(upbeat Techno music) >> Live from Las Vegas, it's theCUBE, covering VMworld 2018. Brought to you by VMware and it's ecosystem partners. >> Welcome back to theCUBE, we are live day two of VMworld in Las Vegas, Mandalay Bay. It's apparently very hot outside but we're in here getting all the exciting scoop. I'm Lisa Martin with my esteemed co-host John Furrier. Hey, John. >> Great to see you, welcome back to the set. >> Thank you so much. John and I are pleased to be joined by a Fortinet customer, Ken Busby, Keith Busby, excuse me, the executive director of information technology and security at the school district of Philadelphia. Keith, welcome to theCUBE. >> Thank you, thanks for having me. >> So, the school district of Philadelphia, eight largest public school district in the United States. You've got over 134,000 students. >> Yes. >> Over 18,000 staff. If only your IT budget was enormous, right? >> Yes. (laughing) >> So you guys, something also interesting, this morning Malala Yousafzai was speaking with Sanjay Poonen. Very intriguing, on the whole spirit of education, let's talk about that. You guys gave Chromebooks to over maybe half the students, about 50, 60 thousand? >> Well it's not one to one, so they're shared resources, they have carts throughout the school. We have between 50 or 60 thousand Chromebooks on our network right now. >> So I imagine great for the students and the education, the firewall security maybe a bit challenged? >> As we started transitioning to the Chromebooks, it overwhelmed our legacy internet firewalls so we had to go out and do proof of concepts and test multiple vendors. >> Talk about the security, we had Pat Gelsinger sit in theCUBE, I think four years ago, Dave Vellante, co-host, asked him, "Is security a do over?" And he's like, "Yes, it's a do over, "we need to do a do over." I said mulligan, used all kinds of terms, resetting. How have you guys set up your security architecture because I've heard stories of fishing attacks just to get the bandwidth to do Bitcoin mining, to crazy things on the security front. How are you guys laying out your network security? >> Honestly, it changes on a day to day basis, right? Because as new vulnerabilities come out, you always have to adjust your posture. Over the last year and a half we redesigned to wear we're not, we were routing through web proxies, we're required to do web filtering for the students by the CIPA, Children's Internet Protection Act. When we replaced our legacy firewalls, we were able to transition everything over to that and just use the Fortinet firewall to do web filtering, intrusion prevention, anti-virus and traditional firewalling. >> How virtualized are you guys? >> Pretty much completely virtual. We still have a few legacy physical servers but pretty much all. >> One of the things that came up in keynote, today was Sanjay Poonen but yesterday Pat Gelsinger, referred it to, was the bridging of the ways, connecting computers together but he mentioned BYOD, bring your own device as one of the ways and that was really the iPhone kind of generation. Obviously kids got Instagrams and they're on all kind of devices these days, how is that impacting your IT? Is it up and running, is it solid? What are some of the details? >> We don't have a traditional BYOD policy. It's more teachers get devices and they bring them in and we just have to find ways to support it so it stretches us, we're a small staff so we can't always help the end user with their devices so if they bring their own device, we have issues, they're trying to use applications that we can't support for whatever reason so it's an issue. >> Obviously all the devices that come in to the school in addition to the 60,000 Chromebooks, needing to rethink your security architecture, what were some of the technical requirements that you were looking for that made Fortinet the obvious choice? >> Performance and cost, right? As we spoke about, we have budget constraints. They have an extremely high performing firewall at a reasonable price. After we did proof of concept with five different vendors, and theirs just out performed them all. >> How about automation? A big talk in cloud is automation. How are you guys handling automation? Are you micro segmenting? >> We're transitioning to the NSX and Fortinet VMX for our server firewall. That's going to allow us, since we're short staff, if our server team stands up a new server my policies automatically take effect, just through the use of their security tags. >> That's the Fortigate product, right? The VMX? >> Yes. >> How is that working for you guys? >> We just did the proof of concept, we haven't transitioned our live systems over to it. But so far all our tests have shown that it does what we expect it to do. >> What's it like working in such a huge school district? I mean it's basically like, it's probably like a case study in campus wide networking. (laughing) >> We look at it as we're an ISP, right? Every school comes through us. We always say that we're protecting the internet from our students. We have smart kids and they-- >> They're digitally native. >> Yeah. They find ways to do things and then next thing you know I'm getting a report by a website saying, "Hey, we got students coming and throwing attacks at us." >> I was talking to a guy in higher ed about the bandwidth, they have huge bandwidth so obviously people game, including gaming centers, have all kinds of IP management issues. Fortnite's pretty hot, I'm sure how many people are playing Fortnite on your-- >> Luckily we don't allow that, right? (laughing) >> But this is what kids want to do. They're like born hackers. >> It is. >> They're curious. >> Yes. >> And it's good thing but you also want to basically make sure they're safe. >> Yes, that's pretty much what my job is. I want them to learn but at the same time, don't use it for malicious purposes. >> Yeah, its' true. One of the things I liked about public sector is cloud really makes things more efficient. >> It does. >> What are some of the things that you've seen with virtualization and with cloud kind of on the horizon, how has tech helped you guys be efficient and be lean and mean, kind of the 10X IT kind of guy thing? >> Like you said, lean and mean, right? We have a very small staff. The school district's budget is 3.2 billion dollars and IT's operating budget is 20.8 million dollars so as you can see, we really have to be cost effective and that's where virtualization comes into play. >> What's some cool tech that you like on the horizon? We hear a lot about SDWAN, sure that might be something that's cool for you guys? >> I like the VPCs, right? AWS, virtual private clouds, where you can set up your own network out there in Amazon's world, attach it to your vSphere so you can have on premise virtualization and out in the cloud, I think that. >> One of things that Pat Gelsinger talked about yesterday we hear this a lot John, is tech for good. I liked how he described it as it's essentially neutral, it's up to us, VMware, everybody else, to shape it for good. I imagine that's challenging? We talked about the Fortnite explosion, which I have only heard of but you've got so many devices, I imagine there's some amount of security gaps that are probably acceptable. In terms of reducing the maliciousness of some of the things that happen in there, tell us about some of the things that you're achieving there, leveraging such things as the automation, how is that helping you guys to enable the Chromebooks and the BYOD for good? >> Well the automation frees up our time so that we can focus on the policies, the education, the different procedures for the district. This way we're not spending time hitting the keyboard, trying to review our traffic logs. >> You had a session yesterday which you were talking, a breakout session, and you were saying that there were some folks that were so interested in what you we had to say, you had limited time in your session. Give a little bit of an idea of some of the feedback or maybe even people that might be in your similar situation that want to learn from, hey, how did you guys tackle this huge problem? >> They were from a school district in Nebraska and they wanted to see how we were handling and they just became a Fortinet customer and they wanted to see what trials and tribulations we had implementing their equipment, any lessons learned and kind of, we just had a conversation about where we see our programs going. It was nice. >> What about compliance? One of the things that's come up is managing the laws of the land. >> Luckily, I don't have much compliance, right? So we're not PCI, CIPA's pretty much, and FERPA but the only reports that we really have to provide are for CIPA, we'll have to prove that we're doing web filtering. That's where the Fortinet analyzer comes into play. I'm able to just schedule the reports through there. Shows that I'm blocking based on categorization, and we're good. >> What's the biggest thing you've learned over the past couple years in tech and IT to be effective and to do your job, what's the learnings? (laughing) >> It's going to sound weird coming from a security guy but I think it's important to take the risk, right? Accept the risk. Most organizations won't try a piece of equipment live, right? I was the exact opposite, I put every firewall that we were going to try live and pushed our entire network through it. I mean, if it breaks some things, we figured it out but I think that's the only way to get a true test of whether or not it's going to fit your needs. >> One of the things that came up yesterday, I interviewed Andy Bechtolsheim, you know, legend, been called the Rembrandt of chips, Pat Gelsinger called him that down to Arista and other companies. He talked about how NSX has the security wrapped around the application, more around NSX, that's freed up his security teams from handling a lot of the network security which kind of like has been intertwined in the past. Are you seeing that same picture emerge? >> That's why I'm transitioning to that, to get out of the traditional IP base firewall rules. It's not really what it was designed for, it was more for a transport layer. So switching over to the NSX and the BMX, now we're basing it on the application, what it's purpose is. >> What's the impact to you guys? What's that mean for your operations and your benefits for staff, what's the impact? >> It frees us up. During the winter months when we're going to have a snow storm, our server team might have to deploy some more web servers to handle the traffic that's going to come in. Before they would have to reach out to my team, to get us to modify a policy because they have new device coming online, well now they just tag it as a web server and it's automatically in the roles. >> You know I love talking about this topic. I have four kids, two of them are still in high school, two are in college, so it's so funny how they all hacked their report cards because the sandbox was out there for testing the new curriculum so they all get it and they all share it and the school sends out a note, "Well, that's not actually officially updated yet." So the kids are smart, like you said, they're going to get what a sandbox is. They don't know why it's there, they know how to get to it, so you got student elections, all kinds of things that go on in the academic world that have been digitized that are vulnerable, you have to handle that. How do you stay on top, does Fortinet help you there? Or what's the main way to keep the secure access? >> I mean that's why we're going with the VMX, NSX, the micro segmentation, it really takes the effort off of us and allows the appliances to do what they're intended to do. >> That's awesome, well it's a great case study. Any advice for practitioners out there who are in your seat in their world who might be looking at, okay I got to reset, I got to start rethinking things, I got to do more with less, I got to be lean and mean? It's kind of command and control but you got to manage it, you got a lot going on, it's the battlefield of IT is changing. >> Yes. >> So what's your advice? >> Take the risk. (laughing) Try it out. I just recently hired another engineer and on his first day I pretty much told him, "Go ahead and break something, it's alright, "we'll figure it out, we'll fix it." He has his own little lab and I'm like, "Just go mess around and figure it out." >> Play, do some R and D. >> Yeah. >> Kick the tires, yeah, it's the best way to do it. Keith, thanks so much for coming on theCUBE, really appreciate it. It's theCUBE live here in Las Vegas, stick with us for more coverage after this short break. (upbeat techno music)