>>Welcome back to the cubes, continuous coverage of AWS storage day. We're in beautiful downtown Seattle in the great Northwest. My name is Dave Vellante and we're going to talk about file systems. File systems are really tricky and making those file systems elastic is even harder. They've got a long history of serving a variety of use cases as with me as Duncan Lennox. Who's the general manager of Amazon elastic file system. Dunkin. Good to see you again, Dave. Good to see you. So tell me more around the specifically, uh, Amazon's elastic file system EFS you, you know, broad file portfolio, but, but let's narrow in on that. What do we need to know? >>Yeah, well, Amazon elastic file system or EFS as we call it is our simple serverless set and forget elastic file system service. So what we mean by that is we deliver something that's extremely simple for customers to use. There's not a lot of knobs and levers. They need to turn or pull to make it work or manage it on an ongoing basis. The serverless part of it is there's absolutely no infrastructure for customers to manage. We handled that entirely for them. The elastic part then is the file system automatically grows and shrinks as they add and delete data. So they never have to provision storage or risk running out of storage and they pay only for the storage they're actually using. >>What are the sort of use cases and workloads that you see EFS supporting? >>Yeah. Yeah. It has to support a broad set of customer workloads. So it's everything from, you know, serial, highly latency, sensitive applications that customers might be running on-prem today and want to move to the AWS cloud up to massively parallel scale-out workloads that they have as well. >>So. Okay. Are there any industry patterns that you see around that? Are there other industries that sort of lean in more or is it more across the board? We >>See it across the board, although I'd have to say that we see a lot of adoption within compliance and regulated industries. And a lot of that is because of not only our simplicity, but the high levels of availability and durability that we bring to the file system as well. The data is designed for 11 nines of durability. So essentially you don't need to be worrying about your anything happening into your data. And it's a regional service meaning that your file system is available from all availability zones in a particular region for high availability. >>So as part of storage data, we, we saw some, some new tiering announcements. W w w what can you tell us about those >>Super excited to be announcing EFS intelligent tiering? And this is a capability that we're bringing to EFS that allows customers to automatically get the best of both worlds and get cost optimization for their workloads and how it works is the customer can select, uh, using our lifecycle management capability, a policy for how long they want their data to remain active in one of our active storage classes, seven days, for example, or 30 days. And what we do is we automatically monitor every access to every file they have. And if we see no access to a file for their policy period, like seven days or 30 days, we automatically and transparently move that file to one of our cost optimized, optimized storage classes. So they can save up to 92% on their storage costs. Um, one of the really cool things about intelligent tiering then is if that data ever becomes active again and their workload or their application, or their users need to access it, it's automatically moved back to a performance optimized storage class, and this is all completely transparent to their applications and users. >>So, so how, how does that work? Are you using some kind of machine intelligence to sort of monitor things and just learn over time? And like, what if I policy, what if I don't get it quite right? Or maybe I have some quarter end or maybe twice a year, you know, I need access to that. Can you, can the system help me figure >>That out? Yeah. The beauty of it is you don't need to know how your application or workload is accessing the file system or worry about those access patterns changing. So we'll take care of monitoring every access to every file and move the file either to the cost optimized storage class or back to the performance optimized class as needed by your application. >>And then optimized storage classes is again, selected by the system. I don't have to >>It that's right. It's completely transparent. So we will take care of that for you. So you'll set the policy by which you want active data to be moved to the infrequent access cost optimized storage class, like 30 or seven days. And then you can set a policy that says if that data is ever touched again, to move it back to the performance optimized storage class. So that's then all happened automatically by the service on our side. You don't need to do anything >>It's, it's it's serverless, which means what I don't have to provision any, any compute infrastructure. >>That's right. What you get is an end point, the ability to Mount your file system using NFS, or you can also manage your file system from any of our compute services in AWS. So not only directly on an instance, but also from our serverless compute models like AWS Lambda and far gays, and from our container services like ECS and EKS, and all of the infrastructure is completely managed by us. You don't see it, you don't need to worry about it. We scale it automatically for you. >>What was the catalyst for all this? I mean, you know, you got to tell me it's customers, but maybe you could give me some, some insight and add some, some color. Like, what would you decoded sort of what the customers were saying? Did you get inputs from a lot of different places, you know, and you had to put that together and shape it. Uh, tell us, uh, take us inside that sort of how you came to where you are >>Today. Well, you know, I guess at the end of the day, when you think about storage and particularly file system storage, customers always want more performance and they want lower costs. So we're constantly optimizing on both of those dimensions. How can we find a way to deliver more value and lower cost to customers, but also meet the performance needs that their workloads have. And what we found in talking to customers, particularly the customers that EFS targets, they are application administrators, their dev ops practitioners, their data scientists, they have a job they want to do. They're not typically storage specialists. They don't want to have know or learn a lot about the bowels of storage architecture, and how to optimize for what their applications need. They want to focus on solving the business problems. They're focused on whatever those are >>You meaning, for instance. So you took tiering is obvious. You're tiering to lower cost storage, serverless. I'm not provisioning, you know, servers, myself, the system I'm just paying for what I use. The elasticity is a factor. So I'm not having to over provision. And I think I'm hearing, I don't have to spend my time turning knobs. You've talked about that before, because I don't know how much time is spent, you know, tuning systems, but it's gotta be at least 15 to 20% of the storage admins time. You're eliminating that as well. Is that what you mean by sort of cost optimum? Absolutely. >>So we're, we're providing the scale of capacity of performance that customer applications need as they needed without the customer needing to know exactly how to configure the service, to get what they need. We're dealing with changing workloads and changing access patterns. And we're optimizing their storage costs. As at the same time, >>When you guys step back, you get to the whiteboard out, say, okay, what's the north star that you're working because you know, you set the north star. You don't want to keep revisiting that, right? This is we're moving in this direction. How do we get there might change, but what's your north star? Where do you see the future? >>Yeah, it's really all about delivering simple file system storage that just works. And that sounds really easy, but there's a lot of nuance and complexity behind it, but customers don't want to have to worry about how it works. They just need it to work. And we, our goal is to deliver that for a super broad cross section of applications so that customers don't need to worry about how they performance tune or how they cost optimize. We deliver that value for them. >>Yeah. So I'm going to actually follow up on that because I feel like, you know, when you listen to Werner Vogels talk, he gives takes you inside. It's a plumbing sometimes. So what is the, what is that because you're right. That it, it sounds simple, but it's not. And as I said up front file systems, getting that right is really, really challenging. So technically what's the challenges, is it doing this at scale? And, and, and, and, and, and having some, a consistent experience for customers, there's >>Always a challenge to doing what we do at scale. I mean, the elasticity is something that we provide to our customers, but ultimately we have to take their data as bits and put them into Adams at some point. So we're managing infrastructure on the backend to support that. And we also have to do that in a way that delivers something that's cost-effective for customers. So there's a balance and a natural tension there between things like elasticity and simplicity, performance, cost, availability, and durability, and getting that balance right. And being able to cover the maximum cross section of all those things. So for the widest set of workloads, we see that as our job and we're delivering value, and we're doing that >>For our customers. Then of course, it was a big part of that. And of course, when we talk about, you know, the taking away the, the need for tuning, but, but you got to get it right. I mean, you, you, you can't, you can't optimize for every single use case. Right. But you can give great granularity to allow those use cases to be supported. And that seems to be sort of the balancing act that you guys so >>Well, absolutely. It's focused on being a general purpose file system. That's going to work for a broad cross section of, of applications and workloads. >>Right. Right. And that's, that's what customers want. You know, generally speaking, you go after that, that metal Dunkin, I'll give you the last word. >>I just encourage people to come and try out EFS it's as simple as a single click in our console to create a file system and get started. So come give it a, try the >>Button Duncan. Thanks so much for coming back to the cube. It's great to see you again. Thanks, Dave. All right. And keep it right there for more great content from AWS storage day from Seattle.

[Music] hi everybody this is David on tape with the Cuban welcome to Boston we're covering storage here at Amazon storage day and we're looking at all the innovations and the expansion of Amazon's pretty vast storage portfolio Duncan Lennox is here is the director of product management for Amazon DFS Duncan good to see it's great to be here so what is so EF s stands for elastic file system what is Amazon EFS that's right EFS is our NFS based filesystem service designed to make it super easy for customers to get up and running with the file system in the cloud so should we think of this as kind of on-prem file services just stuck into the cloud or is it more than that it's more than that but it's definitely designed to enable that we wanted to make it really easy for customers to take the on pram applications that they have today that depend on a file system and move those into the cloud when you look at the macro trends particularly as it relates to file services what are you seeing what a customer's telling you well the first thing that we see is that it's still very early in the move to the cloud the vast majority of workloads are still running on Prem and customers need easy ways to move those thousands of applications they might have into the cloud without having to necessarily rewrite them to take advantage of cloud native services and that's a key thing that we built EFS for to make it easy to just pick up the application and drop it into the cloud without the application even needing to know that it's now running in the cloud okay so that's transparent to the to the to the application and the workload and it absolutely is we built it deliberately using NFS so that the application wouldn't even need to know that it's now running in the cloud and we also built it to be elastic and simple for the same reason so customers don't have to worry about provisioning the storage they need it just works NFS is hard making making NFS simple and elastic is not a trivial engineering task is it it hadn't been done until we did it a lot of people said it couldn't be done how could you make something that truly was elastic in the cloud but still support that NFS but we've been able to do that for tens of thousands of customers successfully and and what's the real challenge there is it to maintain that performance and the recoverability from a technical standpoint an engineering standpoint what's yes sir it's all of the above people expect a certain level of performance whether that's latency throughput and I ops that their application is dependent on but they also want to be able to take advantage of that pay-as-you-go cloud model that AWS created back with s3 13 years ago so that elasticity that we offer to customers means they don't have to worry about capex they don't have to plan for exactly how much storage they need to provision the file system grows and shrinks as they add and remove data they pay only for what they're using and we handle all the heavy lifting for them to make that happen this this opens up a huge new set of workloads for your customers doesn't it it absolutely does and a big part of what we see is customers wanting to go on that journey through the cloud so initially there starting with lifting and shifting those applications as we talked about it but as they mature they want to be able to take advantage of newer technologies like containerization and ultimately even service all right let's talk about EFS ia infrequently access files is really what it's designed for tell us more about it right so one of the things that we heard a lot from our customers of course is can you make it cheaper we love it but we'd like to use more of it and what we discovered is that we could develop this infrequent access storage class and how it works is you turn on a capability we call lifecycle management and it's completely automated after that so we know from industry analysts and from talking to customers that the majority of data perhaps as much as 80% goes pretty cold after about a month and it's rarely touched again so we developed the infrequent access storage class to take advantage of that so once you enable it which is a single click in the console or one API call you pick a policy 14 days 30 days and we monitor the readwrite IO to every file individually and once a file hasn't been read from or written to in that policy period say 30 days we automatically and transparently move it to the infrequent access storage class which is 92% cheaper than our standard storage class it's only two and a half cents in our u.s. East one region as opposed to 30 cents for our standard storage class two and a half cents per per gigabyte per gigabyte month we've done about four customers that were particularly excited about is that it remains active file system data so we move your files to the infrequent access storage class but it does not appear to move in the file system so for your applications and your users it's the same file in the same directory so they don't even need to be aware of the fact that it's now on the infrequent access storage class you just get a bill that's 92 percent cheaper for storage for that file like that ok and it's and it's simple to set up you said it's one click and then I set my policy and I can go back and change my that's exactly right we have multiple policies available you can change it later you can turn off lifecycle management if you decide you no longer need it later so how do you see customers taking advantage of this what do you expect the adoption to be like and what are you hearing from them well what we heard from customers was that they like to keep larger workloads in their file systems but because the data tends to go cold and isn't frequently accessed it didn't make economic sense to say to keep large amounts of data in our standard storage class but there's advantages to them in their businesses for example we've got customers who are doing genomic sequencing and for them to have a larger set of data always available to their applications but not costing them as much as it was allows them to get more results faster as one example you obviously see that yeah what we're what we're trying to do all the time is help our customers be able to focus less on the infrastructure and the heavy lifting and more on being able to innovate faster for their customer so Duncan Duncan some of the sort of fundamental capabilities of EFS include high availability and durability tell us more about that yeah when we were developing EFS we heard a lot from customers that they really wanted higher levels of durability and availability than they typically been able to have on Prem it's super expensive and complex to build high availability and high durability solutions so we've baked that in as a standard part of EFS so when a file is written to an EFS file system and that acknowledgement is received back by the client at that point the data is already spread across three availability zones for both availability and durability what that means is not only are you extremely unlikely to ever lose any data if one of those AZ's goes down or becomes unavailable for some reason to your application you continue to have full read/write access to your file system from the other two available zones so traditionally this would be a very expensive proposition it was sort of on Prem and multiple data centers maybe talk about how it's different in the clouds yeah it's complex to build there's a lot of moving parts involved in it because in our case with three availability zones you were talking about three physically distinct data centers high-speed networking between those and actually moving the data so that it's written not just to one but to all three and we handled that all transparently under the hood in EFS it's all included in our standard storage to your cost as well so it's not something that customers have to worry about more either a complexity or a cost point of view it's so so very very I guess low RPO and an RTO and my essentially zero if you will between the three availability zones because once your client gets that acknowledgement back it's already durably written to the three availability zones all right we'll give you last word just in the world of file services what should we be paying attention to what kinds of things are you really trying to achieve I think it's helping people do more for less faster so there's always more we can do and helping them take advantage of all the services AWS has to offer spoken like a true Amazonian Duncan thanks so much for coming on the queue for thank you good all right and thank you for watching everybody be back from storage day in Boston you watching the cute

(rousing music) >> Hello everyone. Welcome back to "theCUBE's" day one coverage of Cloud Native Security Con 23. This is going to be an exciting panel. I've got three great guests. I'm Lisa Martin, you know our esteemed analysts, John Furrier, and Dave Vellante well. And we're excited to welcome to "theCUBE" for the first time, Yves Sandfort, the CEO of Comdivision Group, who's coming to us from Germany. As you know, Cloud Native Security Con is a global event. Everyone welcome Yves, great to have you in particular. Welcome to "theCUBE." >> Great to be here. >> Thank you for inviting me. >> Yves, tell us a little bit, before we dig into really wanting to understand your perspectives on the event and get Dave and John's feedback as well, tell us a little bit about you. >> So yeah, talking about me, or talking about Comdivision real quick. We are in the business for over 27 years already. We started as a SaaS company, then became more like an architecture and, and Cloud Native company over the last few years. But what's interesting is, and I think that's, that's, that's really interesting when we look at our industry. It hasn't really, the requirements haven't really changed over the years. It's still security. We still have to figure out how we deal with security. We still have to figure out how we deal with compliance and everything else. And I think therefore, it's more and more important that we take these items more seriously. Also, based on the fact that when we look at it, how development and other things happen nowadays, it's, it's, everybody says it's like open source. It's great because everybody can look into the code. We, I think the last few years have shown us enough example that that's not necessarily solving all the issues, but it's also code and development has changed rapidly when we look at the Cloud Native approach, where it's far more about gluing the pieces together, versus the development pieces. When I was actually doing software development 25 years ago, and had to basically build my code because I didn't have that much internet access for it. So it has evolved, but even back then we had to deal with security and everything. >> Right. The focus on security is, is incredibly important, and the focus keeps growing as you mentioned. This is, guys, and I want to get your perspectives on this. We're going to start with John. This is the first time Cloud Native Security Con is its own event being extracted from, and amplified from KubeCon. John, I want to understand from your perspective, break down the event, what you see, what you've heard, and Cloud Native Security in general. What does this mean to companies? What does it mean to customers? Is this a reality? >> Well, I think that's the topic we want to discuss, and I think Yves background, you see the VMware certification, I love that. Because what VMware did with virtualization, was abstract that from server virtualization, kind of really changed the game on things, and you start to see Cloud Native kind of go that next level of how companies will be operating their business, not just digital transformation, as digital transformation goes to completion, it's total business transformation where IT is everywhere. And so you're starting to see the trends where, "Okay, that's happening." Now you're starting to see, that's Cloud Native Con, or KubeCon, AWS re:Invent, or whatever show, or whatever way you want to look at it. But in, in the past decade, past five years, security has always been front and center as almost a separate thing, and, in and of itself, but the same thing. So you're starting to see the breakout of security conversations around how to make things work. So a lot of operational conversations around what used to be DevOps makes infrastructure as code, and that was great, that fueled that. Then DevSecOps came. So the Cloud Native next level, is more application development at scale, developers driving the standards with developer first thinking, shifting left, I get all that. But down in the lower ends of the stack, you got real operational issues. DNS we've heard in the keynote, we heard about the Colonel, the Lennox Colonel. Things that need to be managed and taken care of at a security level. These are like, seem like in the weeds, but you're starting to see that happen. And the other thing that I think's real about Cloud Native Security Con that's going to be interesting to watch, is Amazon has pretty much canceled all their re:Invent like shows except for two; Re:Invent, which is their annual conference, and Re:Inforce, which is dedicated to securities. So Cloud Native, Linux, the Linux Foundation has now breaking out Cloud Native Con and KubeCon, and now Cloud Native Security Con. They can't call it KubeCon because it's not Kubernetes, but it's like security focus. I think this is the beginning of starting to see this new developer driving, developers driving the standards, and it has it implications, what used to be called IT ops, and that's like the VMwares of the world. You saw all the stuff that was not at developer focus, but more ops, becoming much more in the application. So I think, I think it's real. The question is where does it go? How fast does it develop? So to me, I think it's a real trend, and it's worthy of a breakout, but it's not yet clear of where the landing zone is for people to start doing it, how they get started, what are the best practices. Machine learning's going to be a big part of this. So to me it's totally cool, but I'm not yet seeing the beachhead. So that's kind of my take. >> Dave, our inventor and host of breaking analysis, what's your take? >> So when you, I think when you zoom out, there's some, there's a big macro change that's been going on. I think when you look back, let's say 10, 12 years ago, the, the need for speed far trumped the, the, the security aspect, the governance, the data privacy. It was like, "Yeah, the risks, they're not that great compared to our opportunity." That has completely changed because the risks are now so much higher. And so what's happening, I think there's a, there's a major effort amongst CIOs and CISOs to try to make security not a blocker because it use to be, it still is. "Okay, I got this great initiative." Eh, give it to the SecOps pros, and let them take it for a while before we can go to market. And so a huge challenge now is to simplify, automate, AI comes in, the whole supply chain security, so the, so the companies can not be facing so much friction. And that is non-trivial. I don't think we're anywhere close there, but I think the goal is by, within the next several years, we're going to be in a position, that security, we heard today, is, wasn't designed in to the initial internet protocols. It was bolted on. And so increasingly, the fundamental architecture of the internet, the Cloud, et cetera, is, is seeing designed in security, and, and that is an imperative, or else business is going to come to a grinding halt. >> Right. It's no longer, the bolt no longer works. Yves, what's your perspective on Cloud Native Security, where it stands today? What's in it for customers, whether we're talking about banks, or hospitals, or retailers, what do you think? >> I think when we, when we look at security in the, in the modern world, is we need to as, as Dave mentioned, we need to rethink how we apply it. Very often, security in the past has been always bolted on in the end. If we continue to do that, it'll become more and more difficult, because as companies evolve, and as companies want to bring products and software to market in a much faster and faster way, it's getting more and more difficult if we bolt on the security process at the end. It's like, developers build something and then someone checks security. That's not going to work any longer. Especially if we also consider now the changes in the industry. We had Stack Overflow over the last 10 years. If I would've had Stack Overflow 15, 20, what, 25 years ago when I was a developer, it would've changed a hell lot. Looking at it now, and looking at it what we had in the last few weeks, it's like where nearly all of my team members say is like finally I don't need any script kiddies anymore because I can't go to (indistinct) who writes the code for me. Which is on one end great, because it enables us to solve certain problems in a much higher pace. But the challenge with that is, if the people who just copy and past that code, don't understand the implications of that code, we have a much higher risk continuously. And what people thought was, is challenging with Stack Overflow. Imagine that something in one of these AI engines, is actually going ballistic, and it creates holes in nearly every one of these applications. And trust me, there will be enough developers who are going to use these tools to develop codes, the same as students in university are going to take this to write their essays and everything else. And so it's really important that every developer team basically has a security person within their team, and not a security at the end. So we build something, we check it, go through QA, and then it goes to security. Security needs to be at the forefront. And I think that's where we see Cloud Native Security Con, where we see AWS. I saw it during re:Invent already where they said is like, we have reinforced next year. I think this becomes more and more of a topic, and I think companies, as much as it is become a norm that you have a firewall and everything else, it needs to become a norm that when you are doing software development, and every development team needs to have a security person on that needs to be trained. >> I love that chat comment Dave, 'cause you and I were talking about this. And I think that is going to be the issue. Do we need security chat for the chat bot? And there's like a, like a recursive model there. The biases are built in. I think, and I think our interview with the Palo Alto Network's co-founder, Dave, when he talked about zero trust as a structured way to start things, but he was referencing that with Cloud, there's a chance to rethink or do a do-over in security. So, I think this is kind of to me, where this is all going. And I think you asked Pat Gelsinger what, year 2013, 2014, can, is security a do over? I think we're in that do over time. >> He said yes. >> He said yes. (laughing) He was right. But yeah, eight years later... But this is, how do you, zero trust gives you some structure, but how do you organize and redo security? Because to me, I think that's what's happening here. >> And John you heard, Zuk at Palo Alto Network said, "Yeah, the, the words security and architecture, they don't go together historically." And so it is a total, total retake. >> Well is that because there's too many tools out there and- >> Yeah. For sure. >> Yeah, well, first of all, a lot of hardware. And then yeah, a lot of tools. You even see IIOT and industry 40, you see IOT security coming up as another stove pipe, and that's not the right approach. And, and so- >> Well let me, let me ask you a question Dave, and Yves, if you don't mind. 'Cause I was just riffing on this yesterday about this. In the ML space, you're seeing the ML models, you're seeing proprietary models versus open source. Is security going to go down this proprietary security methods and open source? Because that's interesting, because the CNCF is run by the the Linux Foundation. So you can almost maybe see a model where there's more proprietary security methods than open source. Or is it, is that a non-issue? >> I would, I would, let me, if I, if I jump in here first, I think the last, especially last five or 10 years have clearly shown the, the whole and, and I invested early on in the, in the end 90s in several open source startups in the Bay area. So, I'm well behind the whole open source idea and, and mid (indistinct) and others back then several times. But the point is, I think what we have seen is open source is not in general, more secure or less secure, because code is too complex nowadays. You have millions of lines of code, and it's not that either one way or the other is going to solve it. The ways I think we are going to look at it is more is what's the role to market, because only because something is open source doesn't necessarily mean it's going to be available for everyone. And the same for proprietary source from that perspective, even though everybody mixes licensing and payments and all that all the time, but it doesn't necessarily have anything to do with it. But I think as we are going through it, and when we also look at the industry, security industry over the last 10 plus years has been primarily hardware focused. And a lot of these vendors have done a good business out of selling hardware boxes, putting software on top of it. Whereas in reality, those were still X86 standard boxes in the end. So it was not that we had specific security ethics or anything like that in there anymore. And so overall, the question of the market is going to change. And as we are looking into Cloud Native, think about someone like an AWS, do you really envision them to have a hardware box of every supplier in their data center, and that in every availability zone in every region? Same for Microsoft, same for Google, etc? So we need to have new ways on how we can apply security. And that applies both on the backend services, but also on the front end side. >> And if I, and if I could chime in, I think the, the good, I think the answer is, is, is no and yes. And what I mean by that is if you take, antivirus and known malware, I mean pretty much anybody today can, can solve that problem, it's the unknown malware. So I think the yes part of the answer is yes, it's, it's going to be proprietary, but in the sense we're going to use open source tooling, and then apply that in a proprietary way with, with specific algorithms and unique architectures that are going to solve problems. For example, XDR with, with unknown malware. So, and that's the, that's the hard part. As somebody said, I think this morning at the keynote, it's, it's all the stuff that, that the SecOps team couldn't find. That's the really hard part. >> (laughs) Well the question will be will, is the new IP, the ability to feed ChatGPT some magical spelled insertion query string that does the job, that's unique, that might be the new IP, the the question to ask. >> Well, that's what the hackers are going to do. And I, they're on offense. (John laughs) And the offense knows what play is coming. So, they're going to start. >> So guys, let's take this conversation up a level. I want to get your perspectives on what's in this for me as a customer? We know security is a board level conversation. We talk about this all the time. We also know that they're based on, I think David, was the conversations that you and I had, with Palo Alto Networks at Ignite in December. There's a, there's a lack of alignment between the executives and the board from a security perspective. When we talk about Cloud Native Security, we all talked about the value in that, what's in it for customers? I want to get your perspectives on should this be a board level conversation, and if so, how do you advise organizations, whether it is a hospital, or a bank, or an organization that is really affected by things like ransomware? How should they be thinking about this from an organizational perspective? >> Well, I'll start first, because we had this conversation during our Super Cloud event last month, and this comes up a lot. And this is, the CEO board level. Yes it is a board level conversation for security, as is application development as in terms of transforming their business to be competitive, not to be on the wrong side of history with this wave coming. So I think that's more of a management. But the issue is, they tell their people, "Go do it." And they're like, 'cause they get sold on the idea of, "Hey, won't you transform your business, and everything's going to be data driven, and machine learning's going to power your apps, get new customers, be profitable." "Oh, sign me up for that." When you have to implement this, it's really hard. And I think the core issue is, where are companies in their life cycle of the ability to execute and architect this thing properly as Dave said, Nick Zuk said, "You can't have architecture and security, you need platforms." So, I think the re-platforming, and the re-factoring of business is a big factor, and that's got to get down into the, the organizational shifts and the people to do it. So are there skills? Do I do a managed service? How do I architect it? Are there more services? Are there developers doing applications that are going to be more agile? So, this is not an easy thing. And to move a business from IT operations that is proven, to be positioned for this enablement, is just really difficult. And it's expensive. And if you screw it up, you could be, could be on the wrong side of things. So, to me, that's the big issue is, you sell the dream and then you got to implement it. And that's really difficult. >> Yves, give us your perspective on, based on John's comments, how do organizations shift so dramatically? There's a cultural element there as well, but there's also organizations that are, have competitive competitors in the rear view mirror, and there's time to waste. What are your thoughts on that? >> I think that's exactly the point. It's like, as an organization, you need to take the decision between the time, the risk, and all the other elements we have into this game. Because you can try to achieve 100% security, but that's exactly the same as trying to, to protect gold or anything else 100%. It's most likely not going to be from a risk perspective anyway sensible. And that's the same from a corporational perspective. When you look at building new internet services, or IOT services, or any kind of new shopping experience or whatever else, you need to balance out between the risks and the advantages out of it. And you also need to be accepting that you potentially on the way make mistakes, but then it's more important than ever that you are able to quickly fix any mistakes, and to adjust to anything what's happening in the market. Because as we are building all these new Cloud Native applications, and build up all these skill sets, one of the big scenarios is we are far more depending on individual building blocks. These building blocks come out of open source communities, which have a much different way. When we look back in software development, back then we had application servers from Oracle, Web Logic, whatsoever, they had a release cycles of every three to six months. As now we have to deal with open source, where sometimes release cycles are on a four week schedule, in between security patches. So you need to be much faster in adopting that, checking that, implementing that, getting things to work. So there is a security stretch from that perspective. There is a speech stretch on the other thing companies have to deal with, and on the other side it's always a measurement between the risk, and the security you can afford. Because reality is, you will not be 100% protected no matter what you do. So, you need to balance out what you as an organization can actually build on. But I think, coming back also to the point, it's on the bot level nowadays. It's like nearly every discussion we have with companies nowadays as they move into the Cloud, especially also here in Europe where for the last five years, it was always, it's like "It's data privacy." Data privacy is no longer, I mean, yes, for certain people, it's still the point, but for many more people it's like, "How protected is my data?" "What do we do in case of ransomware attack?" "What do we do in case of a denial of service?" All of these things become more vulnerable, where in the past you were discussing these things with a becking page, or, or like a stock exchange. They were, it's like, "What the hell is going to happen if we have a denial of service?" Now all of the sudden, this now affects nearly everyone in their storefronts and everything else, because everything is depending on it. >> Yeah, I think you're right on. You think about how cultural change occurs, it's bottom ups or, bottom up, top down or middle out. And what, what's happened with security is the people in the security team cared about it, they were the, everybody said, "Oh, it's their problem." And then it just did an end run to the board, kind of mid, early last decade. And then the board sort of pushed that down. And the line of business is realizing, "Holy cow. My business, my EBIT can be dramatically affected by this, so I care." Now it's this whole house, cultural team sport. I know it's sort of a, a cliche, but it, it's true. Everybody actually is beginning to care about security because the risks are now so high, and it's going to affect not only the bottom line of the company, the bottom line of the business, their job, it's, it's, it's virtually everywhere. It's a huge cultural shift that we're seeing. >> And that's a big challenge for organizations in any industry. And Yves, you talked about ransomware service. Every industry across the globe is vulnerable to this. But how can, maybe John, we'll start with you. How can Cloud Native Security help organizations if they're able to embrace it, operationally, culturally, dial down some of the vulnerabilities that just seem to keep growing? >> Well, I mean that's the big question. The breaches are, are critical. The governances also could be a way that anchors down growth. So I think the balance between the governance compliance piece of it is key, but making the developers faster and more productive is the key to me. And I think having the security paradigm where they're not blockers, as Dave said, is critical. So I love the whole shift left, but now that we have more data focused initiatives around how that, you can use data to understand the security issues, I think data and security are together, and I think there's a going to be a data operating system model emerging, where data and security will be almost one thing. And that will be set up by the security teams, and the data teams together. And that will feed guardrails into the developer environment. So the developer should feel no pain at all in doing this. So I think the best practice will end up being what we're seeing with supply chain, security, with making sure code's verified. And you're going to see the container, security side completely address has been, and KubeCon, we just, I asked Scott Johnson, the CEO of Docker, and I asked him directly, "Are you guys all tight on container security?" He said, yes, but other people are suggesting that's not true. There's a lot of issues with the container security. So, there's all kinds of areas where there's holes. So Cloud Native is cool on one hand, and very relevant, but if it's not shored up, it's going to be a problem. But I, so I think that's where the action will be, at the developer pipeline, in the containers, and the data. So, that will be very relevant, and if companies nail that, they'll be faster, they'll have better apps, and that'll be the differentiator. And again, if they don't on this next wave, they're going to be driftwood. >> Dave, how do they prevent becoming driftwood? >> Well, I think Cloud has had a huge impact. And a Cloud's by no means a panacea, but let's face it, it's dramatically improved a lot of companies security posture. Now there's still that shared responsibility. Even though an S3 bucket is encrypted, it's still your responsibility to make sure that it doesn't get decrypted by somebody who has access to it. So there are things like that, but to Yve's earlier point, that can be, that's done through software now, it's done through best practices. Those best practices can be shared. So the way you, you don't become driftwood, is you start to, you step back, rethink that security architecture as we were talking about earlier, take advantage of the Cloud, take advantage of Cloud Native, and all the, the rapid pace of innovation that's occurring there, and you don't use, it's called before, The audit is the last line of defense. That's no longer a check box item. "Oh yeah, we're in compliance." It's, this is a business imperative, and because we're going to reduce our expected loss and reduce our business risk. That's part of the business case today. >> Yeah. >> It's a huge, critically important part of the business case. Yves, question for you. If you're in an elevator with a CEO, a CFO, and a CISO, and they're talking about security and Cloud Native Security, what's your value proposition to them on a, on a say a 32nd elevator ride? >> Difficult story. I think at the moment, the most important part is, we need to get people to work together, and we need to train people to work more much better together. I think that's the overall most important part for all of these solutions, because in the end, security is always a person issue. If, we can have the best tools in the industry, as long as we don't get all of these teams to work together, then we have a problem. If the security team is always seen as the end of the solution to fix everything, that's not going to work because they always are the bad guys in the game. And so we need to bring the teams together. And once we have the teams work together, I think we have a far better track on, on maintaining security. >> John and Dave, I want to get your perspectives on what Yves just said. In all the experience that the two of you have as industry analysts here on "theCUBE," Wikibon, Siliconangle Media. How do you advise organizations to get those teams together? As Eve said, that alignment is critical, but John, we'll start with you, then Dave go to you. What's your advice for organizations that need to align those teams and really don't have a lot of time to wait to do it? >> (chuckling) That's a great question. I think, I think that's everyone pays hundreds of thousands of millions of dollars to get that advice from these consultants, organizations out there doing the transformations. But I think it comes down to personnel and commitment. I think if there's a C-level commitment to the effort, you'll see the institutional structure change. So you can see really getting behind it with their, with their wallet and their, and their support of either getting more personnel to support and assist, or manage services, or giving the power to the teams to execute and doing it in a way that, that's, that's well known and best practices. Start small, build out the pilots, build the platform, and then start getting it right. And I think that's the key. Not the magic wand, the old model of rolling out stuff in, in six month cycles. It's really, get the proof points, double down and change the culture, but also execute and have real metrics. And changing the architecture, like having more penetration tests as a service. Doing pen tests is like a joke now. So that doesn't make any sense. You got to have that built in almost every day, and every minute. So, these kinds of new techniques have to be implemented and have to be tried. So that's why these communities are growing. That's why I like what open source has been doing, and I like the open source as the place to have these conversations, because that's where the action will be for new stuff. And I think people will implement open source like they did before, but with different ways, better testing, better supply chain on the software side, verifying code. So, I see open source actually getting a tailwind from this, not a headwind. So, I'm bullish on the open source piece here on, on all levels, machine learning- >> Lisa, my answer is intramural sports. And it's 'cause I think it's cultural. And what I mean by that, is you take your your best and brightest security, and this is what frankly, a lot of CISOs do, an examples is Lena Smart, MongoDB. Take your best and brightest security pros, make them captains of the intramural teams, and pair them up with pods of individuals across the organization, which is most people who don't know anything about security, and put them together, so that they can, they, so that the folks that understand security can, can realize how little people know, what, what, what, how, what the worst practices that are out there in the reverse, how they can cross pollinate. And they do that on a regular basis, I know at Mongo and other companies. And that kind of cultural assimilation is a starting point for how you get security awareness up to your question around making it a team sport. >> Absolutely critical. Yves, I want to kind of wrap things with you. We've got a couple of minutes left. When you're really looking at the Cloud Native community, the growth of it, we talked about earlier in the program, Cloud Native Security Con being now extracted and elevated out of KubeCon, what are your thoughts on the groundswell that this community is generating around Cloud Native Security, the benefits that organizations will achieve from it? >> I think overall, when we have these securities conferences, or these security arms a bit spread out and separated out of the main conference, it helps to a certain degree, because especially in the security space, when you look at at other like black hat or white hat conferences and things like that in the past, although they were not focused on Cloud Native, a lot of these security folks didn't feel well taken care of in any of the other conferences because they were always these, it's like they are always blocking us, they're always making us problems, and all these kinds of things. Now that we really take the Cloud Native piece and the security piece together, or like AWS does it with re:Inforce, I think we will see more and more that people understand is that security is a permanent topic we need to cover, but we need to bring different people together, because security also has compliance and a lot of other components in there. So we will see at these conferences moving forward, also a different audience. It's not going to be only the Cloud Native developers. And if I see some of these security audiences, I can't really imagine them to really be at KubeCon because there is too much other things going on. And you couldn't really see much of that at re:Invent because re:Invent by itself has become a complete monster of a conference. It covers too many topics. And so having this very, very important security piece separated, also gives the opportunity, I think, that we can bring in the security people, but also have the type of board level discussions potentially, between the leaders of the industry, to also discuss on how we can evolve, how we can make things better, and how, how we can actually, yeah, evolve our industry for it. Because let's face it, that threat is not going to go away. It's, it's a business. And one of the last security conferences I was on, on the ransomware part, it was one of the topics someone said is like, "Look, currently on average, it takes a hacker group roughly around they said 15 to 20 K to break into a company, and they on average make 100K. It's a business, let's face it. And it's a business we don't like. And ethically, it's no discussion that this is not good, but that's something which is happening. People are making money with it. And as long as that's going to go on, and we have enough countries where these people can hide, it's going to stay and survive. And so, with that being said, it's important for us to really build an industry around this. But I also think it's good that we have separate conferences. In the past we had more the RSA conference, which tried to cover all of these areas. But that is not really fitting Cloud Native and everything else. So I think it's good that we have these new opportunities, the Cloud Native one, but also what AWS brings up for someone. >> Yves, you just nailed it. It just comes down to simple math. It's a fraction. Revenue over cost. And if you could increase the hacker's cost, increase the denominator, their ROI will go down. And that is the game. >> Great point, Dave. What I'm hearing guys, and we can talk about technology for days and days. I know all of you. But there's, there's a big component that, that the elevation of Cloud Native Security, on its own as standalone is critical, as is the people component. You guys all talked about that. We talked about the cultural change necessary for that. Hopefully what we're seeing with Cloud Native Security Con 23, this first event is going to give us more insight over the next couple of days, and the next months or so, as to how this elevation, and how the people can come together to really help organizations from a math perspective as, as Dave talked about, really dial down the risks there, understand more of the vulnerabilities so that ransomware as a service is not as lucrative as it is today. Guys, so much appreciate your time, really breaking down Cloud Native Security, the value in it from different perspectives, and what your thoughts are on where it's going. Thanks so much for your time. >> All right. Thanks. >> Thanks, Lisa. >> Thank you. >> Thanks, Yves. >> All right. For my guests, I'm Lisa Martin. You're watching theCUBE's day one coverage of Cloud Native Security Con 23. Thanks for watching. (rousing music)

>>The cube presents Koon and cloud native con Europe, 2022, brought to you by red hat, the cloud native computing foundation and its ecosystem partners. >>Welcome to Valencia Spain and CubeCon cloud native con Europe, 2022 I'm cube Townsend, along with Paul Gill, senior editor, enterprise architecture at Silicon angle. We are talking to some incredible folks this week, continuing the conversation around enabling developers to do their work. Paul you've said that this conference is about developers. What are you finding key as a theme running throughout the show >>That that developers really need a whole set of special tools. You know, it's not the end user, the end user tools, the end user access controls the authentication it's developers need a need their own to live their in their own environment. They need their own workflow tools, their own collaboration and their own security. And that's where teleport comes in. >>So speaking of teleport, we have Michael fork, chief marking our officer at teleport new world role for you. First, tell me about how long have you been at teleport now >>Going on seven or eight months now, >>Seven or eight months in this fast moving market. I'm I'm going to tell you a painful experience I've had in this new world. We've built applications. We've moved fast audits come in. The auditors have come in and they said, you know what, who authorized this change to the cluster? And we'll go into the change ticket and say, this person authorized the changes and the change ticket. And then they'll ask for trace back. Okay. Show me the change. What do it mean? Show you the changes. It just happened. >>Yeah. Check, check GitHub. >>Yeah, check GI, get, see, we, we, we, we said we were gonna make the changes, the change happen. That's not enough. What are CU, how are you helping customers solve this access control and audit problem? >>Yeah, that's a great question. There're kind of, there're kind of two, two sides to the puzzle. And actually I think that the intro hits it. Well, you you've talked about kind of developer experience needing needing tools to more efficiently do the job as a practitioner. And you're coming at it from kind of a security and compliance angle. And there's a tension between both of those teams. It's like, you know, there's, there's a tension between dev and ops before we created DevOps. There's also a tension between kind of security teams and developers. So we've created dev SecOps. What that means is you need an easy way for developers to get access, access to the resources they needed through their jobs. That's, you know, Linux hosts and databases and Kubernetes clusters and, you know, monitoring dashboards and managing all of those credentials is quite cumbersome. If I need to access a dozen systems, then you know, I'm using SSH keys to access this. >>I have admin credentials for my database. I I'm going through a VPN to access an internal dashboard, teleport, consolidates, all of that access into a single login via your identity provider, Okta active directory, but then on the security and compliance side, we make it really easy for that compliance officer. When they say, show me that change, we have all of the audit logs. That's that show exactly what changes Keith made when he logged into, into that system. And in fact, one of the booths behind here is talking about E B P F a modern way to get that kind of kernel level grade granularity. We build all of that observability into teleport to make the security and compliance teams happy. And the engineering teams a lot more productive. >>Where do the, the access control tools like Okta, you mentioned fall short. I mean, why, why is there a need for your level of, of control at the control plane? >>Yeah. When you, when you start to talk about authorization, authentication, audit at the infrastructure level, each of these technologies has its own way of managing what kind of in, in the jargon often and Ze, right? Authentication authorization. So you have SSH for, for Linux. Kubernetes has its own way of doing authorization. All of the database providers have their own way and it's quite complicated, right? It's, it's much different. So, you know, if I'm gonna access office 365 or I'm gonna a access Salesforce, right. I'm really talking about the HTTP protocol. It's relatively trivial to implement single sign on for web-based applications. But when we start talking about things that are happening at the Linux kernel level, or with Kubernetes, it's quite complicated to build those integrations. And that's where teleport extends what you have with your IDP. So for instance, Okta, lots of our customers use Okta as their identity provider, but then teleport takes those roles and applies them and enforces them at the actual infrastructure level. >>So if I'm a lay developer, I'm looking at this thinking, you know, I, I have service mesh, I've implemented link D SEO or something to that level. And I also have Ansible and Ansible has security, etcetera. What, what role, or how does that integrate to all together from a big picture perspective? >>Yeah. So >>What, one of the, kind of the meta themes at teleport is we, we like to, we like to say that we are fighting complexity cuz as we build new technologies, we tend to run the new tech on top of the old tech. Whereas for instance, when you buy a new car, you typically don't, you know, hook the old car to the back and then pull it around with you. Right? We, we replace old technology with new technology, but in infrastructure that doesn't happen as often. And so you end up with kind of layers of complexity with one protocol sitting on top of another protocol on top of another protocol. And what teleport does is for the access control plane, we, we kind of replace the legacy ways of doing authentication authorization and audit with a new modern experience. But we allow you to continue to use the existing tools. >>So we don't replace, for instance, you know, your configuration management system, you can keep using Ansible or, or salt or Jenkins, but teleport now is gonna give those, those scripts or those pipelines in identity that you can define. What, what should Ansible be able to do? Right? If, cuz people are worried about supply chain attacks, if a, if a vulnerable dependency gets introduced into your supply chain pipeline and your kind of Ansible playbook goes crazy and starts deploying that vulnerability everywhere, that's probably something you wanna limit with teleport. You can limit that with an identity, but you can still use the tools that you're, that you're used to. >>So how do I guarantee something like an ex-employee doesn't come in and, and initiate Ansible script that was sitting in the background just waiting to happen until, you know, they left. >>Yeah. Great question. It's there's kind of the, the, the great resignation that's happening. We did a survey where actually we asked the question kind of, you know, can you guarantee that X employees can no longer access your infrastructure? And shockingly like 89% of companies could not guarantee that it's like, wow, that's like that should, that should be a headline somewhere. And we actually just learned that there are on the dark web, there are people that are targeting current employees of Netflix and Uber and trying to buy credentials of those employees to the infrastructure. So it's a big problem with teleport. We solve this in a really easy, transparent way for developers. Everything that we do is based on short lift certificates. So unlike a SSH key, which exists until you decommission it, shortlist certificates by, by default expire. And if you don't reissue them based on a new login based on the identity, then, then you can't do anything. So even a stolen credential kind of the it's value decreases dramatically over time. >>So that statistic or four out of five companies can't guarantee X employees can't access infrastructure. Why is simply removing the employee from the, you know, from the L app or directory decommissioning their login credentials. Why is that not sufficient? >>Well, it, it depends on if everything is integrated into your identity provider and because of the complexities of accessing infrastructure, we know that developers are creative people. And by, by kind of by definition, they're able to create systems to make their lives easier. So one thing that we see developers doing is kind of copying an SSH key to a local notepad on, on their computer. So they essentially can take that credential out of a vault. They can put it somewhere that's easier for them to access. And if you're not rotating that credential, then I can also, you know, copy it to a, to a personal device as well. Same thing for shared admin credentials. So the, the, the issue is that those credentials are not completely managed in a unified way that enables the developer to not go around the system in order to make their lives easier. >>But rather to actually use the system, there's a, there's a market called privilege access management that a lot of enterprises are using to kind of manage credentials for their developers, but it's notoriously disruptive to developer workflows. And so developers kind of go around the system in order to make their jobs easier. What teleport does is we obviate the need to go around the system, cuz the simplest thing is just to come in in the morning, log in one time to my identity provider. And now I have access to all of my servers, all of my databases, all of my Kubernetes clusters with a short lift certificate, that's completely transparent. And does >>This apply to, to your, both your local and your cloud accounts? >>Yes. Yes, exactly. >>So as a security company, what's driving the increase in security breaches. Is it the lack of developer hygiene? Is it this ex-employee great resignation bill. Is it external intruders? What's driving security breaches today. >>Yes. >>It's you know, it's, it's all of those things. I think if I had to put, give you a one word answer, I would say complexity. The systems that we are building are just massively complex, right? Look at how many vendors there are at this show in order to make Kubernetes easy to use, to do what its promises. It's just, we're building very complex systems. When you build complex systems, there's a lot of back doors, we call it kind of a tax surface. And that's why for every new thing that we introduce, we also need to think about how do we remove old layers of the stack so that we can simplify so that we can consolidate and take advantage of the power of something like Kubernetes without introducing security vulnerabilities. >>One of the problems or challenges with security solutions is, you know, you there's this complexity versus flexibility knob that you, you need to be careful of. What's the deployment experience in integration experience for deploying teleport. >>Yeah, it's it, we built it to be cloud native to feel like any other kind of cloud native or Kubernetes like solution. So you basically, you deploy it using helm chart, you deploy it using containers and we take care of all of the auto configuration and auto update. So that it's just, it's, it's part of your stack and you manage it using the same automation that you use to manage everything else. That's a, that's a big kind of installation and developer experience. Part of it. If it's complex to use, then not only are developers not gonna use it. Operations teams are not gonna want to have to deal with it. And then you're left with doing things the old way, which is very unsatisfactory for everybody. >>How does Kubernetes change the security equation? Are there vulnerabilities? It introduces to the, to the stack that maybe companies aren't aware of >>Almost by definition. Yes. Kind of any new technology is gonna introduce new security vulnerabilities. That's the that's that is the result of the complexity, which is, there are things that you just don't know when you introduce new components. I think kind of all of the supply chain vulnerabilities are our way of looking at that, which is we have, you know, Kubernetes is itself built on a lot of dependencies. Those dependencies themselves could have security vulnerabilities. You might have a package that's maintained by one kind of hobbyist developer, but that's actually deployed across hundreds of thousands of applications across, across the internet. So again, it's about one understanding that that complexity exists and then saying, is there a way that we can kind of layer on a solution that provides a common layer to let us kind of avoid that complexity and say, okay, every critical action needs to be authorized with an identity that way if it's automated or if it's human, I have that level of assurance that a hacked Ansible pipeline is not going to be able to introduce vulnerabilities across my entire infrastructure. >>So one of the challenges for CIOs and CTOs, it's the lack of developer resources and another resulting pain point that compounds that issue is rework due to security audits is teleport a source of truth that when a auditor comes in to audit a, a, a, a C I C D pipeline that the developer or, or operations team can just say, Hey, here's, self-service get what you need. And come back to us with any questions or is there a second set of tools we have to use to get that audit and compliance reporting? >>Yeah, it's teleport can be that single source of truth. We can also integrate with your other systems so you can export all of the, what we call access logs. So every, every behavior that took place, every query that was run on a database, every, you know, curl command that was run on a Lennox, host, teleport is creating a log of that. And so you can go in and you can filter and you can view those, those actions within teleport. But we also integrate with other systems that, that people are using, you have its Splunk or Datadog or whatever other tool chain it's really important that we integrate, but you can also use teleport as that single source. So >>You can work with the observability suites that are now being >>Installed. Yeah, there, the, the wonderful thing about kind of an ecosystem like Kubernetes is there's a lot of standardization. You can pick your preferred tool, but under the hood, the protocols for taking a log and putting it in another system are standardized. And so we can integrate with any of the tools that developers are already using. >>So how big is teleport when I'm thinking about a, from a couple of things big as in what's the footprint and then from a developer operations team overhead, is this kind of a set and forget it, how much care feed and maintenance does it >>Need? So it's very lightweight. We basically have kind of two components. There's the, the access proxy that sits in front of your infrastructure. And that's what enables us to, you know, regardless of the complexity that sits across your multi data center footprint, your traditional applications, running on windows, your, your, your modern applications running on, you know, Linux and Kubernetes, we provide seamless access to all of that. And then there's an agent that runs on all of your hosts. And this is the part that can be deployed using yo helm or any other kind of cloud native deployment methodology that enables us to do the, the granular application level audit. For instance, what queries are actually being run on CockroachDB or on, on Postgres, you know, what, what CIS calls are running on Linnux kernel, very lightweight automation can be used to install, manage, upgrade all of it. And so from an operations perspective, kind of bringing in teleport shouldn't be any more complicated than running any application on a container. That's, that's the design goal and what we built for our customers. >>If I'm in a hybrid environment, I'm transitioning, I'm making the migration to teleport. Is this a team? Is this a solution that sits only on the Kubernetes cloud native side? Or is this something that I can trans transition to initially, and then migrate all of my applications to, as I transition to cloud native? >>Yeah. We, there are kind of, no, there are no cloud native dependencies for teleport. Meaning if you are, you're a hundred percent windows shop, then we support for instance, RDP. That's the way in which windows handles room access. If you have some applications that are running on Linux, we can support that as well. If you've got kind of the, you know, the complete opposite in the spectrum, you're doing everything, cloud native containers, Kubernetes, everything. We also support that. >>Well, Michael, I really appreciate you stopping by and sharing the teleport story. Security is becoming an obvious pain point for cloud native and container management. And teleport has a really good story around ensuring compliance and security from Licia Spain. I'm Keith towns, along with Paul Gillon and you're watching the cue, the, the leader, not the, the leader two, the high take tech coverage.

>>The cube presents, Coon and cloud native con Europe 22 brought to you by the cloud native computing foundation. >>Lisia Spain, a cuon cloud native con Europe 2022. I'm Keith towns, along with Paul Gillon, senior editor, enterprise architecture for Silicon angle. Welcome Paul, >>Thank you, Keith pleasure to work >>With you. You know, we're gonna have some amazing people this week. I think I saw stat this morning, 65% of the attendees, 7,500 folks. First time Q con attendees. This is your first conference. >>It is my first cubic con and it is amazing to see how many people are here and to think of, you know, just a couple of years ago, three years ago, we were still talking about what the cloud was and what the cloud was gonna do and how we were gonna integrate multiple clouds. And now we have this whole new framework for computing that is just rifled out of, out of nowhere. And as we can see by the number of people who are here, this has become a, a, this is the dominant trend in enterprise architecture right now, how to adopt Kubernetes and containers, build microservices based applications, and really get to that, that transparent cloud that has been so elusive. >>It has been elusive. And we are seeing vendors from startups with just a, a few dozen people to some of the traditional players we see in the enterprise space with thousands of employees looking to capture kind of lightning in a bottle, so to speak this elusive concept of multi-cloud. >>And what we're seeing here is very typical of an early stage conference. I've seen many times over the years where the, the floor is really dominated by companies, frankly, I've never heard of that. Many of them are only two or three years old, and you don't see the big, the big dominant computing players with, with the presence here that these smaller companies have. That's very typical. We saw that in the PC age, we saw it in the early days of Unix and, and it's happening again. And what will happen over time is that a lot of these companies will be acquired. There'll be some consolidation. And the nature of this show will change, I think, dramatically over the next couple or three years, but there is an excitement and an energy in this auditorium today that is, is really a lot of fun and very reminiscent of other new technologies just as they press it. >>Well, speaking of new technologies, we have Dave Cole, CR O chief revenue officer that's right. Chief marketing officer that's right of spec cloud. Welcome to the show. Thank >>You. It's great to be here. >>So let's talk about this big ecosystem. Okay. Kubernetes. Yes. Solve problem. >>Well, you know, the, the dream is, well, first of all, applications are really the lifeblood of a company, whether it's our phone or whether it's a big company trying to connect with its customer, it's about applications. And so the whole idea today is how do I build these applications to build that tight relationship with my customers? And how do I reinvent these applications rapidly in, along comes containerization, which helps you innovate more quickly. And certainly a dominant technology. There is Kubernetes. And the, the question is how do you get Kubernetes to help you build applications that can be born anywhere and live anywhere and take advantage of the places that it's running, cuz everywhere has pluses and minuses. >>So you know what the promise of Kubernetes from when I first read about it years ago is runs on my laptop. Yep. I can push it to any cloud, any platform that's that's right. Where's the gap. Where are we in that, in that phase? Like talk to me about scale. Is that, is that, is it that simple? >>Well, that act is actually the problem is that date while the technology is the dominant containerization technology and orchestration technology, it really still takes a power user. It really hasn't been very approachable to the masses. And so it was these very expensive, highly skilled resources that sit in a dark corner that have focused on Kubernetes, but that, that now is trying to evolve to make it more accessible to the masses. It's not about sort of hand wiring together. What is a typical 20 layer stack to really manage Kubernetes and then have your engineers manually can reconfigure it and make sure everything works together. Now it's about how do I create these stacks, make it easy to deploy and manage at scale. So we've gone from sort of DIY developer centric to all right, now, how do I manage this at scale? >>Now this is a point that is important, I think is often overlooked. This is not just about Kubernetes. This is about a whole stack of cloud native technologies. Yes. And you who is going to, who is going to integrate that, all that stuff, piece that stuff together, right? Obviously you have a, a role in that. Yes. But in the enterprise, what is the awareness level of how complex this stack is and how difficult it is to assemble? >>We, we see a recognition of that, that we've had developers working on Kubernetes and applications, but now when we say, how do we weave it into our production environments? How do we ensure things like scalability and governance? How do we have this sort of interesting mix of innovation, flexibility, but with control. And that's sort of an interesting combination where you want developers to be able to run fast and use the latest tools, but you need to create these guardrails to deploy it at scale. >>So where do the developers fit in that operation stack then? Is this, is Kubernetes an AI ops or an ops a task, or is it sort of a shared task across the development spectrum? >>Well, I think there's a desire to allow application developers, to just focus on the application and have a Kubernetes related technology that ensures that all of the infrastructure and related application services are just there to support them. And because the typical stack from the operating system to the application can be up to 20 different layers components. You just want all those components to work together. You don't want application developers to worry about those things. And the latest technologies like spectra cloud there's others are making that easy application engineers focus on their apps, all of the infrastructure and the services are taken care of. And those apps can then live natively on any environment. >>So help paint this picture for us. You know, I get got AKs ETS and those, all of these distributions OpenShift, the tan zoo, where is spec cloud helping me to kind of cobble together all these different distros I thought distro was the, was the thing like, just like Lennox has different distros, you know, right. Randy said different distros >>That actually is the irony. Is that sort of the age of debating, the distros largely is over. There are a lot of distros and if you look at them, there are largely shades of gray in being different from each other. But the Kubernetes distribution is just one element of like 20 elements that all have to work together. So right now what's what's happening is that it's not about the distribution it's now, how do I, again, sorry to repeat myself, but move this into a, into scale. How do I move it into deploy at scale, to be able to manage ongoing at scale, to be able to innovate at scale, to allow engineers, as I said, use the coolest tools, but still have technical guardrails that the, the enterprise knows they'll be in control of what, >>What does at scale mean to the enterprise customers you're talking to now? What do they mean when they say that? >>Well, I think it's interesting cuz we think scale's different cuz we've all been in the industry and it's frankly sort of boring old wor word, but today it means different things. Like how do I automate the deployment at scale? How do I be able to make it really easy to provision resources for applications on any environment from either a virtualized or bare metal data center cloud or today edge is really big where people are trying to push applications out to be closer to this source of the data. And so you want to be able to deploy it scale you wanna manage at scale, you wanna make it easy to, as I said earlier, allow application developers to build their applications, but it ops wants the ability to ensure security and governance and all of that. And then finally innovate at scale. If you look at this show, it's interesting, three years ago, when we started spectra cloud, there are about 1400 businesses or technologies in the Kubernetes ecosystem today there's over 1800 and all of these technologies made up of open source and commercial, all versioning at different rates. It becomes an insurmountable problem unless you can set those guardrails sort of that balance between flexibility and control, let developers access the technologies. But again, manage it as a part of your normal processes of a, of a scale of operation. >>So, so Dave, I'm a little challenged here cuz I'm hearing two where I typically consider conflicting terms. Okay. Flexibility control. Yes. In order to achieve control, I need complexity in order to choose flexibility. I need t-shirt one t-shirt fits all right. To and I, and I, and I get simplicity. How can I get both that just doesn't you know, compute >>Well thus the opportunity and the challenge at the same time. So you're right. So developers want choice, good developers want the ability to choose the latest technology so they can innovate rapidly. And yet it ops wants to be able to make sure that there are guard rails. And so with some of today's technologies like spectral cloud, it is you have the ability to get both. We actually worked with dimensional research and we sponsor an annual state of Kubernetes survey. We found this last summer, that two out of three, it executives said you could not have both flexibility and control together, but in fact they want it. And so it is this interesting balance. How do I give engineers the ability to get anything they want, but it ops the ability to establish control. And that's why Kubernetes is really at its next inflection point. Whereas I mentioned, it's not debates about the distro or DIY projects. It's not big incumbents creating siloed Kubernetes solutions. But in fact it's about allowing all these technologies to work together and be able to establish these controls. And that's, that's really where the industry is today. >>Enterprise enterprise CIOs do not typically like to take chances. Now we were talking about the growth in the market that you described from 1400, 1800 vendors. Most of these companies, very small startups are, are enterprises. Are you seeing them willing to take a leap with these unproven companies or are they holding back and waiting for the IBMs, the HPS, the Microsofts to come in with the VMwares with whatever they solution they have? >>I, I think so. I mean, we sell to the global 2000. We had yesterday as a part of edge day here at the event, we had GE healthcare as one of our customers telling their story. And they're a market share leader in medical imaging equipment. X-rays MRIs, cat scans, and they're, they're starting to treat those as edge devices. And so here is a very large established company, a leader in their industry, working with people like spectral cloud, realizing that Kubernetes is interesting technology. The edge is an interesting thought, but how do I marry the two together? So we are seeing large corporations seeing so much of an opportunity that they're working with the smaller companies, the latest technology. >>So let's talk about the edge a little. You kind of opened it up there. Yeah. How should customers think about the edge versus the cloud data center or even bare metal? >>Actually it's a well bare bare metal is fairly easy is that many people are looking to reduce some of the overhead or inefficiencies of the virtualized environment. And, but we've had really sort of parallel little white tornadoes. We've had bare metal as infrastructure that's been developing and then we've had orchestration technology's developing, but they haven't really come together very well lately. We're finally starting to see that come together. Spectra cloud contributed to open source a metal as a service technology that finally brings these two worlds together. Making bare metal much more approachable to the inters enterprise edge is interesting because it seems pretty obvious. You wanna push your application out closer to your source of data, whether it's AI in fencing or O T or anything like that, you don't wanna worry about intermittent connectivity or latency or anything like that. But people have wanted to be able to treat the edge as if it's almost like a cloud where all I worry about is the app. >>So really the edge to us is just the next extension in a multi-cloud sort of motif where I want these edge devices to require low it resources to automate the provisioning, automate the ongoing version management patch management really act like a cloud. And we're seeing this as very, very popular now. And I just used the GE healthcare example of that. Imagine a cat scan machine, I'm making this part up in China and that's just an edge device. And it's, it's doing medical imagery, which is very intense in terms of data. You want to be able to process it quickly and accurately as close to the endpoint, the healthcare provider as possible. >>So let's talk about that in some level of detail, as we think about kind of edge and you know, these fixed devices such as imaging device, are we putting agents on there? Are we looking at something talking back to the cloud, where does special cloud inject and help make that simple, that problem of just having dispersed endpoints all over the world? Simpler? >>Sure. Well we announced our edge Kubernetes edge solution at a big medical conference called, called hymns months ago. And what we allow you to do is we allow the application engineers to develop their application. And then you can de you can design this declarative model, this cluster API, but beyond cluster profile, which determines which additional application services you need and the edge device, all the person has to do with the endpoint is plug in the power plug in the communications. It registers the edge device. It automates the deployment of the full stack. And then it does the ongoing versioning and patch management, sort of a self-driving edge device running Kubernetes. And we make it just very, very easy. No, it resources required at the endpoint, no expensive field engineering resources to go to these endpoints twice a year to apply new patches and things like that, all >>Automated, but there's so many different types of edge devices with different capabilities, different operating systems, some have no operating system. Yeah. I mean, what, that seems like a much more complex environment, just calling it, the edge is simple, but what you're really talking about is thousands of different devices, right? That you have to run your applications on how, how are you dealing with that? >>So one of the ways is that we're really unbiased. In other words, we're OS and distro agnostic. So we don't want to debate about which distribution you like. We don't want to debate about, you know, which OS you want to use. The truth is you're right. There's different environments and different choices that you'll wanna make. And so the key is, is how do you incorporate those and also recognize everything beyond those, you know, OS and Kubernetes and all of that and manage that full stack. So that's what we do is we allow you to choose which tools you want to use and let it be deployed and managed on any environment. >>And who's respo, I'm sorry, key. Who's responsible for making Kubernetes run on the edge device. >>We do. We provision the entire stack. I mean, of course the company does using our product, but we provision the entire Kubernetes infrastructure stack all the application services and the application itself on that device. >>So I would love to dig into like where pods happen and all that, but provisioning is getting to the point that it's a solve problem. Day two. Yes. Like we, you know, you just mentioned hymns, highly regulated environments. How does spec cloud helping with configuration management change control, audit, compliance, et cetera, the hard stuff. >>Yep. And one of the things we do, you bring up a good point is we manage the full life cycle from day zero, which is sort of create, deploy all the way to day two, which is about, you know, access control, security. It's about ongoing versioning and patch management. It's all of that built into the platform. And, but you're right. Like the medical industry has a lot of regulations. And so you need to be able to make sure that everything works. It's always up to the latest level, have the highest level of security. And so all that's built into the platform. It's not just a fire and forget it really is about that full life cycle of deploying, managing on an ongoing basis. >>Well, Dave, I'd love to go into a great deal of detail with you about kind of this day two option. I think we'll be covering a lot more of that topic, Paul, throughout the week, as we talk about just, you know, as we've gotten past, you know, how do I deploy Kubernetes pod to how do I actually operate it? >>Absolutely, absolutely. The devil is in the details as they say, >>Well, and also too, you have to recognize that the edge has some very unique requirements. You want very small form factors. Typically you want low it resources. It has to be sort of zero touch or low touch because if you're a large food provider with 20,000 store locations, you don't wanna send out field engineers two or three times a year to update them. So it really is an interesting beast and we have some exciting technology and people like GE are using that. >>Well, Dave, thanks a lot for coming on to Q you're now Cub Alon. You've not been on before. >>I have actually. Yes. Oh. But I always enjoy it. >>It's great conversation. Foria Spain. I'm Keith towns along with Paul Gillon and you're watching the cue, the leader in high tech coverage.

>>Welcome to the cubes, continuing coverage of AWS reinvent 2021 find Lisa Martin and we are running one of the industry's most important and largest hybrid tech events with AWS in this ecosystem partners. This year, we have two live sets, two remote sites over 100 guests talking about the next decade in cloud innovation. And we're excited to be joined by Patrick Jeanne, the CTO of OutSystems Patrick. Welcome to the program. >>Thank you. I appreciate being one of those 100 guests, >>One of the 100, one of the elite, 100, we'll say it like that. Right? So, so OutSystems has some revolutionary news. You guys are saying, you know, what developer experience needs to change? Tell us more. >>It does. I mean, it needs to change. And I've been in the industry developing applications for too many years dimensions basically since I was 12 years old writing software and, you know, going over that time and thinking about it, doing the traditional software development route. So many applications that take too long was, you know, costly to build so much risk involved in it. Eventually it didn't meet all the requirements. And if you look at the investment we make in software, which is important, I mean, software is a, is a unique differentiator for, for businesses. That investment has such a high risk and a high cost, and that needs to change and it needs to change just because of the complexity that is in that process inherent in it that's. And that is what we are doing and OutSystems is tackling that problem. And, um, from a business standpoint, it must change. >>It must change that that is strong words there. So talk to me about what you're announcing, what, what were the gaps in the market customer feedback? Was it, or were there any catalysts from the pandemic going we've got to change this developer experience and this is the time >>For sure. I mean, if you think about from the pandemic and I mean, we were on a journey for digital transformation. We've been on this journey for a number of years and it really accelerated that the experiences that we have with each other, with you and me, we're not the same studio today. I mean, there's there reasons that we have used this experience remote, we have a technology that can do it, the pandemic accelerated that. And so, so much of the experiences we have are digital experiences. And if you think about it, there's a device in between us. There's going to be a device in between all the people viewing what we're looking at, that experience that, uh, that they will have with us will be basically surfaced through an application on that device. And the pandemic has really accelerated that. And that's an area that we play in, obviously for what's considered low code application development. >>And if you just think about application development in general, that's what powers all of these experiences. And going back to that, you know, statement about that, it needs to change if we need these experiences to be diverse, if we need these experiences to be meaningful, if we need them to make sure that when people engage, as far as what that device is, something that brings, you know, delight and pleasure to them, we need developers across the board. Investing in that today, there is a very constrained market for professional developers, but because of the inherent complexity in software development. And so if you think about how that's almost almost you're limiting access to the people who can create those experiences, that's not a good situation. There's about 25 million developers in the world that would consider themselves developers today, 7, 8, 9, 10 billion devices out there. Think of that disparity between those two numbers. >>And so we need a larger number of people to actually develop applications. So that experience can be much more diverse. We need to expose development to many more people. That is the problem today with software development is that it is complex. It is too specialized. It's too inherit as far as with failure when you get it together. And so either you shy away from that as an organization or as an individual to do development, or you go on these very long development as far as cycles to actually create these applications. What we do is we take the approach of let's make it very simple to get into, you know, some terms and call it citizen developer, low code, basically all they're saying is let's, let's reduce the risk of development. Let's go into a process where we make it accessible to more and more people. You can go through and develop applications with the lower risk. You can build change into that process and you can get value into end users as rapidly as possible. So that's, that is the value proposition. That is what needs to change >>Strong value proposition well said, Patrick, talking about reducing the complexity, uh, the risk as well. So, so go ahead and crack crack open what you guys are actually announcing today. >>Yeah, for sure. So with, we we've been doing this for many years, we have, um, software development, we have 14 million plus as far as end-users using applications that have been developed with the Al systems platform, what we're announcing is taking some of the great benefits that we have to what you'd consider as the first part of that low code process, where you have a, you have a developer that has an idea, and there's a canvas in front of you. You know, you're, you're an artist, right? But again, this is what you are as a developer. And so you go in and you create that application. We've been doing this for many years and it works really well. But thing that we're improving upon now is the ability to do that and scale that out to millions of end-users 10 millions of end-users. So if you think about that inherent speed of developing an application, using a platform like OutSystems, we're taking that same concept and rolling that into an internet scale application, hosting architecture. >>So any developer that uses our systems, basically like it would be comparable to a traditional development team that has application architects, cloud architects, security, engineers, database engineers, a whole team of very smart individuals that generally the, the biggest technology companies in the world can put together. Most companies can't do that. You don't have access to that type of that type of skillset. And so we're providing that with project Neo, which is what we're announcing today in our, um, at our user conference and customer conference, is this brand new as far as platform that allows you to build these applications at scale. And this is initially built on AWS using all the great AWS technologies. If you look at what AWS has done and provided to developers today, it's amazing. It is absolutely amazing. The amount of technologies that you can leverage. It's also daunting because as a traditional developer, you have to go in and choose, you know, what do you do? It's like, there's just massive cognitive load as far as upfront when you're going to design and application and what type of messaging what's at the data store. Well, how do I host my application? What type of network, you know, as far as security do I use, we're taking all that heavy lifting, all that undifferentiated, heavy lifting off of the developers, putting it into the project, Neo platform, allowing a single developer or a small group of developers to actually leverage that best in class architecture on AWS today. >>So when you're talking to developers, what are some of the things that you described as the unique differentiators of project Neo? It sounds like this was really apt and apt time for change, but when you're talking to those folks, what do you say? You know, 1, 2, 3, these are the things that make project Neo unique. >>Yeah. So you're the first is don't worry about the application architecture. Like I mentioned, don't when you go in that, the idea, the concept of that application and what it means to, to deliver some value, whether it's into a business or a hobby or whatever. I mean, however, you're developing application, you're doing it for a reason. You want that value to come out as quickly as possible. You want that experience. And so that first thing is you don't have to worry about the architecture anymore. So in the past, you know, you'd have to think about if it's a very large application, it's millions and millions of end-users. How do you structure that? How do you put it together? That concern is removed from you in that process? The other thing is we solve the problem of software disintegration. So with traditional development, when you develop an application and you get it into the hands of end, users get immediately starts to disintegrate. >>So there will be bugs that will appear. There will be, as far as, um, security flaws that will come up services that you use will become deprecated. We'll swap out cloud services, you know, AWS or Azure or Google, we'll swap out cloud services with different services behind the scenes version that we new versions of those that is software disintegration. As soon as you develop software today and all of these beautiful cloud services that you use and components, they often something will become outdated almost by the time you release it. A lot of times with software development projects, it literally is you start with some version or some component before you can get that out in a traditional mode. Something becomes outdated. We solve that issue. What I like to call software disintegration, we, as far as our systems, ensure we invest in that platform. And so when we need to change out those components, so services, those versions fix is for a security flaws, fixed bugs. >>We do that and it seamless. And so your application, you do not have to rewrite your application. You do not have to go through that process as a tradition, as a developer on our systems like you would, as your traditional developer, we solve that software disintegration issue. So it is it's, it's very empowering to developers to not have to worry about that. There are many, you look at the numbers today about how much is invested in innovation versus maintenance. You know, a lot of companies start out at 70% innovation, 30% as far as maintenance. And then over time that flips and you'll get to 30% of your time spent on innovations development, 70% maintenance, that burden we removed that burden. >>Those are some really powerful statements protect that you mean, I really liked the way that you described software disintegration. I've actually never heard that term before. And it kind of reminded me of, you know, when you buy a brand new car, you drive it off. The lot the value goes down right away, then before you even get things out. And on the consumer side, we know that as soon as we buy the newest iPhone, the next one's going to be out, or there's some part of it, that's going to be outdated in terms of technical debt. I was reading a stat that technical debt is expected to reach and costs businesses 5 trillion us dollars over the next 10 years. How does OutSystems helps customers address the challenges with technical debt and even reduce it? >>Yeah. If you think about the guy, the truest sense of technical debt, it's a, it's a decision that you make in the development process to basically, you know, load up the future with some work that you don't want to do right now. And so we're solving that issue where number one, we, you don't even have to make that decision. So you can go back to that concept of removing that cognitive load of, do I get the software out right now or do I get it out in the right way? And that's really what technical debt technical debt is saying. I need to get it out now. And there are some things I want to do that it'd be better if I did them now, but I'm going to go ahead and push that out into the future. You don't have to do that today with us. >>And so what happens with our systems? We invest in that platform, and this is hard. I mean, this is not an easy thing to do. This is why we have some of the best and brightest engineers focusing on this process at the heart of this, not to get too technical, but the heart of this is what we call the true change engine. But then, um, within our platform, we go through and we look at all of the changes that you need to make. So if you think of that concept of technical debt of like, oh, I want to get this into the hands of man users, but I don't want to invest in the time to do something right. It's always done right. As far as with the OutSystems platform. So we take that, we look at the intent of your change. So it's like a, it's like a process where you tell us the intent. >>When you, as a application developer, you're designing an application, you tell us the intent of the application is to look and feel. It could be some business processes can be some integrations. We determine what's the best way to do that. And then once again, from a software disintegration standpoint, we continue to invest in all the right ways to do that the best way possible. And so, I mean, we have customers that have written applications. That's 10, 15 years ago, they're still using our platform with those same applications they've added to them, but they actually have not rewritten those applications. And so if you think about the normal traditional development process, the technical debt incurred over that type of lifetime would be enormous with us. There's no technical debt. They're still using the same application. They have simply added capabilities to it. We invest in that platform. So they don't have to >>So big business outcomes there, obviously from a developer productivity perspective, but from the company wide perspective, the ability to eliminate technical debt, some significant opportunities there. Talk to me about the existing OutSystems customers. When are they going to be able to take advantage of this? What is the migration or upgrade path that they can take? >>Yeah. And so it's, it was very important to me and, and, uh, and the team, as far as our systems, to be able to integrate, to innovate as far as for customers, without disrupting customers. And we've probably all been through this path of great new technology is awesome. But then to actually utilize that technology when you're a current customer, it creates pain. And so we've invested heavily in making sure that the process is pain-free so you can use project Niamh. So we are announcing it as it was in public preview, as far as now, and then we will release it from GA as far as in the first quarter of next year. So over this timeframe, you'll be able to get in and try it out and all that continue to use your current version, which is OutSystems 11. So what we, what we affectionately call it 11, as far as Alice systems, Al systems, 11 version, and continued to use, and you can continue to use that today. >>Side-by-side and coexistence with the project, Neo and project Neo is a code name. So we will, we will have an official product name is for as at launch, but it's our it's. Our affectionate is kind of a unofficial mascot as Neo. So we call it project Neo bit of a fun thing, and you can use it side by side. And then in the future, you'll be able to migrate applications over, or you can just continue to coexist. I mean, we see a very long lifetime for OutSystems 11, it's a different platform, different technology behind the scenes project, Neos, Kubernetes base, Lennox containers. Based once again on the bill, we went in with the, just looked at it and said, rearchitect re-imagined, how would you do this? If you had the best and brightest, as far as engineers, architects, um, you know, we have, which we do, you know, very smart in those people. >>And we did that. And so we did that for our customers. And so Neo is that how systems 11 still a great choice. If you have applications on it, you can use it. And we have, we anticipate that customers will actually side by side, develop on both in which we have some customers in preview today. And that's the process that they have. They will develop on 11, they will develop on the Neo and they will continue to do that. And there's no, we, we are dedicated to making sure that there's no disruption and no pain in that process. And then when customers are ready to migrate over, if that's what they choose, we'll help them migrate over. >>You make it sound easy. And I was wondering if project Neo had anything to do with the new matrix movie, I just saw the trailer for it the other day. >>It was a happy coincidence. It is not easy. Let me, let me be clear. It is something we have been working on for three years and really this last year really kicked into high gear. And, um, you know, a lot of behind the scenes work, obviously for us, but once again, that's our value proposition. It's we do the hard work. So developers and customers don't have to do that hard work, uh, but no relations in the L I love, I do love the matrix movies. So it's a, it's a nice coincidence. >>It is a nice coincidence. Last question, Patrick, for you, you know, as we wrap up the calendar year 2021, we head into 20, 22. I think we're all very hopeful that 2022 will be a better year than the last two. What are some of the things that you see as absolutely critical for enterprises? What are they most concerned about right now? >>Yeah, I think it's look, I mean, it's, obviously it has been a crazy couple of years. And, um, and if you think about what enterprises want, I mean, they want to provide, uh, a great experiences for their customers, a great experience for their employees. Once again, digital transformation, we're where you don't even kind of talk about digital transformation more because we're in it. And I think that customers need to make sure that the experiences they provide these digital experiences are the best possible experiences. And these are differentiators. These are differentiators for employees is, are differentiators for customers. I believe that software is one of the big differentiators for businesses today and going forward, and that will continue to be so we're where businesses may be invested in supply chains and invested in certain types of technologies. Business will continue to invest in software because software is that differentiator. >>And if you look at where we fit, you can go, you can go buy, you know, some great satisfied where my software as a service off the shelf in the end, you're just like every other business you bought the same thing that everybody else has bought. You can go the traditional development route, where you invest a bunch of money. It's a high risk, takes a long time. And once again, you may not get what you want. We believe what is most important to businesses. Get that unique software that fits like a glove that is great for employees is great for their customers. And it is a unique differentiator for them. And I really see that in 2022, that's going to be big and, and going forward. They're the legs for that type of investment that companies make and their return on that is huge. >>I agree with you on that in terms of software as a differentiator. No, we're seeing every company become a software company in every industry these days to be first to survive in the last 20 months and now to be competitive, it's really kind of a must have. So Patrick, thank you for joining me on the program, talking about project Neo GA in quarter of calendar year 22 exciting stuff. We appreciate your feedback and your insights and congratulations on project Neil. Thanks, Lisa. Appreciate it for Patrick Jean I'm Lisa Martin, and you're watching the cubes continuous coverage of re-invent 2021.

>>Hello everyone Welcome to the cubes coverage of cubic on cloud native come here in person in L A 2021. I'm john ferrier, host of the Cuban Dave Nicholson host cloud host for the cube and of course former host of the cube steve minutemen. Now at red hat stew, we do our normal keynote reviews. We had to have you come back first while hazard and red hat >>john it's phenomenal. Great to see you nice to have Dave be on the program here too. It's been awesome. So yeah, a year and a day since I joined Red hat and uh, I do miss you guys always enjoyed doing the interviews in the cube. But you know, we're still in the community and still interacting lots, >>but we love you too. And Davis, your new replacement and covering the cloud angles. He's gonna bring little stew mo jokes of the interview but still, we've always done the wrap up has always been our favorite interviews to do an analysis of the keynote because let's face it, that's where all the action is. Of course we bring the commentary, but this year it's important because it's the first time we've had an event in two years too. So a lot of people, you know, aren't saying this on camera a lot, but they're kind of nervous. They're worried they're weirded out. We're back in person again. What do I feel? I haven't seen people, I've been working with people online. This is the top story. >>Yeah, john I thought they did a really good job in the keynote this morning. Normally, I mean this community in general is good with inclusion. Part of that inclusion is hey, what are you comfortable with if your remote? We still love you and it's okay. And if you're here in person, you might see there's wrist bands of green, yellow, red as in like, hey, you okay with a handshake. You want to do there or stay the f away from me because I'm not really that comfortable yet being here and it's whatever you're comfortable with. That's okay. >>I think the inclusion and the whole respect for the individual code of conduct, C N C. F and limits Foundation has been on the front end of all those trends. I love how they're taking it to a whole nother level. David, I want to get your take because now with multi cloud, we heard the same message over and over again that hey, open winds, okay. Open winds and still changing fast. What's your take? >>Open absolutely wins. It's uh, it's the present. It's the future. I know in some of the conversations we've had with folks looking back over the last seven years, a lot of things have changed. Um, whenever I think of open source anything, I go back to the foundations of Lennox and I remember a time when you had to reboot a Linux server to re scan a scuzzy bus to add a new storage device and we all sort of put our penguin hats on and kind of ignored that for a while. And uh, and, and as things are developed, we keep coming into these new situations. Multi cluster management was a big, big point of conversation in the keynote today. It's fascinating when you start thinking about something that was once sort of a back room science experiment. Absolutely. It's the center of the enterprise now from a software >>from an open tour standpoint security has been one of those front and center things. One of the day, zero events that got a lot of buzz coming at the beginning of the week was secure supply chain. So with the Solar Wind act going in there, you know, we remember cloud, wait, can I trust it with the security? Open source right now. Open source and security go together. Open source and the security in the cloud all go together. So you know that that wave of open source, obviously one of the things that brought me to red hat, I'd had a couple of decades, you know, working within the enterprise and open source and that that adoption curve which went through a few bumps in the road over time and it took time. But today, I mean open sources have given this show in this ecosystem are such proof >>points of a couple things. I noticed one, I want to do a shout out for the folks who put a nice tribute for dan Kaminsky who has passed away and we miss him. We saw on the Cube 2019, I believe he's on the Cube that year with Adam on big influence, but the inclusiveness do and the community is changing. I think security has changed a lot and I want to get your guys take on this. Security has forced a lot of things happen faster data, open data. Okay. And kubernetes to get hardened faster stew. I know your team's working on it. We know what Azure and amazon is working on it. What do you guys think about how security's been forcing the advances in kubernetes and making that stable? >>Yeah. So john security, you know, is job one, it is everyone's responsibility. We talk about it from a container and kubernetes standpoint. We think we have a relatively good handle on what's happening in the kubernetes space red hat, we made an acquisition earlier this year of stack rocks, which was one of the leading kubernetes native security pieces. But you know, john we know security isn't just a moat anymore in a wall that you put up every single piece. You need to think about it. Um, I've got a person from the stack rocks acquisition actually on my team now and have told him like hey, you need to cross train all of us. We need to understand this more from a marketing standpoint, we need to talk about it from a developer standpoint. We need to have consideration of it. It's no longer, hey, it works okay on my machine. Come on, It needs to go to production. We all know this shift left is something we've been talking about for many years. So yes, security, security, security, we cannot overemphasize how important is um, you know, when it comes to cooper, I think, you know, were relatively mature, we're crossing the chasm, the adoption numbers are there, so it's not an impediment anymore. >>It's totally next level. I don't agree with this too. David, get your thoughts on this whole adoption um, roadmap that put it together, one of the working groups that we interviewed has got that kind of navigate, kinda like trailheads for salesforce, but that speaks to the adoption by mainstream enterprises, not the hard core, >>you know, >>us devops guys, but like it goes into mainstream main main street enterprise had I. T. Department and security groups there, like we got a program faster. How do you see the cloud guys in this ecosystem competing and making that go faster. >>So it's been interesting over the last decade or more often, technology has been ahead of people's comfort level with that technology for obvious reasons, it's not just something went wrong, it's something went wrong. I lost my job. Really, really bad things happened. So we tend to be conservative. Rightfully so in the sometimes there are these seminal moments where a shift happens go back sort of analogous go back to a time when people's main concern with VM ware was how can I get support from Microsoft and all of a sudden it went from that within weeks to how can I deploy this in my enterprise very, very quickly. And I'm fascinated by this concept of locking down the supply chain of code, uh sort of analogous to https, secure, http. It's the idea of making sure that these blocks of code are validated and secure as they get implemented. You mentioned, you mentioned things like cluster and pad's security and infrastructure security. >>Well, David, you brought up a really good point. So get off is the instance creation of that. How can I have my infrastructure as code? How can I make sure that I don't have drift? It's because I could just, it'll live and get hub and therefore it's version controlled. If I try to do something, it will validate that it's there and keep me on version because we know john we talked about it for years on the cube, we've gone beyond human scale if I don't build automation into it, if I don't have the guard rails in place because humans will mess things up so we need to make sure that we have the processes and the automation in place and kubernetes was built for that automation at its core, putting in, we've seen get up the Argosy, D was only went graduated, you know, the one dato was supported as coupon europe. Earlier this year, we already had a number of our customers deploying it using it. Talking publicly >>about it too. I want to get the kid apps angle and that's a good call out there and, and mainly because when we were on the cute, when you work, you post with with us, we were always cheerleading for Cuban. It we love because we've been here every single coupon. We were one saying this is gonna be big trust us and it is, it happens to so, but now we've been kind of, we don't have to sell it anymore. We don't, I mean not that we're selling it, but like we don't have to be a proponent of something we knew was going to happen, it happened. You're now work for a vendor red hat you talk to customers. What is that next level conversation look like now that they know it's real, they have to do it. How is the tops and then modern applications development, changing. What are your observations? Can you share with us from a redhead perspective as someone who's talking to customers, you know, what does real look like? >>Yeah. So get off is a great example of that. So, you know, certain of our government agencies that we work with, you know, obviously very secured about, you know, we want zero trust who do we put in charge of things. So if they can have, you know that that source of truth and know that that is maintained and lockdown and not await some admin is gonna mess something up on us either maliciously or oops, by accident or anything in between. That's why they were pushing that adoption of that kind of technology. So absolutely they, for the most part john they don't want to have to think about the infrastructure piece anymore. What if developers want the old past days was I want to be able to, you know, write once deploy anywhere, live anywhere, containers helps that a little bit. We even have in the container space. Now you can, you can use a service deployment model with Okay. Natives, the big open source project that, you know, VM ware ourselves are working on google's involved in it. So, you know, having us be able to focus on the business and not, you know, running the plumbing anymore. >>That's exactly, that's exactly, that's what we're so psyched for. Okay guys, let's wrap this up and and review the keynote day will start with you. What do you think of the keynote? What were the highlights? What do you take away from the taste keynote? >>So you touched on a couple of things, uh inclusion from all sorts of different angles. Really impressive. This sort of easing back into the world of being face to face. I think they're doing a fantastic job at that. The thing that struck me was something I mentioned earlier. Um moving into multi cluster management in a way that really speaks to enterprise deployments and the complexity of enterprise deployments moving forward? It's not just, it's not just, I'm a developer, I'm using resources in the cloud. I'm doing things this way, the rest of the enterprises doing it a legacy way. It's really an acknowledgement that these things are coming together increasingly. That's what really struck me >>to do. What's your takeaway from the end? >>So there's been a discussion in the industry, you know, what do the next million cloud customers look like we've crossed the chasm on kubernetes. One of the things they announced the keynote is they have a new associate level certification because I tell you before the keynote, I stopped by the breakfast area, saturday table, talk to a couple people. One guy was like, hey, I'm been on amazon for a bunch of years, but I'm a kubernetes newbie, I'm here to learn about that. It's not the same person that five years ago was like, I'm gonna grab all these projects and pull them down from getting, build my stack and you know, have a platform team to manage it from a red hat standpoint, we're delivering our biggest growth areas in cloud services where hey, I've got an SRE team, they can manage all that because can you do it? Sure you got people maybe you'll hire him, but wouldn't you rather have them work on, you know, that security initiative or that new application or some of these pieces, you know, what can you shift to your vendor? What can you offload from your team because we know the only constant is that things are gonna there's gonna be gonna be new pieces and I don't want to have to look at, oh there's another 20 new projects and how does that fit? Can I have a partner or consultant in sc that can help me integrate that into my environment when it makes sense for me because otherwise, oh my God, cloud, So much innovation. How do I grasp what I want? >>Great stuff guys, I would just say my summary is that okay? I'm excited this community has broken through the pandemic and survived and thrived people were working together during the pandemic. It's like a V. I. P. Event here. So that my keynote epiphany was this is like the who's who some big players are here. I saw Bill Vaz from amazon on the on the ground floor on monday night, He's number two at a W. S. I saw some top Vcs here. Microsoft IBM red hat the whole way tracks back. Whole track is back and it's a hybrid event. So I think we're here for the long haul with hybrid events where you can see a lot more in person, V. I. P. Like vibe people are doing deals. It feels alive too and it's all open. So it's all cool. And again, the team at C. N. C. F. They do an exceptional job of inclusion and making people feel safe and cool. So, great job. Thanks for coming on. I appreciate it. Good stuff. Okay. The keynote review from the cube Stupid Man shot for Dave Nicholson. Thanks for watching >>mm mm mm.

>>welcome back everyone to the cube con cloud, David Kahn coverage. I'm john for a host of the cube, we're here in person, 2020 20 a real event, it's a hybrid event, we're streaming live to you with all the great coverage and guests coming on next three days. Clayton Coleman's chief Hybrid cloud architect for Red Hat is joining me here to go over viewers talk but also talk about hybrid cloud. Multi cloud where it's all going road red hats doing great to see you thanks coming on. It's a pleasure to be >>back. It's a pleasure to be back in cuba con. >>Uh it's an honor to have you on as a chief architect at Red Hat on hybrid cloud. It is the hottest area in the market right now. The biggest story we were back in person. That's the biggest story here. The second biggest story, that's the most important story is hybrid cloud. And what does it mean for multi cloud, this is a key trend. You just gave a talk here. What's your take on it? You >>know, I, I like to summarize hybrid cloud as the answer to. It's really the summarization of yes please more of everything, which is, we don't have one of anything. Nobody has got any kind of real footprint is single cloud. They're not single framework, they're not single language, they're not single application server, they're not single container platform, they're not single VM technology. And so, um, and then, you know, looking around here in this, uh, partner space where eight years into kubernetes and there is an enormous ecosystem of tools, technologies, capabilities, add ons, plug ins components that make our applications better. Um the modern application landscape is so huge that I think that's what hybrid really is is it's we've got all these places to run stuff more than ever and we've got all this stuff to run more than ever and it doesn't slow down. So how do we bring sanity to that? How do we understand it? Bring it together and companies has been a big part of that, like it unlocked some of that. What's the next step? >>Yeah, that's a great, great commentary. I want to take into the kubernetes piece but you know, as we've been reporting the digital transformation at all time, high speed is the number one request. People want to go faster, not just speeds and feeds, but like ship code fast to build apps faster. Make it all run faster and secure. Okay, check, get that. Look what we were 15, 15 years ago, 10 years ago, five years ago, 2016. The first coupe con in Seattle we were there for small events kubernetes, we gotta sell it, figure it out. Right convince people >>that it's a it's worth >>it. Yeah. So what's your take on that? Well, I mean, it's mature, it's kind of de facto standard at this point. What's missing. Where is it? >>So I think Kubernetes has succeeded at the core mission which is helping us stop worrying about all the problems that we spent endless amounts of time arguing about, how do I deploy software, How do I roll it out? But in the meantime we've added more types of software. You know, the rise of ai ml um you know, the whole the whole ecosystem around training software models like what is a what is an Ai model? Is it look like an application, does it look like a job? It's part batch, part service. Um It's spread out to the edge. We've added mobile devices. The explosion in mobile computing over the last 10 years has co evolved. And so kubernetes succeeded at that kind of set a floor for what everybody thought was an application. And in the meantime we've added all these other parts of the application. >>It's funny, you know, David Anthony, we're talking about what's to minimum and networks at red hat will be on later. Back in the first two cubicles were like, you know, this is like a TCP I P moment, the Os I model that was a killer part of the stack. Now it was all standardized below TCP I. P. Company feels like a similar kind of construct where it's unifying, is creating some enablement, It's enabling some innovation and it kind of brought everyone together at the same time everyone realized that that's real, >>the whole >>cloud native is real. And now we're in an era now where people are talking about doing things that are completely different. You mentioned as a batch job house ai new software paradigm development paradigms, not to suffer during the lifecycle, but just like software development in general is impacted. >>Absolutely. And you know, the components like, you know, we spent a lot of time talking about how to test and build application, but those are things that we all kind of internalized now we we have seen the processes is critical because it's going to be in lots of places, people are looking to standardize. But sometimes the new technology comes up alongside the side, the thing we're trying to standardize, we're like, well let's just use the new technology instead function as a service is kind of uh it came up, you know, kubernetes group K Native. And then you see, you know, the proliferation of functions as a service choices, what do people use? So there's a lot of choice and we're all building on those common layers, but everybody kind of has their own opinions, everybody's doing something subtly different. >>Let me ask you your opinion on on more under the Hood kind of complexity challenge. There's general consensus in the industry that does a lot of complexity. Okay, you don't mean debate that, but that's in a way, a good thing in the sense if you solve that, that's where innovation comes in. So the goal is to solve complexity, abstract out of the heavy lifting under heavy living in Sandy Jackson. And I would say, or abstract away complexity make things easier to use >>Well and an open source and this ecosystem is an amazing um it's one of the most effective methods we've ever found for trying every possible solution and keeping the five or six most successful and that's a little bit like developers, developers flow downhill, developers are going to do, it's easy if it's easier to put a credit card in and go to the public cloud, you're gonna do it if you can take control away from the teams at your organization that are there to protect you, but maybe aren't as responsive as you like. People will, people will go around those. And so I think a little bit of what we're trying to do is what are the commonalities that we could pick out of this ecosystem that everybody agrees on and make those the downhill path that people follow, not putting a credit card into a cloud, but offering a way for you not to think about what clouds are on until you need to write, because you want to go to the fridge is a developer, you wanna go the fridge, pull out your favorite brand of soda, that favorite band Isoda might have an AWS label also >>talk about the open shift and the Kubernetes relationship, you guys push the boundaries. Um Den is being controlled playing and nodes, these are things that you talked about in your talk, talk about because you guys made some good bets on open shift, we've been covering that, how's that playing out now? It's a relationship now >>is interesting coming into kubernetes, we came in from the platform as a service angle, right, Platform as a service was the first iteration of trying to make the lowest cost path for developers to flow to business value um and so we added things on top of kubernetes, we knew that we were going to complex, so we built in a little bit um in our structure and our way of thinking about cube that it was never going to be just that basic bare bones package that you're gonna have to make choices for people that made sense. Ah obviously as the ecosystems grown, we've tried to grow with it, we've tried to be a layer above kubernetes, we've tried to be a layer in between kubernetes, we've tried to be a layer underneath kubernetes and all of these are valid places to be. Um I think that next step is we're all kind of asking, you know, we've got all this stuff, are there any ways that we can be more efficient? So I like to think about practical benefits, what is a practical benefit That a little bit of opinion nation could bring to this ecosystem and I think it's around applications, it's being application centric, it's what is a team, 90% of the time need to be successful, they need a way to get their code out, they need to get it to the places that they wanted to be, and that place is everywhere. It's not one cloud or on premises or a data center, it's the edge, it's running as a lambda. It's running inside devices that might be being designed in this very room today. >>It's interesting. You know, you're an architect, but also the computer science industry is the people who were trained in the area are learning. It's pretty fascinating and almost intoxicating right now in this this market because you have an operating system, dynamic systems kind of programming model with distributed cloud, edge on fire, that's only gonna get more complicated with 5G and high density data applications. Um and then you've got this changing modal mode of operations were programming with bots and Ai and machine learning to new things, but it's kind of the same distributed computing paradigm. Yeah. What's your reaction to that? >>Well, and it's it's interesting. I was kind of described like layers. We've gone from Lenox replaced proprietary UNIX or mainframe to virtualization, which, and then we had a lot of Lennox, we had some windows too. And then we moved to public cloud and private cloud. We brought config management and moved to kubernetes, um we still got that. Os at the heart of what we do. We've got, uh application libraries and we've shared services and common services. I think it's interesting like to learn from Lennox's lesson, which is we want to build an open expansive ecosystem, You're kind of like kind of like what's going on. We want to pick enough opinion nation that it just works because I think just works is what, let's be honest, like we could come up with all the great theories of what the right way computers should be done, but it's gonna be what's easy, what gets people help them get their jobs done, trying to time to take that from where people are today on cube in cloud, on multiple clouds, give them just a little bit more consolidation. And I think it's a trick people or convince people by showing them how much easier it could be. >>You know, what's interesting around um, what you guys have done a red hat is that you guys have real customers are demanding, you have enterprise customers. So you have your eye on the front edge of the, of the bleeding edge, making things easier. And I think that's good enough is a good angle, but let's, let's face it, people are just lifting and shifting to the cloud now. They haven't yet re factored and re factoring is a concept of taking what you're doing in the cloud of taking advantage of new services to change the operating dynamic and value proposition of say the application. So the smart money is all going there, seeing the funding come into applications that are leveraging the new platform? Re platform and then re factoring what's your take on that because you got the edge, you have other things happening. >>There are so many more types of applications today. And it's interesting because almost all of them start with real practical problems that enterprises or growing tech companies or companies that aren't tech companies but have a very strong tech component. Right? That's the biggest transformation the last 15 years is that you can be a tech company without ever calling yourself a tech company because you have a website and you have an upset and your entire business model flows like that. So there is, I think pragmatically people are, they're okay with their footprint where it is. They're looking to consolidate their very interested in taking advantage of the scale that modern cloud offers them and they're trying to figure out how to bring all the advantages that they have in these modern technologies to these new footprints and these new form factors that they're trying to fit into, whether that's an application running on the edge next to their load bouncer in a gateway, in telco five Gs happening right now. Red hat's been really heavily involved in a telco ecosystem and it's kubernetes through and through its building on those kinds of principles. What are the concepts that help make a hybrid application, an application that spans the data flowing from a device back to the cloud, out to a Gateway processed by a big data system in a private region, someplace where computers cheap can't >>be asylum? No, absolutely not has to be distributed non siloed based >>and how do we do that and keep security? How do we help you track where your data is and who's talking to whom? Um there's a lot of, there's a lot of people here today who are helping people connect. I think that next step that contact connectivity, the knowing who's talking and how they're connecting, that'll be a fundamental part of what emerges as >>that's why I think the observe ability to me is the data is really about a data funding a new data sector of the market that's going to be addressable. I think data address ability is critical. Clayton really appreciate you coming on. And giving a perspective an expert in the field. I gotta ask you, you know, I gotta say from a personal standpoint how open source has truly been a real enabler. You look at how fast new things could come in and be adopted and vetted and things get kicked around people try stuff that fails, but it's they they build on each other. Right? So a I for example, it's just a great example of look at what machine learning and AI is going on, how fast that's been adopted. Absolutely. I don't think that would be done in open source. I have to ask you guys at red hat as you continue your mission and with IBM with that partnership, how do you see people participating with you guys? You're here, you're part of the ecosystem, big player, how you guys continue to work with the community? Take a minute to share what you're working on. >>So uh first off, it's impossible to get anything done I think in this ecosystem without being open first. Um and that's something the red at and IBM are both committed to. A lot of what I try to do is I try to map from the very complex problems that people bring to us because every problem in applications is complex at some later and you've got to have the expertise but there's so much expertise. So you got to be able to blend the experts in a particular technology, the experts in a particular problem domain like the folks who consult or contract or helped design some of these architectures or have that experience at large companies and then move on to advise others and how to proceed. And then you have to be able to take those lessons put them in technology and the technology has to go back and take that feedback. I would say my primary goal is to come to these sorts of events and to share what everyone is facing because if we as a group aren't all working at some level, there won't be the ability of those organizations to react because none of us know the whole stack, none of us know the whole set of details >>And this text changing too. I mean you got to get a reference to a side while it's more than 80s metaphor. But you know, but that changed the game on proprietary and that was like >>getting it allows us to think and to separate. You know, you want to have nice thin layers that the world on top doesn't worry about below except when you need to and below program you can make things more efficient and public cloud, open source kubernetes and the proliferation of applications on top That's happening today. I >>mean Palmer gets used to talk about the hardened top when he was the VM ware Ceo Back in 2010. Remember him saying that he says she predicted >>the whole, we >>call it the mainframe in the cloud at the time because it was a funny thing to say, but it was really a computer. I mean essentially distributed nature of the cloud. It happened. Absolutely. Clayton, thanks for coming on the Cuban sharing your insights appreciate. It was a pleasure. Thank you. Right click here on the Cuban john furry. You're here live in L A for coupon cloud native in person. It's a hybrid event was streaming Also going to the cube platform as well. Check us out there all the interviews. Three days of coverage, we'll be right back Yeah. Mm mm mm I have

>>From the Bellagio hotel in Las Vegas. It's the cube covering UI path forward for brought to you by UI path. >>Hello from Las Vegas, the cube is live at the Bellagio. We are here covering UI path forward for Lisa Martin with Dave a long time. We're very pleased to be joined next by the chief product officer of UI path, param colon per I'm. Welcome to the program. Thank you. Thanks for having me. It's great to be back here in person. Isn't it? It >>Is lovely to be back >>Here in person, Dave and I got to see a little bit of your keynote this morning, and when we had to leave to come to set, we turned around and it was standing room only. It was amazing to see how many customers, partners, prospects, UI path has brought here. Clearly you've got over 8,000 customers now, tremendous growth. The IPO just six months ago. Last time you were on the cube at forward three was two years ago, 2019, where you unveiled this vision for a fully automated platform. Talk to us about what's transpired since >>It's been, it's been fascinating, been more than 9,000 customers now. Um, you know, when we were two years ago, um, we, you know, we shared a vision with our customers. The vision was all about having an end to end platform. The end to end platform can help companies automate simple processes, complex processes. It can help them automate anything from point in time tasks to long running into and processes. And we imagine that our automations will impact every worker within the enterprise. And, you know, you'll augment the capacity to build automations through citizen development initiatives. Um, we didn't have all the components then. So we worked hard since then to make sure that we can make this end to end platform available that can do everything from discovering automation opportunities to helping companies easily build automation. Whether that automation is for simple processes that are, you know, doing a predictable pattern of work or whether it's using more complex, you know, machine learning and AI algorithms and extracting information from documents to do that kind of stuff. >>And then also helping citizen developers build automation. So build pillar is what differentiates our time to value in the market. Helping companies realize quick valid for that. Then we, the next pillar we look at is manage and manage is all about making sure that our it stakeholders that are imagined managing the deployment of the entire platform from our server components like orchestrator to two components, like robots that run the workflows can, can easily be managed and low cost of ownership and can effectively manage the, meet the, the requirements of it, stakeholders like governance and security and audit and all those kinds of things. And then we have, you know, the next pillar is run, which makes sure that our robots can run on machines. And we're very excited actually in this release announced that our robots can run at cross-platform. So sonically our, you know, we were a Microsoft windows.net based, uh, code base. >>Uh, it only ran on Microsoft windows machines, and now we can actually run those robots on Linux-based machines as well. So you can deploy those robots in Lennox containers. Um, so that's, that's the run pillar. And then we have engaged, which is all about making sure that the software that we're releasing can be used by every user within the enterprise. So it's an engaging experience. Automations are available to business users where they need them, right? If they're working in a line of business application like slack or Microsoft teams, robots are available there, if they're working in a productivity application, so I'd look they're available there. And then we also have a curated set of, you know, engaging interface for people to use UiPath robots and something. We call it UI path assistant. So super excited about this sort of end to end platform. I think it's delivering a lot of value to our customers. Yeah. >>Tweeted out during your keynote, the, all the features under discover a build, manage, run, engage, and could barely fit it in the screen. It was an eye test in terms of just the number of features that you guys developed. My point is, was that, you know, the innovation is the lifeblood of life source of tech companies, you know, demand gen too. But I mean, they're real this, the product, right? And, and so, and the, the indicator is the pace of those innovations. And so you, it seems like you're picking up the pace, uh, as you scale as a company, is that true? Um, in terms of just the velocity of the features that you're rolling out, you guys have been busy since the pandemic hit. Yeah. >>At the, at the expense of, uh, you know, are not, not trying to annoy anybody within the company. We are a very product centric. You know, company it's company was founded by an engineers and, and ran it truly as a, you know, engineering centric company for many, many years. So as we've scaled, I think we haven't lost that attribute for culture to make sure that we are continuing to innovate, continuing to make sure that we are delivering capabilities based on what our customers are demanding of us. And that's been core part of our strategy as well, with all this said that we're going to build what our customers ask for. And we're going to learn from our customers. And it's very expanding our installed base of customers. We're learning more things from them, and we're continuing to respond to those customers as fast as we can and helps the fact that where helps that we're a bigger company now, so have more resources at our disposal so we can do more. Uh, but I'd say, you know, if you look historically at some of our releases over the last two, three years, we've done a lot of innovation in, in every one of these releases. And we do it twice a year. Um, these, these big releases, and this >>Is released 2021 dot 10, >>We're talking about that's right. This is released 20, 21 10. And it's the one of two major releases in a year. So we do a release in the first half of the year, and we do a release in the second half of the year. And that's how we've been doing or this, this is how on-premise customers consume sort of our software, the cloud customers get these capabilities more frequently. That's every two weeks, but the on-premise customers give them, uh, get these capabilities every twice a year >>Time, do the on-prem customers have to get to the new release. I mean, you can't just make it, you know, and minus 30. So what do you give him a couple of cycles? Three, four cycles, two, three. >>We give them so six cycles of three years to upgrade to the next version of the software. Um, most customers upgrade much sooner than that, because if you looked at our software three years ago and you compared it to what we have today, you basically said, there's no reason why I should be paying you for that capability when I can get so much. So generally we see customers upgrading more frequently. We've also because we run the same code base for our cloud customers that we run for our on-premise customers and Cod customers. As we update their service every two weeks, we've built enough resiliency to make sure that the upgrades are seamless for customers. So it's, you know, it doesn't cause them a lot of pain to go from one version to the next. So, you know, we, we expect most customers upgrade within 12 to 18 months of deploying a software. >>Let's talk about acceleration the last 18 months. We've seen a massive acceleration in automation as a mandate for every industry to first survive what was happening in the world. And then to really thrive, how has the pandemic influenced the roadmap, maybe what's in 2021 dot 10. What, what is, and how have you helped customers accelerate their need to automate, to stay in business and to be successful disruptors? >>Yeah. So what, that's a great question. What we've noticed is that, you know, in, in our customer base, there are certain aspects of business processes that have just required a lot more demand to be able to accelerate, you know, certain parts of our business, whether it's a, um, a, a retailer trying to meet demand for a certain set of product category, or whether it's a healthcare organization, trying to make sure they can provide care to more people more, more frequently. Um, the, the truth is that we didn't have to make fundamental shifts in our technology to be able to meet that demand because we had built the core underpinning of our technology was built on the premise that you are allowing a machine to mimic human behavior. And to do that. And if you can throw more compute at those machine, doesn't have more robots. >>You can do more work at that. Um, so the pandemic has definitely accelerated the demand for automation. It hasn't changed our roadmap to go in a different direction as we go there. We've just made sure that we can continue to meet the demands of our customers. Um, the, the, the one thing that it has impacted us, it it's brought automation to the top of the priority list for it stakeholders, right? In the past, we sold a lot and our value and messaging resonated a lot with line of business owners. But as, as the pandemic, as they started using more and more automation, the it stakeholders are now a lot more interested in sort of what we're doing. And we've done a lot of work in ensuring that the requirements that our it stakeholders have from running mission, critical workloads from compliance, from governance, from security, are all met as part of the platform, you know, basically out of the box, as opposed to having to, to bolt on >>One of your competitors, uh, just got bought out by private equity and the PE firms going to mash them together with an integration company. You guys bought cloud elements. I look at it as a nice clean integration play. I wonder if you could talk about the importance of cloud elements, how that fits into your product portfolio and in the marketing. >>Yeah, it's a, it's a fascinating time to be in the, in the automation business, the slots going on, you know, we, when we saw cloud elements earlier this year, what we realized was, as companies are trying to automate processes, there are certain systems where you can get to information. We can get to actions you want to take through API, and it's maybe better to access them through API because the user interface doesn't provide the same set of capability in the same way. And there's other systems where you want to have UI based automation because API APIs don't exist or too hard to use. Historically, there were different products that people had to use either have to use a, an integration platform type product to be able to get to all the API APIs. And it was a very developer driven workflow to put that process in place. >>Or you could use something like UI path where you can connect systems through UI automation. What, and when we looked at that problem, we said, the problem is, is to connect, break the silos that exist across processes and apps in the enterprise. And we wanted to provide one single design environment in which developers can use API or UI automation, or even machine learning based predictions and construct an end to end workflow where you can blend together a set of ML skills, UI automation, API automation, to, uh, you know, to compose that into an automation. So that was our thesis behind that the market definitely seems to be paying attention. And it seems that, you know, other people are trying to follow the same, same path as well as some industry analysts have written about sort of the consolidation in, in categories happening. >>Yeah. You guys started a trend for sure. Let's talk about security. You guys announced a partnership with CrowdStrike endpoint security, clearly the leader there, uh, they're, they're really amazing company. What what's that partnership all about how to, how to come about and, you know, maybe give us some color there. >>Yeah. So we're very excited about this partnership. And as I was mentioning earlier, you know, one of the things that pandemic has done is elevated the importance of automation to the boardroom, to the CIO, the CSOs, and, and now they're looking at, you know, UI path automation platform as a key enabler of getting work done within the enterprise. So when they look at something that's gonna, you know, take like 20, 30% of the transactions in a, in a working environment and move it through that platform, they want to make sure that it has all of the security that they have heard about for all other application than end users are using as well. So CrowdStrike has done phenomenal work in security solutions to manage how employees are using based on their profiles, different applications and different API as well. What we've done is we've taken that the capability that they have built for the employee workforce and make sure that we can apply it to the robotic workforce that our customer is using as well. >>So the same policy based control that says, you know, a, this employee in this department isn't allowed to access the system, or it needs to be logged that they had access to this data. The same can be applied to robot as well. So you're no longer able to say, you know, I don't know what my robots are doing. I need to go through locks to find out he can maintain a policy. You can get alerts when robots do something that they're not allowed to do. And not only that you're able to pinpoint specifically to which workflow process that robot was executing when it tat, and when it touched a system that it wasn't allowed to. So it gives you that peace of mind, if you are a business owner or an it stakeholder at a company, to make sure that my robotic workflows isn't doing what it is supposed to do. >>So the point of integration for Crosstrek is a robot. Is that correct? It is, it is a robot. So it monitors what the robots are doing. And it, it makes it reports it back into the, their Falcon interface that basically says I've got a policy that when applied to my robot workflows and when, as they're executing things, I can monitor control and get alerted of different things that they're doing. And the robot today already does it's own identity access, right? Yeah. Right. Yeah. The robot has its own identity. So a robot generally historically, had to go log into many line of business systems to do the work. Right. And if the robot is running in, attended as it it's working with a side-by-side with a human, then it assumes the identity of the person that's working. So they can go access those systems. But if it's working unattended, then it's using a service account to make sure that it can go access the applications that it needs to access, to be able to, you know, pull information or update actions into those systems. >>So you mentioned more than 9,000 customers. Now, I know you've got more than 1200 with a hundred thousand or more ARR customer listening. I know is very important to you. I bet we just had the CIO and digital officer of Coca-Cola on talking about that was a big differentiator when it was, I said, who else did you look at, but what was it that really made you iPad stand out? And that's that customer listening the voice of the customer, the impact that it has on the technology in the company. Overall, talk to me about some of your favorite stories of customers that have really helped influence, especially in the last year and a half, the direction of the company, you know, IPO and six months ago, as I mentioned, how is that customer voice really critical to the innovation that your team is driving? >>Yeah, I know it's, it's very important. And that's something that we've done from like the beginning of, you know, creating this market and entering this category of RPA. You know, it was initially a customer that educated us about what RPA is, you know, brought us in and told us what kind of solution they wanted and to help us create the first solution. And we worked very closely. In fact, I joined the company about three and a half years ago. In my first month, I spent a lot of time with a customer in Japan to learn from what they thought about automation, very large bank in Japan, and we've continued that process. So we have, um, every quarter we eat with our customers around the world and customer advisory boards. We run a product advisory board every six months, very specific information at a feature level on what we're working on. And we ask our customers to ward on the feature list and we decide based on how much importance they put to different product areas to see what we're going to innovate on. Um, we feel this is the best way to build enterprise products. You know, it's, it's, it's helped us tremendously. Uh, and, and we're, we're extremely grateful to our customers to be able to, you know, help us shape the platform in this way. You know, >>When the whole discussion around AI first started AI and RPA, and there were some naysayers, and it seems like you're applying AI everywhere. It's hard to even understand it sometimes. So can you help us understand your strategy with respect to AI, where aren't you applying it, but maybe you could help us sort of shape that discussion. >>That's really a good question. So, um, I I'd say AI is a core intrinsic aspect of what we do in our platform. Um, and I'll tell you how it, it matters. It matters because what we're trying to do at the end of the day is mimic how people work, right. And, and make sure that, you know, we can process the systems that just like humans processes as well. So when you look at something on your computer screen, you're using your computer vision to be able to identify what is on the computer screen, whether you're looking at a browser or you're looking at a specific control that you can enter the customer name, or, you know, hit the button. So our technology essentially give our robots the same skills to be able to understand what is on the user interface in front of the screen. And if I'm going to give you an instruction to say, start a certain application and click the new button, and then enter, you know, this information on this form, the robot is able to process that exactly the way you would do it by using those eyes. >>And that's what we know intrinsically. We build a computer vision capabilities. Now we've applied that, that ability to understand computer screens, to documents as well. And that's where we build machine learning bottle models for extracting information from documents. So if you, if you hired somebody in accounts payable department, and you showed them a piece of paper, and you said, Hey, this is an invoice. Please put it into this system. You know, they are able to look at that invoice and when they get the next document, they know this next document is also an invoice. And they're able to put that in, you know, extract information from it and put it into a line of business system. So we're teaching a robots, the same skills to be able to classify documents, a certain document types and using machine learning models, extract relevant information from those documents. Even if one invoice looks different from the second invoice, you're still able to, as, as human I reliably extract information from it, the robots have the exact same skills to be able to deal with. >>So, okay. So classification, it makes sense because you're using math and now you have enough processing power and enough data. And so you can apply that those algorithms does the AI help. Maybe this is a stupid question, but does it, does it give context as well? Right? It can, it, can it interpret context like a human, could we, we, at that point, >>Um, well, it depends on what you mean by context in general, you know, the applications of AI, um, broadly speaking are narrow, right? And they're not able to go broad and, and understand the entire context that's where humans are better, right? That's where humans are able to sort of truly apply the context, especially if it's, you know, a rare occurrence of that context. And that's why we fundamentally believe that, you know, AI is powerful only if you can apply together with humans. And so we've built capabilities to support like a human in the loop scenario where if a document was read by the robot and it extracted information, but extractive the low confidence or it didn't, wasn't able to find all the right fields of a supposed to, we can suspend the process, send the document and the extracted information to a human and the human can correct what they've extracted. And with that, you know, you're creating retraining model data for the model to behave appropriately. Next time it sees similar information in the next document. So we do believe that, you know, AI is not going to solve all the problems. Yeah. It's going to be able to solve the narrow path, but in, as you look at sort of broader and contextual specific things that are out of normal behavior, you would still need humans to be able to guide what robots are able to do. >>Chatbots can interpret contexts. I don't know if that's because it's brute force and he's just throwing a lot of repetitive sort of data. I don't know if you guys seen the, um, the, the very first AI, standup comedy. No, you haven't seen this. Yeah. >>It's, it's the >>First standup comedy routine written by machines. And it's a lot of, it's really stupid, but some of them, some of the jokes aren't bad, you know, and they have an audience and they're like this, the fake laughter coming in. But so it seems like it's amazing. You have to I'll, I'll send it to you. You have to check it out. But, but, so we're starting to get to the point where you could interpret context or create context. And like you say, human in the loop allows you to sort of verify >>That are correct and validate, you know, robot actions, actions. Yeah. >>Okay. So you'll just kind of ride that AI curve, wherever it takes you. Right. >>Well, I think yeah, is really important and they'll become increasingly important as we look at the future. We're also looking at, you know, in the future AI based development or AI based, helping of build building development script. So something that, you know, you'll hear Daniel talk a lot about semantic automation. So where, you know, investing a lot and ensuring that we can have semantic automation type capabilities into a product that helps, you know, the process of building automation simple enough, so that more citizen developers can build it and drives developer productivity. And at the end of the day, I have a specific use case. I want to show you offline and tell me if you can help. >>I got to ask you one more question. As here we are talking about humans and AI surrounded by humans. Finally, for the first time in a long time, what's just been some of the feedback that you've heard yes. Between yesterday and today in the last 30 seconds that we have here, >>The feedback about the product specifically, that the >>Technology, the direction of the company, what you're announcing. >>Yeah. Our customers are very excited about, you know, some of the things that we've announced today, um, you know, I'd say the excitement is specifically around some of the things we're doing around the discovery pillar. We've got a lot of excitement around what we've acquired through cloud elements and the integration service that's available as part of our platform. Uh, we've got customers very excited about running automations on Lennox machines that they can scale them, manage the total infrastructure, uh, around it. Um, we've also released a automation suite that gives our on-premise customers the same sort of manageability and deployment, uh, capabilities that are available to our SAS customers so that the admin experience has improved. So in general, the feedback around the innovation and things that we're doing has been very, very positive from our customers. >>The validation problem. Thank you for joining David me on the program today, talking about what's new, congratulations on that. And for holding a very successful in-person event, >>That's a big deal. Thank you so much for having me. We're happy to >>Be here for Dave Volante. I'm Lisa Martin. We've been coming to you all day from Las Vegas. We're going to see you tomorrow. Same channel from UI path forward for C then.

>>Welcome back to the cubes coverage of dr khan 2021. I'm john for your host of the cube. We're here with Amanda Silver, corporate vice president, product developer division at Microsoft. Amanda, Great to see you you were on last year, Dr khan. Great to see you again a full year later were remote. Thanks for coming on. I know you're super busy with build happening this week as well. Thanks for making the time to come on the cube for Dr khan. >>Thank you so much for having me. Yeah, I'm joining you like many developers around the globe from my personal home office, >>developers really didn't skip a beat during the pandemic and again, it was not a good situation but developers, as you talked about last year on the front lines, first responders to creating value quite frankly, looking back you were pretty accurate in your prediction, developers did have an impact this year. They did create the kind of change that really changed the game for people's lives, whether it was developing solutions from a medical standpoint or even keeping systems running from call centres to making sure people got their their their goods or services and checks and and and kept sanity together. So. >>Yeah absolutely. I mean I think I think developers you know get the M. V. P. Award for this year because you know at the end of the day they are the digital first responders to the first responders and the pivot that we've had to make over the past year in terms of supporting remote telehealth, supporting you know online retail, curbside pickup. All of these things were done through developers being the ones pushing the way forward remote learning. You know my kids are learning at home right behind me right now so you might hear them during the interview that's happening because developers made that happen. >>I don't think mom please stop hogging the band with, they've got a gigabit. Stop it. Don't be streaming. My kids are all game anyway, Hey, great to have you on and you have to get the great keynote, exciting to see you guys continue the collaboration with Docker uh with GIT hub and Microsoft, A great combination, it's a 123 power punch of value. You guys are really kind of killing it. We heard from scott and dan has been on the cube. What's your thoughts on the partnership with the developer division team at Microsoft with Doctor, What's it all about this year? What's the next level? >>Well, I mean, I think, I think what's really awesome about this partnership is that we all have, we all are basically sharing a common mission. What we want to do is make sure that we're empowering developers, that we're focused on their productivity and that we're delivering value to them so they can do their job better so that they can help others. So that's really kind of what drives us day in and day out. So what we focus on is developer productivity. And I think that's a lot of what dana was talking about in her session, the developer division. Specifically, we really try to make sure that we're improving the state of the art from modern developers. So we want to make sure that every keystroke that they take, every mouse move that they make, it sounds like a song but every every one of those matter because we want to make sure that every developers writing the code that only they can write and in terms of the partnership and how that's going. You know my team and the darker team have been collaborating a ton on things like dr desktop and the Doctor Cli tool integrations. And one of the things that we do is we think about pain points and various workflows. We want to make sure that we're shaving off the edges of all of the user experience is the developers have to go through to piece all of these applications together. So one of the big pain points that we have heard from developers is that signing into the Azure cloud and especially our sovereign clouds was challenging. So we contributed back to uh back to doctor to actually make it easier to sign into these clouds. And so dr developers can now use dr desktop and the Doctor Cli to actually change the doctor context so that its Azure. So that makes it a lot easier to connect the other. Oh, sorry, go ahead. No, I was just >>going to say, I love the reference of the police song. Every breath you take, every >>mouth moving. Great, >>great line there. Uh, but I want to ask you while you're on this modern cloud um, discussion, what is I mean we have a lot of developers here at dr khan. As you know, you guys know developers in your ecosystem in core competency. From Microsoft, Kublai khan is a very operator like focus developed. This is a developer conference. You guys have build, what is the state of the art for a modern cloud developer? Could you just share your thoughts because this comes up a lot. You know, what's through the art? What's next jan new guard guard? It's his legacy. What is the state of the art for a modern cloud developer? >>Fantastic question. And extraordinarily relevant to this particular conference. You know what I think about often times it's really what is the inner loop and the outer loop look like in terms of cycle times? Because at the end of the day, what matters is the time that it takes for you to make that code change, to be able to see it in your test environment and to be able to deploy it to production and have the confidence that it's delivering the feature set that you need it to. And it's, you know, it's secure, it's reliable, it's performance, that's what a developer cares about at the end of the day. Um, at the same time, we also need to make sure that we're growing our team to meet our demand, which means we're constantly on boarding new developers. And so what I take inspiration from our, some of the tech elite who have been able to invest significant amounts in, in tuning their engineering systems, they've been able to make it so that a new developer can join a team in just a couple of minutes or less that they can actually make a code change, see that be reflected in their application in just a few seconds and deploy with confidence within hours. And so our goal is to actually be able to take that state of the art metric and democratize that actually bring it to as many of our customers as we possibly can. >>You mentioned supply chain earlier in securing that. What are you guys doing with Docker and how to make that partnership better with registries? Is there any update there in terms of the container registry on Azure? >>Yeah, I mean, you know, we, we we have definitely seen recent events and and it almost seems like a never ending attacks that that you know, increasingly are getting more and more focused on developer watering holes is how we think about it. Kind of developers being a primary target um for these malicious hackers. And so what it's more important than ever that every developer um and Microsoft especially uh really take security extraordinarily seriously. Our engineers are working around the clock to make sure that we are responding to every security incident that we hear about and partnering with our customers to make sure that we're supporting them as well. One of the things that we announced earlier this week at Microsoft build is that we've actually taken, get have actions and we've now integrated that into the Azure Security Center. And so what this means is that, you know, we can now do things like scan for vulnerabilities. Um look at things like who is logging in, where things like that and actually have that be tracked in the Azure security center so that not just your developers get that notification but also your I. T. Operations. Um In terms of the partnership with dR you know, this is actually an ongoing partnership to make sure that we can provide more guidance to developers to make sure that they are following best practices like pulling from a private registry like Docker hub or at your container registry. So I expect that as time goes on will continue to more in partnership in this space >>and that's going to give a lot of confidence. Actually, productivity wise is going to be a big help for developers. Great stuff is always good, good progress. They're moving the needle. >>Last time we >>spoke we talked about tools and setting Azure as the doctor context duty tooling updates here at dot com this year. That's notable. >>Yeah, I mean, I think, you know, there's one major thing that we've been working on which has a big dependency on docker is get help. Code space is now one of the biggest pain points that developers have is setting up a new DEV box, which they often have to do when they are on boarding a new employee or when they're starting a new project or even if they're just kicking the tires on a new technology that they want to be able to evaluate and sometimes creating a developer environment can actually take hours um and especially when you're trying to create a developer environment that matches somebody else's developer environment that can take like a half a day and you can spend all of your time just debugging the differences in environment variables, for example, um, containers actually makes that much easier. So what you can do with this, this services, you can actually create death environment spun up in the cloud and you can access it in seconds and you get from there are working coding environment and a runtime environment and this is repeatable via containers. So it means that there's no inadvertent differences introduced by each DEV. And you might be interested to know that underneath this is actually using Docker files and dr composed to orchestrate the debits and the runtime bits for a whole bunch of different stacks. And so this is something that we're actually working on in collaboration with the with the doctor team to have a common the animal format. And in fact this week we actually introduced a couple of app templates so that everybody can see this all in action. So if you check out a ca dot m s forward slash app template, you can see this in action yourself. >>You guys have always had such a strong developer community and one thing I love about cloud as it brings more agility, as we always talk about. But when you start to see the enterprise grow into, the direction is going now, it's almost like the developer communities are emerging, it's no longer about all the Lennox folks here and the dot net folks there, you've got windows, you've got cloud, >>it's almost >>the the the solidification of everyone kind of coming together. Um and visual studio, for instance, last year, I think you were talking about that to having to be interrogated dr composed, et cetera. >>How do you see >>this melting pot emerging? Because at the end of the day, you pick the language you love and you got devops, which is infrastructure as code doesn't matter. So give us your take on where we are with that whole progress of of making that happen. >>Well, I mean I definitely think that, you know, developer environments and and kind of, you know, our approach to them don't need to be as dogmatic as they've been in the past. I really think that, you know, you can pick the right tool and language and stand developer stack for your team, for your experience and you can be productive and that's really our goal. And Microsoft is to make sure that we have tools for every developer and every team so that they can build any app that they want to want to create. Even if that means that they're actually going to end up ultimately deploying that not to our cloud, they're going to end up deploying it to AWS or another another competitive cloud. And so, you know, there's a lot of things that we've been doing to make that really much easier. We have integrated container tools in visual studio and visual studio code and better cli integrations like with the doctor context that we had talked about a little bit earlier. We continue to try to make it easier to build applications that are targeting containers and then once you create those containers it's much easier to take it to another environment. One of the examples of this kind of work is now that we have WsL and the Windows subsystem for Lennox. This makes it a lot easier for developers who prefer a Windows operating system as their environment and maybe some tools like Visual Studio that run on Windows, but they can still target Lennox with as their production environment without any impedance mismatch. They can actually be as productive as they would be if they had a Linux box as their Os >>I noticed on this session, I got to call this out. I want to get your reaction to it interesting. Selection of Microsoft talks, the container based development. Visual studio code is one that's where you're going to show some some some container action going on with note and Visual Studio code. And then you get the machine learning with Azure uh containers in the V. S. Code. Interesting how you got, you know, containers with V. S. And now you've got machine learning. What does that tell the world about where Microsoft's at? Because in a way you got the cutting edge container management on one side with the doctor integration. Now you get the machine learning which everyone's talking about shifting, left more automation. Why are these sessions so important? Why should people attend? And what's the what's the bottom line? >>Well, like I said, like containers basically empower developer productivity. Um that's what creates the reputable environments, that's what allows us to make sure that, you know, we're productive as soon as we possibly can be with any text act that we want to be able to target. Um and so that's kind of almost the ecosystem play. Um it's how every developer can contribute to the success of others and we can amor ties the kinds of work that we do to set up an environment. So that's what I would say about the container based development that we're doing with both visual studio and visual studio code. Um in terms of the machine learning development, uh you know, the number of machine learning developers in the world is relatively small, but it's growing and it's obviously a very important set of developers because to train a machine learning uh to train an ml model, it actually requires a significant amount of compute resources, and so that's a perfect opportunity to bring in the research that are in a public cloud. Um What's actually really interesting about that particular develop developer stack is that it commonly runs on things like python. And for those of you who have developed in python, you know, just how difficult it is to actually set up a python environment with the right interpreter, with the right run time, with the right libraries that can actually get going super quickly, um and you can be productive as a developer. And so it's actually one of the hardest, most challenging developer stacks to actually set up. And so this allows you to become a machine learning developer without having to spend all of your time just setting up the python runtime environment. >>Yeah, it's a nice, nice little call out on python, it's a double edged sword. It's easier to sling code around on one hand, when you start getting working then you gotta it gets complicated can get well. Um Well the great, great call out there on the island, but good, good, good project. Let me get your thoughts on this other tool that you guys are talking about project tie. Uh This is interesting because this is a trend that we're seeing a lot of conversations here on the cube about around more too many control planes. Too many services. You know, I no longer have that monolithic application. I got micro micro applications with microservices. What the hell is going on with my services? >>Yeah, I mean, I think, you know, containers brought an incredible amount of productivity in terms of having repeatable environments, both for dev environments, which we talked about a lot on this interview already, but also obviously in production and test environments. Super important. Um and with that a lot of times comes the microservices architecture that we're also moving to and the way that I view it is the microservices architecture is actually accompanied by businesses being more focused on the value that they can actually deliver to customers. And so they're trying to kind of create separations of concerns in terms of the different services that they're offering, so they can actually version and and kind of, you know, actually improve each of these services independently. But what happens when you start to have many microservices working together in a SAS or in some kind of aggregate um service environment or kind of application environment is it starts to get unwieldy, it's really hard to make it so that one micro service can actually address another micro service. They can pass information back and forth. And you know what used to be maybe easy if you were just building a client server application because, you know, within the server tear all of your code was basically contained in the same runtime environment. That's no longer the case when every microservices actually running inside of its own container. So the question is, how can we improve program ability by making it easier for one micro service that's being used in an application environment, be to be able to access another another service and kind of all of that context. Um and so, you know, you want to be able to access the service is the the api endpoint, the containers, the ingress is everything, make everything work together as though it felt just as easy as as um you know, server application development. Um And so what this means as well is that you also oftentimes need to get all of these different containers running at the same time and that can actually be a challenge in the developer and test loop as well. So what project tie does is it improves the program ability and it actually allows you to just write a command like thai run so that you can actually in stan she ate all of these containers and get them up and running and basically deploy and run your application in that environment and ultimately make the dev testing or loop much faster >>than productivity gain. Right. They're making it simple to stand up. Great, great stuff. Let me ask you a question as we kind of wrap down here for the folks here at Dakar Con, are >>there any >>special things you'd like to talk about the development you think are important for the developers here within this space? It's very dynamic. A lot of change happening in a good way. Um, but >>sometimes it's hard to keep >>track of all the cool stuff happening. Could you take a minute to, to share your thoughts on what you think are the most important develops developments in this space? That that might be interesting to ducker con attendees. >>I think the most important things are to recognize that developer environments are moving to containerized uh, environments themselves so that they can be repeated, they can be shared, the work, configuring them can be amortized across many developers. That's important thing. Number one important thing. Number two is it doesn't matter as much what operating system you're running as your chrome, you know, desktop. What matters is ultimately the production environment that you're targeting. And so I think now we're in a world where all of those things can be mixed and matched together. Um and then I think the next thing is how can we actually improve microservices, uh programming development together um so that it's easier to be able to target multiple micro services that are working in aggregate uh to create a single service experience or a single application. And how do we improve the program ability for that? >>You know, you guys have been great supporters of DACA and the community and open source and software developers as they transform and become quite frankly the superheroes for the transformation, which is re factoring businesses. So this has been a big thing. I'd love to get your thoughts on how this is all coming together inside Microsoft, you've got your division, you get the developer division, you got GIT hub, got Azure. Um, and then just historically, and he put this up last year army of an ecosystem. People who have been contributing encoding with Microsoft and the partners for many, many decades. >>Yes. The >>heart Microsoft now, how's it all working? What's the news? I get Lincoln, Lincoln, but there's no yet developer model there yet, but probably is soon. >>Um Yeah, I mean, I think that's a pretty broad question, but in some ways I think it's interesting to put it in the context of Microsoft's history. You know, I think when I think back to the beginning of my career, it was kind of a one stack shop, you know, we was all about dot net and you know, of course we want to dot net to be the best developer environment that it can possibly be. We still actually want that. We still want that need to be the most productive developer environment. It could we could possibly build. Um but at the same time, I think we have to recognize that not all developers or dot net developers and we want to make sure that Azure is the most productive cloud for developers and so to do that, we have to make sure that we're building fantastic tools and platforms to host java applications, javascript applications, no Js applications, python applications, all of those things, you know, all of these developers in the world, we want to make sure it can be productive on our tools and our platforms and so, you know, I think that's really kind of the key of you know what you're speaking of because you know, when I think about the partnership that I have with the GIT hub team or with the Azure team or with the Azure Machine learning team or the Lincoln team, um A lot of it actually comes down to helping empower developers, improving their productivity, helping them find new developers to collaborate with, um making sure that they can do that securely and confidently and they can basically respond to their customers as quickly as they possibly can. Um and when, when we think about partnering inside of Microsoft with folks like linkedin or office as an example, a lot of our partnership with them actually comes down to improving their colleagues efficiency. We build the developer tools that office and lengthen are built on top of and so every once in a while we will make an improvement that has, you know, 5% here, 3% there and it turns into an incredible amount of impact in terms of operations, costs for running these services. >>It's interesting. You mentioned earlier, I think there's a time now we're living in a time where you don't have to be dogmatic anymore, you can pick what you like and go with it. Also that you also mentioned just now this idea of distributed applications, distributed computing. You know, distributed applications and microservices go really well together. Especially with doctor. >>Can you share >>your thoughts on the framework that you guys released called Dapper? >>Yeah, yeah. We recently released Dapper. It's called D A P R. You can look it up on GIT hub and it's a programming model for common microservices pattern, two common microservices patterns that make it really easy and automatic to create those kinds of microservices. So you can choose to work with your favorite state stores or databases or pub sub components and get things like cloud events for free. You can choose either http or g R B C so that you can get mesh capabilities like service discovery and re tries and you can bring your own secret store and easily be able to call it from any environment variable. It's also like I was talking about earlier, multi lingual. Um so you don't need to embrace dot net, for example, as you're programming language to be able to benefit from Dapper, it actually supports many programming languages and Dapper itself is actually written and go. Um and so, you know, all developers can benefit from something like Dapper to make it easier to create microservices applications. >>I mean, always great to have you on great update. Take a minute to give an update on what's going on with your division. I know you had to build conference this week. V. S has got the new preview title. We just talked about what are the things you want to get to plug in for? Take a minute to get to plug in for what you're working on, your goals, your objectives hiring, give us the update. >>Yeah, sure. I mean, you know, we we built integrated container tools in visual studio uh and the Doctor extension and Visual Studio code and cli extensions. Uh and you know, even in this most recent release of our Visual Studio product, Visual Studio 16 10, we added some features to make it easier to use DR composed better. So one of the examples of this is that you can actually have uh Oftentimes you need to be able to use multiple doctor composed files together so that you can actually configure various different container environments for a single single application. But it's hard sometimes to create the right Yeah. My file so that you can actually invoke it and invoke the the container and the micro services that you need. And so what this allows you to do is to actually have just a menu of the different doctor composed files so that you can select the runtime and test environment that you need for the subset of the portion of the application that you're working on at the end of the day. This is always about developer productivity. You know, like I said, every keystroke matters. Um and we want to make sure that you as a developer can focus on the code that only you can Right. >>Amanda Silver, corporate vice president product development division of Microsoft. Always great to see you and chat with you remotely soon. We'll be back in in real life with real events soon as we come out of the pandemic and thanks for sharing your insight and congratulations on your success this year and and congratulations on your announcement here at Dakar Gone. >>Thank you so much for having me. >>Okay Cube coverage for Dunkirk on 2021. I'm John for your host of the Cube. Thanks for watching. Mhm

>>mhm Yes. >>Hello and welcome back to the cubes coverage of dr khan 2021 virtual. I'm john Kerry hosted the Q got a great cube segment here. Simon Maple Field C T Oh it's technique. Great company security shifting left great to have you on Simon. Thanks for thanks for stopping by >>absolute pleasure. Thank you very much for having me. >>So you guys were on last year the big partnership with DR Conn remember that interview vividly because it was really the beginning at the beginning but really come to me the mainstream of shifting left as devops. It's not been it's been around for a while. But as a matter of practice as containers have been going super mainstream. Super ballistic in the developer community then you're seeing what's happening. It's containers everywhere. Security Now dev sec apps is the standard. So devops great infrastructure as code. We all know that but now it's def sec ops is standard. This is the real deal. Give us the update on what's going on with sneak. >>Absolutely, yeah. And you know, we're still tireless in our approach of trying to get make sure developers don't just have the visibility of security but are very much empowered in terms of actually fixing issues and secure development is what we're really striving for. So yeah, the update, we're still very, very deep into a partnership with DACA. We have updates on DR desktop which allows developers to scan the containers on the command line, providing developers that really fast feedback as as early as possible. We also have uh, you know, new updates and support for running Docker scan on Lennox. Um, and yeah, you know, we're still there on the Docker hub and providing that security insights um, to, to users who are going to Docker hub to grab their images. >>Well, for the folks watching maybe for the first time, the sneak Docker partnership, we went in great detail last year was the big reveal why Docker and sneak partnership, what is the evolution of that partnership over the year? They speak highly of you guys as a developer partner. Why Doctor? What's the evolution looked like? >>It's a it's a really great question. And I think, you know, when you look at the combination of DACA and sneak well actually let's take let's take each as an individual. Both companies are very, very developer focused. First of all, right, so our goals and will be strife or what we what we tirelessly spend their time doing is creating features and creating, creating an environment in which a developer you can do what they need to do as easily as possible. And that, you know, everyone says they want to be developer friendly, They want to be developer focused. But very few companies can achieve. And you look at a company like doctor, you're a company like sneak it really, really provides that developer with the developer experience that they need to actually get things done. Um, and it's not just about being in a place that a developer exists. It's not enough to do that. You need to provide a developer with that experience. So what we wanted to do was when we saw doctor and extremely developer friendly environment and a developer friendly company, when we saw the opportunity there to partner with Yoko, we wanted to provide our security developer friendliness and developer experience into an already developed a friendly tool. So what the partnership provides is the ease of, you know, deploying code in a container combined with the ease of testing your code for security issues and fixing security issues in your code and your container and pulling it together in one place. Now, one of the things which we as a as a security company um pride ourselves on is actually not necessarily saying we provide security tools. One of what our favorite way of saying is we're a developer tooling company. So we provide tools that are four developers now in doing that. It's important you go to where the developers are and developers on DACA are obviously in places like the Docker hub or the Docker Cli. And so it's important for us to embed that behavior and that ease of use inside Dhaka for us to have that uh that that flow. So the developer doesn't need to leave the Docker Cli developer that doesn't need to leave Docker hub in order to see that data. If you want to go deeper, then there are probably easier ways to find that data perhaps with sneak or on the sneak site or something like that. But the core is to get that insight to get that visibility and to get that remediation, you can see that directly in in the in the Dhaka environment. And so that's what makes the relationship so so powerful. The fact that you combine everything together and you do it at source >>and doing it at the point of code. >>Writing >>code is one of the big things I've always liked about the value proposition is simple shift left. Um So let's just step back for a second. I got to ask you this question because this I wanted to make sure we get this on the table. What are the main challenges uh and needs to, developers have with container security? What are you seeing as the main top uh A few things that they need to have right now for the challenges uh with container security? >>Yeah, it's a it's a very good question. And I think to answer that, I think we need to um we need to think of it in a couple of ways. First of all, you've just got developers security uh in general, across containers. Um And the that in itself is there are different levels at which developers engage with containers. Um In some organizations, you have security teams that are very stringent in terms of what developers can and can't do in other organizations. It's very much the developer that that chooses their environment, chooses their parent image, et cetera. And so there when a developer has many, many choices in which they need to need to decide on, some of those choices will lead to more issues, more risk. And when we look at a cloud native environment, um uh Let's take let's take a node uh image as an example, the number of different uh images tags you can choose from as a developer. It's you know, there are hundreds, probably thousands. That you can actually you can actually choose. What is the developer gonna do? Well, are they going to just copy paste from another doctor file, for example, most likely. What if there are issues in that docker file? They're just gonna copy paste that across mis configurations that exist. Not because the developer is making the wrong decision, but because the developer very often doesn't necessarily know that they need to add a specific directive in. Uh So it's not necessarily what you add in a conflict file, but it's very often what you admit. So there are a couple of things I would say from a developer point of view that are important when we think about cloud security, the first one is just that knowledge that understanding what they need to do, why they need to do it. Secure development doesn't need to be, doesn't mean they need to be deep in security. It means they need to understand how they can develop securely and what what the best decisions that could come from guard rails, from the security team that they provide the development team to offer. But that's the that's an important error of secure development. The second thing and I think one of the most important things is understanding or not understanding necessarily, but having the information to get an act on those things early. So we know the length of time that developers are uh working on a branch or working on um some some code changes that is reducing more and more and more so that we can push to production very, very quickly. Um What we need to do is make sure that as a developer is making their changes, they can make the right decision at the right time and they have the right information at that time. And a lot of this could be getting information from tools, could be getting information from your team where it could be getting information from your production environments and having that information early is extremely important to make. That decision. May be in isolation with your team in an autonomous way or with advice from the security team. But I would say those are the two things having that information that will allow you to make that action, that positive change. Um uh and and yeah, understanding and having that knowledge about how you can develop security. >>All right. So I have a security thing. So I'm a development team and by the way, this whole team's thing is a huge deal. I think we'll get to that. I want to come back to that in a second but just throw this out there. Got containers, got some security, it's out there and you got kubernetes clusters where containers are coming and going. Sometimes containers could have malware in them. Um and and this is, I've heard this out and about how do how that happens off container or off process? How do you know about it? Is that infected by someone else? I mean is it gonna be protected? How does the development team once it's released into the wild, so to speak. Not to be like that, but you get the idea, it's like, okay, I'm concerned off process this containers flying around. What is it How do you track all >>and you know, there's a there's a few things here that are kind of like potential potential areas that, you know, we can trip up when we think about malware that's running um there are certain things that we need to that we need to consider and what we're really looking at here are kind of, what do we have in place in the runtime that can kind of detect these issues are happening? How do we block that? And how do you provide that information back to the developer? The area that I think is, and that is very, very important in order to in order to be able to identify monitor that those environments and then feed that back. So that that that's the kind of thing that can be that can be fixed. Another aspect is, is the static issues and the static issues whether that's in your os in your OS packages, for example, that could be key binaries that exist in your in your in your docker container out the box as well or of course in your application, these are again, areas that are extremely important to detect and they can be detected very very early. So some things, you know, if it's malware in a package that has been identified as malware then absolutely. That can be that can be tracked very very early. Sometimes these things need to be detected a little bit later as well. But yeah, different tools for different for different environments and wear sneak is really focused. Is this static analysis as early as possible. >>Great, great insight there. Thanks for sharing that certainly. Certainly important. And you know, some companies classes are locked down and all of sudden incomes, you know, some some malware from a container, people worried about that. So I want to bring that up. Uh The other thing I want to ask you is this idea of end to end security um and this is a team formation thing we're seeing where modern teams have essentially visibility of their workload and to end. So this is a huge topic. And then by the way it might integrate their their app might integrate with other processes to that's great for containers as well and observe ability and microservices. So this is the trend. What's in it for the developer? If I work with sneak and docker, what benefits do I get if I want to go down that road of having these teams began to end, but I want the security built in. >>Mhm. Yeah, really, really important. And I think what's what's most important there is if we don't look end to end, there are component views and there are applications. If we don't look into end, we could have our development team fixing things that realistically aren't in production anyway or aren't the key risks that are potentially hurting us in our production environment. So it's important to have that end to end of you so that we have the right insights and can prioritize what we need to identify and look at early. Um, so I think, I think that visibility into end is extremely important. If we think about who, who is re fixing uh certain issues, again, this is gonna depend from dog to walk, but what we're seeing more and more is this becoming a developer lead initiative to not just find or be given that information, but ultimately fixed. They're getting more and more responsible for DR files for for I see for for their application code as well. So one of the areas which we've looked into as well is identifying and actually running in cuba Netease workloads to identify where the most important areas that a developer needs to look at and this is all about prioritization. So, you know, if the developer has just a component view and they have 100 different images, 100 different kubernetes conflicts, you know, et cetera. Where do they prioritize, where do they spend their time? They shouldn't consider everything equal. So this identification of where the workloads are running and what um is causing you the most risk as a business and as an organization, that is the data. That can be directly fed back into your, your your vulnerability data and then you can prioritize based on the kubernetes workloads that are in your production and that can be fed directly into the results in the dashboards. That's neat. Can provide you as well. So that end to end story really provides the context you need in order to not just develop securely, but act and action issues in a proper way. >>That's a great point. Context matters here because making it easy to do the right thing as early as possible, the right time is totally an efficiency productivity gain, you see in that that's clearly what people want. It's a great formula, success, reduce the time it takes to do something, reduced the steps and make it easy. Right, come on, that's a that's a formula. Okay, so I gotta bring that to the next level. When I ask you specifically around automation, this is one the hot topic and def sec ops, automation is part of it. You got scale, you got speed, you've got a I machine learning, you go out of all these new things. Microservices, how do you guys fit into the automation story? >>It's a great question. And you know, one of the recent reports that we that we did based on a survey data this year called the state of a state of cloud, native applications security. We we asked the question how automated our people in their in their deployment pipelines and we found some really strong correlations between value from a security point of view um in terms of in terms of having that automation in it, if I can take you through a couple of them and then I'll address that question about how we can be automated in that. So what we found is a really strong correlation as you would expect with security testing in ci in your source code repositories and all the way through the deployment ci and source code were the two of the most most well tested areas across the pipeline. However the most automated teams were twice as likely to test in I. D. S. And testing your CLS in local development. And now those are areas that are really hard to automate if at all because it's developers running running their cli developers running and testing in their I. D. So the having a full automation and full uh proper testing throughout the sclc actually encourages and and makes developers test more in their development environment. I'm not saying there's causation there but there's definite correlation. A couple of other things that this pushes is um Much much more likely to test daily or continuously being automated as you would expect because it's part of the bills as part of your monitoring. But crucially uh 73% of our respondents were able to fix a critical issue in less than a week as opposed to just over 30% of people that were not automated, so almost double people are More likely to fix within a week. 36% of people who are automated can fix a critical security issue in less than a day as opposed to 8% of people who aren't automated. So really strong data that correlates being automated with being able to react now. If you look at something like Sneak what if our um goals of obviously being developer friendly developer first and being able to integrate where developers are and throughout the pipeline we want to test everywhere and often. Okay, so we start as far left as we can um integrating into, you know, CLS integrating into Docker hub, integrating into into doctors can so at the command line you type in doctors can you get sneak embedded in DHAKA desktop to provide you those results so as early as possible, you get that data then all the way through to to uh get reposed providing that testing and automatically testing and importing results from there as well as as well as other repositories, container repositories, being at a poor from there and test then going into ci being able to run container tests in C I to make sure we're not regressing and to choose what we want to do their whether we break, whether we continue with with raising an issue or something like that, and then continuing beyond that into production. So we can monitor tests and automatically send pull requests, etcetera. As and when new issues or new fixes occur. So it's about integrating at every single stage, but providing some kind of action. So, for example, in our ui we provide the ability to say this is the base level you should be or could be at, it will reduce your number of vulnerabilities by X and as a result you're going to be that much more secure that action ability across the pipeline. >>That's a great, great data dump, that's a masterclass right there on automation. Thanks for sharing that sign. I appreciate it. I gotta ask you the next question that comes to my mind because I think this is kind of the dots connect for the customer is okay. I love this kind of hyper focus on containers and security. You guys are all over it, shift left as far as possible, be there all the time, test, test, test all through the life cycle of the code. Well, the one thing that is popping up as a huge growth areas, obviously hybrid cloud devops across both environments and the edge, whether it's five G industrial or intelligent edge, you're gonna have kubernetes clusters at the edge now. So you've got containers. The relationship to kubernetes and then ultimately cloud native work clothes at, say, the edge, which has data has containers. So there's a lot of stuff going on all over the place. What's your, what's your comment there for customer says, Hey, you know, I got, this is my architecture that's happening to me now. I'm building it out. We're comfortable with kubernetes put in containers everywhere, even on the edge how to sneak fit into that story. >>Yeah, really, really great question. And I think, you know, a lot of what we're doing right now is looking at a developer platform. So we care about, we care about everything that a developer can check in. Okay, so we care about get, we care about the repositories, we care about the artifact. So um, if you look at the expansion of our platform today, we've gone from code that people uh, third party libraries that people test. We added containers. We've also added infrastructure as code. So Cuban eighties conflicts, Terror form scripts and things like that. We're we're able to look at everything that the developer touches from their code with sneak code all the way through to your to your container. And I see, so I think, you know, as we see more and more of this pushing out into the edge, cuba Nitties conflict that that, you know, controls a lot of that. So much of this is now going to be or not going to be, but so much of the environment that we need to look at is in the configurations or the MIS configurations in that in those deployment scripts, um, these are some of the areas which which we care a lot about in terms of trying to identify those vulnerabilities, those miS configurations that exist within within those scripts. So I can see yeah more and more of this and there's a potential shift like that across to the edge. I think it's actually really exciting to be able to see, to be able to see those uh, those pushing across. I don't necessarily see any other, any, you know, different security threats or the threat landscape changing as a result of that. Um there could be differences in terms of configurations, in terms of miS configurations that that that could increase as a result, but, you know, a lot of this and it just needs to be dealt with in the appropriate way through tooling through, through education of of of of how that's done. >>Well, obviously threat vectors are all gonna look devops like there's no perimeter. So they're everywhere right? Looking at I think like a hacker to be being there. Great stuff. Quick question on the future relationship with DR. Obviously you're betting a lot here on that container relationship, a good place to start. A lot of benefits there. They have dependencies, they're going to have implications. People love them, they love to use them, helps old run with the new and helps the new run better. Certainly with kubernetes, everything gets better together. What's the future with the DACA relationship? Take us through how you see it. >>So yeah, I mean it's been an absolute blast the doctor and you know, even from looking at some of the internal internal chats, it's been it's been truly wonderful to see the, the way in which both the doctor and sneak from everything from an engineering point of view from a marketing, from a product team. It's been a pleasure to, it's been a pleasure to see that relationship grow and flourish. And, and I think there's two things, first of all, I think it's great that as companies, we, we both worked very, very well together. I think as as as users um seeing, you know, doctor and and and sneak work so so seamlessly and integrated a couple of things. I would love to see. Um, I think what we're gonna see more and more and this is one of the areas that I think, um you know, looking at the way sneak is going to be viewing security in general. We see a lot of components scanning a lot, a lot of people looking at a components can and seeing vulnerabilities in your components. Can I think what we need to, to to look more upon is consolidating a lot of the a lot of the data which we have in and around different scans. What I would love to see is perhaps, you know, if you're running something through doctors can how can you how can you view that data through through sneak perhaps how can we get that closer integration through the data that we that we see. So I would love to see a lot more of that occur, you know, within that relationship and these are kind of like, you know, we're getting to that at that stage where we see integration, it just various levels. So we have the integration where we have we are embedded but how can we make that better for say a sneak user who also comes to the sneak pages and wants to see that data through sneak. So I would love to see at that level uh more there where as I mentioned, we have we have some some additional support as well. So you can run doctors can from from Lenox as well. So I can see more and more of that support rolling out but but yeah, in terms of the future, that's where I would love to see us uh to grow more >>and I'll see in the landscape side on the industry side, um, security is going beyond the multiple control planes out there. Kubernetes surveillance service matches, etcetera, continues to be the horizontally scalable cloud world. I mean, and you got you mentioned the edge. So a lot more complexity to rein in and make easier. >>Yeah, I mean there's a lot more complexity, you know, from a security point of view, the technology is the ability to move quickly and react fast in production actually help security a lot because you know, being able to spin a container and make changes and and bring a container down. These things just weren't possible, you know, 10 years ago, 20 years ago. Pre that it's like it was it's insanely hard compared trying to trying to do that compared to just re spinning a container up. However, the issue I see from a security point of view, the concerns I see is more around a culture and an education point of view of we've got all this great tech and it's it's awesome but we need to do it correctly. So making sure that as you mentioned with making the right decision, what we want to make sure is that right decision is also the easy decision and the clear decision. So we just need to make sure that as we as we go down this journey and we're going down it fast and it's not gonna, I don't see it slowing down, we're going fast down that journey. How do we make, how do we prepare ourselves for that? We're already seeing, you know, miss configurations left, right and center in the news, I am roles as three buckets, etcetera. These are they're they're simpler fixes than we than we believe, right? We just need to identify them and and make those changes as needed. So we just need to make sure that that is in place as we go forward. But it's exciting times for sure. >>It's really exciting. And you got the scanning and right at the point of coding automation to help take that basic mis configuration, take that off the table. Not a lot of manual work, but ultimately get to that cloud scale cool stuff. >>Simon, thank you >>for coming on the cube dr khan coverage. Really appreciate your time. Drop some nice commentary there. Really appreciate it. Thank you. >>My pleasure. Thank you very much. >>Simon Maple Field C T. O. A sneak hot startup. Big partner with Docker Security, actually built in deVOPS, is now dead. Say cops. This is dr khan cube 2021 virtual coverage. I'm sean for your host. Thanks for watching. Mm.

>>mhm Yes, everyone, welcome back to the cubes coverage of dr khan 2021. I'm john for your host of the cube. Got a great segment here. One of the big supporters and open source amazon web services returning back second year. Dr khan virtual Deepak Singh, vice president of the compute services at AWS Deepak, Great to see you. Thanks for coming back on remotely again soon. We'll be in real life. Reinvent is going to be in person, we'll be there. Good to see you. >>Good to see you too, john it's always good to do these. I don't know how how often I've been at the cube now, but it's great every single time your >>legend and getting on there, a lot of important things to discuss your in one of the most important areas in the technology industry right now and that is at the confluence of cloud scale and modern development applications as they shift towards as Andy Jassy says, the new guard, right. It's been happening. You guys have been a big proponent of open source and enabling open source is a service creating business models for companies. But more importantly, you guys are powering, making it easier for folks to use software. And doctor has been a big relationship for you. Could you take a minute to first talk about the doctor, a W S relationship and your involvement and what you're doing? >>Yeah, actually it goes back a long way. Uh you know, Justin, we announced PCS had reinvented 2014 and PCS at that time was very much managed orchestration service on top of DACA at that time. I think it was the first really big one out there from a cloud provider. And since then, of course, the world has evolved quite a bit and relationship with DR has evolved a lot. The thing I'd like to talk to is something that we announced that Dr last year, I don't remember if I talked about it on the cube at that time. But last year we started working with DR on how can we go from doctor Run, which customers love or DR desktop, which customers love and make it easy for people to run containers on pcs and Fergie. Uh so most new customers running containers and AWS today start with this Yes and party or half of them and we wanted to make it very easy for them to start with where they are on the laptop which is often bucket to stop and have running services the native US. So we started working with DR and that that collaboration has been very successful. We want to keep you look forward to continuing to work on evolving that where you can use Docker compose doctor, desktop, doctor run the fuel that darker customers used and the labour grand production services on the end of your side, which is the part that we've got that on. So I think that's one area where we work really well together. Uh, the other area where I think the two companies continue to work well together. It's open source in general as some of, you know, AWS has a very strong commitment to contain a. D uh, EKS our community service is moving towards community. Forget it actually runs all on community today and uh, we collaborate dr Rhonda on the Ocr specification because, you know, the Oc I am expect is becoming the de facto packaging format idea. W S. This morning we launched yesterday, we launched a service called Opera. And the main expected input for opera is an Ocr image are being in this Atlanta as well, where those ci images now a way of packaging for lambda. And I think the last one I like to call out and it has been an amazing partnership and it's an area where most people don't pay attention is amid signing. Uh, there's a project called Notary. We do the second version of the Notary Spec for remit signing and AWS Docker and a couple of other companies have been working very closely together on bringing that uh, you know, finalizing no tv too, so that at least in our case we can start building services for our customers on top of that. You know, it's it's a great relationship and I expect to see it continue. >>Well, I think one of the themes this year is developer experience. So good. Good call out there in the new announcements on the tools you have and software because that seems to be a great developer integration with Docker question I have for you is how should the customers think about things like E C. S and versus E K. S. App, Runner lambda uh for kind of running their containers. How do they understand the difference is, what's there? What's the, what's the thought process there? What's >>that? It's a good question actually been announced after. And I think there was one of the questions I started getting on twitter. You know, let's start at the very beginning. Anyone can pick up a Docker container and run it on easy to today. You can run it on easy to, we can run a light sail, but doc around works just fine. It's the limits machine. Then people want to do more complex things. They want to run large scale orchestrated services. They won't run their entire business and containers. We have customers will do that today. Uh, you know, you have people like Vanguard who runs a significant portion of the infrastructure on pcs frg or you have to elope with the heavy user of chaos, our community service. So in general, if you're running large scale systems, you're building your platforms, you're most likely to use the csny Chaos. Um, if you come from a community's background, you're, you're running communities on prem or you want the flexibility and control the communities gives you, you're gonna end up with the chaos. That's what we see our customers doing. If you just want to run containers, you want to use AWS to its fullest extent where you want the continue a P I to be part of the W A S A P. I said then you pick is yes. And I think one of the reasons you see so many customers start with the CSN, Forget is with forget to get the significant ease of use from an operational standpoint. And we see many start ups and you know, enterprises, especially security focus enterprises leaning towards farming. But there's a class of customers that doesn't want to think about orchestration that just wants. Here's my code, here's my container image just run my service for me and that's when things like happen, I can come and that's one of the reasons we launched it. Land is a little bit different. Lambda is a unique service. You buy into an event driven architecture. If you do that, then you can figure our application into this. That's they should start its magic. Uh, the container part, there is what land announced agreement where they now support containers, packaging. So instead of zip files, you can package up your functions as containers. Then lambda will run them for you. The advantage it gives you with all the tooling that you built, that you have to build your containers now works the land as well. So I won't call and a container orchestration service in the same sense of the CSC cso Afrin are but it definitely allows the container image format as a standard packaging format. I think that's the sort of universal common theme that you find across AWS at this point of time. >>You know, one of the things that we're observing at this at this event here is a lot of developers Coop con and Lennox foundations. A lot of operators to kubernetes hits that. But here's developers. And the thing is I want to ease of use, simplicity experience, but also I want the innovation. Yeah, I want all of it. When I ask you what is amazon bring to the table for the new equation, what would you say? >>Yeah, I mean for me it's always you've probably heard me say this 100 times. Many 1000 times. It's foggy fog. It's unique to us. It takes a lot of what we have learned about operating infrastructure scale. The question we asked ourselves, you know, in many ways we talk about forget even before belong pcs but we have to learn on what it meant and what customers really wanted. But the idea was when you are running clusters of instances of machines to run containers on, you have to start thinking about a lot of things that in some ways VMS but BMS in the car were taken away capacity. What kind of infrastructure to run it on? Should have been touched. Should have not been back. You know, where is my container running? Those are things. They suddenly started having to think about those kind of backwards almost. So the idea was how can we make your containerized bundles? So TCS task or community is part of the thing that you talk to and that is the main unit that you operate on. That is the unit that you get built on and meet it on. That's where Forget comes in and it allows us to do many interesting things. We've effectively changed the engine of forget since we've launched it. Uh, we run it on ec two instances and we run it on fire cracker. Uh, we have changed the forget agent architecture. We've made a lot of underneath the hood, uh, changes that even take the take advantage of the broader innovation, the rate of us, We did a whole bunch more to launch acronym trans on top of family customers don't have to think about it. They don't have to worry about it. It happens underneath the hood. It's always your engine as as you go along and it takes away all the operational pain of managing clusters of running into picking which instances to use to getting out, trying to figure out how to bend back and get efficiency. That becomes our problem. So, you know, that is an area where you should expect to see a Stuart done more. It's becoming the fabric of so many things that eight of us now. Uh, it's, you know, in some ways we're just talking a lot more to do. >>Yeah. And it's a really good time. A lot more wave of developers coming in. One of the things that we've been reporting on on Silicon England cube with our cute videos is more developers keep on coming on, more people coming in and contributing to the open source community. Even end users, not just the normal awesome hyper scholars you're talking about like classic, I call main street enterprises. So two things I want to ask you on the customer side because you have kind of to customers, you have the community that open source community and you have enterprise customers that want to make it easier. What are you seeing and hearing from customers? I know you guys work backwards from the customer. So I got to ask you work backwards from the community and work backwards from the enterprise customer. What's going on in their environment? What's the key trends that they're riding? What's the big challenges? What's the big opportunities that they're facing and saying for the community? >>Yeah, I start with the enterprise. That's almost an easier answer. Which is, you know, we're seeing increasingly enterprises moving into the cloud wholesale. Like in some ways you could argue that the pandemic has just accelerated it, but we have started seeing that before. Uh they want to move to the cloud and adult modern best practices. Uh If you see my talk agreement last few years, I've talked about modernization and all the aspects of modernization, and that's 90% of our conversation with enterprises, I've walked into a meeting supposedly to talk about containers, whatever half a conversation is spent on. How does an organization modernize? What does an organization need to do to modernize and containers and serverless play a pretty important part in it, because it gives them an opportunity to step away from the shackles of sort of fixed infrastructure and the methods and approaches that built in. But equally, we are talking about C I C. D, you know, fully automated deployments. What does it mean for developers to run their own services? What are the child, how do you monitor and uh, instrument uh, your services? How do you do observe ability in the modern world? So those are the challenges that enterprises are going towards, and you're spending a ton of time helping them there. But many of them are still running infrastructure on premises. So, you know, we have outpost for them. Uh, you know, just last week, you're talking to a bunch of our customers and they have lots of interesting ideas and things that they want to do without both, but many of them also have their own infrastructure and that's where something like UCS anywhere came from, which is hey, you like using Pcs in the cloud, You like having the safety i that just orchestrates containers for you. It does it on on his in an AWS region. It will do it in an outpost. It'll do it on wavelength, it'll do it on local zone. How about we allow you to do it on whatever infrastructure you bring to us. Uh you want to bring a raspberry pi, you can do that. You want to bring your on premises data center infrastructure, we can do that or a point of sale device, as long as you can get the agent running and you can connect to an AWS region, even though it's okay to lose connectivity every now and then. We can orchestrate a container for you over there and, you know, the same customer that likes the ease of use of Vcs. And the simplicity really resonated with that message really resonates with them. So I think where we are today with the enterprise is we've got some really good solutions for you in eight of us and we are now allowing you to take those a. P. I. S and then launch containers wherever you want to run them, whether it's the edge or whether it's your own data center. I think that's a big part of where the enterprise is going. But by and large, I think yes, a lot of them are still making that change from running infrastructure and applications the way they used to do a modern sort of, if you want to use the word cloud native way and we're helping them a lot. We've done, the community is interesting. They want to be more participatory. Uh that's where things like co pilot comes from. God, honestly, the best thing we've ever done in my order is probably are open road maps where the community can go into the road map and engage with us over there, whether it's an open source project or just trying to tell us what the feature is and how they would like to see it. It's a great engagement and you know, it's not us a lot. It's helped us prioritize correctly and think about what we want to do next. So yeah, I think that's, that >>must be very hard to do for opening up the kimono on the road map because normally that's the crown jewels and its secretive and you know, and um, now it's all out in the open. I think that is a really interesting, um, experiment and what's your reaction to that? What's been the feedback on the road map peace? Because I mean, I definitely want to see, uh, >>we do it pretty much for every service in my organization and we've been doing it now for three years. So years forget, I think about three years and it's been great. Now we are very we are very upfront, which is security and availability. Our job 000 and you know, 100 times out of 100 at altitudes between a new feature and helping our customers be available and safe. We'll do that. And this is why we don't put dates in that we just tell you directionally where we are and what we are prioritizing Uh, there every now and then we'll put something in there that, you know, well not choose not to put a feature in there because we want to keep it secret until it launches. But for the most part, 99% of our own myself there and people engaged with it. And it's not proven to be a problem because you've also been very responsible with how we manage and be very transparent on whether we can commit to something or not. And I think that's not. >>I gotta ask you on as a leader uh threaded leader on this group. Open source is super important, as you know, and you continue to do it from under years. How are you investing in the future? What's your plan? Uh plans for your team, the industry actually very inclusive, Which is very cool. It's gonna resonate well, what's the plans? Give us some details on what you're investing in, what your priorities? What's your first principles? >>Yeah, So it goes in many ways, one when I I also have the luxury also on the amazon open source program office. So, you know, I get the chance to my team, rather not me help amazon engineers participate in open source. That that's the team that helps create the tools for them, makes it easy for them to contribute, creates, you know, manages all the licenses, etcetera. I'll give you a simple example, you know, in there, just think of the cr credential helper that was written by one of our engineers and he kind of distorted because he felt it was something that we needed to do. And we made it open source in general, in in many of our teams. The first question we asked is should something the open why is this thing not open source, especially if it's a utility or some piece of software that runs along with services. So they'll step one. But we've done some big things also, I, you know, a couple of years ago we launched Lennox operating system called bottle Rocket. And right from the beginning it was very clear to us that bottle Rocket was two things. It was both in AWS product. But first it was an open source project. We've already learned a little bit from what we've done at Firecracker. But making bottle rocket and open source operating system is very important. Anyone can take part of Rocket the open source to build tooling. You can run it whatever you want. If you want to take part of Rocket and build a version and manage it for another provider. For another provider wants to do it, go for it. There's nothing stopping you from doing that. So you'll see us do a lot there. Obviously there's multiple areas. You've seen WS investing on the open source side. But to me, the winds come from when engineers can participate in small things, released little helpers or get contributions from outside. I think that's where we're still, we can always have that. We're going to continue to strive to make it better and easier. And uh, you know, I said, I have, you know, me and my team, we have an opportunity to help their inside the company and we continue to do so. But that's what gets me excited. >>Yeah, that's great stuff. And congratulations on investing in the community, really enjoys it and I know it moves the needle for the industry. Deepak, I gotta ask you why I got you here. Dr khan obviously, developers, what's the most important story that they should be paying attention to as a developer because of what's going on shift left for security day two operations also known as a I ops getups, whatever you wanna call it, you know, ongoing, you get server lists, you got land. I mean, all kinds of great things are going on. You mentioned Fargate, >>um >>what should they be paying attention to that's going to really help their life, both innovation wise and just the quality of life. >>Yeah, I would say look at, you know, in the end it is very easy developers in particular, I want to build the buildings and it's very easy to get tempted to try and get learn everything about something. You have access to all the bells and whistles and knobs, but in reality, if you want to run things you want to, you want to focus on what's important, the business application, that and you the application. And I think a lot of what I'll tell developers and I think it's a lot of where the industry is going is we have built a really solid foundation, whether it's humanity, so you CSN forget or you know, continue industries out there. We have very solid foundation that, you know, our customers and develop a goal of the world can use to build upon. But increasingly, and you know, they are going to provide tools that sort of take that wrap them up and providing a nice package solution After another great example, our collaboration, the doctor around Dr desktop are a great example where we get all the mark focus on the application and build on top of that and you can get so much done. I think that's one trend. You'll see more and more. Those things are no longer toys, their production grade systems that you can build real world applications on, even though they're so easy to use. The second thing I would add to that is uh, get uh, it is, you know, you can give it whatever name you want. There's uh, there's nuances there, but I actually think get up is the way people should be running the infrastructure, my virus in my personal, you know, it's something that we believe a lot in homicide as hard as you go towards immutable infrastructure, infrastructure, automation, we can get off plays a significant role. I think developers naturally gravitate towards it. And if you want to live in a world where development and operations are tightly linked, I think it after the huge role to play in that it's actually a big part of how we're planning to do things like yes, anywhere, for example, a significant player and that it would be a proton. I think get up will be a significant in the future of proton as well. So I think that's the other trend. If you wanted to pick a trend that people should pay attention. That's what I believe in a lot. >>Well you're an expert. So I want to get you a quick definition. What is get Ops, how would you define it? Because that's a big trend. What does it, what does that mean? >>Electricity will probably shoot me for getting this wrong. I tell you how I think about it. Which is, you know, in many cases, um, you when you're doing deployments are pushing a deployment getups is more of a full deployment. When you are pushing code to get depository, you have a system that knows that the event has happened and then pulls from there and triggers the thing as opposed to you telling it take I have this new piece of code now go deployed everywhere. So to me, the biggest changes that Two parts one is it's more for full mechanism where you're pulling because something has changed. So it needs systems like container orchestrators to keep them, you know, to keep them in sync. And the second part of the natural natural evolution of infrastructure score, which is basically everything is called the figures code. Infrastructure as code, code is code and everything is getting stored in that software repo and the software repo becomes your store of record and drives everything. Uh So for a glass of customers, that's going to be a pretty big deal. >>Yeah, when you're checking in code, that's again, it's like a compiler for the compiler, a container for the container, you've got things for each other. Automation is ultimately what we're talking about here. And that's to me where machine learning kicks in. So again, having this open source foundational fabric, as you said, forget out the muck or the undifferentiated heavy lifting. This is what we're talking about automation, isn't it? Deepak? >>Yes. I mean I said uh one thing where we hang our hat on is there's such good stuff out there in the world which we like to contribute to, but the thing we like to hang our hat on is how do you run this? How do you do it this in ways that you can uniquely bring capabilities to customers where there's things like nitro or things are nitro open stuff. Well, the fact that we have built up this operational infrastructure over the last in a decade plus or in the container space over the last seven years where we really really know how to run these things at scale and have made all the investments to make it easy to do. So that's that's where we have hanger hard keeping people safe, helping them only available applications, their new startup, that just completely takes off in over the weekend. For whatever reason, because, you know, you're the next hot thing on twitter and our goal is to support you whether you are, you know, uh enterprise that's moving from the main train or you are the next hot startup, that's you know, growing virally and uh, you know, we've done a lot to build systems help both sides and yeah, it's >>interesting if you sing about open source where it's come from, I mean I remember that base wouldn't open source wasn't open, I would be peddling software, there's a free copy of Linux, UNIX um in college and now it's all free. But I mean just what's changed now. It used to be just free software, download software. You got it now, it's a service. Service now can be monetized quickly. And what you guys are offering with AWS and cloud scale is you've done all these things as I don't have to have a developer. I get the benefits of the scale, I can bring my open source code to the table, make it a service integrated in with other services and be the next snowflake, be the next, you know, a company that could scale. And that is that's the that's the innovation, right? That's the this is a new phenomenon. So it also changes the business model. >>Yeah, actually you're you're quite right. Actually, I I like one more thing to it. But you look at how a lot of enterprises use containers today. Most of them are using something like this year, Symphony or GS to build an internal developer platform and internal developer portal. And then the question then becomes this hard to scale this modern and development practices to an entire organization. What is your big bank that's been around as thousands and thousands of ID stuff That may not all be experts are running communities running container is when you scale it out different systems that proton come into play. That was actually the inspiration is how do you help an organization where they're building these developer Portholes and developer infrastructure, developer platforms, How do you make it easy for them to build it? Be almost use it as a way to get these modern practices into the hands of all the business units, where they may not have the time to become experts at the modern ways of running infrastructure because they're busy doing other things. And I think you'll see the a lot more happening that space that's not happening in the open source community. There's proton, there's a bunch of interesting things happening here and be interesting to see how that evolves. >>And also, you know, the communal, communal aspect of not just writing code together, but succeeding, right, building something. I mean, that's when you start to see the commercial meets open kind of ethos of communal activity of working together and sharing a big part of this year's. Dakar Con is sharing not just running and shipping code but sharing. >>Yeah, I mean if you think about it uh Dockers original value was you build run and shit right? You use the same code to build it, you use the same code to ship it, the same sort of infrastructure interface and then you run it and that, you know, the fact that the doctor images such a wonderfully shareable entity uh that can run every girl is such a powerful and it's called the Ci Image. Now I still call him Dr images because it's just easier. But that to me like that is a big deal and I think it's becoming and become an even bigger deal over the years. I came from something before, Amazon has to work in The sciences and bioinformatics and you know, the ability to share codeshare dependencies, package all of that up in a container image is a big deal. It's what got me one of the reasons I got fascinated with container 78 years ago. So it will be interesting to see where all of systems. >>It's great, great stuff. Great success. And congratulations. Deepak, Great to always talk to you got a great finger on the pulse. You lead a really important organizations at AWS and you know, doctor has such a huge success with developers, even though the company has gone through kind of a uh change over and a pivot to what they're doing now. They're back to their open source roots, but they have millions and millions of developers use Docker and new developers are coming in dot net developers are coming in. Windows developers are coming in and and so it's no longer about Lennox anymore. It's about just coding. >>Yeah. And it's it's part of this big trend towards infrastructure, automation and and you know development and deployment practices that I think everyone is going to adopt faster than we think they will. But you know, companies like Doctor and opens those projects that they involved are critical in making that a lot easier for them. And then you know, folks like us get to build on top of that orbit them and make it even easier. >>Well, great testimony the doctor that you guys based your E C. S on Docker Doctor has a critical role in developing community. I run composed in their hub with dr desktop and we'll be watching amazon and and the community activity and see what kind of experiences you guys can bring to the table and continue that momentum. Thank you Deepak for coming on the >>cube. Thank you, john. That's always a pleasure. >>Okay. Mr cubes. Dr khan 2021 virtual coverage. I'm john for your host of the cube. Thanks for watching.

>>From around the globe, it's the Cube with digital coverage of postgres Vision 2021 brought to you by >>enterprise DB. Hello everyone. This is Dave Volonte for the cube we're covering Postgres Vision 2021. The virtual cube edition. Welcome to our conversation with the Ceo Ed Boyajian is here is the Ceo of enterprise DB and we're gonna talk about what's happening in open source and database in the future of tech. Ed welcome. >>Hi Dave, Good to be here. >>Hey, several years ago, at a, at a Postgres Vision event, you put forth the premise that the industry was approaching a threshold moment, a digital transformation was the linchpin of that shift now. Ed Well you were correct and I have no doubt the audience agreed. Most people went back to their offices after that event and they returned to their hyper focus of their day to day jobs. Maybe a few accelerated their digital initiatives, but generally pre Covid, we moved in a pretty incremental pace and then the big bang hit. And if you were digital business, you are out of business. So that single event created the most rapid change that we've ever seen in the tech industry by far, nothing really compares. So the question is why is Postgres specifically and e d B generally the right fit for this new world? >>Yeah, I think, look, a couple of things are happening gave right along the bigger picture of digital transformation. We are seeing the database market in transformation and and I think the things that are driving that shift are the things that are resulting the success of Postgres and the success of B D B I think first and foremost we're seeing a dramatic re platform ng. And just like we saw in the world of Lennox where I was at red hat during that shift where people are moving from UNIX based systems to x 86 systems. We're seeing that similar re platform in happening. Whether that's from traditional infrastructures to cloud based infrastructures or container based infrastructures, it's a great opportunity for databases to be changed out. Postgres wins in that context because it's so easily deployed anywhere. I think the second thing that's changing is we're seeing a broad expansion of developers across the enterprise so they don't just live in I. T. Anymore. And I think as developers take on more power and control their defining the agenda and it's another place where Postgres shines, it's been a priority of the dBS to make postgres easier. Uh and that's coming to life. And I think the last Stack Overflow Developer Survey suggested that I think they survey 65 developers, the second most loved and the second most used database by developers, Postgres. And so I think there again Postgres shines in a moment of change. Uh and then I think the third is kind of obvious. It's always an elephant in the room, no pun intended. But it's this relentless nagging burden of the expenses of the incumbent proprietary databases and the need. And we especially saw this in Covid to start to change that more dramatically, change that economic equation here Again. PostGres shines. >>You know, I want to ask you, I'm gonna jump ahead to the future for a second because you're talking about the re platform NG and with your red hat chops, I kind of want to pick your brain on this because you're right, you saw it with red hat and you're kind of seeing it again when you think about open shift and where it's going my my question is related to replant forming around new types of workloads, new processing models at the edge. I mean you're seeing an explosion of processing power, GPU SNP us accelerators, dSPs and it appears that this is happening at a very low cost. I'm referring that you're saying Postgres can take advantage of that trend as well that that broader re platform ng trend to the edge, is that correct? >>It is. And I think you know this is, this has been one of the, I think the most interesting things with posters now I've been here almost 13 years. So if you put that in some perspective, I've watched Uh and participated in leading transformation in the category, you know, we've been squarely focused on postgres. So we've got 300 engineers who worry about making postgres better. And as you look across that landscape of time, not only as Postgres gotten more performant and more scalable, it's also proven to be the right database choice in the world of not just legacy migrations, but new application development. And I think that stack overflow developer survey is a good indicator of how developers feel about postgres. But you know, over that time frame I think if you went back to 2008 when I joined E D. B, post chris was considered a really good general purpose database. And today I think post chris is a great general purpose database. General purpose isn't sexy in the market broadly speaking, but Postgres capabilities across workloads in every area is really robust. Let me just spend a second on it. We look at our customer base is deploying in what we think of as systems of record, which are the traditional er, P type apps, uh you know where there's a single source of truth you might think of the RP apps there. We look at our customers deploying in systems of engagement. And those are apps that you might think of in the context of social media style apps or websites that are backed by a database in the third area Systems of analytics where you would typically think of data warehouse style applications interestingly. Postgres performs well and our customers report using us across that whole landscape of application areas. And I think that is one of postgres hidden superpowers. Is that ability to reach into each area of requirement on the workload side. >>And as always alluding to before that that itself is evolving as you now inject ai into the equation ai influencing and it's just a very exciting times ahead. There's no there's no database, You know, 20 years ago it was kind of boring. Now it's just exploding. I want to come back to that the notion of of post grass and maybe talk about other database models. Uh, I mean you mentioned that you've evolved from this, you know, system of record. You can take a system engagement on structured data etcetera. Jason. It's so how should we think about post grass in relation to other databases and specifically other business models of companies that provide database services? Why is Postgres attractive? Where is it winning? >>Yeah, I think a couple of places. So I mean first and foremost Postgres, you know, at his core, post chris is a sequel, relational databases in acid compliance, equal relational database. And that is inherently a strength of Postgres. But it's also a multi model database, which means we handle a lot of other, um, you know, database requirements, whether that's geospatial or or Jason, uh, for documents or time series, things like that. And so Postgres extensive bility is one of its inherent strengths and that's kind of been built in from the beginning of Postgres. So not surprisingly, people use postgres across the number of workloads because at the end of the day there's still value in having a database is able to do more. There are a lot of important specialty databases and I think they will remain important specialty databases, but Postgres thrives in its ability to cross cross over in that way. Um and I think that is, you know, one of the different key differentiators in how we've seen the market in the business development and that's the breadth of of workloads that Postgres succeeds in. But but our growth, if you kind of ventured it across vectors, we see growth happening, you know, in a few dimensions. First we see growth happening in new applications. About half of our customers that come to us today for new uh new postgres users are deploying us on new applications. The others are our second area migrating away from some existing legacy in companies often oracle. Not always. Um The third area of growth we see is in cloud, where Postgres is deployed very prolifically, both in the traditional cloud platforms, Uh like EC two, but then then again also uh in the database as a service environment. And then the fourth area growth we're seeing now is around uh container deployment, kubernetes deployment. >>Well, you may Oracle's prominent because it's just it's a big installed base and it's expensive and people, >>you >>know, they got a look at them. It's funny, I do a lot of TCO work and mostly, you know, usually TCO is about labor costs. When it comes to Oracle, it's about license costs and maintenance costs. And so to the extent that you can reduce that, at least for a portion of your state, you're gonna you're gonna drop right to the bottom line. But but but but I want to ask you about that kind of that spectrum that you think about the prevailing models for database you've got. On the one hand, You've got the right tool for the right job approach. It might be 10 or 12 data stores in the cloud. On the other hand, you've got, you know, kind of a converged approach. Oracle's going that direction clearly. Postgres with its open source innovation is going that direction. And it seems to me that at scale that's a more the latter is a more cost effective model. How do you think about that? >>Well, you know, I think at the end of the day, you kind of have to look at it. I mean, the business side of my brain looks at that as an addressable market question. Right? And you've heard me talk about three broad categories of workloads and you know, people define workloads in different bucket, but that's how we do it. But if you look at just a system of record in the system of engagement market, I think that's what would be traditionally viewed as the database market. Uh and there that's you know, let's just say for the sake of arguments of $45-$50 billion $18 billion dollar market. And you know, as we talk about that. So all in it's still between 60 and $70 billion market. And I think what happens there's so much heat and light poured on the valuation multiples of some of the specialty players. That the market gets confused, but the reality is our customers don't get confused. I mean if you look at those specialty players take that $48 billion market. I mean add up Mongo red is cockroach neo, all of those. I mean hugely valued companies. All unicorn companies. But combined to add up to a billion bucks don't get me wrong that's important revenue and meaningful in the workloads they support. But it's not. It doesn't define the full transformation of this category. Look at the systems of analysis again, another great great market example. I mean if you add up the consolidation of the Hadoop vendors add in there. Um Snowflake, you're still talking you know a billion five in revenue and an $18 billion market. So while those are all important technologies, the question is in this transformation move to the database market fully transform you. And my view is no it didn't were in the first maybe second inning of a $65 billion transformation. And I think this is where Postgres will ultimately shine. I think this is how Postgres wins because at the end of the day the nature of the workloads fits with postgres and the future tech that we're building in post schools will serve that broader set of needs I think more effectively >>well. And I love these tam expansion discussions because I think you're right on and I think it comes back to the data and we all talk about the data growth, the data explosion, we see the I. D. C. Numbers and you ain't seen nothing yet. And so data by its very nature is distributed. That's why I get so excited about these new platform models and and I want to tie it back to developers and open source because to me that is the linchpin of innovation um in the next decade it has been, I would even say for the last decade we've seen it, but it's gaining momentum, so, so in thinking about innovation and and specifically Postgres and an open source, you know, what can you share with us in terms of how we should think about your advantage, and again, what, where people are glomming leaning in to that advantage? >>Yeah, so, I mean, I think I think you bring up a really important topic for us as a company. Postgres we think is an incredibly powerful community, uh and when you step away from it again, I remember I told you I was at red hat before, now here at E D B, and there's a common thread that runs through those two experiences in both experiences. The companies are attached and prominent alongside a strong independent, open source community, and I think the notion of an independent community is really important to understand around postgres. There are hundreds and thousands of people contributing to Postgres now. E D B plays a big role in that. About approaching a third of the contributions. In the last release released, 13 of Postgres came from E D B. You might look at that and say gee, that sounds like a lot, but if you step away from it, you know, about 30% of those contributions, Most of the contributions come from a universe around D D. B. And that's inherently healthy for the community's ability to innovate and accelerate. And I think that while we play a strong role there, you can imagine that having and there are other great companies that are contributing to Postgres, I think having those companies participating and contributing gets the best, the best ideas to the front in innovation. So I think the inherent nature Postgres community makes it strong and healthy. And then contrast that to some of the other prominent high value open source companies, the companies and the communities are intimately intertwined. They're one and the same. They're actually not independent open source communities. And I think that therein lies one of the, one of the inherent weaknesses in those but postgres to rise because you know, we bring all those ideas from the DB, we bring a commercial contingent with us all the things we hope we emphasize and focus on in growth and postgres, whether that's in the areas of scalability, manageability, all hot topics, of course security, all of those areas. And then, you know, performance as always, all of those areas are informed to us by enterprise customers deploying post chris at scale. And I think that's the heart of what makes a successful independent project. >>Yeah. The combinatorial powers of of that ecosystem. Uh they their their multiplication, I've as opposed to the resources of one. I want to talk about postgres Vision 2021 sort of set up that a little bit. The theme this year is the future. Is you, what do you mean by that? >>So if you think about what we just said post the category is in transit database categories and transformation. And we know that many of our people are interested in. Postgres are early in their journey, their early in their experience. And so we want to focus this year's postcards vision on them that we understand as a company has been committed to postgres as long as we have and with the understanding we have the technology and best practices, we want to share that view those insights uh, with those who are coming to postgres, Some for the first time, some who are experienced >>Postgres. Vision 21 is june 22nd and 23rd. Go to enterprise db dot com and register the cube is going to be there. We hope you will be too. Ed, thanks for coming to the Cuban previewing the event. >>Thanks Dave. >>Thank you. We'll see you at Vision 21 >>mm mm.

>>from around the globe. It's >>the cube >>with coverage of >>Kublai khan and >>Cloud Native Con, Europe 2021 virtual brought >>to you by red hat, >>the cloud Native >>Computing foundation and ecosystem partners. Hello, welcome back to the cubes coverage of Kublai khan. Cloud Native Con 2021 part of the CNC. S continuing cube partnership virtual here because we're not in person soon, we'll be out of the pandemic and hopefully in person for the next event. I'm john for your host of the key. We're here with ricardo. Roach computing engineers sir. In CUBA. I'm not great to see you ricardo. Thanks for remote ng in all the way across the world. Thanks for coming in. >>Hello, Pleasure. Happy to be here. >>I saw your talk with Priyanka on linkedin and all around the web. Great stuff as always, you guys do great work over there at cern. Talk about what's going on with you and the two speaking sessions you have it coop gone pretty exciting news and exciting sessions happening here. So take us through the sessions. >>Yeah. So actually the two sessions are kind of uh showing the two types of things we do with kubernetes. We we are doing we have a lot of uh services moving to kubernetes, but the first one is more on the services we have in the house. So certain is known for having a lot of data and requests, requiring a lot of computing capacity to analyze all this data. But actually we have also very large community and we have a lot of users and people interested in the stuff we do. So the first question will actually show how we've been uh migrating our group of infrastructure into the into communities and in this case actually open shift. And uh the challenge there is to to run a very large amount of uh global websites on coordinators. Uh we run more than 1000 websites and there will be a demonstration on how we do all the management of the website um life cycle, including upgrading and deploying new new websites and an operator that was developed for this purpose. And then more on the other side will give with a colleague also talk about machine learning. Machine learning has been a big topic for us. A lot of our workloads are migrating to accelerators and can benefit a lot from machine learning. So we're giving a talk about a new service that we've deployed on top of Cuban areas where we try to manage to uh lifecycle of machine learning workloads from data preparation all the way to serving the bottles, also exploring the communities features and integrating accelerators and a lot of accelerators. >>So one part of the one session, it's a large scale deployment kubernetes key to there and now the machine learning essentially service for other people to use that. Right? Like take me through the first large scale deployment. What's the key innovation there in your opinion? >>Yeah, I think compared to the infrastructure we had before, is this notion that we can develop an operator that will uh, manage resource, in this case a website. And this is uh, something that is not always obvious when people start with kubernetes, it's not just an orchestra, it's really the ap and the capability of managing a huge amount of resources, including custom resources. So the possibility to develop this operator and then uh, manage the lifecycle of uh, something that was defined in the house and that fits our needs. Uh, There are challenges there because we have a large amount of websites and uh, they can be pretty active. Uh, we also have to some scaling issues on the storage that serves these these websites and we'll give some details uh during the talk as well, >>so kubernetes storage, this is all kind of under the covers, making this easier. Um and the machine learning, it plays nicely in that what if you take us for the machine learning use case, what's going on there, wow, what was the discovery, How did you guys put that together? What's the key elements there? >>Right, so the main challenge there has been um that machine learning is is quite popular but it's quite spread as well, so we have multiple groups focusing on this, but there's no obvious way to centralize not only the resource usage and make it more efficient, but also centralize the knowledge of how these procedures can be done. So what we are trying to do is just offer a service to all our users where we help them with infrastructure so that they don't have to focus on that and they could focus just on their workloads and we do everything from exposing the data systems that we have in the house so that they can do access to the data and data preparation and then doing um some iteration using notebooks and then doing distributed training with potentially large amount of gps and that storage and serving up the models and all of this is uh is managed with the coordinates cluster underneath. Uh We had a lot of knowledge of how to handle kubernetes and uh all the features that everyone likes scalability. The reliability out of scaling is very important for this type of workload. This is, this is key. >>Yeah, it's interesting to see how kubernetes is maturing, um congratulations on the projects. Um they're going to probably continue to scale. Remember this reminds me of when I was uh you know coming into the business in the 98 late eighties early nineties with TCP I. P. And the S. I. Model, you saw the standards evolve and get settled in and then boom innovation everywhere. And that took about a year to digest state and scale up. It's happening much faster now with kubernetes I have to ask you um what's your experience with the question that people are looking to get answered? Which is as kubernetes goes, the next generation of the next step? Um People want to integrate. So how is kubernetes exposing a. P. I. S. To say integration points for tools and other things? Can you share your experience and where this is going, what's happening now and where it goes? Because we know there's no debate. People like the kubernetes aspect of it, but now it's integration is the conversation. Can you share your thoughts on that? >>I can try. Uh So it's uh I would say it's a moving target, but I would say the fact that there's such a rich ecosystem around kubernetes with all the cloud, David projects, uh it's it's uh like a real proof that the popularity of the A. P. I. And this is also something that we after we had the first step of uh deploying and understanding kubernetes, we started seeing the potential that it's not reaching only the infrastructure itself, it's reaching all the layers, all the stack that we support in house and premises. And also it's opening up uh doors to easily scale into external resources as as well. So what we've been trying to tell our users is to rely on these integrations as much as possible. So this means like the application lifecycle being managed with things like Helmand getups, but also like the monitoring being managed with Prometheus and once you're happy with your deployment in house we have ways to scale out to external resources including public clouds. And this is really like see I don't know a proof that all these A. P. I. S are not only popular but incredibly useful because there's such a rich ecosystem around it. >>So talk about the role of data in this obviously machine learning pieces something that everyone is interested in as you get infrastructure as code and devops um and def sec ops as everything's shifting left. I love that, love that narrative day to our priests. All this is all proving mature, mature ization. Um data is critical. Right? So now you get real time information, real time data. The expectations for the apps is to integrate the data. What's your view on how this is progressing from your standpoint because machine learning and you mentioned you know acceleration or being part of another system. Cashing has always done that would say databases. Right. So you've got now is databases get slower, caches are getting faster now they're all the ones so it's all changing. So what's your thoughts on this next level data equation into kubernetes? Because you know stateless is cool but now you've got state issues. >>Yeah so uh yeah we we've always had huge needs for for data we store and I I think we are over half an exhibit of data available on the premises but we we kind of have our own storage systems which are external and that's for for like the physics data, the raw data and one particular charity that we had with our workloads until recently is that we we call them embarrassing parallel in the sense that they don't really need uh very tight connectivity between the different workloads. So if it's people always say tens of thousands of jobs to do some analysis, they're actually quite independent, they will produce a lot more data but we can store them independently. Machine learning is is posing a challenge in the sense that this is a training tends to be a lot more interconnected. Um so it can be a benefit from from um systems that we are not so familiar with. So for us it's it's maybe not so much the cashing layers themselves is really understanding how our infrastructure needs to evolve on premises to support this kind of workloads. We had some smallish uh more high performance computing clusters with things like infinite and for low latency. But this is not the bulk of our workloads. This is not what we are experts on these days. This is the transition we are doing towards uh supporting this machine learning workers >>um just as a reference for the folks watching you mentioned embarrassing parallel and that's a quote that you I read on your certain tech blog. So if you go to tech blog dot web dot search dot ch or just search cern tech blog, you'll see the post there um and good stuff there and in there you go, you lay out a bunch of other things too where you start to see the deployment services and customer resource definitions being part of this, is it going to get to the point where automation is a bigger part of the cluster management setting stuff up quicker. Um As you look at some of the innovations you're doing with machines and Coubertin databases and thousands of other point things that you're working on there, I mean I know you've got a lot going on there, it's in the post but um you know, we don't want to have the problem of it's so hard to stand up and manage and this is what people want to make simpler. How do you how do you answer that when people say say we want to make it easier? >>Yeah. So uh for us it's it's really automate everything and up to now it has been automate the deployment in the kubernetes clusters right now we are looking at automating the kubernetes clusters themselves. So there's some really interesting projects, uh So people are used to using things like terra form to manage the deployment of clusters, but there are some projects like cross playing, for example, that allows us to have the clusters themselves being resources within kubernetes. Uh and this is something we are exploring quite a bit. Uh This allows us to also abstract the kubernetes clusters themselves uh as uh as carbonated resources. So this this idea of having a central cluster that will manage a much larger infrastructure. So this is something that we're exploring the getups part is really key for us to, it's something that eases the transition from from from people that are used already to manage large scale systems but are not necessarily experts on core NATO's. Uh they see that there's an easier past there if they if they can be introduced slowly through through the centralized configuration. >>You know, you mentioned cross plane, I had some on earlier, he's awesome dude, great guy and I was smiling because you know I still have you know flashbacks and trigger episodes from the Hadoop world, you know when it was such so promising that technology but it was just so hard to stand up and managed to be like really an expert to do that. And I think you mentioned cross plane, this comes up to the whole operator notion of operating the clusters, right? So you know, this comes back down to provisioning and managing the infrastructure, which is, you know, we all know is key, right? But when you start getting into multi cloud and multiple environments, that's where it becomes challenging. And I think I like what they're doing is that something that's on your mind to around hybrid and multi cloud? Can you share your thoughts on that whole trajectory? >>Absolutely. So I actually gave an internal seminar just last week describing what we've been playing with in this area and I showed some demo of using cross plane to manage clusters on premises but also manage clusters running on public clouds. A. W. S. Uh google cloud in nature and it's really like the goal there. There are many reasons we we want to explore external resources. We are kind of used to this because we have a lot of sites around the world that collaborate with us, but specifically for public clouds. Uh there are some some motivations there. The first one is this idea that we have periodic load spikes. So we knew we have international conferences, the number of analysis and job requests goes up quite a bit, so we need to be able to like scale on demand for short periods instead of over provisioning this uh in house. The second one is again coming back to machine learning this idea of accelerators. We have a lot of Cpus, we have a lot less gPS uh so it would be nice to go on fish uh for those in the public clouds. And then there's also other accelerators that are quite interesting, like CPUs and I p u s that will definitely play a role and we probably, or maybe we will never have among premises, will only be able to to use them externally. So in that, in that respect, actually coming back to your previous question, this idea of storage then becomes quite important. So what we've been playing with is not only managing this external cluster centrally, but also managing the wall infrastructure from a central place. So this means uh, making all the clusters, whatever they are look very, very much the same, including like the monitoring and the aggregation of the monitoring centrally. And then as we talked about storage, this idea of having local storage that that will be allow us to do really quick software distribution but also access to the data, >>what you guys are doing as we say, cool. And relevant projects. I mean you got the large scale deployments and the machine learning to really kind of accelerate which will drive a lot of adoption in terms of automation. And as that kicks in when you got to get the foundational work done, I see that clearly the right trajectory, you know, reminds me ricardo, um you know, again not do a little history lesson here, but you know, back when network protocols were moving from proprietary S N A for IBM deck net for digital back in the history the old days the os I Open Systems Interconnect Standard stack was evolving and you know when TCP I P came around that really opened up this interoperability, right? And SAM and I were talking about this kind of cross cloud connections or inter clouding as lou lou tucker. And I talked that open stack in 2013 about inter networking or interconnections and it's about integration and interoperability. This is like the next gen conversation that kubernetes is having. So as you get to scale up which is happening very fast as you get machine learning which can handle data and enable modern applications really it's connecting networks and connecting systems together. This is a huge architectural innovation direction. Could you share your reaction to that? >>Yeah. So actually we are starting the easy way, I would say we are starting with the workloads that are loosely coupled that we don't necessarily have to have this uh tighten inter connectivity between the different deployments, I would say that this is this is already giving us a lot because our like the bulk of our workloads are this kind of batch, embarrassing parallel, uh and we are also doing like co location when we have large workloads that made this kind of uh close inter connectivity then we kind of co locate them in the same deployment, same clouds in region. Um I think like what you describe of having cross clouds interconnectivity, this will be like a huge topic. It is already, I would say so we started investigating a lot of service measure options to try to learn what we can gain from it. There is clearly a benefit for managing services but there will be definitely also potential to allow us to kind of more easily scale out across regions. There's we've seen this by using the public cloud. Some things that we found is for example, this idea of infinite, infinite capacity which is kind of sometimes uh it feels kind of like that even at the scale we have for Cpus But when you start using accelerators, Yeah, you start negotiating like maybe use multiple regions because there's not enough capacity in a single region and you start having to talk to the cloud providers to negotiate this. And this makes the deployments more complicated of course. So this, this interconnectivity between regions and clouds will be a big thing. >>And, and again, low hanging fruit is just a kind of existing market but has thrown the vision out there mainly to kind of talk about what what we're seeing which is the world's are distributed computer. And if you have the standards, good things happen. Open systems, open innovating in the open really could make a big difference is going to be the difference between real value for the society of global society or are we going to get into the silo world? So I think the choice is the industry and I think, you know, Cern and C and C. F and Lennox Foundation and all the companies that are investing in open really is a key inflection point for us right now. So congratulations. Thanks for coming on the cube. Yeah, appreciate it. Thank you. Okay, Ricardo, rocha computing engineer cern here in the cube coverage of the CN Cf cube con cloud, native con europe. I'm john for your host of the cube. Thanks for watching.