs to say "Hey, I want to create some policy around some techniques to sink-hole domain address hacks. Something like that? >> Yeah, basically this goes hand in hand with this new system response policy zone which allows you to implement DNS policy. Something that we've really never before done with DNS servers, which that's actually not quite true. There have been proprietary solutions for it. But response policy zones are an open solution that give you the ability to say "Hey I do want to allow resolution of this domain name, but not this other domain name". And then you can say "Alright, all these brand new domain names, for the first 30 minutes of their existence I don't want-- >> It's like a background check for domain names. >> Yeah, or like a wait list. Okay, you don't get resolved for the first 30 minutes, that gives the sort of traditional, reputational, analyzers, Spamhaus and Serval and people like that a chance to look you over and say "yeah, it's malicious or it's not malicious". >> So serves to be run my Paul Vixie who is the contributor to the DNS protocol-- >> Right, enormous contributor. >> So we should keep an eye on that. Check it out, Paul Vixie. Alright, so DNS's critical infrastructure that we've been talking about, that you and I, love to riff about DNS and the role What's it enabled? Obviously it's ASCII, but I got to ask you, all these Unicode stuff about the emoji and the open source, really it highlight's the Unicode phenomenon. So this is a hacker potential haven. DNS and Unicode distinction. >> It's really interesting from a DNS standpoint, because we went to a lot of effort within the IETF, the Internet Engineering Task Force, some years ago, back when I was more involved in the IETF, some people spent a tremendous amount of effort coming up with a way to use allow people to use Unicode within domain name. So that you could type something into your browser that was in traditional or simplified Chinese or that was in Arabic or was in Hebrew or any number of other scripts. And you could type that in and it would be translated into something that we call puny code, in the DNS community, which is an ASCII equivalent to that. The issue with that though, becomes that there are, we would say glifs, most people I guess would say characters, but there are characters in Unicode that look just like, say Latin alphabet characters. So there's a lowercase 'a' for example, in cyrillic, it's not a lowercase 'a' in the Latin alphabet, it's a cyrillic 'a', but it looks just like an 'a'. So it's possible for people to register names, domain names, that in there Unicode representation, look like for example, PayPal, which of course has two a's in it, and those two a's could be cyrillic a's. >> Not truly the ASCII representation of PayPal which we resolve through the DNS. >> Exactly, so imagine how subtle an attack that would be if you were able to send out a bunch of email, including the links that said www.-- >> Someone's hacked your PayPal account, click here. >> Yeah, exactly. And if you eyeballed it you'd think Well, sure that's www.PayPal.com, but little do you know it's actually not the -- >> So Jim Ruth talked about applying some unconventional methods, because the bad guys don't subscribe to the conventional methods . They don't buy into it. He said that they change up their standards, is what I wrote down, but that was maybe their sort of security footprint. 1.5 times a day, how does that apply to your DNS world, how do you even do that? >> Well, we're beginning to do more and more with analytics DNS. The passive DNS database that I talked about. More and more big security players, including Infoblox are collecting passive DNS data. And you can run interesting analytics on that passive DNS data. And you can, in some cases, automatically detect suspicious or malicious behavior. For example you can say "Hey, look this named IP address mapping is changing really, really rapidly" and that might be an indication of let's say, fast flux. Or you can say "These domain names have really high entropy. We did an engram analysis of the labels of these". The consequence of that we believe that this resolution of these domain names, is actually being used to tunnel data out of an organization or into an organization. So there's some things you can do with these analytical algorithms in order to suss out suspicious and malicious. >> And you're doing that in as close to real time as possible, presumably right? >> Cricket: That's right. >> And so, now everybody's talking about Edge, Edge computing, Edge analytics. How will the Edge effect your ability to keep up? >> Well, the challenge I think with doing analytics on passive DNS is that you have to be able to collect that data from a lot of places. The more places that you have, the more sensors that you have collecting passive DNS data the better. You need to be able to get it out from the Edge. From those local recursive DNS servers that are actually responding to the query's that come from say your smart phone or your laptop or what have you. If you don't have that kind of data, you've only got, say, big ISPs, then you may not detect the compromise of somebody's corporate network, for example. >> I was looking at some stats when I asked the IOT questions, 'cause you're kind of teasing out kind of the edge of the network and with mobile and wearables as the general was pointing out, is that it's going to create more service area, but I just also saw a story, I don't know if it's from Google or wherever, but 80% plus roughly, websites are going to have SSL HTBS that they're resolving through. And there's reports out here that a lot of the anti virus provisions have been failing because of compromised certificates. And to quote someone from Research Park, and we want to get your reaction to this "Our results show", this is from University of Maryland College Park. "Our results show that compromised certificates pose a bigger threat than we previously believed, and is not restricted to advanced threats and digitally signed malware was common in the wild." Well before Stuxnet. >> Yeah, yeah. >> And so breaches have been caused by compromising certificates of actual authority. So this brings up the whole SSL was supposed to be solving this, that's just one problem. Now you've got the certificates, well before Stuxnet. So Stuxnet really was kind of going on before Stuxnet. Now you've got the edge of the network. Who has the DNS control for these devices? Is it kind of like failing? Is it crumbling? How do we get that trust back? >> That's a good question. One of the issues that we've had is that at various points, CAs, Certificate Authorities, have been conned into issuing certificates for websites that they shouldn't have. For example, "Hey, generate a cert for me". >> John: The Chinese do it all the time. >> Exactly. I run www. Bank of America .com. They give it to the wrong guy. He installs it. We have I think, something like 1,500 top level certification authorities. Something crazy like that. Dan Komenski had a number in one of his blog posts and it was absolutely ridiculous. The number of different CA's that we trust that are built into the most common browsers, like Chrome and Firefox and things like that. We're actually trying to address some of those issues with DNS, so there are two new resource records being introduced to DNS. One is TLSA. >> John: TLSA? >> Yeah, TLSA. And the other one is called CAA I think, which always makes me think of a California Automotive Association. (laughter) But TLSA is basically a way of publishing data in your own zone that says My cert looks like this. You can say "This is my cert." You can just completely go around the CA. And you can say "This is my cert" and then your DNS sec sign your zone and you're done. Or you can do something short of that and you can say "My cert should look like this "and it should have this CA. "This is my CA. "Don't trust any other one" >> So it's metadata about the cert or the cert itself. >> Exactly, so that way if somebody manages to go get a cert for your website, but they get that cert from some untrustworthy CA. I don't know who that would be. >> John: Or a comprimised-- >> Right, or a compromised CA. No body would trust it. No body who actually looks up the TSLA record because they'll go "Oh, Okay. I can see that Infoblox's cert that their CA is Symantech. And this is not a Symantech signed cert. So I'm not going to believe it". And at the same time this CAA record is designed to be consumed by the CA's themselves, and it's a way of saying, say Infoblox can say "We are a customer of Symantech or whoever" And when somebody goes to the cert and says "Hey, I want to generate a certificate for www.Infoblox.com, they'll look it up and say "Oh, they're a Symantech customer, I'm not going to do that for you". >> So it creates trust. So how does this impact the edge of the network, because the question really is, the question that's on everyone's mind is, does the internet of things create more trust or does it create more vulnerabilities? Everyone knows it's a surface area, but still there are technical solutions when you're talking about, how does this play out in your mind? How does Infoblox see it? How do you see it? What's Paul Vixie working on, does that tie into it? Because out in the hinterlands and the edge of the network and the wild, is it like a DNS server on the device. It could be a sensor? How are they resolving things? What is the protocol for these? >> At least this gives you a greater assurance if you're using TLS to encrypt communication between a client and a web server or some other resource out there on the internet. It at least gives you a better assurance that you really aren't being spoofed. That you're going to the right place. That your communications are secure. So that's all really good. IOT, I think of as slightly orthogonal to that. IOT is still a real challenge. I mean there is so many IOT devices out there. I look at IOT though, and I'll talk about this tomorrow, and actually I've got a live event on Thursday, where I'll talk about it some more with my friend Matt Larson. >> John: Is that going to be here in New York? >> Actually we're going to be broadcasting out of Washington, D.C. >> John: Were you streaming that? >> It is streamed. In fact it's only streamed. >> John: Put a plug in for the URL. >> If you go to www.Infoblox.com I think it's one of the first things that will slide into your view. >> So you're putting it onto your company site. Infoblox.com. You and Matt Larson. Okay, cool. Thursday event, check it out. >> It is somewhat embarrassingly called Cricket Liu Live. >> You're a celebrity. >> It's also Matt Larson Live. >> Both of you guys know what you're talking about. It's great. >> So there's a discussion among certain boards of directors that says, "Look, we're losing the battle, "we're losing the war. "We got to shift more on response "and at least cover our butts. "And get some of our response mechanisms in place." What do you advise those boards? What's the right balance between sort of defense perimeter, core infrastructure, and response. >> Well, I would certainly advocate as a DNS guy, that people instrument their DNS infrastructure to the extent that they can to be able to detect evidence of compromise. And that's a relatively straight forward thing to do. And most organizations haven't gone through the trouble to plumb their DNS infrastructure into their, for example, their sim infrastructure, so they can get query log information, they can use RPZs to flag when a client looks up the domain name of a known command and control server, which is a clear indication of compromise. Those sorts of things. I think that's really important. It's a pretty easy win. I do think at this point that we have to resign ourselves to the idea that we have devices on our network that are infected. That game is lost. There's no more crunchy outer shell security. It just doesn't really work. So you have to have defensive depth as they say. >> Now servs has been around for such a long time. It's been one of those threats that just keeps coming. It's like waves and waves. So it looks like there's some things happening, that's cool. So I got to ask you, CyberConnect is the first real inaugural event that brings industry and some obviously government and tech geeks together, but it's not black hat or ETF. It's not those geeky forums. It's really a business community coming together. What's your take of this event? What's your observations? What are you seeing here? >> Well, I'm really excited to actually get the opportunity to talk to people who are chiefly security people. I think that's kind of a novelty for me, because most of the time I think I speak to people who are chiefly networking people and in particular that little niche of networking people who are interested in DNS. Although truth be told, maybe they're not really interested in DNS, maybe they just put up with me. >> Well the community is really strong. The DNS community has always been organically grown and reliable. >> But I love the idea of talking about DNS security to a security audience. And hopefully some of the folks we get to talk to here, will come away from it thinking oh, wow, so I didn't even realize that my DNS infrastructure could actually be a security tool for me. Could actually be helpful in any way in detecting compromise. >> And what about this final question, 'cause I know we got a time check here. But, operational impact of some of these DNS changes that are coming down from Paul Vixie, you and Matt Larson doing some things together, What's the impact of the customer and they say "okay, DNS will play a role in how I role out my architecture. New solutions for cyber, IOT is right around the corner. What's the impact to them in your mind operationally. >> There certainly is some operational impact, for example if you want to subscribe to RPZ feeds, you've got to become a customer of somebody who provides a commercial RPZ feed or somebody who provides a free RPZ feed. You have to plumb that into your DNS infrastructure. You have to make sure that it continues transferring. You have to plumb that into your sim, so when you get a hit against an RPZ, you're notified about it, your security folks. All that stuff is routine day to day stuff. Nothing out of the ordinary. >> No radical plumbing changes. >> Right, but I think one of the big challenges in so many of the organizations that I go to visit, the security organization and the networking organization are in different silos and they don't necessarily communicate a lot. So maybe the more difficult operational challenge is just making sure that you have that communication. And that the security guys know the DNS guys, the networking guys, and vice versa. And they cooperate to work on problems. >> This seems to be the big collaboration thing that's happening here. That it's more of a community model coming together, rather than security. Cricket Liu here, DNS, Chief Architect of DNS and senior fellow of Infoblox. The legend in the DNS community. Paul Vixie amongst the peers. Really that community holding down the fort I'll see a lot of exploits that they have to watch out for. Thanks for your commentary here at the CyberConnect 2017 inaugural event. This is theCUBE. We'll be right back with more after this short break. (techno music)

>> Hello, we are here On the Ground. This is theCUBE's On the Ground program at Centrify's Headquarters. We go to Cricket Liu, chief DNS officer at Infoblox. Been with the company from the beginning. Great to see you again. Wrote the book on DNS. What year was that? That was between DNS, was like, when I was born. >> Yeah, 1992. September 1992 was when it was published. >> Great to see you. We've done some podcasts together over the years. >> Yeah, good to see you too. >> DNS, now obviously global, ICANN's now global, it's part of the U.N., all different governance bodies, but it's certainly still critical infrastructure. >> Yeah, absolutely. >> Critical infrastructure is now the big conversation as the security paradigm has moved from data center to the Cloud, there's no perimeter anymore. >> Yeah. >> How is that changing the DNS game? >> Well, I think that folks are starting to realize how critical DNS is. In October of last year, we had that huge DDoS attack against Dyn, the big DNS hosting provider in New Hampshire and I think that woke a lot of folks up. A lot of folks realized, holy cow, these guys are not too big to fail as they say. Even though they have enormous infrastructure, widely distributed around the globe, they have such a concentrational power that a huge number of really, really popular web properties were inaccessible for quite sometime, so I think that caused a lot of people to look at their own DNS infrastructure and to reevaluate it and say, well maybe I need to do something. >> Interesting about the stack wars that are going on, that attack, as we've lived through and you've been part of it as chief technical officer in many companies. DNS was always that part where it'd be secure but now you have block change, you have new kinds of infrastructure with mobile computing now over 10 years post iPhone. >> Yep, the critical moment. >> How has infrastructure changed, beyond DNS 'cause it still needs to work together? >> Yeah, well, it's funny because we do have all of these new types of devices. We do have new technologies. But a lot of things have remained the same. DNS is still the same. The remarkable thing is that the latest version in my book is 10 years old, actually 11 years old now, so it's older than the iPhone and people still buy it because the underlying theory is still the same. It hasn't changed. It's a testament, really, to the quality of the original design of DNS that it still works for anything and that it's scaled to serve a network as diverse and as large as the internet is today. >> What's your biggest observation, looking back over the past decade with DNS, about the emergence of virtual machines, now Cloud. Again, the game is still the same 'cause DNS is the plumbing and it provides a lot of the key critical infrastructure for the web and now mobile. What's the biggest observations that you've seen over the decade? >> Well I'd say one of the things that's happened over the last several years that's maybe the most important development in DNS is something that we call response policy zones. Up until now, DNS servers have just been sort of blithely complicit when it comes to, for example, malware. Malware wakes up on a device and it assumes that it has DNS available to it and it uses DNS, for example, to find command to control server, maybe a drop server to exfiltrate data to. In the DNS server, even though it's being asked to look up the address record for CommandAndControlServer.Malware.Org, it just happily goes along with it. A few years ago, Paul Vixie, who I've known for a very long time, came up with this idea called response policy zones which is basically to imbue our DNS servers with resolution policy so that you can tell them, hey if you get a query for a domain name that we know is being used maliciously, don't answer it. Don't resolve it like you normally do. Instead, hand back a little white lie like that doesn't exist and moreover, log the fact that somebody looked it up because it's a good indication that they're infected. >> So bringing policy to DNS is really making it more intelligent. >> Yeah, that's right. >> And certainly as networks grow, I was just watching some of my friends setting up the wireless at Burning Man and the whole new change of how Wi-Fi is being deployed and how networks are being constructed is really coming down to some of the basic principles of DNS to route more, be responsive, and this is kind of a new change. >> Yeah, there's a lot going on in changes to the deployment of DNS. It used to be that most big companies ran all their own DNS infrastructure. At this point, I think most large companies don't bother running, for example, what we'd call their external authoritative DNS infrastructure. They give that to a big hosting provider to do, somebody like Dyn or Verisign or Neustar or somebody like that, so that's a big change. >> Cricket, I want to ask you about the CyberConnect Event going on in New York. Infoblox is involved. Security is paramount, so now an industry event. Centrify is the main sponsor. You guys are involved as a vendor, but it's not a vendor event, it's a industry event. It's a broad category. What's your thoughts on this kind of industry event? Usually in events it's been Black Hat or vendor events pushing their wares and selling their stuff but now security is global. What's your take on this event? >> Well, I'm hoping to be able to spend a little bit of time talking to folks who come to the event about DNS and how it can be used as a tool in their security tool chain. The folks who come to us as Infoblox to our events already know about DNS. They're already network administrators or they're responsible for DNS or something like that. My hope is that we can reach a broader audience through CyberConnect and actually talk to folks who maybe haven't considered DNS as a security tool. Who maybe haven't thought about the necessity to bolster their DNS infrastructure. >> One final question since we're on bonus material time. I've got to ask you about the global landscape. I mean, in my early days involved in DNS when I came was from the '98 to the 2000 time frame. International domain names were Unicode. That's not ASCII. So that technically wasn't DNS, but still, they were keywords. They had this global landscape in, say, China, that actually wasn't DNS so there's all these abstraction layers. Has anything actually evolved out of that trend of really bringing an abstraction layer on top of DNS and certainly now with the nation-states with security are issues, China, Russia, et cetera. How does all that play out? >> Well, international domain names have actually taken off in some areas. And basically it's as you say, you have the ability now to use Unicode labels in domain names in certain contexts, for example, if you're using your web browser you can type in a Unicode domain name and then what the web browser does is it translates it into an equivalent ASCII representation and then resolves it using DNS which is the traditional DNS that doesn't actually know about Unicode. There are actually some very interesting security implications to using Unicode. For example, people can register things that have Unicode, we would say, glyphs in them that look exactly like regular ASCII characters. For example, you could register paypal.com where the A's are actually lowercase A's in Cyrillic. It's not the same code point as an ASCII A. So it's visually. >> Great for hackers. >> Oh yeah. Visually indistinguishable from paypal.com in a lot of contexts and people might click on it and go to a page that looks like PayPal's. >> John: So its a phishing dream. >> Yeah, really dangerous potentially and so we're working out some of the implications of that, trying to figure out, within, for example, web browsers, how do we protect the user from things like this? >> And a lot of SSL out there, now you're seeing HTTPS everywhere. Is that now the norm? >> Yeah, actually, within the internet engineering task force, the IETF, after it became obvious that state-sponsored-- >> John: Attacks. >> Eavesdropping. >> You were smiling. >> Was kind of the norm. >> Got to find the right word. >> Yeah, the IETF embarked on an effort called DPRIVE and DPRIVE is basically a bunch of individual tracks to encrypt basically every single part of the DNS channel, especially that between what we call a stub resolver and the recursive DNS server so that if you're a customer here in the United States and a subscriber to an ISP like Comcast or whomever, you can make sure that that first hop between your computer and the ISP is secured. >> We're getting down and dirty under the hood with Cricket Liu on DNS. I got to ask kind of up level to the consumer. One of the things that kind of pisses me off the most when I'm surfing the web is you see the browser doesn't resolve or you go hit someone's website, oh yeah, something.io, these new domain names, top level gTLDs are out there, .media, all these, and companies have firewalls or whatever their equipment is and it doesn't let it through. Because they're trying to protect the perimeter still, must be, I mean, what does that mean when companies aren't letting those URLs then, it is a firewall issue or is it more they're still perimeter based, they're not resolving it, they're afraid of malware? Somethings aren't resolving in? What does that mean? >> Well I think as often as not it's an operational problem. It could be just a misconfiguration on the part of the folks who are hosting the target website's DNS. It could be that. I don't know a lot of folks who-- >> So it's one of their policies or something, it's just kind of locking down. >> Could be that too. Or it could be, for example, that they have a proxy server and they're trying to limit access to the internet by category. Maybe it does categorization and filtering by-- >> Can you work on that? Can you write some code for that? Well thanks, great to see you, thanks for sharing this conversation here On The Ground at Centrify. >> You're welcome. >> And good luck with the CyberConnect Conference. >> Yeah, nice to see you too. >> Alright, I'm John Furrier with On The Ground here on theCUBE at Centfity's headquarters in Silicon Valley. Thanks for watching.

>> Host: Live, from Santa Clara, California, it's TheCUBE covering Open Networking Summit 2017. Brought to you by the Linux Foundation. (upbeat music) >> Hey, welcome back everybody, Jeff Frick here with theCUBE. We are coming to the end of day two at Open Networking Summit. We just got here today, it's a great show. Everyone who's talking everything about software-defined networking is here. And along with Scott Raynovich we're joined by Dave Ward, one of the luminaries doing panels, doing keynotes. >> Here we are in TheCUBE. >> And here we are. Dave is the CTO of Engineering and Chief Architect at Cisco Systems. So Dave, great to see you as always. >> Great to see you guys. >> So what's the buzz of the show, you've been here for a couple of days, any surprises? >> No real big surprises to be honest, always there's some great announcements and great launches going on. But really what I'm finding surprising is that this is the sixth year of this conference, can you believe that? So year six from where we started, and I may be the first person to say this, have you ever had anybody in theCUBE today talking about openflow? >> Jeff: No. >> Remember those days? >> Now, nothing against open flow that's not my point, but think about how far we've gone and so. >> Scott: Actually, yeah, Martin was talking about it. >> Course he did. Course he did. He's not going to let it go. (laughter) But love you Martin. But really my point is, look how far we've come in six years. Six years ago we had a protocol, small community, one group working on this stuff, really working in standards, there was no open-source associated with that at that time, now look where we are. Basically the place to do work is now in open-source and come together as a community. So, the buzz for me really is holy shit, this thing is real! There's a lot of people investing a lot of money and time and really trying to work together to improve and build the ecosystem around networking, around network functions, what services are being delivered and building a business off networking again, so networking is back. It's cool again. >> Jeff: Right. Great. And then there's this whole new thing coming down the pike in the form of 5G, and IoT that's just opening up a new opportunity kind of redefine, what are these standards, and how is this going to help push things along? >> Well, it's kind of interesting and so I'm just ripping for a second. When you take a look at where we've come over the last several years and it was SDN controllers and configuring the network. Then it was virtualizing the network. There was a lot of talk yesterday and today about analytics and creating a reactive network. All of that has been built in the those six years and come together in different open-source communities to build those pieces. We've got SDN controllers, projects like OpenDaylight, projects like FD.io, projects like PNDA, P-N-D-A-.io. That's the SDN virtualized network and data analytics piece, but when you get to 5G and IoT, one thing I'll be talking about tomorrow in my keynote, is that there're big blocks missing in the industry. So, let's dial it back to historically, remember when the HVAC contractor logged on to the network and that malware on that laptop stole 70 million credit cards, remember that? >> Yes. >> Still haven't solved that problem yet. And so the reason why I'm bringing this up is what's missing, identity. So we had this notion that networks controlled by IT operators that are going to go in and config and provision that network. Well, we're now to the point where we need to link people and things to be able to drive what that intent is on the network, and whether its buzz words, which is real functionality by the way, of micro-segmentation. HVAC contractor goes into a micro-segment, can't get to the point of sale, can't steal the credit cards. Basic bread and butter stuff we want from the network. This is what SDN is supposed to deliver, virtualized services like firewalls and other sporadic security, we'll just hold that for a second. But that linking of who the person is, what device they're on, where they are on campus, where they are in the world, etc., etc., time of day, whatever the case may be, are now the variables that need to go into the top of this system, into a policy engine that then drives that reactive network. We've made a couple of great strides in six years, but to get to 5G, and in particular to get to IoT, we have to have another couple of major blocks come into the industry to make that work well. Hopefully it's open-source where that's going to go, and it's not just a standards body and not just open-source, cuz we still need things to be manufactured and interoperable and the rest of it. So hopefully these things come together as we've seen the maturing of those two big groups. >> I was going to say, it kind of begs the question, what is the interplay between standards bodies versa or together with open-source projects? Cuz before you didn't really have open-sources standards really set. Set the regs. Now you've got these open-source projects, which have a main channel, they might start forking, there's all kinds of places that they can go, and how do the two kind of work together? >> Well there's been a ton of effort, and coming out of the SDN open-source movement around model-driven networking, and although it sounds kind of geeky, the main way of representing those models is through representation called YANG. The interesting thing about YANG is that's been not only adopted in SDN, as the main object and way of representing the models being converted to network and equipment computes, computers etc. But the IETF has taken that up and really driven a service approach through the IETF which is I want to deliver a VPN service, I want to deliver load engineering on the network versus what we did with SNMP, or what the industry did, which was I'm going to fully distribute this out to all the protocols and all the functions and everybody's going to write a NIB etc., etc. and we know how that turned out. So the craze for model-driven networking, the standards bodies picking this up, IETF, MEF, which is metro ethernet forum, broadband forum, BBF. All these organizations have now taken on that mantra that came out of open-source SDN of model-driven networking and are working towards creating those models so that way we will have a standardized way to program the network. But what's next is the telemetry coming out. Those objects need to be standardized so that way whether it's a Cisco device or somebody else's device, it's actually sending out the same data that can be collected and can be interpreted properly. Does it mean that it's a NIB? Does it mean that it's only going to go over one particular transport? I don't think anybody in the industry really cares whether it's JSON, Google RPC, Protobuffs, Netconf, or any of these pieces, they're all perfectly fine, they have different semantics associated with them, but nonetheless those common objects and common data models have been what has been the key to keeping the industry working together, the common architectural philosophy, and then the standards bodies have thankfully picked that up over the last couple of years. >> Yeah we were talking here earlier, I mean you just threw out a bunch of alphabet soup there and I understand 80% of it, but it does raise the issue we were talking about earlier about these standards development organizations and the IETF, the TM Forum, the MEF. Now we have open-source, so we have the Linux Foundation. We have a lot of these different organizations and I think while you would know better than I as a CTO, people are becoming challenged by tracking and following all this stuff, do you think we need some sort of consolidation of these standards or at least some more unification, we just saw ECOMP and Open-O merge so there seems to be some consolidation. What will we see going forward? What's going to help you as the CTO? >> There's no doubt if there's consolidation, that would be easier to track and easier place to develop, but in reality, Scott, it's 50 shades of YANG. (laughter) >> And the reason why I say that is each and every standards body has done their own specific function, again whether it's Metro Ethernet or its broadband access or its mobility, each one of those standards bodies is redefining themselves to be SDN capable. There's no doubt. If there's a one stop shop, it would be the most optimal way to get something done the fastest, but that's not the way the world works. So actually I think we are going to see a continuous increase of more folks working on this, more foundations being build, etc., etc. Although, what we have witnessed over the last couple days in the last year, is that the communities, the open-source communities in particular, are coming together and trying to integrate the pieces together versus just islands of cool technology that there's a few geeks interested in, no. Thankfully the operators and some enterprises have come in and said I need this stuff to work and I need this stuff to work together and that discipline is actually fundamentally new and different than the way either standards bodies worked or open-source worked in the past. So I'd love to say that there'd be even more consolidation. There's frankly a bit of fatigue over, not saying it's wack-a-mole but you have to chase, you have to really figure out and track where all this stuff is going on in the industry to really keep abreast and understand how wide and how deep it goes. >> It's interesting this trend lately where people are just donating ... The project is just being absorbed into Linux Foundation. So now there's at least kind of a consistency across all these various projects, in terms of the way things are managed, the shows, the communication, and them helping standardize a process to help those projects be more successful in their distribution and adoption in the company. >> Linux Foundation has done the industry a huge service. They understand governance. They've gone through a zillion different experiences of how to build communities. What works well when there's competing factions that need to come together and work, on board marketing team, on board legal team, able to build foundations as necessary, or what's been experimented with over the last couple of years is, if you remember when we started to number these, you need to have a 503C, you need to have a foundation, there was frankly a high cost associated with these. Now, open-source is being contributed there's no foundation, and there's no cost. And so there's a whole continuum of things that the industry, the networking industry I should say, is learning about how to build communities and although this sounds cliche, you may launch a product, but you don't launch a community, you actually have to build it. And it's not all one company that's doing the donating or doing the working and that will produce, that'll create the longevity of that particular project. And that is what the Linux Foundation knows how to do well or at least catalyzed people to come together to do that well. >> Now you mentioned one of the big questions that always comes up with open-source is well how do we make money, right? Cause it's all free. It's like, you know ... >> Are we on Jerry Maguire? What's going on? (laughter) >> Jeff: Free like a puppy. (laughing) >> Still my favorite. >> Free like a puppy, yeah, you guys still got to change the newspaper. So you were on a panel today there was a big discussion about the commercialization and how does, I mean obviously Cisco has to stare at this big puppy in the room if you will, you know. What's going to happen to our licensing model with all this open-source, what came out of that discussion, what came out of the panel about how do you make money in this open-source world? >> So a couple of things, one thing that was discussed was not only how to make money, is which comes first, cost reduction, total cost of ownership, or new service revenue. And really the outcome there, and AT&T, Comcast, and Lightspeed Ventures was also in the panel with me. Needless to say it's a combination of both. If you're coming in with a project and the project is please spend this money so you can save this money, we know how to do that math. We can add up the rows and columns and can understand whether or not money will be saved over time. But the new service revenue really certainly in an enterprise space, is really what's being discussed. In particular, can I get these new services, I need these new security functions, I want to manage all my branches from the cloud or whatever the case might be. So new service revenue is depending on which use case, which technology, which layer. Both of those two balance out and they both are required in the algorithm. Now, can people make money off of it? And the answer is, needless to say, Lightspeed Ventures colleague said, "Hey man, if there's a community "and there's a technology, "you can list off a zillion cases of where that community "is turned into a true company that can provide value-add "and additional IP and move forward." Now, let's move this from just startups to big companies like Cisco or AT&T and Comcast and not only do we all use open-source in our projects, all those companies are contributing to open-source. And in Cisco's case, we're contributing to open-source for a couple of key reasons, one is there are gaps in the industry, which were limiting the industry. So let me give an example. We open-sourced a virtual switch router, which you might think, okay it's Cisco they're going to do something in networking, but the reason why we open-sourced it, and it's a piece that we actually use in our products, was there was not a virtual switch or router that had the scale, performance, or features that enabled the industry to utilize all the capabilities of the hardware underneath, whether it's computer or networking or security. And so the industry literally would have stalled with a limited feature set versus being able to utilize decades of networking knowledge and experience in things that are key and necessary, encapsulations, features, filters, quality of service etc., etc. There's a zillion of these pieces. And so there's a couple different ways, how can somebody make money off of this really is the fundamental question. We contribute into open-source communities and use that open-source to build products as well. And we can do this across video, we can do this in networking, and we do this in NFV, we do this in orchestration in these pieces and we also catalyze an ecosystem around these projects and then potentially around our portfolio as well. And so we continuously expand our ecosystem into startups that are using this technology, advancing the technology, enabling the industry to move faster, and trying to fundamentally create those business outcomes that our customers want. >> I just love that you just innately understand the value of an active community and that really comes through, so but unfortunately the janitors have rolled in, the vacuums are going, the garbage cans are rolling, so before they unplug all of our gear, I want to give you the last word Dave. What are some of your top priorities for 2017? >> So top priorities for 2017 really comes down to working towards filling the gaps I mentioned, identity and policy, but additionally number one, make sure that the automation orchestration policy around networking in a containerized stack is created. So we live through a long era of hypervisors and what it was like to work with open stack and what it was like in open-source and have to invent all this technology. We learned a ton. But it doesn't exist in a containerized world. So for 2017, fill the big gaps in the industry and work towards orchestrating and automating networking, compute, storage, and security in a containerized world. >> Pretty simple. I think that's the answer. I was going to say 42 is usually the answer, but I think that was it Dave. (laughter) >> I love 42. (laughing) >> Thanks Dave, so he's Dave Ward, Scott Raynovich, I'm Jeff Frick, you're watching TheCUBE from Open Networking Summit 2017. We'll see you tomorrow. Thanks for watching. (upbeat electronic music) >> You're also an entrepreneur, right? You know the business, you've been in the business.

>> Live from Seattle, Washington, it's theCUBE On the Ground! Covering KubeCon 2016! Brought to you by The Linux Foundation and Red Hat. Here's your host, John Furrier. >> Okay, we are here in Seattle for a special CUBE On the Ground coverage of CloudNativeCon and KubeCon really born out of the KubeCon last year, now called CloudNativeCon. Really great event, dynamic, lot of developers here. This is where the players are. It's really one of those events that's really special and we've been here all day getting ready to get kicked out of the room. The party's going to kick off at 7 o'clock. There's an election going on, the numbers are crazy. And of course we have the CEO of CoreOS, Alex Polvi, who's here, he's been on theCUBE many times. CoreOS, one of the main players in what is the biggest trend of the past few years that has really catapulted cloud and the developers together, certainly in the enterprise and the cloud as containers, and now Kubernetes, great to see you. >> Great to see you as well, John. >> You guys have been in the heart of the battle and part of the growth and the journey. It's been a battle, it's been fun. Do you have scar tissue? You guys have, with Docker's been out there, you guys have been there, you've been at war, you've been friends, just frenemies. And so in the spirit of growth, this is what's happening in the industry. But more than ever, now you're starting to see an acceleration. Acceleration with Kubernetes as a catalyst. Your thoughts on this trend, because now the container mojo is out there, people get it, they see the value. Now they go, okay, with Kubernetes, this brings you in a primitive at an abstraction that I can work with. How is that changing the game right now? >> I think we're going through the biggest transformation we've seen in infrastructure since cloud was invented. So you know, you have it on these cycles, and cloud, while Amazon has been going for, what, 10 years now, almost? >> Ten years, yeah. >> Right, and so, naturally, you'll see things emerge, and what's happening now is a you know this kind of new layer popping out. And containers and distributed systems are I believe are the next major area of infrastructure investment and beyond cloud itself. >> So talking about the open source community role here, because now you're starting to see the open source community get on this. We had Jim Walker who was on, who works on your team. Ex-Hortonworks guy, kind of knows the big data space, seen that movie before, commenting that most of the people born after 2000 don't even know what loading Linux on a machine is. So they're born cloud native. And so, this is a new dynamic that cloud gives more options for invention, a theme we're hearing here, solving these unknown problems, creating value. So whoever can give me the best speed boat to that wins, right? I mean this is what we're seeing. Your thoughts on the community's role in propelling and keeping in check, by the way, any potentially bad behavior. >> Sure, I think the open source community that we have around Kubernetes and kind of all the cloud native work, it's great for number reasons. One, we've, kind of through Cloud Native Computing Foundation, and kind of just, as conscious effort to have really a kind of a company neutral open source ecosystem has caused adoption of all this stuff. It's becoming like a Linux, or becoming I think OpenStack is actually did a pretty good job of this of creating a very vendor neutral ecosystem around it and we're doing it again around Kubernetes and the associated projects around it. One of the big things that's going on here is it is driven out of the spirit of technical excellence as well. These open source projects are the real deal, they're great pieces of software that are being built, so I think the combination of this community as well as software actually being a great piece of technology coming out of it is really going to propel it forward. >> We had Dan Kohn earlier, who's the executive director, he talked about the IETF and how that was shaped, some of the early internet standards with that some of the architectural decisions. There's no dogma. I mean, dogma kills communities. And they don't want that, so they're going to create a separation. There's always going to be dogma at some levels, conflict, but conflict and discourse is good in communities, at some level. What is that vision for the technical excellence now because it certainly is a race. Your thoughts there, and certainly we've seen this playbook when Docker has trying to go for that management orchestration layer. You guys have a strategy. People have to make money. Right, at some point, the playbooks have to change from being we just do some service and support. We have an open core, I'm going to try and do some, you know, mangling of licensing. Your thoughts on, how are people going to make money? >> Yeah, so, on this open community side of things, I have a crazy theory for you, and I think this one's a little bit further out there. >> That's okay, it's still, things are happening on the election night, I blew my mind, I thought Hillary was going to win by a landslide, go crazy. >> So Amazon is actually become both one of the biggest proponents of open source software. It's one of the places where you can get open source databases and open source Linux and all this stuff as easily as possible. At the same time, if you're an open source company, they're one of your biggest threats, 'cause you're worried that Amazon is just going to like, go build your service! I mean, look, we've seen it across every open source company that has any reasonable amount of traction, Amazon will just go build a service that competes with it. Now, the tricky thing with Amazon is all their APIs and management are very Amazon specific. And there aren't ways to get it in other ways. And we've kind of seen this game before, similar to how, there's Microsoft and Windows with Linux, I believe that Amazon might be kind of becoming this such a powerhouse and so dominated in this space that you're going to almost see an open source backlash around it and I can see Kubernetes being a key part of that in the same way that we talk about Kubernetes as a Linux for distributed system! It's, in a way, like an open cloud. It allows you to build these cloud services in a similar way that Amazon has these higher level services that work in any environment that are built around open standards, that encourage the use of just upstream open source projects. And so far, Amazon has not really been villainized at all, and I don't think they should be-- >> And they're not grandstanding, so I think they're kind of bunkering in. Just-- >> Going for it. >> Squirreling away all this-- >> Just keep it going! (laughs) Keep ripping! >> Why even say anything, you kicking ass! Put the heat shield up and just drive fast, right? >> I feel like at some point, the community is going to be like, wait a minute! We have so many eggs in this basket! >> Yeah, we're feeling fleeced! The numbers are out there! >> And it's a proprietary-- >> Well, first of all, Dave Vellante pointed out that their 25% reporting of was GAAP, and the non-GAPP numbers are even higher. So that's real profit, that's real EB dep. So they, are they giving it back to the community? That's your question. >> Well-- >> So I think the backlash is not only giving back to the community, but either wealth creation and ecosystem flourishing, but you're talking about software. >> And it's a cycle. People want something new to emerge, but at the same time, you don't all your eggs in one basket. So, you know, it's cycles. >> Well, I think your thing is plausible. Let's just go down and play out your crazy scenario. So, Linux, was started because of the mini computer. Proprietary naus-is, and the expensive hardware. So if Amazon becomes that version of that 800 pound gorilla that's similar to the mini computer, proprietary operating systems and gear... So it's a scenario. >> Not too wild! >> Okay, so what's next for you guys? Give us the update on CoreOS, what are you guys doing, what are the hot area, what are you guys doing, what's the update real quick? >> Sure, so, the last 3, 3 1/2 years, we've been shepherding along this whole space. Containers, distributed system, Kubernetes, Docker, Rocker, CoreOS Linux, like all sorts of stuff. We finally got the point where our initial kind of groundwork of the distributed platform is all in place and we can start using it. It's like we got IOS or Android to boot and now can start building apps. And last week, we released our first set of apps, I think really paint the vision of where these things are going. As this concept called operators, and it's where we're encoding kind of the operational side of like the things a human sysadmin would do to run a piece of open source software. We're encoding that into an application and it's called an operator, and it can do things like upgrade a cluster, or back it up, or scale it up and down. Same things operate-- >> Like an agent! >> Like an agent, exactly. And it's these management components that we think are going to give companies a ton of leverage to be able to run lots and lots-- >> So when do you guys ship this recently? >> Yeah, we shipped our first couple one for Etcd, and one for Prometheus last week. It's just they're new open source projects. >> So it's like getting a new car and taking it around the track, right? You guys are getting excited. >> Well, in a way, we're calling this kind of whole concept self driving infrastructure, just like you would have a operator sitting there, driving your car, we can now put software in there to kind of help take care of the stuff, the functionality that an operator would do to give-- >> Well, I think that's great, great strategy. We were just at IBM's World of Watson and as they change their event, from Insight to Watson, that's the big hype. Customers are responding to it. They love this cognitive AI'd vision of self driving infrastructure or stuff taking care of itself and focusing on value. I mean there's a lot of stuff in the weeds right now that seems to be automatable. >> Yeah, look, two weeks ago, we had two huge vulnerabilities come out, one on the Linux kernel and one on Kubernetes. And every ops team in the world had to drop what they were doing and go fix that, and they stopped making progress on their business and whatever thing they were trying to deliver and had to go deal with this fire. We can write programs to fix that stuff and we should! And it'll lead to a more efficient business, and it'll also lead to more secure web, in general, if those things just get patched and updated automatically. >> Yeah, that's great, that's a good point, and the DDoS attack with the IOT was even more pedestrian and worse than-- >> Same issue, it's the updates! Update your software, IOT, like, updates, updates fix it. >> Yeah, I think it was probably some eight year old saying ooh, let's just take down, ooh, they left their passwords open, let's just game in. I mean, that's how bad, how easy that hack was, I mean, and it still penetrates, so tons of work to get done to your build. Alex, thanks for coming on theCUBE here On the Ground. That's a wrap here for today, it was a long day. Great to see you, and congratulations on your success. I'm John Furrier. You're watching theCUBE here On the Ground here for KubeCon and CloudNativeCon, thanks for watching. (techno music)