>>this session will be reviewing the power benefits of implementing a secure software supply chain and how we can gain a cloud like experience with flexibility, speed and security off modern software delivery. Hi, I'm Matt Bentley, and I run our technical pre sales team here. Um Iran. Tous I spent the last six years working with customers on their container ization journey. One thing almost every one of my customers is focused on how they can leverage the speed and agility benefits of contain arising their applications while continuing to apply the same security controls. One of the most important things to remember is that we are all doing this for one reason, and that is for our applications. So now let's take a look at how we could provide flexibility all layers of the stack from the infrastructure on up to the application layer. When building a secure supply chain for container focus platforms, I generally see two different mindsets in terms of where the responsibilities lie between the developers of the applications and the operations teams who run the middleware platforms. Most organizations are looking to build a secure yet robust service that fits the organization's goals around how modern applications are built and delivered. Yeah. First, let's take a look at the developer or application team approach. This approach follows Mawr of the Dev ops philosophy, where a developer and application teams are the owners of their applications. From the development through their life cycle, all the way to production. I would refer this more of a self service model of application, delivery and promotion when deployed to a container platform. This is fairly common organizations where full stack responsibilities have been delegated to the application teams, even in organizations were full stack ownership doesn't exist. I see the self service application deployment model work very well in lab development or non production environments. This allows teams to experiment with newer technologies, which is one of the most effective benefits of utilizing containers and other organizations. There's a strong separation between responsibilities for developers and I T operations. This is often do the complex nature of controlled processes related to the compliance and regulatory needs. Developers are responsible for their application development. This can either include doctorate the development layer or b'more traditional throw it over the wall approach to application development. There's also quite a common experience around building a center of excellence with this approach, where we can take container platforms and be delivered as a service to other consumers inside of the I T organization. This is fairly prescriptive, in the manner of which application teams would consume it. When examining the two approaches, there are pros and cons to each process. Controls and appliance are often seen as inhibitors to speak. Self service creation, starting with the infrastructure layer, leads to inconsistency, security and control concerns, which leads to compliance issues. While self service is great without visibility into the utilization and optimization of those environments, it continues the cycles of inefficient resource utilization and the true infrastructure is a code. Experience requires Dev ops related coding skills that teams often have in pockets but maybe aren't ingrained in the company culture. Luckily for us, there is a middle ground for all of this Doc Enterprise Container Cloud provides the foundation for the cloud like experience on any infrastructure without all of the out of the box security and controls that are professional services Team and your operations team spend their time designing and implementing. This removes much of the additional work and worry Run, ensuring that your clusters and experiences are consistent while maintaining the ideal self service model, no matter if it is a full stack ownership or easing the needs of I T operations. We're also bringing the most natural kubernetes experience today with winds to allow for multi cluster visibility that is both developer and operator friendly. Let's provides immediate feedback for the health of your applications. Observe ability for your clusters. Fast context, switching between environments and allowing you to choose the best in tool for the task at hand. Whether is three graphical user interface or command line interface driven. Combining the cloud like experience with the efficiencies of a secure supply chain that meet your needs brings you the best of both worlds. You get Dave off speed with all the security controls to meet the regulations your business lives by. We're talking about more frequent deployments. Faster time to recover from application issues and better code quality, as you can see from our clusters we have worked with were able to tie these processes back to real cost savings, riel efficiency and faster adoption. This all adds up to delivering business value to end users in the overall perceived value. Now let's look at see how we're able to actually build a secure supply chain. Help deliver these sorts of initiatives in our example. Secure Supply chain. We're utilizing doctor desktop to help with consistency of developer experience. Get hub for our source Control Jenkins for a C A C D. Tooling the doctor trusted registry for our secure container registry in the universal control playing to provide us with our secure container run time with kubernetes and swarm. Providing a consistent experience no matter where are clusters are deployed. You work with our teams of developers and operators to design a system that provides a fast, consistent and secure experience for my developers that works for any application. Brownfield or Greenfield monolith or micro service on boarding teams could be simplified with integrations into enterprise authentication services. Calls to get help repositories. Jenkins Access and Jobs, Universal Control Plan and Dr Trusted registry teams and organizations. Cooper down his name space with access control, creating doctor trusted registry named spaces with access control, image scanning and promotion policies. So now let's take a look and see what it looks like from the C I c D process, including Jenkins. So let's start with Dr Desktop from the doctor desktop standpoint, what should be utilizing visual studio code and Dr Desktop to provide a consistent developer experience. So no matter if we have one developer or 100 we're gonna be able to walk through the consistent process through docker container utilization at the development layer. Once we've made our changes to our code will be able to check those into our source code repository in this case, abusing Get up. Then, when Jenkins picks up, it will check out that code from our source code repository, build our doctor containers, test the application that will build the image, and then it will take the image and push it toward doctor trusted registry. From there, we can scan the image and then make sure it doesn't have any vulnerabilities. Then we consign them. So once we signed our images, we've deployed our application to Dev. We can actually test their application deployed in our real environment. Jenkins will then test the deployed application, and if all tests show that is good, will promote the r R Dr and Mr Production. So now let's look at the process, beginning from the developer interaction. First of all, let's take a look at our application as is deployed today. Here, we can see that we have a change that we want to make on our application. So marketing Team says we need to change containerized injure next to something more Miranda's branded. So let's take a look at visual studio coat, which will be using for I D to change our application. So here's our application. We have our code loaded, and we're gonna be able to use Dr Desktop on our local environment with our doctor desktop plug in for visual studio code to be able to build our application inside of doctor without needing to run any command line. Specific tools here is our code will be able to interact with docker, make our changes, see it >>live and be able to quickly see if our changes actually made the impact that we're expecting our application. Let's find our updated tiles for application and let's go and change that to our Miranda sized into next. Instead of containerized in genetics, so will change in the title and on the front page of the application, so that we save. That changed our application. We can actually take a look at our code here in V s code. >>And as simple as this, we can right click on the docker file and build our application. We give it a name for our Docker image and V s code will take care of the automatic building of our application. So now we have a docker image that has everything we need in our application inside of that image. So here we can actually just right click on the image tag that we just created and do run this winter, actively run the container for us and then what's our containers running? We could just right click and open it up in a browser. So here we can see the change to our application as it exists live. So once we can actually verify that our applications working as expected, weaken, stop our container. And then from here, we can actually make that change live by pushing it to our source code repository. So here we're going to go ahead and make a commit message to say that we updated to our Mantis branding. We will commit that change and then we'll push it to our source code repository again. In this case we're using get Hub to be able to use our source code repository. So here in V s code will have that pushed here to our source code repository. And then we'll move on to our next environment, which is Jenkins. Jenkins is gonna be picking up those changes for our application, and it checked it out from our source code repository. So get Hub Notifies Jenkins. That there is a change checks out. The code builds our doctor image using the doctor file. So we're getting a consistent experience between the local development environment on our desktop and then and Jenkins or actually building our application, doing our tests, pushing in toward doctor trusted registry, scanning it and signing our image. And our doctor trusted registry, then 2.4 development environment. >>So let's actually take a look at that development environment as it's been deployed. So here we can see that our title has been updated on our application so we can verify that looks good and development. If we jump back here to Jenkins, will see that Jenkins go >>ahead and runs our integration tests for a development environment. Everything worked as expected, so it promoted that image for production repository and our doctor trusted registry. Where then we're going to also sign that image. So we're signing that. Yes, we have signed off that has made it through our integration tests, and it's deployed to production. So here in Jenkins, we could take a look at our deployed production environment where our application is live in production. We've made a change automated and very secure manner. >>So now let's take a look at our doctor trusted registry where we can see our game Space for application are simple in genetics repository. From here we will be able to see information about our application image that we've pushed into the registry, such as Thean Midge signature when it was pushed by who and then we'll also be able to see the scan results of our image. In this case, we can actually see that there are vulnerabilities for our image and we'll actually take a look at that. Dr Trusted registry does binary level scanning, so we get detailed information about our individual image layers. From here, these image layers give us details about where the vulnerabilities were located and what those vulnerabilities actually are. So if we click on the vulnerability, we can see specific information about that vulnerability to give us details around the severity and more information about what, exactly is vulnerable inside of our container. One of the challenges that you often face around vulnerabilities is how, exactly we would remediate that and secure supply chain. So let's take a look at that and the example that we were looking at the vulnerability is actually in the base layer of our image. In order to pull in a new base layer of our image, we need to actually find the source of that and updated. One of the ways that we can help secure that is a part of the supply chain is to actually take a look at where we get our base layers of our images. Dr. Help really >>provides a great source of content to start from, but opening up docker help within your organization opens up all sorts of security concerns around the origins of that content. Not all images are made equal when it comes to the security of those images. The official images from Docker, However, curated by docker, open source projects and other vendors, one of the most important use cases is around how you get base images into your environment. It is much easier to consume the base operating system layer images than building your own and also trying to maintain them instead of just blindly trusting the content from doctor. How we could take a set >>of content that we find useful, such as those base image layers or content from vendors, and pull that into our own Dr trusted registry using our rearing feature. Once the images have been mirrored into a staging area of our DACA trusted registry, we can then scan them to ensure that the images meet our security requirements and then, based off the scan result, promote the image toe a public repository where we can actually sign the images and make them available to our internal consumers to meet their needs. This allows us to provide a set of curated content that we know a secure and controlled within our environment. So from here we confined our updated doctor image in our doctor trust registry, where we can see that the vulnerabilities have been resolved from a developers point of view, that's about a smooth process gets. Now let's take a look at how we could provide that secure content for developers and our own Dr Trusted registry. So in this case, we're taking a look at our Alpine image that we've mirrored into our doctor trusted registry. Here we're looking at the staging area where the images get temporarily pulled because we have to pull them in order to actually be able to scan them. So here we set up nearing and we can quickly turn it on by making active. Then we can see that our image mirroring will pull our content from Dr Hub and then make it available in our doctor trusted registry in an automatic fashion. So from here, we can actually take a look at the promotions to be able to see how exactly we promote our images. In this case, we created a promotion policy within docker trusted registry that makes it so. That content gets promoted to a public repository for internal users to consume based off of the vulnerabilities that are found or not found inside of the docker image. So are actually users. How they would consume this content is by taking a look at the public to them official images that we've made available here again, Looking at our Alpine image, we can take a look at the tags that exist. We could see that we have our content that has been made available, so we've pulled in all sorts of content from Dr Hub. In this case, we have even pulled in the multi architectural images, which we can scan due to the binary level nature of our scanning solution. Now let's take a look at Len's. Lens provides capabilities to be able to give developers a quick, opinionated view that focuses around how they would want to view, manage and inspect applications to point to a Cooper Days cluster. Lindsay integrates natively out of the box with universal control playing clam bundles so you're automatically generated. Tell certificates from UCP. Just work inside our organization. We want to give our developers the ability to see their applications and a very easy to view manner. So in this case, let's actually filter down to the application that we just deployed to our development environment. Here we can see the pot for application and we click on that. We get instant, detailed feedback about the components and information that this pot is utilizing. We can also see here in Linz that it gives us the ability to quickly switch context between different clusters that we have access to. With that, we also have capabilities to be able to quickly deploy other types of components. One of those is helm charts. Helm charts are a great way to package of applications, especially those that may be more complex to make it much simpler to be able to consume inversion our applications. In this case, let's take a look at the application that we just built and deployed. This case are simple in genetics. Application has been bundled up as a helm chart and has made available through lens here. We can just click on that description of our application to be able to see more information about the helm chart so we can publish whatever information may be relevant about our application, and through one click, we can install our helm chart here. It will show us the actual details of the home charts. So before we install it, we can actually look at those individual components. So in this case, we could see that's created ingress rule. And then it's well, tell kubernetes how to create the specific components of our application. We just have to pick a name space to to employ it, too. And in this case, we're actually going to do a quick test here because in this case, we're trying to deploy the application from Dr Hub in our universal Control plane. We've turned on Dr Content Trust Policy Enforcement. So this is actually gonna fail to deploy because we're trying to deploy application from Dr Hub. The image hasn't been properly signed in our environment. So the doctor can to trust policy enforcement prevents us from deploying our doctor image from Dr Hub. In this case, we have to go through our approved process through our secure supply chain to be able to ensure that we know our image came from, and that meets our quality standards. So if we comment out the doctor Hub repository and comment in our doctor trusted registry repository and click install, it will then install the helm chart with our doctor image being pulled from our GTR, which then has a proper signature, we can see that our application has been successfully deployed through our home chart releases view. From here, we can see that simple in genetics application, and in this case we'll get details around the actual deploy and help chart. The nice thing is that Linds provides us this capability here with home. To be able to see all the components that make up our application from this view is giving us that single pane of glass into that specific application so that we know all the components that is created inside of kubernetes. There are specific details that can help us access the applications, such as that ingress world that we just talked about gives us the details of that. But it also gives us the resource is such as the service, the deployment in ingress that has been created within kubernetes to be able to actually have the application exist. So to recap, we've covered how we can offer all the benefits of a cloud like experience and offer flexibility around dev ups and operations controlled processes through the use of a secure supply chain, allowing our developers to spend more time developing and our operators mawr time designing systems that meet our security and compliance concerns

>> fly from San Francisco. It's the Cube covering Google Cloud next nineteen Tio by Google Cloud and its ecosystem partners. >> Welcome back, everyone live coverage here in San Francisco for the Cube, Google Cloud next twenty nineteen to show around Cloud, Google Cloud, I'm John Forest Do Minimum and Dave along. We've been here all week, three days of wall to wall coverage here on the floor with all the exhibitors. Write the mean all the action we've talked to all the thought leaders, Google executives, entrepreneurs, experts are in the cloud and around the ecosystem. Dave's stew wrapping up the wrap up segment. Kind of can I put the show to rest and look to next year and possibly Google summits. There's one in New York and some other shows we're looking to also cover. But if you look encapsulate the show, I want to get your guys reaction, too. What the main themes have been, we're seeing obviously anthems was the big news. That's the big deal. That's their platform. They want to bring all the connective tissue around data security and really on prim hybrid cloud multi cloud application modernization. Clearly, during my open source and enterprise developers, plus the ability to hybrid and multi cloud stew. Your thoughts on the show. >> Yeah. So, John, you know, when I first saw Antos, I was like, Well, this is CSP that they announced last year We were excited about that talk about things like Azure Stack and eight of us Outpost. But the more I learn about it, the more I understand it. It's more than just kind of g k e and a little bit of packaging here, Eric for David. I just interviewed a Google fellow and, you know, you expect the the Google Fellow to really be able to articulate, You know, the history of Google and the distributor architect doing is like we're going to enable cloud native. Of course, we always had that in the Google Cloud, but now we're going to make that easier for you to do that in your own environment. So when you're thinking about modernizing your applications, you know, I was a little bit tough on Google when I said, Oh, I hear a lot about lift and shift. Well, most customers can't lifted, shifted, not change, because then I'LL pull it back. It's too expensive, but if I could modernize wherever it makes the most sense. I talked to some customers here that said, Look, I need to kick the team and get it into the cloud And then I could modernize and start falling apart. But for someone customers, I can't move that. And they need to modernize it here and that Antos is the key enabler and therefore it's a good message, its extension of what they done with Cuba. Netease. That's a lot of other pieces here. But you know, I'm pretty impressed. >> They want to get your thoughts is one of things I'm seeing and, you know, in sports they wanna team, plays a game and wins. They call it a statement game. I think Google Cloud next twenty nineteen is a statement by Google saying, We're into the enterprise. We're not goingto waiver. We got hired Thomas Curry and mid savory. They're going to keep all the great talent. No one's believing. It's not like a new regime. Change came in. They're pivoting. They knows there's no pivot here. They put a stake in the ground saying we are going to invest in the clouds soon. DARPA Kai, the CEO of Google said that on stage of day one, they're clearly putting all the window dressing around enterprise with all the great phrases that we love. Digital transformation, data centric architecture, multi cloud hybrid monitors that applications They're invested, Dave. They are in it to play. They recognize that they're not gonna win right away because it's a long game. So Google clearly is playing the cards properly. They're saying, Look, if we're going to bring a lot of the table and this long time table, but we're in it to play and we're going to play well when invest. >> Yeah, I think it took a while for me to get there Stew, too. He is. I heard a lot about what Right we do get a global distributed infrastructure or we're doing the applications for digital transformation. We got industry specific solutions. Is what way d'Oh. Okay. Great. And I heard a lot of you know differentiators are unique value proposition. So, for civil, what I would have liked to hear it right up front was okay. We know that eighty percent of your workloads are on Prem. Well, guess what, and we're investing in scale and all that stuff, but We're the best at cloud native and and we're going to take and we have the tools and expertise. We're gonna bring those to you on your premises and show you how to get there. And then when you're ready, come to the cloud. If you're never ready, that's fine. But we're going to earn the right for your future business. Hey said that Stead that >> right way, the things we're wondering your business. But I don't think they can yet say were the best that cloud native and that I think that's that's still good self awareness studio for Google. >> I think they could say it now. Maybe it's debatable. >> I would debate that I do not think that Google is the best cloud native cloud at this point. I don't think they have the breath and depth Amazon has, but I don't think that that's the hard core stick in the ground. Because Cloud native is early cnc F, they're investing heavily in open source is a big bet that they're talking about. They got a lot more work to do but cloud needed. Still, it's still early because you said the workloads is still on premise for most of the enterprises, so we got plenty of time. The point is, if they had overplayed that card, I would have been more cautious. >> Well, I mean, Okay, fine, huh? Let's talk talk about that a little bit because it's new. It's Would you? Would you disagree that internally, Google's got the most sophisticated, the best cloud in the world internally, globally for Google. And they make that comment when they make that claim, right? That start there, we get the best cloud in the world. Yeah, >> well, I think it's got a great cloud, >> too. Okay, so there's stuff on there. I mean, they've got least got some credibility there, so I would have come from that position straight now. The other criticism I heard was where the numbers. Now, that doesn't bother me so much. How long did it take Amazon to show us the numbers? Nine years? I think so. Good. We'LL get there, it's clear it's growing. You look around here. There's what thirty thirty five thousand people don't know what was there last year. Twenty. Twenty five thousand. It's growing, it's growing nicely and the quality of the people is good. >> Here's what I'd say about Google Cloud Steward? Let's get your reaction. Sudhir has Bay said this. He's the director product. Mentioning about cloud fusion, he said This from a customer quote. Google's cloud is like an awesome highway, but I can't get my car on the road. So that's the on ramp. >> I can't get by giving car. Okay, so so this note about you Look at the >> technology from Spanner Cooper duties, which was founded inside Google. And they did that right. Big queries. Amazing. They have freaking amazing tech because they had to do it for Google. So I think that is a key strategy. And I, like other clouds that have come in and then died away, didn't have a lot of tech chops. So Cultural Shift is one of the big teams, but on ramping, getting people on board and the bed another source. I think there's a gestation period that's gives Google some time. I don't think they gotta have it overnight there some table stakes, but they're there checking the boxes just kind of grind it out. >> I mean, look, the critique has been for years is you know, Google's too smart for all of us. you know, way have love reading the papers and were really impressed with the technology. But the term you heard over and over again this week, we're going to meet customers where they are. And I I almost failed. They dialled it down a little too much here because I didn't have anything that I'm like. Wow, blown away. Like, you know, they had er's up on stage and it's like I'm used to seeing him flying out of a plane with a Google glass on his head. >> I was started by the way that was Google. I o like, you're >> gay. But, you know, you know, one of that's what you expect from a googol is you know, some of those pieces and there wasn't a G wow amazing moment for me, but the messaging solid, they absolutely you know, understanding or solving some real customer problems today and, you know, solid >> well and one hundred percent of the cloud providers now have a coherent and explainable hybrid on Prem strategy. You know, frankly, it's about time. I mean, they were denying that for a long time, and I think it's clear that's where the business is >> well to me. The big criteria on the cloud game is Do they have the global footprint? They do. Do they have the software at scale Check? Do they have the connective tissue to bring these disparity opportunity data services together Check working on it, continue to improve. And are they on the philosophy side of things? Meaning one of things that I am made Amazon really great. Wass they from day one. We're a P I center who will always has been part of web services. So they have that DNA. I think apogee is going to be the secret little dark horse. And all this is going to tell Signe because as a p, I become programmable. You saw Sisko of'em wear on stage. Can they build on ecosystem? Can they work with multiple vendors? Because the fact is, from our data and we've been reporting on this on silicon angle and Wiki bomb is that big enterprises and governments, whether it's a d, o. D. Or a big bank, are gonna have hundreds of cloud projects, hundreds of workloads that's going to require unique clouds selection criteria because you cannot separate real time data from software, and that's just the facts of the databases are moving all over the place. If I gotta work Lodi, any data? I gotta be agile with the data, but I then need a data plane to connect across other workload. So workload conversation, I don't think was front and center enough where workloads are for the key criteria. >> And still some of the message on where Google fits in that hybrid and multi cloud world is a little bit muddy to me. So how did they get, you know, on those in your data center? Well, it's a deep partnership with V m where, uh, you know, I heard some people here. It's like, Oh, well, the current Amazon VM wear deal, you know, is like up for renewal soon. It's like I don't see Veum Where an Amazon separating that Latino way. People engineering partnerships. We've heard directly from Andy Jazz sees talked about on the Cube how important that relationship is. S O Veum was going to play across all the cloud environment. But you know, where does Google, you know, really make their money? They're going to partner with all the open source companies. And you know, you're going to own your data. We're going to make sure the prophecies there. So is Dave Said the numbers and the business of how Google Khun start slow scaling and really growing the enterprise business beyond, you know, G sweets now, part of it. And we saw some of the android for enterprise, and they have lots of pieces, but the cloud revenue gets a little bit muddy like a Microsoft. So, you know, from the cloud piece itself, I'm not sure where you know they start gaining on a Microsoft or an Amazon today. >> Well, I think that they could gain ground, take territories. That said on on Day one, Jennifer Linds, demo of no code modification, migration of workloads. If that actually happens, that's going to be a critical piece of the pie that's going to move. Move the needle very quickly for at Google. But I >> want to get you >> guys take on surprises. What surprised you here at the show? What was something that you didn't expect happen? That was a surprise on a good way. To me, the big surprise is that the word customer was used a lot more here than ever before. Customer is the key to success in the enterprise, listening to customer and customer choice. That's the playbook from Amazon. You don't hear Andy Jassy or any other executive Amazon go three words without saying the word customer. If you had a tag cloud and be like customers, the biggest font here we've heard customer choice. That's been a big one for me. >> Surprises. I was going to say when you were asking that question to get to me. It was customer related as well. You know clearly when you in Amazon show it's just customer. Just get inundated with a cool injection of customers. It's very impressive, but you don't have that scale here. However, What did see is a lot of Fortune. One thousand company's senior people were here. Yeah, still kicking the tires but learning. And I think that usually leads to something. So I think Google's developing a lot of pipeline at this show that I think next year is going to translate. We had conversations John with companies that we can't mention on air, but they are seriously substantively looking at moving workloads into Google's Cloud Number one. Number two is if you look around here, Deloitte, Accenture at toes. You know, some of the biggest. I'd like to see more of those global s eyes, and I think you will. And that's where you're going to really start to see customers. >> Dave took the customer. I'll say partner. So we said in one of our analysis segments, that logo slides Good. But, you know, compare itto Microsoft or Amazon. It needs to quadruple where it is today. But in the conversations that I had from startups through some of those big logo's on here, partnering with Google is good for them and they're excited by it. And that's not necessarily the clay case for every one of the big cloud providers out there. >> All right, so a lot of multi cloud talk. I've said multi clouds all the rage, but it's really more a symptom of sort of multi vendor people going best of breed with different departments. Big news last night on Jet I John, I want to get your take. Google really wasn't I don't think ever in the running, but certainly, you know Amazon was the lead Oracle, IBM, Microsoft share the news in your analysis of that news. >> Well, yesterday there was news that the Department of Defense, this Jet I contract joint defense initiative that's going on joining the Price Defense Initiative system. The military cloud ten billion dollar contract was under a lot of It's the biggest story in Tech and DC in generations. It's the confluence of procurement being outdated. Clouds selection, one soul cloud for that workload, multi cloud across in the department and a lot of lost business, potentially for Oracle in IBM. So Amazon, Microsoft, Amazon, Webster's, Microsoft, Oracle and IBM. We're all fighting for this business. The incumbents IBM and Oracle. We're potentially at risk billions of dollars. So it's been a lot of dirty pool, so to speak, a lot of dirty politics, a lot of dirty smear campaigns going on, from Oracle to to Amazon to try to discredit them. So the D. O d. Oracle soothe d o d. Saying is unfair process conflict of interest? The D. O. D made a final selection. Amazon Web services and Microsoft are the final selections and basically kicking out Oracle and IBM at the process. So Oracle, IBM are out. Oracle's lawsuit's still pending that'LL probably be dismissed because Oracle tried three different times to claim conflict of interest. They tried to claim conflict of interest in. And where has three in my notes here July twenty eighteen, November twenty eighteen and April twenty nineteen. All three times competition has been not proven, and Oracle and IBM or out. The analysis here is, is that this proves what we've been saying on the Q and that is, is that you can have one cloud soul cloud for a workload. So the Department of Defense has hundreds of projects. But for the military project that ten billion dollar one Amazon or Microsoft, probably the Amazon to the front runner can serve that cloud. And that's the best architecture. That means that Microsoft will probably win the eight billion dollar contract of the D. O. E s contract for collaboration again. Soul Cloud Soul workload. This is the trendy. My analysis is that Oracle on IBM, mainly Oracle, knew that they were going to lose. They tried to do whatever it takes to kill the deal. And now the D. O. D. Has brought forward and their modernizing the application and all these lawsuits about procurement rules from nineteen eighty five all this trip wires, all these little nuances. This is a great win for the Department of Defense, and I think it is a tell sign for large enterprises because you could be multiple. You'd have multiple clouds, but you can have one cloud work on one workload. It could be a big monster workload like a ten billion dollar >> workload. >> There could be a small work. >> All the tech vendors want to eat it. The government trough, We know that. And so the why is this relevant? It's relevant to me because you're you're absolutely right for a particular set of workloads. Mission critical workloads, especially a single cloud, is going to be more cost effective, more secure, uh, higher availability, less complex. And that's really what the debate is here now is multi cloud gonna happen? Of course, for different workloads is going to be horses for courses. So multi cloud is a huge opportunity. Everybody's going after it stew uh, Google through its hat in the ring in a big way. We seem to have a couple of camps lining up and read. Had interesting, interesting leads in both camps. Kind of got the IBM redhead camp and of'em wear with now with Google Really interesting sort of chessboard matches going on? >> Yeah, absolutely. Every customer we talked to hear. There's no like, Oh, you know, I might be moving most of my stuff or even all of my stuff to the public cloud, but it is workload dependent, and that's how I'm choosing it. Google has some key strength. I took a little while to get the data and I and ML pieces that we know Google has some strength here. One of the questions I had coming into it Can they reclaim kind of that thought leadership space. I'd love to hear whether you guys think I think that was the case, but, you know, messaging point on good speed. You know T K has them talking to the Enterprise in a way that won't scare them away as to oh, geez, I'm not smart enough to work with Google so >> well, I think I think Google has to get enterprise compatible and they've been working really hard to do that, and they got it. Just grind it out. I said this on Tuesday. It's a grinding out game. They've got a got a fight to the trenches. We've got to get the check boxes, and this is what Amazon did that early on and helped them a lot. Google has been working hard, I think, their security angle with the from a device. I phoned the Android phone and onboard security at the edge is huge. I think data and Big Query and those kinds of on boarding tools is going to be a great accelerant. I think cloud code cloud Run Cloud build is a phenomenal construct. I think that's absolutely delivered Ella for friendly. If they can continue to serve the developer for the enterprise and make it easy to build and stand up applications that hit that sweet spot of the trend, which is the modernization of enterprise APS not develop, perhaps not like a startup started sort. Different styles are cloud born in the cloud enterprise that's gonna deal with legacy and all these compliance and all this risk. They could make that easy and make it Dev ops like That's a great check boxes. >> Just a quick note on that, because there was a lot of enterprise talk there. There's a nice group inside a Google, working with a lot of the startups, got to talk to a couple of the start up there, and Google's definitely company there looking to partner with. All >> right, guys, let's wrap this up. Google really leaning into the enterprise heavily. Obviously, they're not. They're not blinking. They're going to continue power forward thinking. I like the mojo they have here. They got a new CEO. We interviewed George Curry, and Thomas's brother Thomas couldn't make it on the Cube. He's super busy talking to customers were gonna get him on the cue soon, but you got a culture here. Google and the culture is innovation, and the cultures Dev ops. The culture's developed for the country's AP eyes D. That puts him in a good position, >> their thoughts. I mean, I've been saying for a decade I feel like a broken record. I said it so much. I stopped saying it that the marginal economics of the Cloud service providers who have scale are driving towards zero. In other words, the more volume they do, they're there. The cost of adding an extra customer goes down to zero, just like software. There's three companies in United States who have that scale Google, Amazon and Microsoft. Obviously some guys outside the U. S. And you look at the cap Ex numbers forty seven billion over the last three years by Google. Thirteen and a half billion year to date US data centers alone. It would take IBM three and a half years to spend that much on Affects Who take Oracle six years. Okay, they just do not have the marginal economics to compete. They'LL compete in other ways, but though these three are in it to win it this big market, they're trillion dollar market. There's enough room for each to carve out an opportunity and continue to grow for quite some time. Do >> and Google lining up their ecosystem of partners to help them get deep into the enterprise. Absolutely, There's good opportunity for Google to do a number of acquisitions. They have, you know, a big bank spend a lot of money not just on infrastructure, but all the partner engagements and definitely some acquisition to help them get there. Wouldn't be surprised if they, you know, made some nice acquisition to help them grow that enterprise. I am in a modern way way now that was mentioned to it was carrying twins could be back together, but sure, >> awesome stuff. Guys, I think my my final take is I've always said Google's the Dark Horse and the Cloud game. They don't have a lot of baggage like a lot of work to do, and they're they're working hard and they really bring in tech to the table that bringing that culture of innovation, they're there behind this. Opportunities for them to move the ball down the field in a big way. I think they can take territory and gain share quickly if global things follow the place. If those bets come home, this dark horse will be right up on number two really quickly. So great job. Wanna thank Google, Google's team Cool calms Team, Google's CMO and executive Thomas carrying for letting us come to the Cube. Bring the Cube here. Google's very co creation oriented. We appreciate the location. I want to thank Google one. Thanks to our sponsors about our sponsors, we wouldn't be here, so he city signal FX. We got net app. We got Saada. We got some great clients here supporting us. You, Fio. Thanks to our sponsors, they signal to the community they care and they support our programs. Our tenth year of Cube coverage at events one. Thank everyone for watching, listening, sharing hit us up on Twitter at Cube and also silken angle dot com. We now are adding on a new feature to our Cube, which is on silicon angle dot com special reports where we flow as many stories as it takes to get the truth out there. Get the story's right, of course. Used the cube and stream the data with you here on the Cube. We're here. Google Next in San Francisco. I'm John Faria student Min David Long. Thanks for watching.