>> Announcer: Live from New York City It's TheCube. Covering CyberConnect 2017. Brought to you by Centrify and the Institute for Critical Infrastructure Technology. >> It got out of control, they were testing it. Okay, welcome back everyone. We are here live in New York City for CyberConnect 2017. This is Cube's coverage is presented by Centrify. It's an industry event, bringing all the leaders of industry and government together around all the great opportunities to solve the crisis of our generation. That's cyber security. We have Cricket Liu. Chief DNS architect and senior fellow at Infoblox. Cricket, great to see you again. Welcome to theCUBE. >> Thank you, nice to be back John. >> So we're live here and really this is the first inaugural event of CyberConnect. Bringing government and industry together. We saw the retired general on stage talking about some of the history, but also the fluid nature. We saw Jim from Aetna, talking about how unconventional tactics and talking about domains and how he was handling email. That's a DNS problem. >> Yeah, yeah. >> You're the DNS guru. DNS has become a role in this. What's going on here around DNS? Why is it important to CyberConnect? >> Well, I'll be talking tomorrow about the first anniversary, well, a little bit later than the first anniversary of the big DDoS attack on Dyn. The DNS hosting provider up in Manchester, New Hampshire. And trying to determine if we've actually learned anything, have we improved our DNS infrastructure in any way in the ensuing year plus? Are we doing anything from the standards, standpoint on protecting DNS infrastructure. Those sorts of things. >> And certainly one of the highlight examples was mobile users are masked by the DNS on, say, email for example. Jim was pointing that out. I got to ask you, because we heard things like sink-holing addresses, hackers create domain names in the first 48 hours to launch attacks. So there's all kinds of tactical things that are being involved with, lets say, domain names for instance. >> Cricket: Yeah, yeah. >> That's part of the critical infrastructure. So, the question is how, in DDoS attacks, denial-of-service attacks, are coming in in the tens of thousands per day? >> Yeah, well that issue that you talked about, in particular the idea that the bad guys register brand new domain names, domain names that initially have no negative reputation associated with them, my friend Paul Vixie and his new company Farsight Security have been working on that. They have what is called a -- >> John: What's the name of the company again? >> Farsight Security. >> Farsight? >> And they have what's called a Passive DNS Database. Which is a database basically of DNS telemetry that is accumulated from big recursive DNS servers around the internet. So they know when a brand new domain name pops up, somewhere on the internet because someone has to resolve it. And they pump all of these brand new domain names into what's called a response policy zone feed. And you can get for example different thresh holds. I want to see the brand new domain names created over the last 30 minutes or seen over the last 30 minutes. And if you block resolution of those brand new domain names, it turns out you block a tremendous amount of really malicious activity. And then after say, 30 minutes if it's a legitimate domain name it falls off the list and you can resolve it. >> So this says your doing DNS signaling as a service for new name registrations because the demand is for software APIs to say "Hey, I want to create some policy around some techniques to sink-hole domain address hacks. Something like that? >> Yeah, basically this goes hand in hand with this new system response policy zone which allows you to implement DNS policy. Something that we've really never before done with DNS servers, which that's actually not quite true. There have been proprietary solutions for it. But response policy zones are an open solution that give you the ability to say "Hey I do want to allow resolution of this domain name, but not this other domain name". And then you can say "Alright, all these brand new domain names, for the first 30 minutes of their existence I don't want-- >> It's like a background check for domain names. >> Yeah, or like a wait list. Okay, you don't get resolved for the first 30 minutes, that gives the sort of traditional, reputational, analyzers, Spamhaus and Serval and people like that a chance to look you over and say "yeah, it's malicious or it's not malicious". >> So serves to be run my Paul Vixie who is the contributor to the DNS protocol-- >> Right, enormous contributor. >> So we should keep an eye on that. Check it out, Paul Vixie. Alright, so DNS's critical infrastructure that we've been talking about, that you and I, love to riff about DNS and the role What's it enabled? Obviously it's ASCII, but I got to ask you, all these Unicode stuff about the emoji and the open source, really it highlight's the Unicode phenomenon. So this is a hacker potential haven. DNS and Unicode distinction. >> It's really interesting from a DNS standpoint, because we went to a lot of effort within the IETF, the Internet Engineering Task Force, some years ago, back when I was more involved in the IETF, some people spent a tremendous amount of effort coming up with a way to use allow people to use Unicode within domain name. So that you could type something into your browser that was in traditional or simplified Chinese or that was in Arabic or was in Hebrew or any number of other scripts. And you could type that in and it would be translated into something that we call puny code, in the DNS community, which is an ASCII equivalent to that. The issue with that though, becomes that there are, we would say glifs, most people I guess would say characters, but there are characters in Unicode that look just like, say Latin alphabet characters. So there's a lowercase 'a' for example, in cyrillic, it's not a lowercase 'a' in the Latin alphabet, it's a cyrillic 'a', but it looks just like an 'a'. So it's possible for people to register names, domain names, that in there Unicode representation, look like for example, PayPal, which of course has two a's in it, and those two a's could be cyrillic a's. >> Not truly the ASCII representation of PayPal which we resolve through the DNS. >> Exactly, so imagine how subtle an attack that would be if you were able to send out a bunch of email, including the links that said www.-- >> Someone's hacked your PayPal account, click here. >> Yeah, exactly. And if you eyeballed it you'd think Well, sure that's www.PayPal.com, but little do you know it's actually not the -- >> So Jim Ruth talked about applying some unconventional methods, because the bad guys don't subscribe to the conventional methods . They don't buy into it. He said that they change up their standards, is what I wrote down, but that was maybe their sort of security footprint. 1.5 times a day, how does that apply to your DNS world, how do you even do that? >> Well, we're beginning to do more and more with analytics DNS. The passive DNS database that I talked about. More and more big security players, including Infoblox are collecting passive DNS data. And you can run interesting analytics on that passive DNS data. And you can, in some cases, automatically detect suspicious or malicious behavior. For example you can say "Hey, look this named IP address mapping is changing really, really rapidly" and that might be an indication of let's say, fast flux. Or you can say "These domain names have really high entropy. We did an engram analysis of the labels of these". The consequence of that we believe that this resolution of these domain names, is actually being used to tunnel data out of an organization or into an organization. So there's some things you can do with these analytical algorithms in order to suss out suspicious and malicious. >> And you're doing that in as close to real time as possible, presumably right? >> Cricket: That's right. >> And so, now everybody's talking about Edge, Edge computing, Edge analytics. How will the Edge effect your ability to keep up? >> Well, the challenge I think with doing analytics on passive DNS is that you have to be able to collect that data from a lot of places. The more places that you have, the more sensors that you have collecting passive DNS data the better. You need to be able to get it out from the Edge. From those local recursive DNS servers that are actually responding to the query's that come from say your smart phone or your laptop or what have you. If you don't have that kind of data, you've only got, say, big ISPs, then you may not detect the compromise of somebody's corporate network, for example. >> I was looking at some stats when I asked the IOT questions, 'cause you're kind of teasing out kind of the edge of the network and with mobile and wearables as the general was pointing out, is that it's going to create more service area, but I just also saw a story, I don't know if it's from Google or wherever, but 80% plus roughly, websites are going to have SSL HTBS that they're resolving through. And there's reports out here that a lot of the anti virus provisions have been failing because of compromised certificates. And to quote someone from Research Park, and we want to get your reaction to this "Our results show", this is from University of Maryland College Park. "Our results show that compromised certificates pose a bigger threat than we previously believed, and is not restricted to advanced threats and digitally signed malware was common in the wild." Well before Stuxnet. >> Yeah, yeah. >> And so breaches have been caused by compromising certificates of actual authority. So this brings up the whole SSL was supposed to be solving this, that's just one problem. Now you've got the certificates, well before Stuxnet. So Stuxnet really was kind of going on before Stuxnet. Now you've got the edge of the network. Who has the DNS control for these devices? Is it kind of like failing? Is it crumbling? How do we get that trust back? >> That's a good question. One of the issues that we've had is that at various points, CAs, Certificate Authorities, have been conned into issuing certificates for websites that they shouldn't have. For example, "Hey, generate a cert for me". >> John: The Chinese do it all the time. >> Exactly. I run www. Bank of America .com. They give it to the wrong guy. He installs it. We have I think, something like 1,500 top level certification authorities. Something crazy like that. Dan Komenski had a number in one of his blog posts and it was absolutely ridiculous. The number of different CA's that we trust that are built into the most common browsers, like Chrome and Firefox and things like that. We're actually trying to address some of those issues with DNS, so there are two new resource records being introduced to DNS. One is TLSA. >> John: TLSA? >> Yeah, TLSA. And the other one is called CAA I think, which always makes me think of a California Automotive Association. (laughter) But TLSA is basically a way of publishing data in your own zone that says My cert looks like this. You can say "This is my cert." You can just completely go around the CA. And you can say "This is my cert" and then your DNS sec sign your zone and you're done. Or you can do something short of that and you can say "My cert should look like this "and it should have this CA. "This is my CA. "Don't trust any other one" >> So it's metadata about the cert or the cert itself. >> Exactly, so that way if somebody manages to go get a cert for your website, but they get that cert from some untrustworthy CA. I don't know who that would be. >> John: Or a comprimised-- >> Right, or a compromised CA. No body would trust it. No body who actually looks up the TSLA record because they'll go "Oh, Okay. I can see that Infoblox's cert that their CA is Symantech. And this is not a Symantech signed cert. So I'm not going to believe it". And at the same time this CAA record is designed to be consumed by the CA's themselves, and it's a way of saying, say Infoblox can say "We are a customer of Symantech or whoever" And when somebody goes to the cert and says "Hey, I want to generate a certificate for www.Infoblox.com, they'll look it up and say "Oh, they're a Symantech customer, I'm not going to do that for you". >> So it creates trust. So how does this impact the edge of the network, because the question really is, the question that's on everyone's mind is, does the internet of things create more trust or does it create more vulnerabilities? Everyone knows it's a surface area, but still there are technical solutions when you're talking about, how does this play out in your mind? How does Infoblox see it? How do you see it? What's Paul Vixie working on, does that tie into it? Because out in the hinterlands and the edge of the network and the wild, is it like a DNS server on the device. It could be a sensor? How are they resolving things? What is the protocol for these? >> At least this gives you a greater assurance if you're using TLS to encrypt communication between a client and a web server or some other resource out there on the internet. It at least gives you a better assurance that you really aren't being spoofed. That you're going to the right place. That your communications are secure. So that's all really good. IOT, I think of as slightly orthogonal to that. IOT is still a real challenge. I mean there is so many IOT devices out there. I look at IOT though, and I'll talk about this tomorrow, and actually I've got a live event on Thursday, where I'll talk about it some more with my friend Matt Larson. >> John: Is that going to be here in New York? >> Actually we're going to be broadcasting out of Washington, D.C. >> John: Were you streaming that? >> It is streamed. In fact it's only streamed. >> John: Put a plug in for the URL. >> If you go to www.Infoblox.com I think it's one of the first things that will slide into your view. >> So you're putting it onto your company site. Infoblox.com. You and Matt Larson. Okay, cool. Thursday event, check it out. >> It is somewhat embarrassingly called Cricket Liu Live. >> You're a celebrity. >> It's also Matt Larson Live. >> Both of you guys know what you're talking about. It's great. >> So there's a discussion among certain boards of directors that says, "Look, we're losing the battle, "we're losing the war. "We got to shift more on response "and at least cover our butts. "And get some of our response mechanisms in place." What do you advise those boards? What's the right balance between sort of defense perimeter, core infrastructure, and response. >> Well, I would certainly advocate as a DNS guy, that people instrument their DNS infrastructure to the extent that they can to be able to detect evidence of compromise. And that's a relatively straight forward thing to do. And most organizations haven't gone through the trouble to plumb their DNS infrastructure into their, for example, their sim infrastructure, so they can get query log information, they can use RPZs to flag when a client looks up the domain name of a known command and control server, which is a clear indication of compromise. Those sorts of things. I think that's really important. It's a pretty easy win. I do think at this point that we have to resign ourselves to the idea that we have devices on our network that are infected. That game is lost. There's no more crunchy outer shell security. It just doesn't really work. So you have to have defensive depth as they say. >> Now servs has been around for such a long time. It's been one of those threats that just keeps coming. It's like waves and waves. So it looks like there's some things happening, that's cool. So I got to ask you, CyberConnect is the first real inaugural event that brings industry and some obviously government and tech geeks together, but it's not black hat or ETF. It's not those geeky forums. It's really a business community coming together. What's your take of this event? What's your observations? What are you seeing here? >> Well, I'm really excited to actually get the opportunity to talk to people who are chiefly security people. I think that's kind of a novelty for me, because most of the time I think I speak to people who are chiefly networking people and in particular that little niche of networking people who are interested in DNS. Although truth be told, maybe they're not really interested in DNS, maybe they just put up with me. >> Well the community is really strong. The DNS community has always been organically grown and reliable. >> But I love the idea of talking about DNS security to a security audience. And hopefully some of the folks we get to talk to here, will come away from it thinking oh, wow, so I didn't even realize that my DNS infrastructure could actually be a security tool for me. Could actually be helpful in any way in detecting compromise. >> And what about this final question, 'cause I know we got a time check here. But, operational impact of some of these DNS changes that are coming down from Paul Vixie, you and Matt Larson doing some things together, What's the impact of the customer and they say "okay, DNS will play a role in how I role out my architecture. New solutions for cyber, IOT is right around the corner. What's the impact to them in your mind operationally. >> There certainly is some operational impact, for example if you want to subscribe to RPZ feeds, you've got to become a customer of somebody who provides a commercial RPZ feed or somebody who provides a free RPZ feed. You have to plumb that into your DNS infrastructure. You have to make sure that it continues transferring. You have to plumb that into your sim, so when you get a hit against an RPZ, you're notified about it, your security folks. All that stuff is routine day to day stuff. Nothing out of the ordinary. >> No radical plumbing changes. >> Right, but I think one of the big challenges in so many of the organizations that I go to visit, the security organization and the networking organization are in different silos and they don't necessarily communicate a lot. So maybe the more difficult operational challenge is just making sure that you have that communication. And that the security guys know the DNS guys, the networking guys, and vice versa. And they cooperate to work on problems. >> This seems to be the big collaboration thing that's happening here. That it's more of a community model coming together, rather than security. Cricket Liu here, DNS, Chief Architect of DNS and senior fellow of Infoblox. The legend in the DNS community. Paul Vixie amongst the peers. Really that community holding down the fort I'll see a lot of exploits that they have to watch out for. Thanks for your commentary here at the CyberConnect 2017 inaugural event. This is theCUBE. We'll be right back with more after this short break. (techno music)

(upbeat music) >> Narrator: Live from the Seattle, Washington, it's the Cube on the ground, covering KubeCon 2016. Brought to you by the Linux Foundation and Red Hat. Here's your host, John furrier. >> Hello, everyone. Welcome to the Cube special on the ground coverage of KubeCon or CloudNativeCon, this is an event. Seattle booming with attendance, great growth from last year, and we are here in Seattle covering it all. And my next guest is Dan Kohn, who's the executive director of the CNCF, which stands for the Cloud Native Computing Foundation. It's a mouthful, but it's super important part of the Linux foundation. Welcome. >> Thanks so much, really glad to be here. >> Yeah, so big fan of what's happening here. One, the event's awesome. Great uptake from last attendance from last year. >> Yeah, unfortunately, maybe a little too much. We're a little crowded in the foyer and a little bumping on the way into getting in the restroom and everything, but it's one of the challenges of fast growing technology space is trying to figure out a year ahead of time, what size space to get? >> And how many people to squeeze in without getting the fire marshal on your back. >> Exactly. >> Certainly this is going to be a great one because the hallway conversation has been spectacular, and normally the excitement's pretty strong at tech events like this because they're developers, so there's a lot of collaboration going on. But you have a kind of an air of really forward-thinking entrepreneurial kind of thinking going on here. And I haven't seen that in a while and I think that's one of the main things that we're seeing that came out of the containers, Kubernetes. I would say the unveiling and the clarity of at least a path. >> Yes, absolutely. >> And the importance of that. So that's been super important to (indistinct) community. Now making that a part of a foundation, an open source, has challenges. So that's what you're doing. So give us the plan, what's the strategy? >> Sure, so I'm actually relatively new to the space. I just became an executive director five months ago, and this is somewhat of a coming out party. This is the first big event that we've run as the first CloudNativeCon. And it's really just been extraordinary. I'm thrilled to see the range where we're getting some of the biggest companies in the world of the Cisco's, and Wallway's, and IBM's, Red Hat's and such. And then tons of startups, and a lot of real diversity in the end-users as well. Of startups looking at Kubernetes, massive companies, just saw a great presentation from Ticketmaster, about them having 50 year old technology that they're moving forward and putting into containers. >> So in the growth of the market, one of the challenges is to kind of, you know, not so much be a chess player, but be a gardener if you will, kind of like let the flowers bloom, if you will. And that's a challenge cause opensource is very opinionated, but there's also a lot of passion involved. So how do you look at, what's your philosophy on establishing kind of a rules of engagement? How do you foster the innovation? Certainly the market drivers are for more growth, but people have inhibitors on the enterprise that we hear about, support and these things of that nature. So how do you enable that? What's your strategy and what's your view? >> Sure, so CNCF is a very new organization. And my goal on it is to look at a lot of the giants that have come before us of like the Internet Engineering Task Force and the Apache Software Foundation and OpenStack. And my goal is to try and learn from them and ideally to try and make entirely new and different mistakes as opposed to the ones that they may have made in the past. So one of the things that's a little unusual in our setup is that we very much separate all of the technology decisions from the business decisions. We have a governing board of a bunch of the biggest technology companies in the world, the ones I mentioned, plus Google and Samsung just joined, which we're very excited about, a number of others. But they can't actually adopt projects in. So we have a separate group called the technical oversight committee, which is some of the top architects in the cloud space. So we have folks like Ben Hindman of Mesosphere, and Solomon Hykes of Docker, Brian Gantt of Google, and six others, and that's the group that looks at new projects and evaluates them and talks to them and decides whether to adopt them into CNCF or not. And we feel that that separation is really critical so that the technology decisions are not being biased by the business one. >> Yeah, it's always hard to foster growth in the innovation around business models, conflicting with the technology enablement, that's really key. Great to see that decoupling. So on the business model side, thoughts on things that you've learned and observed, learnings that you've had in your past career and applying that now, I mean, the Bait, the rage is on, Open Core to Apache, GPL, you saw some things going on there. So there's like all kinds of different approaches. Are there any thoughts of the winds blowing any which way or the other? >> Sure, I was previously the chief operating officer at the Linux Foundation between '06 and '10, and I definitely think you can, CNCF as part of the Linux Foundation, we took that model of saying, "the technology decisions "need to be separate from business ones." One thing that's interesting to me is that when I was last in this space 10 years ago, people were perfectly fine. Linux Journals, GPL, people were fine with free licenses like MIT and BSD. Since then, and for this group, there is an enormous focus on the Apache license. And the reason why, is the fear of submarine patents. And so the whole goal of CNCF is for us to be an intellectual property no fly zone. That you can have all of these companies that compete very hard in the marketplace, but they can come together and collaborate and share their ideas and their technology without the belief that a couple years later, someone's going to be able to trick someone else in with a lawsuit, and win that. And the Apache license is really the industry consensus right now for best practices. >> It's interesting cause that no fly zone gives the freedom for the creation and the invention side of it. The patent thing is always worrisome, but in general, there's also the business model down the road kind of approach. Which is, "let's go innovate." Apache has done great on packaging. Have someone get some traction. It fosters the community aspect as well as a startup. Maybe not thinking about packaging. >> No, we have an advantage that we're not, unlike OpenStack as an example, we're not trying to come up with the projects ourself. What we're actually doing is scouring the Cloud Native landscape, talking to different groups and saying, "Oh, what do we think is "the best in class project out there?" And in some cases it's more than one, but today we just announced the fourth project that's added to the CNCF. So we have Kubernetes, we have Prometheus, which is a monitoring application. OpenTracing is a tracing, and then today we just added Fluentd, which is a logging solution. And this is the idea that if you have dozens or hundreds of different applications and projects that are each producing a log stream, and then you have a perhaps dozens of other applications that are consuming it, you don't want to have an M times N problem of creating adapters for all of them. Instead, you can plug them all into Fluentd, it has over 300 adapters for different solutions out there. And that provides one comprehensive approach. But what's interesting is that we don't need to win over the community and say, "Oh, here's this project you may not have heard of." There's actually over 2000 users of that today. But by having them here at CNCF, showing how it plugs into other technologies of ours, we think we can hope-- >> You're cross-pollinating? >> Dan: Exactly. >> You're letting it bubble up and you're not being a-- >> Dan: That's exactly the metaphor. >> (laughs) A dictator. Okay, and back to the project side, this is awesome. So you have some gravity around these projects. Is there any cadence or expectation, or is it free for all in terms of the velocity of adoption of projects that the technical committee will oversight? >> We would love to be at the pace of one a month. And I don't know that we'll quite get that fast. One big change that we're hoping to make in the next month or two. When our first two projects were Kubernetes and Prometheus, those are two of the fastest growing best respected projects on GitHub right now. We didn't want to have such a high milestone for every other project we considered. So we're adopting what we think we're going to call an inception stage of earlier projects that we're going to sort of try out, but they have to essentially prove themselves within 12 months. And hopefully that'll allow us to keep a pretty good velocity where we think there's a fantastic number of projects, we think as a community, we can-- >> Yeah, let people fight it out, surface stuff and let people kick the tires, right? That's the incubation period basically. What about the forking and all the battle cage matches that go on, how do you want to handle that or you just let nature take its course? Is that philosophy there? >> Thankfully, when we look at the space and this is really coming out of the Linux Space as well, anyone can fork, and of course it has a slightly different connotation now with GitHub, where when you make a change, you fork it, but there's also just a massive centripetal force pushing people together. And when you have a really high velocity of changes, the idea of forking and you would lose out on that, becomes a lot less appealing. And so, so far thankfully, all of our members and everyone in the community has really been on board on having a single head on working together to have that consultation. >> We just had Richard Kaufman on from, I think Robert Kaufman, I mean, from Samsung, he was talking about that the number two contributor is other. >> Dan: Yes. >> Which is a nice balance to the whole critical mass. >> It's an incredible accomplishment cause for Google to pull in enough people that they're no longer the majority contributor, is something that we're thrilled with. >> Yeah, it's great to see you have Richard Kaufman. Google is the number one contributor, are you worried about that? Maybe, they've been certainly good actors in the community. I mean, they had MapReduce and let Cloudera run with it, look at what happened with that? So, we kind of all know this backstory of Kubernetes, they're kind of letting it bloom on its own. That's consistent with their current posturing? >> Well, I don't think they want to have another Cloudera. >> Which is why they embraced Kubernetes. >> But I definitely don't think it's fair to say that they're doing it on their own. They're still the largest contributor of any one company and they have a massive amount of resources, and I think they see it as a really key technology, it's something they mentioned-- >> What I was referring to is that Cloudera kind of took MapReduce under their wing and made a commercial venture out. >> Dan: Oh yeah, absolutely. >> I think Google didn't want that. >> No, and they, I mean, the way I think about it is, they had this technology a few years ago. This is definitely oversimplified. They could have kept it as a proprietary in the house thing, like Amazon Elastic Container Service. They could have made it an internal open source project, like Go, or they could have just created a Kubernetes foundation that allowed other people in, but they still controlled it. But instead they were really interested in working with the Linux Foundation and creating this Cloud Native Computing Foundation that was always designed to be much more than just Kubernetes. And that really was about trying to push the project out of the nest. But I will say that my understanding is they're still see that as an absolutely core for their business. >> Yeah, I got to give Google props out there for that because they did do the right thing there. they put it out in the open, they did a line, and they could have land grabbed that, in a different way, I mean, certainly not the way that one was above. Final question on this event, KubeCon or KubernetesCon, KubeCon, it's KubeCon, however people call it. Not to confuse with the Cube, this Cube product which is seven years and might be trademark infringement but yeah, we'll get that later. >> Dan: With a K. (both laughing) >> It's still causing a lot of confusion. But that aside, CloudNativeCon also is in conjunction, this is part of the expansion you were mentioning. Talk about the vision for the events, you got one in Berlin coming up, and certainly you could have had probably at least a few more thousand people here for sure. >> Oh well, certainly a few more hundred. And we do feel a little bad that we didn't quite aim high enough. So our vision going forward is that we have CloudNativeCon that represents all of our projects, and that KubeCon represents the biggest part of CloudNativeCon. So it's multiple tracks. It's what a ton of folks go for but we think that it also gives us a chance to expose those people to our other projects, and by the time we get to Berlin, we're certainly hoping that we have another two or three or more projects-- >> And the date on Berlin? >> It's March 29th and 30th. And then we also announced that we're going to be in Austin, in early December. And I'll say that for both of those events, we're tripling the capacity from what we had last year. So we're hoping not to be so crowded. >> I was talking to Andy Jassy last night, we had a one-on-one with him and he's talking about the first Reinvent, he didn't think he can get 4,000 people there as packed. I think you might be, having to look at more capacity potentially. I mean, at this pace. >> It's the hard question is we'd actually like to be signing contracts for 2018, and it's just really hard to predict what the right size is to get for that, because I feel terrible about the fact that we did turn people away, especially end-users that we'd like to be introducing to this space. >> Yeah, well, I can attest people watching this, definitely a fire marshal issue, because it's really packed. That's why we're in a separate room here. There was sunlight in the background earlier. Normally, we're on the show floor with the Cube, but yeah, every space is taken, hallways are jamming. >> The other thing I'll mention though, is that we are also interested in going out and reaching customers and vendors where they are. So we're going to have a booth at AWS Reinvent, and we're looking at other conferences that we can be at to help spread the Cloud Native word. >> We're certainly going to be able to have a hundred events this year, so let us know where you're at, we'll certainly bring you guys on. Let me give you the final word. Tell the folks why Kubernetes is so important. Why is this movement, why are people so excited here? For the folks that couldn't make it, what's the vibe, why is it important, and what's the impact to customers in the industry? >> So the belief is that if you're deploying a new modern software application that, putting into containers, using an orchestration platform like Kubernetes, dividing your app up into microservices is a really such a benefit in terms of optimizing your resources, and tying into a whole rapid development process, continuous integration, continuous deployment, that not doing it almost makes it impossible to compete. And so we think there's just a ton of momentum around containerization and orchestration. >> And the speed of the innovation is one of those things if you're not on it, you fall further behind and it takes more energy to catch up if you try to do it by yourself. That's the benefit of the collective communities and it highlights open source. >> Right. >> Big time in terms of successes. Dan, thanks so much for coming on, sharing the perspective, congratulations and sorry for the folks who couldn't make it, hopefully this video will help. This is the Cube here in Seattle for special coverage of CloudNativeCon and KubeCon, here in Seattle. Thanks for watching, I'm John furrier. >> Dan: Thanks. (upbeat music)